- Plesk for Linux
How to configure secure FTP (FTPS) in Plesk for Linux?
Note: the below steps only make FTPS protocol available. Plesk does not manage FTPS mode settings (implicit or explicit)
FTP over SSL can be enabled with the following steps:
Go to Tools & Settings > Security Policy and select one of the following options:
- Allow both secure FTPS and non-secure FTP connections will accept both FTP and FTPS connections.
- Allow only secure FTPS connections will force FTPS connections.
Connect to the server via SSH.
Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.
Make sure that the following lines are present in the file
CONFIG_TEXT: <IfModule mod_tls.c>
# common settings for all virtual hosts
# Authenticate clients that want to use FTP over TLS?
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
Create the file
/etc/xinetd.d/ftps_psawith the following content:
CONFIG_TEXT: service ftps
flags = IPv6
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
instances = UNLIMITED
server = /usr/sbin/in.proftpd
server_args = -c /etc/proftpd.conf
Restart the xinetd service:
# systemctl restart xinetd
Note: after settings secure FTP select the required connection in used FTP client. For example, in FileZilla:
In our case we also needed to open a range of passive port in our gateway firewall and Plesk firewall if enable. These ports then need to be added to the proftp config:
PassivePorts 60000 65535
Yes, you are absolutely right: if there is an intermediate firewall between a Plesk server and the Internet, it is needed to open the passive port range in it. And, of course, the passive ports must be configured as per (https://support.plesk.com/hc/en-us/articles/213902285-How-to-configure-the-passive-ports-range-for-ProFTPd-on-a-server-behind-a-firewall).
Please sign in to leave a comment.