Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
20 Nov

How To Setup Secure FTP Server on Google Cloud FTP Server

by Andrew Fitzgerald
in Google GCP
Comments

Deploy a secure FTP server straight from the Google cloud marketplace using our virtual machine solution.  Fully configured and ready to go running on Windows Server and built using Filezilla FTP server. Transfer files securely over TLS/SSL encryption.  Also integrates with Active Directory or create local users on the FTP Server.

Google FTP Server GCP

Deploy Secure FTP Server on Windows Server 202

setup filezilla ftp server on GCP

 

Deploy Secure FTP Server on Windows Server 2019

setup filezilla ftp server on GCP

Also check out our other Cloud FTP Servers

 

Table of Contents

Getting Started with Google FTP Server

RDP (Remote Desktop protocol) into new server

Once you have deployed the FTP Server, the first step is to RDP into the new instance once it has fully booted up.  The following links explain how to connect the VM once it has finished being deployed:

 

 

Once logged in, you’re now ready to start setting up your new server as per the following sections.

This guide explains the steps required to get the FTP Server running on Google GCP using our virtual machine app from the cloud launcher marketplace.

 

Once your GCP VM has been deployed there are some post configuration steps to complete to start using the FTP Server running using our developed version of Filezilla FTP server.

Login to GCP VM

First you’ll need to create a login username and password. Within the GCP console, navigate to your newly deployed Filezilla FTP VM.  

 

Select Set Windows Password, this will allow you to setup a local admin users so you can login to the virtual machine via RDP.

FTP Server Google GCP

Configure Filezilla FTP Server Instance

Once you’ve logged into the server, Launch the Filezilla server instance app, found on the desktop.  On the launch screen press connect as shown below (password is blank):

Filezilla FTP Server GCP

Set Passive Mode FTP Server Settings

You should now be connected. You may see connection errors and NAT errors, this is normal as we need to complete some configuration.  From the menu select

> Edit > Settings > Passive Mode Settings

 

You’ll need to set a passive mode Port range. Usually (50000-51000). These ports are used for data transfers to the server.

Set Public Google IP Address

For this next part you’ll need to make sure the VM has a public IP address to allow external clients to connect as shown in yellow. 

 

To attach a public IP address to your VM, follow Googles guide.

 

In short, from the Google console, edit the VM instance and under Network Interfaces, select External IP / Ephemeral. As shown below

Set Google cloud public Ip address

Once you have a public IP address associated with the NIC on your GCP VM, add the ip address to the passive mode settings as shown below highlighted in yellow and also the passive port range:

Filezilla server passive mode settings

Create Certificate (FTP over TLS)

The next step is to create a new private key and a self signed certificate, needed by FileZilla server to accept TLS connections. 

 

Within the FileZilla server options, click on SSL/TLS settings.  Check the Enable FTP over TLS support (FTPS).

 

Next click on Generate New Certificate > Fill in your company information.

create SSL-TLS Certificate

IMPORTANT – In the common name (Server address) field make sure to add the public IP address of your Google instance VM. 

 

Save the key locally on the server and then press Generate certificate.  No need to add a password.

Setup FPT Users on Google FTP Server

There are 2 options:

 

  1. Create local users and assign access.

2. Integrate Active Directory and allow users to use their AD domain logins to authenticate.

Also Read

How to Setup Active Directory Domain on Google GCP

Option 1 - Create Local Users

To setup local users and give access to directories locally on your server navigate to Edit > Users

 

Here you can add users and generate their passwords.

 

Then give the users access to your local folders you would like them to have access to.  The VM has a pre-configured folder on the C:\FTPDirectory that can be used or you can setup as many folders as you like.  Groups can also be setup and permissions applied at a group level.

shared-ftp-folders

Option 2 - Use Active Directory Users

Open Settings > LDAP and select enable LDAP support. Beta.

 

Add your private IP address of your local domain controller. Add Port 389 and write the name of your domain name.

 

Select Enable TLS/SSL.

Active-Directory-FTP-Filezilla AD inegrated

Next you need to add the users who need access to your FTP directories. 

 

Select Edit > Users and here you’ll need to add the users full UPN that they use to logon to AD, for example if their name is jsmith@yourdomain.com or yourdomain\jsmith we need to make sure we add this so it matches their login UPN jsmith@yourdomain.com. We don’t need to add their password here as it authenticates against Active Directory, so make sure the password checkbox is unchecked.

 

Next check the boxes LOCAL and LDAP as in the screenshot below.

 

In the screenshot below I’ve added a test user from our AD called ftpuser and our AD domain is called yourdomain.com.

Active Directory Users Filezilla FTP

Next is to assign these users to your FTP directories they need access to. Click on Shared Folders within the Users menu and add the local folders and assign permissions they need:

ADPermissions FTP directories

Now would be a good time to test if you can connect using an FTP client.  If you can’t connect, try the next step and to configure any Google GCP Firewall rules.

Google FTP Server Firewall Ports / Rules

If you have GCP firewall rules or any firewall appliances in Google you will need to open access to the following ports:

 

  • Port: 21 (Used for FTP)
  • Port: 990 (Used for FTPS)
  • Passive Port Range: 50000 – 51000 (Used for data transfer)

 

Google documentation – Using firewall rules

 

Within the Google console navigate to Networking / VPC Network / Firewall Rules

Create GCP Firewall Rule

create-gcp-firewall-rule

Give the rule a name, select Ingress for the direction of traffic.

 

Action – Allow

 

Targets – This will be the Filezilla FTP Server: Specified target tags, All instances or specified service account.

 

Service account scope – Select the correct option, default is in this project

 

Target service account – Select an option, default is no service account.

 

Source filter – enter the IP ranges of your clients that will be connecting. For example:

 

0.0.0.0/0 – (everyone)

192.168.2.0/24 – (example ip range)

 

Protocols and ports

 

Select tcp: 21,990,50000-51000

vpc-firewall-rules

Client FTP Software

To allow clients to connect, users can use any FTP client.  You can use FileZillas FTP Client

Google GCP FTP Server Support

Any other questions about the setup of the VM in Google, leave your comments below or contact us directly for assistance.

Disclaimer: This FTP server solution is built using a modified version of Filezilla server opensource software. This solution is provided under GPLv2 licence. The respective trademarks mentioned in the offering are owned by the respective companies. No warrantee of any kind, express or implied, is included with this software


– Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user
– The author is not responsible for any damage that its use could cause.

Related Posts:

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x