FTP/FTPS Support in Jelastic

File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another over a TCP-based network. Unlike HTTP, the FTP protocol is stateful: you establish a control connection for the duration of an FTP session that typically spans multiple data transfers.

Except FTP Jelastic also supports FTPS for secured with SSL transmission that encrypts the username and password.

Attaching an FTP-addon to environment gives a user abilities for:

  • uploading/downloading resources;
  • downloading and reading logs for analysing;
  • editing configurations;
  • syncing files;
  • deploying applications (not recommended).

With Jelastic FTP feature is available for both application servers and databases.

Detailed information on FTP-addon installation and usage can be found in the user’s FTP/FTPS Support document.

Enable FTP Password Change

Starting with Jelastic 2.4 release we provide our users with an ability to change the automatically generated password of FTP-addon to their custom one. This ability is enabled by default in a new platform version, nevertheless, it won’t be available for the old containers (i.e. created before platform update to the latest version).

In order to enable this for a particular user’s container, perform the following steps:

1. Enter the desired container with the FTP-addon installed via your console using the vzctl utility:

vzctl enter {container_ID}

2. Inside the container open the sudoers file of jelastic user for editing:

vim /etc/sudoers.d/jelastic

3. Add the following line to the end of the file:

jelastic ALL = NOPASSWD: /usr/bin/passwd jelastic-ftp

4. Save the changes made.

New rules will be applied automatically and the current user will be able to change to change the FTP password to a custom one using the instruction

Multiple FTP Users

While joint application development, creation of multiple FTP users can be required due to security or audit reasons. For example, to give an individual login for each team member, so if someone leaves, it’s only needed to delete the corresponding user instead of changing the password of a single common FTP account. In addition, it can be used to delimit the FTP access to a separate application’s directory or to different projects within one environment.

In order to add a new FTP user for a particular server, follow the next steps:

1. Enter the desired container with the FTP-addon installed via your console using the vzctl utility:

vzctl enter {container_ID}

2. Execute the following command:

useradd -u 700 -o -d {home_dir} -g jelastic-ftp -s {shell} {username}

where

  • -u 700 - the numerical value of the user's ID, should be 700 for all FTP users to provide them with the appropriate permissions
  • -o - allows creating users with the same (non-unique) UID
  • -d {home_dir} - full path to the user's login directory; the exact value depends on a particular server (e.g. for Apache and NGINX it will be /var/ftp/webroot). This parameter can be also used to give user an access to the specific directory only (e.g. /var/ftp/webroot/ROOT/{subdirectory} )
  • -g jelastic-ftp - name of the users group; should be jelastic-ftp for all FTP users
  • -s {shell} - defines if a user is provided with shell access; the recommended value is /bin/false in order to ensure platform’s security and restrict the SSH connection usage
  • {username} - the preferred name of a new FTP user.

As a result, a new FTP user will be added to the container, endowed with the same ownership and permissions as the default jelastic-ftp user has.

3. Then, run the next command in order to state the password for a newly created user:

passwd {username}

Enter and confirm the desired password using the appeared input strings.

Afterwards, user can change this password to his custom one, following the appropriate instruction.

In the case a particular container was created before your platform has been upgraded to the Jelastic 2.4 version, you need to additionally provide the newly created FTP users with an ability to state their custom passwords.

For that, follow the Enable FTP Password Change instruction above, specifying the necessary username instead of the default jelastic-ftp one in the 3d step.