Piotr Rogulski
Piotr Rogulski
Author · Python developer
Apr 20, 2019 2 min read

10 steps to setup FTP server on Google Compute Engine

Google Compute Engine Networking

  1. Create Google Compute Engine

    gcloud compute instances create ftp --zone us-central1-a

  2. Enter machine instance using ssh

    gcloud compute ssh ftp

  3. Install ftp server for unix-like systems (vsftpd)

    sudo apt-get install vsftpd

  4. Generate RSA certificate files

    openssl genrsa -out server.key 2048
    openssl rsa -in server.key -out server.key
    openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
    openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
    
    mv server.crt /etc/ssl/certs/server.crt
    mv server.key /etc/ssl/private/server.key

  5. Configure /etc/vsftpd.conf config file

    listen=NO
    listen_ipv6=YES
    anonymous_enable=NO  # do not allow unidentified user to login
    local_enable=YES
    write_enable=YES  # allow writes
    dirmessage_enable=YES
    use_localtime=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    
    user_sub_token=$USER
    local_root=/srv/ftp # define your ftp directory
    chroot_local_user=YES  # will chroot all the users
    chroot_list_enable=NO  # select YES if you would like to specify usernames in /etc/vsftpd.chroot_list 
    secure_chroot_dir=/var/run/vsftpd/empty
    
    pam_service_name=vsftpd
    
    rsa_cert_file=/etc/ssl/certs/server.crt
    rsa_private_key_file=/etc/ssl/private/server.key
    ssl_enable=no
    
    pasv_min_port=40000
    pasv_max_port=50000

  6. Restart vsftpd service and check the status

    sudo systemctl restart vsftpd
    sudo systemctl status vsftpd

  7. Create user and add permissions

    sudo adduser ftpuser
    chmod a-w /home/ftpuser

  8. Update networking External IP in Compute Engine console

    Google Compute Engine Networking

  9. Update firewall rules in GCP firewall console

    Google Cloud Platform networking firewall rules

  10. Log into the FTP server using ftp client

    $ ftp 35.225.115.42
    
    Connected to 35.225.115.42
    220 (vsFTPd 3.0.3)
    Name (35.225.115.42:piotr): ftpuser
    331 Please specify the password.
    Password:
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>

comments powered by Disqus