jeffreywhunter Posted February 22, 2017 Share Posted February 22, 2017 12 hours ago, SlrG said: @jeffreywhunter No it won't work with unRAIDs internal webserver. As webserver I recommend the Apache Web Server Plugin as I am using this myself. I tried the available dockers first, but somehow I was not able to get it to work there. I see you posted in the plugins thread already. I recommend running as user nobody and setting the permissions and group of the web folder accordingly. Most of the files on your unRAID will have this user and group. You can use the newperms script to achieve proper settings: newperms /mnt/cache/web And a side note: You don't need the config editor to change your proftpd.conf. You can always use nano or something and edit it in an unRAID console. I've not been able to get the apache plugin to work. I'm sure it a configuration issue. The default configuration does not work and I tried a bunch of other directories, but no luck. Says its running, but get 403's. I suspect is a permissions problem. Ran newperms, completed successfully, but no change. Do I need to make any configuration path changes (i.e. Directory, deny, allow, etc?) In messing with Apache, ProFTPd now is not working. It says its running, but when I try to connect, I get: Status: Connecting to 192.168.29.100:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.6rc2 Server (ProFTPd) [192.168.29.100] Command: USER ftpuser Response: 331 Password required for ftpuser Command: PASS ********** Response: 530 Login incorrect. Error: Critical error: Could not connect to server Password and user is correct, ftpuser is in the description. Quote Link to comment
jeffreywhunter Posted February 23, 2017 Share Posted February 23, 2017 18 hours ago, SlrG said: @jeffreywhunter No it won't work with unRAIDs internal webserver. As webserver I recommend the Apache Web Server Plugin as I am using this myself. I tried the available dockers first, but somehow I was not able to get it to work there. I see you posted in the plugins thread already. I recommend running as user nobody and setting the permissions and group of the web folder accordingly. Most of the files on your unRAID will have this user and group. You can use the newperms script to achieve proper settings: newperms /mnt/cache/web And a side note: You don't need the config editor to change your proftpd.conf. You can always use nano or something and edit it in an unRAID console. Great advice. Got it working by installing Apache and then pointing WebServerPath to the SAME directory as the Apache Server (/mnt/user/web/ in my case). A bit of an ordeal connecting all the bits together, just need to pay attention to the details. 1. Apache needs to be installed and working 2. ProFTPd needs to be installed and pointed to the SAME Webserver path that the Apache Web Root is using. Easy peasy...once that's done... Quote Link to comment
jeffreywhunter Posted February 23, 2017 Share Posted February 23, 2017 Update: Got Apache working correctly (was using the wrong web server path - Apache and ProFTPd needed to point to same path - mine was /mnt/user/web). I can now see Edit proftpd.conf. I've setup the ftpuser user with their directory in the description for the ftpuser account (ftpuser /mnt/user) When I try to access the FTP server from FileZilla with the correct user and password (verified), I still get the following: Status: Connecting to 192.168.29.100:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.6rc2 Server (ProFTPd) [192.168.29.100] Command: USER ftpuser Response: 331 Password required for ftpuser Command: PASS ********** Response: 530 Login incorrect. Error: Critical error: Could not connect to server I have to be missing something simple. Thanks in advance for your advice... Quote Link to comment
SlrG Posted February 23, 2017 Author Share Posted February 23, 2017 @jeffreywhunter Please try a different name for your ftpuser. As ftpuser is the catchword I am using in the description to identify ftpusers, it might create a problem in the script that Also for testing try it without any path and only the catchword ftpuser in the description. If it still fails, please look in the syslog if there are errors when you try to log in. If not, please enable the TransferLog in the proftpd.conf and try to check that file for errors when you try to log in. This should hopefully give us clues, what is going wrong for you. Quote Link to comment
jeffreywhunter Posted February 23, 2017 Share Posted February 23, 2017 So I used ftpaccount vs ftpuser and it works - Thanks! I originally had a problem where it always loaded to the root directory, until I restarted the FTP client (Filezilla), once restarted filezilla, its honoring the directory I setup. This is weird because I had it working with ftpuser as the account name. Then when i tried to load up Apache, ftp stopped working. Would Apache somehow affect ProFTPd? Quote Link to comment
