I must confirm that all the 30 years I work with linux I nearly never worked with ftp, if it is long longtime ago, in case of security risk, I used ssh and scp. Now on my new server like to install nextcloud following https://www.howtoforge.com/how-to-install-nextcloud-with-ispconfig/ But a the point login to your server via ftp it's over. Used filezilla and gftp no success. I can connect to the website itself via https// and see the default as normal So as host do I need nextcloud.domanin.tld or the host itself hostname.domain.tld Username should be as described the user I added under ftp accounts and the password I gave there. Port I think is 21 as it is open using netstat and it is open in UFW. Any hint, thanks Rainer
Post the connect log and error message from your FTP client. Most likely you closed passive ports for FTP or similar.
It seams it connect but can not see files, cabt chdir /var/www/website ASV 227 Entering Passive Mode (62,146,82,66,12,218) Es sind keine Dateiübertragungen ausgewählt Betrachte Datei /tmp/gftp-view.XXXXhZyAit /tmp/gftp-view.XXXXhZyAit erfolgreich gelöscht Kann keine Datenverbindung erstellen: Die Wartezeit für die Verbindung ist abgelaufen Beende Verbindung mit Gegenstelle nextcloud.muekno.de Chdir: Nicht mit einer Gegenstelle verbunden Chdir: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Chdir: Nicht mit einer Gegenstelle verbunden Lesezeichen hinzufügen: Nicht mit einer Gegenstelle verbunden Suche IP Adresse von nextcloud.muekno.de Versuche nextcloud.muekno.de:21 Verbindung mit nextcloud.muekno.de erfolgreich:21 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 15:49. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. USER defaultnextcloud 331 User defaultnextcloud OK. Password required PASS xxxx 230 OK. Current restricted directory is / SYST 215 UNIX Type: L8 TYPE I 200 TYPE is now 8-bit binary CWD /var/www/client0/web2 550 Can't change directory to /var/www/client0/web2: No such file or directory PWD 257 "/" is your current location Lade Verzeichnisliste / von der Gegenstelle (LC_TIME=de_DE.UTF-8) PASV 227 Entering Passive Mode (62,146,82,66,149,64) Kann keine Datenverbindung erstellen: Die Wartezeit für die Verbindung ist abgelaufen Beende Verbindung mit Gegenstelle nextcloud.muekno.de Suche IP Adresse von mike.muekno.de Versuche mike.muekno.de:21 Verbindung mit mike.muekno.de erfolgreich:21 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 16:03. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. USER defaultnextcloud 331 User defaultnextcloud OK. Password required PASS xxxx 230 OK. Current restricted directory is / SYST 215 UNIX Type: L8 TYPE I 200 TYPE is now 8-bit binary CWD /var/www/client0/web2 550 Can't change directory to /var/www/client0/web2: No such file or directory PWD 257 "/" is your current location Lade Verzeichnisliste / von der Gegenstelle (LC_TIME=de_DE.UTF-8) PASV 227 Entering Passive Mode (62,146,82,66,181,82) Open Location: Bitte klicken Sie zuerst auf `Stop', bevor Sie etwas anderes machen Kann keine Datenverbindung erstellen: Die Wartezeit für die Verbindung ist abgelaufen Beende Verbindung mit Gegenstelle mike.muekno.de
Ok, first, you seem to have entered a wrong directory as the target directory in the FTP client. Correct would be e.g. / if you want to be in the website root or e.g. /web if the FTP client shall go to the web directory directly. Then, you seem to have closed the passive ports via a firewall or router. Configure passive port range in pure-ftpd (which you might hev done already when you used the auto-installer with the matching option). You can check it manually like this: https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-debian-and-ubuntu-linux/ Then you must ensure that the same port range is opened in any firewall or router.
