윈도우에서 리눅스에 파일을 업로드하기 위해서는 리눅스 서버에 ftp를 설치해야 합니다. 그래서 이번에는 파일을 업로드하기 위해서 vsftpd를 설치하도록 하겠습니다. vsftpd는 많은 리눅스 개발 단체에서 기본 ftp 데몬으로 사용하고 있을 정도로 활용성과 보안면에서 뛰어난 데몬이라고 합니다.
vsftpd는 centos 6.6에서 설치했습니다.
1. vsftpd 설치하기
# yum install -y vsftpd
2. vsftpd.conf 설정하기
# vi /etc/vsftpd/vsftpd.conf
밑에 해당하는 줄을 찾아서 다음과 같이 변경합니다.
anonymous_enable=NO //익명 접속 가능 여부
local_enable=YES // 로컬 계정 사용자의 접속 허용 여부
write_enable=YES // write 명령어 허용 여부
local_umask=022 // 로컬 계정 사용자용 umask
xferlog_enable=YES // 파일 전송 로그 기록 여부
connect_from_port_20=YES // 20번 포트로 접속 허용 여부
xferlog_file=/var/log/xferlog // 파일 전송 로그 파일명
xferlog_std_format=YES // xferlog 표준 포맷으로 로그를 남길지 여부
chroot_local_user=YES // 사용자의 홈 디렉토리를 변경 제한을 위한 설정
listen=YES // standalone으로 운영하려면 YES
pam_service_name=vsftpd // PAM 파일명을 지정
userlist_enable=YES
tcp_wrappers=YES
3. 방화벽에 포트 추가
# vi /etc/sysconfig/iptables
밑의 줄을 추가합니다.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20:21 -j ACCEPT
I was trying to set up a reverse proxy for Atlassian Jira and Confluence by using nginx, connected to http://localhost:8080. This is the error I was getting in my logs:
2015/02/10 10:59:37 [crit] 21155#0: *12 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: a.b.c.d, server: x.y.z, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "x.y.z"
2015/02/10 10:59:38 [error] 21155#0: *15 no live upstreams while connecting to upstream, client: a.b.c.d, server: x.y.z, request: "GET / HTTP/1.1", upstream: "http://localhost/", host: "x.y.z"
Turns out it was just a SELinux issue. I’ve fixed the problem by issuing this command:
setsebool -P httpd_can_network_connect 1
If you want, you can even completely disable SELinux this way:
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
You’ll be asked to enter the series of questions such as Country, State Code, Email address, Organization name etc. Enter the details one by one. Here is my sample output:
Generating a 1024 bit RSA private key
......++++++
.............++++++
writing new private key to '/etc/ssl/private/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:Erode
Organization Name (eg, company) [Default Company Ltd]:Unixmen
Organizational Unit Name (eg, section) []:Technical
Common Name (eg, your name or your server's hostname) []:server1.unixmen.local
Email Address []:sk@unixmen.com
In the common name field, you can either use hostname or IP address of your vsftpd server.
Open Filezilla from your client system. Go to File -> Site Manager.
In the Site Manager window, select New Site.
Name your new site, or leave it as it is. In my case I name it as My local FTP. Enter the FTP server IP address, and select “Require explicit FTP over TLS” from the Encryption drop down box. In the Logon Type drop downbox, select Ask for password option, and enter your FTP user name. Finally click on the Connect button.
You’ll be asked to enter the ftp user password in the next screen.
Now, you”ll be asked to accept the certificate that is being used to make sure the server can be trusted. In the Certificate window, you may see the list of values which is entered during the certificate generation process. Click Ok to accept the certificate and establish the connection.
That’s it. Now you’ll be able to access your FTP server.
Note: if you keep getting the error “The data connection could not be established: EHOSTUNREACH – No route to host” after enabling SSL/TLS, disable iptables and try again.