FTP, or File Transfer Protocol, is a way to share files over the internet between machines. It uses the TCP/IP protocol, which uses a client-server framework, and SLL/TLS security for a more protected data transfer. While it is pretty similar to HTTP, or HyperText Transfer Protocol, FTP is responsible for file transport through the internet while HTTP handles the transfer of web pages. Without an FTP protocol on your VPS server, you wouldn’t be able to send files to client machines. That’s why installing a File Transfer Protocol on your system is a must. Here’s how to do it.

Install vsftpd

The first thing you have to do is log into your server via SSH and upgrade it. Then, of course, download vsftpd. This Deamon will make the files more accessible by offering a more user-friendly interface than the standard FTP applications. Download the package with this command:

apt-get install vsftpd

A confirmation prompt will pop up. Simply type in “Y”, hit “Enter”, and the installation will continue. After it is done, make sure to back up the original file just in case something goes wrong along the way. You want to start the service with a blank configuration file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original

The next step is to configure your VPS server Firewall.

Allow FTP traffic from the Firewall

If you want your new FTP server to communicate properly through the internet with other machines, you have to make sure that it can get past through the Firewall. Before we do that, check whether it is enabled on your system or not with this command:

sudo ufw status

If you see this message “ufw: command not found”, it means that your server isn’t protected by a Firewall. Install and enable it by using these commands:

sudo apt-get install ufw

sudo ufw enable

If the Firewall is active – that’s great! But you still have to ensure that the FTP traffic is allowed to pass through it. Execute the following commands one after the other:

sudo ufw allow OpenSSH

sudo ufw allow 20/tcp

sudo ufw allow 21/tcp

sudo ufw allow 990/tcp

sudo ufw allow 40000:50000/tcp

Here’s what each of them will do:

• OpenSSH is needed to access your server through SSH.
• Ports 20 & 21 are used for FTP traffic.
• Port 990 is used when TLS is enabled.
• Ports 40000:50000 are reserved as passive ports that will later be set in the configuration file.

Double-check the status with the “sudo ufw status” command. The relevant ports and OpenSSH should now be allowed from anywhere.

Create the User Directory and provide access permissions

When your VPS server Firewall is ready, the next step is to create a user who is going to use FTP. You can do this by typing in this command:

sudo adduser yourusername

Enter your chosen username and password, then fill in all the required fields. You can leave additional information blank if you want to by pressing “Enter”. If you can, restrict FTP to one specific directory. This way, you’ll boost your security.

Now, you have to create the FTP folder. To do so, follow these steps:

1. Enter: sudo mkdir /jome/yourusername/ftp
2. Set the ownership with: sudo chown nobody:nogroup /home/yourusername/ftp
3. Remove the write permission with: sudo chmod a-w /home/yourusername/ftp
4. Verify the permissions with: sudo ls -la /home/yourusername/ftp

The last thing you have to do is create the file-holding directory and assign ownership via these commands:

sudo mkdir /home/yourusername/ftp/files

sudo chown yourusername:yourusername /home/yourusername/ftp/files

Configure vsftpd, make it secure, and restart the service

The last step is to configure both vsftpd and FTP access. Open the vsftpd configuration file on your VPS server with the following command:

sudo nano /etc/vsftpd.conf

Find the following lines and make sure that they are enabled. It should look like this:

listen=YES

local_enable=YES

write_enable=YES

chroot_local_user=YES

To ensure that enough connections are available, limit the number of ports in the file:

pasv_min_port=40000

pasv_max_port=50000

Quit and save the file. Now, restart the service with this command:

sudo service vsftpd restart

The thing with FTP is that by default, it doesn’t encrypt data. You have to use an SSL/TLS certificate to secure your files during the transfer. If you have one installed – great! Enable it by entering this line in the configuration file:

ssl_enable=YES

If you don’t have one, create it by following these steps:

1. Enter the following command: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
2. Enter the required details in the fields provided.
3. After the certificate is created, open the configuration file again. At the end of it, there should be two lines that start with rsa:

# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

# rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

4. Point the configuration file to the certificate by adding the following directories below the previous lines:

rsa_cert_file=/etc/ssl/private/vsftpd.pem

rsa_private_key_file=/etc/ssl/private/vsftpd.pem

5. Enable the SSL by adding this line: ssl_enable=YES
6. Configure the server to use TLS:

ssl_tlsv1=YES

ssl_sslv2=NO

ssl_sslv3=NO

7. Save the file by pressing CTRL+X followed by Y, then press “Enter”.
8. Restart vsftpd for the changes to take effect: sudo systemctl restart vsftpd

Test the connection with FileZilla

Finally, the last thing that you have to do is test out the connection. The best way to do it is via the FileZilla FTP Client. Launch this application, select “Site Manager” and click on the “New Site” button. Fill all the prompts with information about your new FTP server. You can even choose the “Use explicit FTP over TLS” option since we configured it to use TLS.

Once you’re done, click “Connect” and enter your FTP user’s password when prompted. All that is left is to verify the SSL certificate of the FTP server, and if everything is correct, the root directory with the test file will appear.

Congratulations! Now you can transfer files from your VPS server to your computer and other machines. It’s a more secure and reliable way to send data, so going through all this work to install FTP is definitely worth it. Just remember to test it out by sending a couple of files to yourself.