A secure FTP server is an ideal resource for file transfer. A basic understanding of server setup can be helpful whether you are hosting your own server or using a hosted FTP service.
Setting up an FTP Server — DIY vs Hosted
There are two main options for setting up an FTP server for your business.
First, you can set up and host the server yourself. You’ll get full control of the server and its setup, including how much storage space you provision, how many users you create, and more. The big downsides are cost and flexibility. Setting up a server is a lot of work, and if you need to expand, you are looking at buying more hardware.
Second, you can purchase a hosted FTP server from a service that runs and maintains the server for you. There are considerably less up-front costs, and you can get going immediately. You’ll have someone keeping an eye on things 24/7, and you can expand or contract as your needs require. The only big downside is that your data is in the cloud — if your internet connection is down, you won’t be able to access it.
Do It Yourself
First, you need to provision a server. You can host the server yourself (even in your own office) or rent a server that is hosted by a cloud service like Amazon Web Service, Microsoft Azure, Digital Ocean, Linode, etc. If you host the server yourself, you must have a static IP address, and obviously a good internet connection if you want high availability.
Once you have chosen where your server will be located, you’ll want to decide what kind of server to run. The two most common operating systems are Windows and Linux. FTP server software is available for both. Each option has advantages and disadvantages.
The main advantages of Linux are that is is free, has a small footprint, and scales better than Windows. However, Linux can be a little intimidating to use for the uninitiated.
On the other hand, Windows has a friendly point-and-click interface. FTP services are included right out of the box with Microsoft Internet Information Services (IIS). However, running a Windows server requires licensing, which has a cost. In addition, when run on comparable hardware, it is less scalable than Linux, so you’ll need a bigger and faster server to handle the same amount of FTP traffic.
Sizing Your Server
While we’re on the topic of file transfer traffic, let’s talk about deciding how large a server to get. This process is sometimes referred to as “sizing.” There is no set formula for sizing an FTP server, as there are many variables, including your business’ availability, capacity, and throughput needs. Even if you know the right size for your business right now, you need to plan ahead in case your business grows.
- AWS: A t3.medium instance with 2 vCUPs and 4GB of RAM is suitable for most low-volume SFTP servers. As of June 2020, the server’s cost is $0.0416 per hour, or $31.95 per month, plus transfer.
- Digital Ocean: You’ll want a similar size — 4GB of RAM and 2 vCPUs. The cost here is about $40 per month, plus transfer.
For this article, we’ll assume the use of Linux + Ubuntu LTS, one of the most popular Linux distributions.
Securing and Hardening Your Server
Once your server has been set up, you’ll immediately want to secure and harden it. This means closing off unused ports, making sure all passwords are of suitable length, and much more. Proper hardening is rather involved and varies by the operating system. You’ll want to look up a specific article with documentation for your OS. For our Ubuntu example, try following these steps: How to Harden Ubuntu Server 18.04 in 5 Easy Steps.
Installing the FTP Software
After you’ve hardened your server, you’ll want to install an FTP server daemon, such as ProFTPD. ProFTPD is a flexible, fully functioning daemon with FTP and SFTP capabilities.
Depending on your needs and skill level, you can either compile the daemon from scratch or install it from the package management system on your operating system. To compile it, we recommend following the instructions on Compiling ProFTPD.
But the easiest way is to simply install the package. With Ubuntu, you’d do:
sudo apt-get install proftpd
Configuring the Software
Now comes the hard part. It’s time to configure ProFTPD for your environment. This is done via the proftpd.conf file, which controls all the configuration settings.
We recommend following an installation guide such as How to Setup an FTP Server with ProFTPd on Ubuntu 18.04 LTS, but here are some key things to think through:
- Decide what user authentication mechanism you will use. The most popular are PAM (“Pluggable Authentication Modules,” which leverage Linux’s native user directory) or database-backed (using, for example, MySQL)
- Decide where the data is stored. Generally, you’ll want this on the local filesystem. For example, at /var/data. If you’re using Amazon Web Services or similar, you might want a dedicated storage volume such as Elastic Block Store.
- Decide whether you want FTP or SFTP, or both. SFTP is more complicated to set up, as you have to create public and private keys, but it does mean that all of your file transfer traffic is encrypted. Generally, we recommend using SFTP when possible.
Setting Up a Firewall for FTP Server Security
If you are using AWS or Digital Ocean, you’ll want to secure your hosted environment. If you are already using a cloud service for other uses, there may already be firewalls in place. If not, we recommend using the cloud provider’s offered firewall. Generally, you’ll want to open:
- For FTP: ports 21 and a set of high ports for passive data transfer (e.g., 60000 to 65000)
- For SFTP: port 22
For more information, see our detailed documentation on Configuring ports for FTP/SFTP.
There Is Always More to Do
Your basic FTP server setup should now be complete. You’ll have your server hosted somewhere, and FTP software installed and configured. Firewall setup and port configuration should also be complete.
However, there is always more to be done. You must keep your operating system patched with security updates as they occur, and you have to monitor your server for uptime and possibly malicious activity. As your business grows, you may have to purchase new servers to keep up.
If you think this is a lot of work, you are right. This process requires an investment from your business for the hardware and software. It also requires a degree of technical knowledge and research to properly configure all elements. With each step, there is the possibility of issues occurring, and time spent troubleshooting and fixing them — time that could be spent on your core business instead.
Fortunately, there is another option for how to set up an FTP server that can have you up and running with minimal time and expense.
Set Up an FTP Site
Setting up a secure FTP hosting service is easy. With many services, all you have to do is select the amount of storage space you need and sign up. Look for a hosting provider that is scalable, which provides flexibility to upgrade as your business grows without purchasing additional hardware.
You get to skip all the previous steps of procuring and hardening a server, and configuring software. At ExaVault, we control and maintain all the hardware and software so you can focus on growing your business.
Once you have set up your server or signed up for a hosted FTP service, there are a few more steps to have everything ready for daily use.
User Setup & Directory Configuration
Now you’re ready to get started using the FTP server. You’ll want to do some user setup, directory configuration, and testing.
Regardless of your choice of server setup, you want to configure it for your use. Exact details for configuration will be dependant on your specific use case. Here are some of the features you will want to consider:
- User setup — some users may have restricted permissions. For example, you may want to create an upload-only user who can access the server and upload files but cannot view or download anything.
- Configure a directory structure. One example is assigning a “client files, “vendor files,” and “internal files” as your base folder hierarchy.
- Setup notifications or alerts. Often you can set up activity notifications (e.g., upload/download) right in the interface. If you’re using third-party software, you’ll set up log alerts.
Testing Your FTP Server
A final step of testing is recommended to ensure your FTP server is set up correctly and ready to be incorporated into your business’ workflow. First, you’ll want to test your new server with any client software you will be such as FileZilla or WinSCP. Also, check connections with any other programs you plan to use for automation or data transfer.
After testing is complete and files are transferred to the server, you will want to check the logs to see what people are doing. Otherwise, you can do text analysis from your server’s raw log files. Consider checking activity periodically, or as needed to maintain records for compliance reasons.
Using FTP and Sharing Files
Your server is setup. Your FTP client connects. Your files are organized, and your user accounts have been set up with desired permissions. Now it’s time to get your business files transferred where they need to be.
Services like ExaVault include a web-based interface that allows you to share files beyond just FTP. You can access the secure FTP server and share files directly from the interface, which, if possible, is much less intuitive on a normal server. Web-based features also allow you to receive files directly into your account via a customizable upload form and shared folders for uploading and downloading files.
Now that you know the basic process and steps required to set up an FTP server, you can decide which option will make the most sense for your business.