Automate the Installation of FTP Server

This guide covers the automated deployment of vsftpd (Very Secure FTP Daemon) using CloudRay scripting capabilities. This implementation ensures secure, consistent file transfer services with built-in user isolation and SSL encryption.

CloudRay’s scripting engine handles the entire deployment lifecycle from package installation to firewall configuration while maintaining compliance with security best practices.

Contents

Adding Servers to CloudRay

Before getting started with your automation, make sure your target servers are connected to CloudRay. If you haven’t done this yet, follow our servers docs to add and manage your server

NOTE

This guide uses Bash scripts, providing a high degree of customisation. You can adapt the scripts to fit your specific Installations needs and environment. Additionally, if you’re using a different version or a different distribution, adjust the commands accordingly

Create the Automation Script

To automate the installation of FTP Server, you will need two Bash scripts:

  1. FTP Server Installation: This script handles the core vsftpd installation and user provisioning
  2. FTP Configuration Script: This script implements security hardening and shared storage

Let’s begin with the installation of FTP server.

FTP Server Installation Script

To create the FTP Server Installation Script, you need to follow these steps:

Screenshot of adding a new install script
  1. Go to Scripts in your CloudRay project
  2. Click New Script
  3. Name: FTP Server Installation Script. You can give it any name of your choice
  4. Copy this code:
#!/bin/bash

# Exit on error
set -e

echo "🛠️ Starting FTP server base installation..."

# Update system and install vsftpd
sudo apt update
sudo apt install vsftpd lftp -y  # lftp included for testing

# Start and enable service
sudo systemctl start vsftpd
sudo systemctl enable vsftpd

# Configure SSL (only if not already configured)
if [ ! -f /etc/ssl/private/vsftpd.pem ]; then
    echo "🔐 Generating SSL certificate..."
    sudo mkdir -p /etc/ssl/private
    sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
        -keyout /etc/ssl/private/vsftpd.pem \
        -out /etc/ssl/private/vsftpd.pem \
        -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT/CN=ftp.server.com"
    sudo chmod 600 /etc/ssl/private/vsftpd.pem
    echo "✅ SSL certificate created"
else
    echo "ℹ️ SSL certificate already exists - skipping generation"
fi

# Backup original config
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

# Configure vsftpd with user whitelisting
sudo bash -c 'cat > /etc/vsftpd.conf <<EOF
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
user_sub_token=\$USER
local_root=/home/\$USER/ftp
pasv_min_port=30000
pasv_max_port=31000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
EOF'

# Restart service
sudo systemctl restart vsftpd

# Configure firewall
sudo ufw allow ssh
sudo ufw allow 20,21,990/tcp
sudo ufw allow 30000:31000/tcp
echo "y" | sudo ufw enable

Here is a breakdown of what the FTP Server Installation Script does:

  • Updates all installed packages to the latest version
  • Installs vsftpd with TLS/SSL support
  • Generates SSL certificates automatically
  • Enforces FTPS (FTP over SSL/TLS)

FTP Configuration Script

Next, you need to configure users and give the users the necessary permissions. To do so, follow similar steps as the above:

Screenshot of configuring cockpit
  1. Go to Scripts > New Script
  2. Name: FTP Configuration Script
  3. Add code:
#!/bin/bash

# Exit on error
set -e

# Create FTP user
sudo adduser --disabled-password --gecos "" "{{ftp_user}}"
echo "{{ftp_user}}:{{ftp_pass}}" | sudo chpasswd

# Setup directory structure
sudo mkdir -p "/home/{{ftp_user}}/ftp/upload"
sudo chown nobody:nogroup "/home/{{ftp_user}}/ftp"
sudo chmod a-w "/home/{{ftp_user}}/ftp"
sudo chown "{{ftp_user}}:{{ftp_user}}" "/home/{{ftp_user}}/ftp/upload"

# Update userlist
sudo touch /etc/vsftpd.userlist
grep -qxF "{{ftp_user}}" /etc/vsftpd.userlist || echo "{{ftp_user}}" | sudo tee -a /etc/vsftpd.userlist

echo "{{ftp_user}}" | sudo tee -a /etc/vsftpd.userlist

echo "FTP configuration for user '{{ftp_user}}' completed successfully!"

This is what the FTP Configuration Script does:

  • Creates chroot-jailed users from variables
  • Prepares directory structure with proper permissions
  • Configures passive mode port range
  • Implements user whitelisting

Create a Variable Group

Now, before running the scripts, you need to define values for the placeholders {{ftp_user}} and {{ftp_pass}} used in the scrips. CloudRay processes all scripts as Liquid templates. This allows you to use variables dynamically across different servers.

Screenshot of adding a new variable group

To ensure that these values are automatically substituted when the script runs, follow these steps to create a variable Group:

  1. Navigate to Variable Groups: In your CloudRay project, go to “Scripts” in the top menu and click on “Variable Groups”.
  2. Create a new Variable Group: Click on “Variable Group”.
  3. Add the following variables:
  • ftp_user: The FTP user
  • ftp_pass: The user password

Since the variables are setup, proceed to run the scripts with CloudRay.

Running the Scripts with CloudRay

The FTP server deployment follows a two-phase approach that separates infrastructure setup from user management. This modular design allows for efficient scaling and maintenance. You run the FTP Server Installation once per server to install the FTP server. Then you run the FTP Configuration Script separately to configure and configure each users on the FTP server.

Running FTP Server Installation Script

Follow these steps:

  1. Navigate to Runlogs in your CloudRay project
  2. Click New Run a Script
screenshot of creating the setup runlog
  1. Configure the runlog:
    • Server: Select your target server
    • Script: Choose “FTP Server Installation”
    • Variable Group: Select the variable group you created earlier
  2. Run the script: Click on “Run” to execute the script on your server
CloudRay script execution log for WordPress server preparation

CloudRay will connect to your server, run the FTP Server Installation script, and show you the live output as the script executes. This one-time setup installs all required system packages and services. You only need to run this script once when setting up a new server and install FTP.

Running the Deploy WordPress Script

To create and configure user for the FTP server:

  1. Navigate to Runlogs > Run a Script
screenshot of creating the configure runlog
  1. Configure the runlog:
    • Server: Select the same server where you ran the setup
    • Script: Choose “FTP Configuration Script”
    • Variable Group: Select your predefined variables (or create new ones for this site)
  2. Click Run Now to deploy
Screenshot of the result of configure script

Once the script runs successfully, your FTP server user will be created and configured. You can test connectivity using FileZilla.

Screenshot of the successful connection on FileZilla

This show that the FTP server is working successfully.

Get Started with CloudRay