I asume I did miss the parameter in the auto-installer, so I followed the link you provided and did the requested. Then I followed the instruction in the ISPconfig3 manual especialy the certificate ones. And now port 21 will not open. <code> root@mike:/etc/pure-ftpd/conf# service pure-ftpd-mysql restart root@mike:/etc/pure-ftpd/conf# netstat -tulpn | grep 21 tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 830/memcached tcp6 0 0 :::3306 :::* LISTEN 1423213/mariadbd root@mike:/etc/pure-ftpd/conf# service pure-ftpd-mysql status ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Active: active (exited) since Mon 2023-02-13 20:06:14 CET; 20s ago Docs: man:systemd-sysv-generator(8) Process: 1464203 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) CPU: 70ms Feb 13 20:06:14 mike systemd[1]: Starting pure-ftpd-mysql.service... Feb 13 20:06:14 mike pure-ftpd-mysql[1464203]: Starting ftp server: Feb 13 20:06:14 mike pure-ftpd-mysql[1464212]: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.> Feb 13 20:06:14 mike systemd[1]: Started pure-ftpd-mysql.service. Feb 13 20:06:14 mike pure-ftpd[1464213]: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem] </code> and the etc/ssl/private shows <code> root@mike:/etc/ssl/private# ll total 16 drwx--x--- 2 root ssl-cert 4096 Feb 8 14:01 . drwxr-xr-x 4 root root 4096 Feb 11 09:40 .. lrwxrwxrwx 1 root root 50 Feb 6 15:12 pure-ftpd-dhparams.pem -> /usr/local/ispconfig/interface/ssl/dhparam4096.pem lrwxrwxrwx 1 root root 48 Feb 8 14:01 pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem -rw------- 1 root root 2985 Feb 6 15:10 pure-ftpd.pem-20230206151256.bak lrwxrwxrwx 1 root root 48 Feb 6 15:12 pure-ftpd.pem-20230208140057.bak -> /usr/local/ispconfig/interface/ssl/ispserver.pem -rw-r----- 1 root ssl-cert 1704 Feb 6 15:02 ssl-cert-snakeoil.key root@mike:/etc/ssl/private# root@mike:/etc/pure-ftpd/conf# cd /etc/ssl/private/ </code> and <code> root@mike:/usr/local/ispconfig/interface/ssl# ll total 48 drwxr-x--- 2 root root 4096 Feb 8 14:01 . drwxr-x--- 9 ispconfig ispconfig 4096 Feb 6 15:12 .. -rwxr-x--- 1 root root 768 Feb 13 13:26 dhparam4096.pem -rwxr-x--- 1 root root 45 Feb 13 13:26 empty.dir -rwxr-x--- 1 root root 5934 Feb 8 14:01 ispserver.crt -rwxr-x--- 1 root root 2013 Feb 8 14:00 ispserver.crt-20230208140057.bak -rwxr-x--- 1 root root 3243 Feb 8 14:01 ispserver.key -rwxr-x--- 1 root root 3272 Feb 8 14:00 ispserver.key-20230208140057.bak -rwx--x--- 1 root root 1704 Feb 13 19:34 ispserver.pem -rwxr-x--- 1 root root 5285 Feb 8 14:00 ispserver.pem-20230208140057.bak root@mike:/usr/local/ispconfig/interface/ssl# </code> did not think I have a misstype as most cut and past
This was not what I asked you to do, especially as SSL is nowhere related to your issue and was working perfectly fine. Now you broke your setup, and you must undo everything you did that broke it to fix it again. After you did this unnecessary detour to break your setup, continue by reading post #4 and do what I suggested you to do there to solve your initial problem.
there is now route nat or firewall, it is connected direct to the internet, the first firewall is UFW I did everything following the link checked open port range was OK set passive IP will undo the rest tomorow
works now remove 1 fron TLS in .../conf/TLS, but 1. how to secure pure-ftp 2. is it posible to login to ftp public/privat key like ssh or scp Thanks
Secure in what way? It should be using certificate already so TLS works. Yes, it is SFTP. There is also FTPS.
