Introduction
An FTP server uses the File Transfer Protocol for file exchange over the Internet or a local network, making it a widely favored option for remote file transfers.
This guide details the process of setting up an FTP server on RedHat-based distributions (CentOS 7, AlmaLinux 8) using VSFTP (Very Secure FTPDaemon).
Step for AlmaLinux 8 Only: Import GPG Key Repository
This step is exclusive to AlmaLinux 8. Skip if you are using CentOS 7.
Install the GPG key repository on AlmaLinux 8 by executing:
rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
1. Updating Packages
Ensure your system software is up-to-date:
yum update
2. Installing VSFTPD
To install vsftpd, run:
yum -y install vsftpd
3. Configuring VSFTPD
Edit the vsftpd configuration file with:
vi /etc/vsftpd/vsftpd.conf
Update or add these settings:
anonymous_enable=NO
chroot_local_user=YES
allow_writeable_chroot=YES
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
anonymous_enable=NO: Disables anonymous connections.chroot_local_user=YES: Restricts users to their home directories.allow_writeable_chroot=YES: Allows users to modify their home directories.userlist_enable=YES: Enables user list management.userlist_file=/etc/vsftpd.userlist: Specifies the user list location.userlist_deny=NO: Only listed users can access the server.
Save and exit the file (Esc, :wq, Enter).
4. Configuring IPtables for FTP
To allow FTP traffic through iptables, execute:
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
Save changes on CentOS 7 with:
service iptables save
service iptables restart
On AlmaLinux 8, use:
iptables-save
For firewalld, use:
firewall-cmd --zone=public --permanent --add-port=21/tcp
firewall-cmd --reload
5. Starting VSFTPD
Start the vsftpd service:
systemctl start vsftpd
To enable automatic startup after reboot:
systemctl enable vsftpd
6. Creating FTP Users
Create a new user (replace "youruser" with the actual username):
useradd -m -c "transip ftp demo" youruser
passwd youruser
7. Adding Users to the List
Edit the user list file:
vi /etc/vsftpd.userlist
Add usernames (one per line):
youruser
youruser2
youruser3
Save and exit.
Securing Your FTP Connection
Install Let's Encrypt
Install the EPEL repository:
yum install epel-release
Then install Let's Encrypt:
yum -y install certbot
Enable Ports 80 and 443
Open ports 80 and 443 on iptables:
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Save changes on CentOS 7:
service iptables save
service iptables restart
On AlmaLinux 8:
iptables-save
For firewalld:
firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --reload
Generate a Certificate
Create a certificate (replace "yourserver.vpssell.cloud" with your actual hostname):
certbot certonly --standalone -d yourserver.vpssell.cloud
Follow the prompts to complete the process.
Update VSFTPD Configuration
Edit the vsftpd configuration file to enable SSL:
vi /etc/vsftpd/vsftpd.conf
Add these lines, replacing the hostname:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_min_port=50100
pasv_max_port=51100
rsa_cert_file=/etc/letsencrypt/live/yourserver.vpssell.cloud/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/yourserver.vpssell.cloud/privkey.pem
Save and exit.
Certificate Renewal
Automate certificate renewal with a cron job:
crontab -e
Add:
SHELL=/bin/bash
HOME=/
@monthly certbot -q renew >> /var/log/le.log
Save and exit.
Restart VSFTPD:
systemctl restart vsftpd
If using firewalld, ensure the port range is open:
firewall-cmd --zone=public --permanent --add-port=50100-51100/tcp
firewall-cmd --reload
Custom Directories
Creating a Custom Directory
Create a custom directory:
mkdir /home/youruser/ftp
chown nobody:nobody /home/youruser/ftp
chmod a-w /home/youruser/ftp
Setting the Home Directory
Edit the VSFTP configuration file:
vi /etc/vsftpd/vsftpd.conf
Add:
user_sub_token=$USER
local_root=/home/$USER/ftp/
Save and exit. Restart VSFTP:
systemctl restart vsftpd
Conclusion
You have successfully set up your FTP server. For file transfers, you can use FTP clients like FileZilla, WinSCP, Cyberduck, and SmartFTP. Refer to our guide on using FileZilla for more information on transferring files.