SlrG Posted February 23, 2017 Author Share Posted February 23, 2017 Well normally it should not, but as you had it working before and now not, it somehow still might. A quick test on my system using the user name ftpuser and comment ftpuser /mnt/user works perfectly fine. And I am using the Apache plugin, too. So I doubt thats the reason it doesn't work. Did you restart the plugin after changing the users? That is absolutely necessary to make it work. Quote Link to comment
jeffreywhunter Posted February 23, 2017 Share Posted February 23, 2017 6 hours ago, SlrG said: Well normally it should not, but as you had it working before and now not, it somehow still might. A quick test on my system using the user name ftpuser and comment ftpuser /mnt/user works perfectly fine. And I am using the Apache plugin, too. So I doubt thats the reason it doesn't work. Did you restart the plugin after changing the users? That is absolutely necessary to make it work. Update: Got Apache working correctly (was using the wrong web server path - Apache and ProFTPd needed to point to same path - mine was /mnt/user/web). I can now see Edit proftpd.conf. I've setup the ftpuser user with their directory in the description for the ftpuser account (ftpuser /mnt/user) When I try to access the FTP server from FileZilla with the correct user and password (verified), I still get the following: Status: Connecting to 192.168.29.100:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.6rc2 Server (ProFTPd) [192.168.29.100] Command: USER ftpuser Response: 331 Password required for ftpuser Command: PASS ********** Response: 530 Login incorrect. Error: Critical error: Could not connect to server Yes Quote Link to comment
SlrG Posted February 24, 2017 Author Share Posted February 24, 2017 @jeffreywhunter If you are still set on using the ftpuser, please get me the logs I asked for. Maybe they contain clues what is going wrong. Quote Link to comment
xhaloz Posted April 7, 2017 Share Posted April 7, 2017 Did this plugin break with the new unraid update? I just installed it and it wont start at all when I click start. The page refreshes but it still says STOPPED. Nothing in syslog other than Apr 7 14:24:35 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd enable disable 8088 Apr 7 14:24:37 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd buttonstart Apr 7 14:25:07 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd enable enable /mnt/user/Dropbox/Webcam 8088 Apr 7 14:25:42 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd buttonstart Apr 7 14:25:52 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd enable disable /mnt/user/Dropbox/Webcam 8088 Apr 7 14:25:56 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd buttonstart Apr 7 14:26:35 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd buttonstart Apr 7 14:28:57 TheDeathStar emhttp: cmd: /usr/local/emhttp/plugins/ProFTPd/scripts/rc.ProFTPd buttonstart Quote Link to comment
SlrG Posted April 7, 2017 Author Share Posted April 7, 2017 @xhaloz Hmm... I just upgraded my system to unRAID 6.3.3. and the plugin still works as expected. The question is if something fails if it is installed on a new system. Do you still have the complete syslog from installing the plugin? Please upload it on a sharing service and drop me a link. If not, could you remove it completely and reboot your server and try again capturing the syslog this time? Quote Link to comment
xhaloz Posted April 7, 2017 Share Posted April 7, 2017 34 minutes ago, SlrG said: @xhaloz Hmm... I just upgraded my system to unRAID 6.3.3. and the plugin still works as expected. The question is if something fails if it is installed on a new system. Do you still have the complete syslog from installing the plugin? Please upload it on a sharing service and drop me a link. If not, could you remove it completely and reboot your server and try again capturing the syslog this time? Thanks for the speedy reply. I'll delete it and reinstall it and I'll post the snippet of that process. Quote Link to comment
xhaloz Posted April 7, 2017 Share Posted April 7, 2017 Oh wow I got it working! I enabled the built in FTP server from unRAID first and then installed the plugin. Service started right up! Quote Link to comment
xhaloz Posted April 7, 2017 Share Posted April 7, 2017 (edited) My final issue is my FTP user is setup as so in the description ftpuser /mnt/user/Dropbox/Webcam However my home directory takes me to the ProFTP setup EDIT ah it's the correct directory with a ProFTPd folder inside of it Edited April 7, 2017 by xhaloz Quote Link to comment