Then you likely did not fix the issue with the SSL cert yet that you caused by trying to reconfigure SSL. You just disabled SSL/TLS now, which is a bad idea security-wise. The reason why pure-ftpd failed to start was that you deleted its SSL cert, and as you might know, SSL/TLS can not work without an SSL cert. Therefore you must undo the changes you made (as I mentioned in #6) and restore the original config again so that pure-ftpd can use the ISPConfig ssl cert and your FTP system has SSL support again. You asked how secure pure-ftpd is, it is very secure, basically on the same level as online banking as it uses TLS to encrypt the connection. But this applies only to systems as installed by the auto installer which are not altered in the way you did it. Your system, in opposite to a standard install, is now very insecure, as you decided to first break TLS by removing its cert and then even disable TLS security features instead of fixing the issue with the missing cert. That's why it is so important that you undo the steps that broke the secure config. If you don't remember what you did in detail, then undo all steps that you still remember and then try to run a forced ISPConfig update and let it reconfigure services, which might help. No, as FTP always uses username and password, but this is done securely by TLS unless you disable security as you did. But as @Taleman mentioned, there are other (non-FTP) ways to transfer files between your desktop and server, like SCP or SFTP (and to mention SFTP is unlike the name might suggest, not FTP, its an SSH file transfer protocol not provided by FTP server but by SSHD). You must create a shell user for them in ISPConfig and not FTP user as such an scp login is not related to FTP. FTP is just the protocol FTP and its secure variant FTPS.
First thanks for all the answers. I agree there is something wrong with the certificate, but I did not delete it. after I had activated it I got the missing file to the cert, then I thought it was a good idea following the instructions in the ispconfig3 manual what seems not to be good. I think I will mange this, to get a valid cert. As you can see in the list above the "lrwxrwxrwx 1 root root 48 Feb 8 14:01 pure-ftpd.pem -> /usr/local/ispconfig/interface/ssl/ispserver.pem " exists root@mike:/etc/ssl/private# and the linked file exists too, but the ispserver.pem seams to be faulty. I thing it should be like the ispserver.crt <code> openssl x509 -text -noout -in ispserver.pem unable to load certificate 140154287146304:error:0909006CEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE </code> so it is not x509 and its not pkcs12 format, I checked. I think that's the one that should be fixed + the TLS setting Regards Rainer
No, it should not. If it would contain the same content then ispserver.crt, then there would not be two different files of course and pure-ftpd would link to the crt file. The ispcserver.pem file contains the SSL key, followed by the SSL cert, followed by all chain certs, all one after another in the same file. As the file ispserver.pem file shows yesterday as the date while it should show the same date as ispserver.crt, you probably overwrote it with wrong content yesterday. To recreate it, copy the content from the following files into it, one after another: ispserver.key ispserver.crt ispserver.bundle
Thank you there is is ispserver.bundle not even a *.bundle on the whole server. but copy the first two together works find The installation of netxtcloud was successfull two, there ist still a problem with the php memory cache. I installed memcache following your tutorial, do I have add something in Custom php.ini settings
It depends on the used SSL cert, there can be a bundle file but it can be that the bundle is already part of the crt file or that no bundle is needed at all. if it works, then it is ok. No. If you used the auto-installer, then memcached was already installed. Just install PHP Memcached extension for the PHP versions you want to use it for with apt, that#s all. No separate config needed as apt includes it automatically.
sorry I used the excellent auto-installer but it did install. next problem no imagick in php 8.1 needed for nextcloud but in 8.2 not suported SOLVED
That's no problem, you just missed installing it. Any function that you want to use in software must be installed, as software that is not installed can not be used on your server. This basic principle applies to PHP and its modules as well. so you want to use module X in PHP version XY, then install it. To have the imagick extension in PHP 8.1, then all you have to do is to install it with apt: apt install php8.1-imagick
