If you are managing a Windows server and need a way to transfer files, you may need to resort to using FTP, and the best way to do it is with FileZilla Server. Here's how to set it up.
FileZilla is open source software that is enabled for free under the GNU General Public License. FileZilla Server is the hosting component of the server, that supports both FTP and FTPS, and FileZilla Client is the application to use FTP and connect to FTP servers. It is important to note that FileZilla Server also works well on Windows 10, but it's probably less common use.
To start setting up your new FTP server, login to your server and download FileZilla Server for Windows.
FileZilla Server Installation
To start installing, run the FileZilla Server installer as an administrator user on your server. For this part of the procedure, there are no special settings or changes that need to be made during installation. You can leave all the default settings as is and finish the installation..
The default configuration leaves the FileZilla server running if any user logs in and will keep the server running as a service. Thus, even if you log out, the FTP server will continue to work.
Once the installer is complete, open FileZilla Server if it didn't open automatically.
FileZilla Server Settings
The first thing you will see when you open the FileZilla server interface is a login. Because we have not set a password yet and have left our administrative port as is, you can simply choose Connect to log into the server from the management endpoint.
Administrative password and port settings
To determine the password used to administer FileZilla Server, Let's go to Edit > Settings in the top navigation menu.
In our configuration menu, I searched Configuring the management interface On the left side.
This configuration page gives us the possibility to determine the administrative password and port, that you are listening to in the localhost interface, so the port is fine unless it conflicts with some other application you are running.
Despite this, you may want to be the only user who can manage the ftp server and create users. If this is the case, set an administrative password to this location. The minimum password length is 6 characters and can be reverted to a blank password by leaving the field empty, which is probably not wise.
Secure FileZilla server and transactions
FTP is a notoriously insecure protocol that uses plain text on a standard port, so the first thing we're going to want to do is make some changes to lock things up a bit.
Setting a dark port for FTP use
The first step is to change the default FTP port from 21 to something darker that attacking robots won't so easily search. Changing the port does not mean that they cannot or cannot find the server, it just makes it a little less likely to be attacked.
To do this, navigate to Edit > Settings menu. The page we are looking for, General configuration, will be the default page loaded.
To change the default listening port (21), you can modify this field and change it to another open port on your server. Although we cannot determine which ports are available to you, find a high port that is free to use and assign it here. When you save the changes, the FTP service will automatically restart and its port will be updated.
FTP over TLS settings (FTPS)
Using FTPS is the most efficient way to protect your FTP server. By default, FTP will leave all data and transactions in a plain text format, easily intercepted by users with network access. The username, password and data being transferred can be very easily compromised without configuring secure FTP over TLS.
To encrypt FileZilla, navigate to Edit > Settings > FTP over TLS settings.
First, check the box “Enable FTP over TLS support (FTPS)” as shown in the picture above. This enables TLS support, but still needs to be configured. It would be advisable to also select the option “Do not allow simple FTP unencrypted” if it is feasible.
You can also change the port to something non-standard, which could be a wise decision considering you already changed the normal FTP port. One more time, it won't really protect you, but makes bots less annoying.
To use FTPS, we need an SSL certificate to encrypt the communication. If you have an SSL certificate available, you can award this certificate here.
If you don't have an open certificate yet, FileZilla Server allows us to generate a self-signed certificate directly through the configuration menu. To start, select the button “Generate new certificate”.
Fill out the form the same way you would fill out any other SSL certificate form, making sure to use your FTP server address as the common name for the certificate. This assumes that the domain is configured on the same server as the FTP server and probably the same IP address.
Once you have completed this information, go ahead and generate the certificate. Select the generated file for the private key and certificate file. Add a key password if necessary.
Make a note of your updated port numbers, since we will need them to create firewall rules to allow remote access to our FTP server.
Open FileZilla to remote addresses
If your firewall is configured correctly, your FTP server should not be publicly reachable yet. To allow remote access, we will have to manually add firewall rules and exceptions for our ports.
To do this, open the Windows Firewall with Advanced Security application on your server and navigate to Inbound Rules.
Create a New rule and select Puerto as the type of ruler.
In the next step, add the ports you configured for FTP and FTPS. In the following example, we have the default ports configured 21 and 990. Update them to match the ports you previously configured.
Go ahead and click Next on the rest of the menus and name your firewall rule. Please select End up to create our new rule.
Our FTP server should now be reachable remotely from any computer that has permission to access the server. Some servers may require you to make a firewall exception for the FileZilla program itself. This will depend on the configuration and configuration of your server, but it is important to highlight to point it out in case you have problems accessing your server remotely.
Despite this, before we can log in and test this, we have to create an FTP user and share a folder for FTP.
Create Users, allocate groups and share folders
Before we can log into our server, we have to create a user and a group for FTP and determine which folders this user should have access to. To start, abra Edit > Groups from the FileZilla server interface.
Let's create a group by clicking the Add button and naming our group. I have set the arbitrary name, FTP users, like our group.
Once it's set up, navigate to Shared folders on the left side of the Groups menu.
On the menu, add desired folder location for FTP users. For our use, we want our only user and group to have access to everything C: inetpub file.
In the example above, we have not provided write or delete access, nor the creation and deletion of directories. If it is a desired permission, which will be in most cases, check the box to write and Remove checkboxes below Records just like him Create and Remove checkboxes below Directories.
Once this is done, click ok.
Now let's create our FTP user and assign it to our group. To do this, navigate to Edit > Users in the FileZilla server interface and Add a new user.
Name your username and assign it to our FTP users group we just created and click OK.
Now we must determine a password for our user. To do this, check the password box and enter the desired password. Easy!
Click ok.
Congratulations! You have now created a secure FTP server with FileZilla Server!!
You will now be able to FTP to your server from another computer and log in with the username and password that we established during this guide.. If we work in FTP over TLS, we can connect to our server with FTPS to use encryption.
FileZilla Server makes it easy to deploy FTP servers and its simple interface makes managing FTP users and services a breeze.. Although there are many more features of FileZilla Server, These are the most important for setting up and securing a new server and a lot of testing needs to be done to ensure the highest quality services for end users.