SlrG Posted April 7, 2017 Author Share Posted April 7, 2017 Hmm... Are you sure you have a webserver running and setup the path to point to the webservers directory for sites? The plugin creates a folder with the config editor there. If you pointed it to your "home" folder, that could explain the ProFTPd folder in there. If you have no webserver, please disable its usage in the plugins settings. You can always edit the proftpd.conf file in an unRAID console. Quote Link to comment
Blacksus Posted April 9, 2017 Share Posted April 9, 2017 Hello, Ive had some struggles with configuring this the way I want, however I am close now. I was able to generate SSL Certs and I have got TLS set up and running. However, I have two problems that I cant fix. 1. I have TLS set up and can only connect with my dynDNS. So external users are fine. However, if I want to connect to the internal IP of my Server, 192.168.178.100, from within the network, I get Quote Error: Transfer connection interrupted: ECONNRESET - Connection reset by peer in filezilla. This is becuse I have to use the MasqueradeAddress command in the settings combined to my DynDNS. To solve this, I have tried adding a virtual host like it is described in the ProFTPd instructions: <VirtualHost 192.168.178.100> ServerName Intern # Note that there is no MasqueradeAddress directive # used in this section! </VirtualHost> This however gives me an even weirder problem - no matter if connecting via DynDNS or internal IP, the logins are supposedly not correct anymore. Quote Response: 530 Login incorrect. They sure are though, as they are saved in my FTP Client. 2. Despite the fact that I can connect to the server with TLS with the DynDNS, I have to restart the Server manually every morning as I have a dynamic IP and ProFTPd does not re-check if the IP of the DynDNS has changed. I would like to write a script that checks if the IP of the dynDNS changed and restarts the server if that is the case. I would need to know how to restart the server from the commandline for this, but I cant seem to find it for this particular plugin. All documentation is for a native installation of ProFTPd. TL;DR: How can I connect to my server via internal IP even though MasqueradeAddress is used in proftpd.conf and how can I restart the server from command line, so it uses the updated IP of the dyndns. I will attach my anonymised proftpd.conf. Im thankful for any help, I'd even buy you a beer ! proftpd.conf Quote Link to comment
SlrG Posted April 9, 2017 Author Share Posted April 9, 2017 To restart the server from the commandline use: /etc/rc.d/rc.ProFTPd restart Otherwise I can't help you quickly. I'll have to try and setup this myself and that will take some time. Quote Link to comment
SlrG Posted April 9, 2017 Author Share Posted April 9, 2017 I was able to reproduce your problem. It happens because you have to use TLSMasqueradeAddress mydns.duckdns.org inside the TLS rule definition and not MasqueradeAdress for your whole server. The virtual host should be obsolete and is not necessary. Quote Link to comment
Blacksus Posted April 10, 2017 Share Posted April 10, 2017 (edited) Thank you for the reply ! I can now restart the server via script and that is all well. However, deleting the MasqueradeAddress and using TLSMasqueradeAddress inside the TLS part instead still gives me Quote Error: Transfer connection interrupted: ECONNRESET - Connection reset by peer when connecting via internal IP Edited April 10, 2017 by Blacksus Quote Link to comment
SlrG Posted April 10, 2017 Author Share Posted April 10, 2017 Hmm... it works fine for me. What does the /var/log/proftpd.tls.log show? Quote Link to comment
Blacksus Posted April 10, 2017 Share Posted April 10, 2017 (edited) Quote 2017-04-10 11:44:15,945 mod_tls/2.7[8527]: TLS/TLS-C requested, starting TLS handshake 2017-04-10 11:44:15,957 mod_tls/2.7[8527]: client supports secure renegotiations 2017-04-10 11:44:15,957 mod_tls/2.7[8527]: TLSv1 connection accepted, using cipher ECDHE-RSA-AES256-SHA (256 bits) 2017-04-10 09:44:15,990 mod_tls/2.7[8527]: Protection set to Privat Edit: Oh wait, I can connect with the local IP if disabling TLS in the client. Is that really the solution though Can you connect with the local IP even with TLS enabled ? Edited April 10, 2017 by Blacksus Quote Link to comment
