Integrated FTP Server

Post Reply
Masher
Site Admin
Posts: 3180
Joined: Thu Apr 20, 2006 2:54 pm
Location: Ohio
Contact:

Integrated FTP Server

Post by Masher » Thu Feb 17, 2011 10:00 pm

Starting with UGCC version 1.39 the monitor includes an integrated FTP server.

Security/Maintenance Features
  • Accounts and passwords are synchronized with the panel and FTP
  • Disable a user's account in the panel and FTP access is suspended for the user
  • Group permissions and server settings (i.e. Allow File Tool setting) settings are honored. If a server does not have the file tool enabled; users won't be able to access it's files via FTP
  • Demo accounts will automatically have read only access to the FTP server, and may not download files
  • Written from scratch with security and stability in mind.
  • 5 failed login attempts automatically adds the connecting IP to a ban list
Convenience Features
  • You no longer need to maintain a separate FTP server with accounts for each user and server; let UGCC do it for you!
  • One account works across the entire UGCC infrastructure
  • If a user has more than one game server on a particular physical server; the FTP server will virtualize the root directory so that multiple game servers can be accessed from one account
Encryption (auth TLS)
This feature was added in UGCC 1.91. There is one issue with the way .net handles closing TLS sessions that does not comply with RFC and causes issues with clients based on the GNUtls codebase (namely Filezilla) and do not work correctly. We recommend using another client like winscp. The SSL certificate must be present in the monitor's log folder; named ftp.pfx.

Generate a SSL certificate for integrated FTP Server
This guide uses openssl, which is included with just about every linux distrubition to generate a certificate.

Generate a RSA private key:
openssl genrsa 4096 > private.pem

Generate a public certificate. Set days to a different value if you'd like. The below command makes a cert that is valid for 10 years.
openssl req -x509 -new -key private.pem -out public.pem -days 3650

Generate the pfx file. When prompted for a password, leave it blank. When prompted for the common name enter the public DNS address for your server (i.e. demo.brainless.us).
openssl pkcs12 -export -in public.pem -inkey private.pem -out ftp.pfx

Now place the ftp.pfx file in the same folder as as where the monitor saves it's log file. You should now be able to use encryption with the integrated FTP server.

Hide/restrict folders from users
This feature was implemented in UGCC 1.91. Place a file named ugcc.exclude in the folder you don't want users to be able to access. The integrated FTP server and file tool will honor this. Please be cognizant that third party FTP servers may not honor this.

As of version 1.93, the only user that can bypass the ugcc.exclude protection is 'god' level accounts.

Behind NAT
The monitor will attempt to get your public IP address on startup. If a client with a private IP address connects, the server will use it's local IP address; if the client is from a public IP address, the FTP server will use the public IP address it obtains from http://ip.brainless.us/ip.ashx

Directions
To setup the file tool to work with the Integrated FTP server of remote nodes, simply enter the path you want the user to have access to in the Absolute path setting in the file tool tab and click the Passive checkbox if you want the Panel's web file tool to use passive mode. Leave the rest of the FTP settings blank and the panel will fill in the rest of the details needed to make the connection for the file tool.

Upgrading to Version 1.39+
If you're upgrading from an earlier release of the monitor, you need to add the following settings to your ugccmon.cfg (c:\window\system32 typically) file to enable the FTP server; as it's disabled by default.

Code: Select all

[FTP]
True

[FTPPort]
21
Upgrading Version 1.48+
If upgrading to 1.48 from an earlier version, you can now specify the ports to use for PASV transfers. Add the following to ugccmon.cfg with your desired values.

Code: Select all


//Mininum port number for integrated ftp server to use for passive mode data channel
[FTPDataMinPort]
2000

//Maxinum port number for integrated ftp server to use for passive mode data channel
[FTPDataMaxPort]
65535
Last edited by Masher on Sun Nov 12, 2017 7:45 pm, edited 2 times in total.
Masher
-----------
Please do not PM me unless asked to! We are a small company and if you have an issue or question it would be best to post it in the forums where it can help others in the future.

Need an affordable web control panel? Try UGCC.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest