If you manage multiple servers, it is super important to make backups yourself. Hosting providers often do offer backup services, however, it’s also important to have a back-up server elsewhere so that you always have access to your own data. This is especially useful when, for example, your hosting provider is completely offline.
In this “how to install” we’ll explain step by step how you can setup an FTP server with Pure-FTPd and how you can secure it with a certificate.
For this setup, we recommend that you use a dedicated server with Debian 10.
Step 1: Update server
Make sure that your Debian 10 server is up-to-date.
Step 2: Pure-FTPd installation
When your server is up-to-date, we can install the FTP server with Pure FTPd. For this, we use the following command:
apt-get install pure-ftpdStep 3: Configuration and setup of Pure-FTPd
To ensure that everything runs properly, the following commands must be executed:
echo "yes" > /etc/pure-ftpd/conf/Daemonizeecho "yes" > /etc/pure-ftpd/conf/NoAnonymousecho "yes" > /etc/pure-ftpd/conf/ChrootEveryoneecho "2" > /etc/pure-ftpd/conf/TLSWe recommend setting your FTP to IPv4 only, as the performance of IPv6 is not the same for every provider. You can do this by using the following command:
echo "yes" > /etc/pure-ftpd/conf/IPV4OnlyNow we are going to set the config. Out of experience we know that the following works best:
We start with deleting the existing config. To do this, you can use the following command:
rm -rf /etc/pure-ftpd/pure-ftpd.confNow that we’ve deleted the existing config, we can complete the config file with our settings. Open the pure-ftpd.conf.
nano /etc/pure-ftpd/pure-ftpd.confNow that we have the text editor open, you can copy & paste the following:
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 8
VerboseLog no
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous no
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
LimitRecursion 10000
AnonymousCanCreateDirs no
MaxLoad 4
AntiWarez yes
Umask 133:022
MinUID 100
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload no
MaxDiskUsage 99
CustomerProof yes
CertFile /etc/ssl/private/pure-ftpd.pem
Everything is now set up and configured
.
Step 4: Secure the FTP server with Let’s Encrypt.
It’s important to make sure that you’re using a secure connection for your FTP traffic.
If you want to use an SSL/TLS, we first need to create the folder for it. The certificate will be placed in this folder. To do this, you can use the following command:
mkdir -p /etc/ssl/pure-ftpdSecure your FTP server with the SSL of Let’s Encrypt
In order to use Let’s Encrypt we first have to install Certbot.
apt-get install certbotNow that we have done the installation, it is time to request an SSL. Make sure you have a hostname and A record for your server and go through all the steps of certbot.
certbot certonly --standaloneNow we are going to merge the created Let’s Encrypt certificate files. We do this with the following command:
cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pemAfter we’ve merged the certificates, we have to make sure that the renewed SSL is automatically merged via cronjob:
nano /etc/cron.d/certbot If all goes well, the last line should say:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew Now we have to add the following to the last line:
&& cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pemIt should then look as follows:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew && cat /etc/letsencrypt/live/*/privkey.pem /etc/letsencrypt/live/*/fullchain.pem > /etc/ssl/private/pure-ftpd.pemIf all went well, we can restart Pure-FTPd with the following command:
service pure-ftpd restartStep 5: create user(s)
There are two ways: create a user with SSH access or create a user without SSH access and set a storage limit.
For every account that is created, a home profile is created at /home.
Easy way to create user(s)
Use the following command to easily create an user:
adduser USERNAMEAfter entering this command, you can set your password. After having set the password, everything will be ready for this user and a profile will be created on /home/username.
Create user with extra options
If you want to create a user with extra options, we first have to create a user group for FTP users without SSH access.
groupadd ftpgroupNow we can create the user:
useradd -g ftpgroup -d /dev/null -s /etc USERNAMEpure-pw useradd USERNAME -u USERNAME -g ftpgroup -d /home/USERNAMEIf you want to give the user a storage limit you can add: -N 1000.
This gives the user a storage limit of 1000MB.
Example of the command with a storage limit of 1000 MB:
pure-pw useradd USERNAME -u ftpuser -g ftpgroup -d /home/USERNAME -N 1000Now we have to create the directory for the FTP user with the following command:
mkdir /home/USERNAMEchown -R USERNAME:ftpgroup /home/USERNAMEThe next step is to update the Pure-FTPd database. You can do this with the following command:
pure-pw mkdbln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwdln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdbln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDBFinally, we have to restart the Pure-FTPd:
service pure-ftpd restartEvery time you make changes to a user, the database must be updated:
pure-pw mkdbDo you want to change the password for an FTP user?
Then you can use the following command:
pure-pw passwd USERNAMEIn case you have any questions or need help, you can contact our support team: click here
Also check out our other posts on topics such as “the best ways to secure your server”, “how to create an external backup server” and a lot more! Click here