SlrG Posted April 10, 2017 Author Share Posted April 10, 2017 (edited) Yes. TLS works internally and externally. These are the changes in my proftpd.conf: <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv3 TLSv1 TLSOptions NoSessionReuseRequired TLSRSACertificateFile /boot/config/plugins/ProFTPd/proftpd.cert.pem TLSRSACertificateKeyFile /boot/config/plugins/ProFTPd/proftpd.key.pem TLSVerifyClient off TLSRequired on TLSMasqueradeAddress xxx.ddns.net </IfModule> PassivePorts 60000 60100 I'm forcing TLS and SSLv3, but I think security could be improved further. Also I'm forwarding the active port (xxx on my router to 21 on the unRAID server) and the passive ports from the proftpd.conf. In FileZilla I'm using explicit TLS both internally and externally. The snippet from the tls log looks normal. So I don't really know, why it fails on your system. Edited April 10, 2017 by SlrG Quote Link to comment
Blacksus Posted April 10, 2017 Share Posted April 10, 2017 Very weird. I am also forwarding xxx to 21 and the passive ports. If you could upload yourwhole conf with personal data X'ed out, I'd give that a go. I can deal with having to connect without TLS from internal, by now I'm just really curious. Either way, thank you for your help ! Quote Link to comment
SlrG Posted April 10, 2017 Author Share Posted April 10, 2017 (edited) WTF. Now all of a sudden it stopped working for me, too. I'm not able to connect internally with FileZilla and TLS enabled. Externally with TLS works fine. And now the weird thing. Trying with FireFTP and TLS works internally but not externally. Sadly the logs don't show anything helpful. # Server Settings ServerName ProFTPd ServerType standalone DefaultServer on PidFile /var/run/ProFTPd/ProFTPd.pid # Port 21 is the standard FTP port. You propably should not connect to the # internet with this port. Make your router forward another port to # this one instead. Port 21 # Set the user and group under which the server will run. User nobody Group users # Prevent DoS attacks MaxInstances 30 # Speedup Login UseReverseDNS off IdentLookups off # Control Logging - comment and uncomment as needed # If logging Directory is world writeable the server won't start! # If no SystemLog is defined proftpd will log to servers syslog. #SystemLog NONE #SystemLog /boot/config/plugins/ProFTPd/slog TransferLog NONE #TransferLog /boot/config/plugins/ProFTPd/xferlog WtmpLog NONE # As a security precaution prevent root and other users in # /etc/ftpuser from accessing the FTP server. UseFtpUsers on RootLogin off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # "Jail" FTP-Users into their home directory. (chroot) # The root directory has to be set in the description field # when defining an user: # ftpuser /mnt/cache/FTP # See README for more information. DefaultRoot ~ # Shell has to be set when defining an user. As a security precaution # it is set to "/bin/false" as FTP-Users should not have shell access. # This setting makes proftpd accept invalid shells. RequireValidShell no # Normally, we want files to be overwriteable. AllowOverwrite on <Directory /mnt/cache/FTP> UserOwner nobody GroupOwner users Umask 000 </Directory> <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd-tls.log TLSProtocol SSLv3 TLSv1 TLSOptions NoSessionReuseRequired TLSRSACertificateFile /boot/config/plugins/ProFTPd/proftpd.cert.pem TLSRSACertificateKeyFile /boot/config/plugins/ProFTPd/proftpd.key.pem TLSVerifyClient off TLSRequired on TLSMasqueradeAddress xxx.ddns.net </IfModule> PassivePorts 60000 60100 Edited April 10, 2017 by SlrG Quote Link to comment
dannygonzalez0861 Posted April 11, 2017 Share Posted April 11, 2017 On 4/7/2017 at 5:50 PM, xhaloz said: Oh wow I got it working! I enabled the built in FTP server from unRAID first and then installed the plugin. Service started right up! Just an FYI, I had never used the built-in FTP server but I did have it enabled just in case I was not home and needed a file. Was having issues accessing the built-in FTP yesterday so I disabled it and installed your plugin from CA with no success, I was having xhaloz's same issue that no matter how many times I would start the service via the "Start" button it would refresh the screen and show "Shutdown". I went ahead and tried what xhaloz suggested and it worked like a charm. I recently upgraded from 6.2 to 6.3, not sure if that is why things have changed but it might be something with the new software revision. Thanks for the help! Quote Link to comment
SlrG Posted April 11, 2017 Author Share Posted April 11, 2017 @dannygonzalez0861 Thank you for the confirmation of the problem. I'll have to take a look and probably change the disabling of the internal ftp. That seems to break everything if it is already disabled, as happens to be the default for the newest unraid version but was not on older ones. cheers SlrG Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.