Configuring FileZilla Server for FTPS on Windows Server

FileZilla

If you are managing a Windows server and need a way to transfer files, you may need to use FTP, and the best way to do this is with FileZilla Server. Here’s how to set it up.

FileZilla is open source software available for free under the GNU General Public License. FileZilla Server is the server hosting component, which supports FTP and FTPS, and FileZilla Client is the application for using FTP and connecting to FTP servers. It should be noted that FileZilla Server also works well on Windows 10, but it is probably a less common use.

To start setting up your new FTP host, connect to your server and download FileZilla Server for Windows.

Installing FileZilla Server

To begin the installation, run the FileZilla Server installer as an administrator user on your server. For this part of the process, there is no special configuration or modification to be made during installation. You can leave all the default settings as is and complete the installation.

The default settings leave the FileZilla server running if a user logs in and run it as a service. This way, even if you log out, the FTP server will continue to operate.

When the installation program is finished, open FileZilla Server if it did not open automatically.

FileZilla Server Configuration

The first thing you will see when you open the FileZilla server interface is a connection. Since we have not yet set a password and have left our administration port as is, you can simply select Connect to connect to the server from administration.

Password and administration port definition

To set the password used to manage FileZilla Server, go to Edit> Settings in the top navigation menu.

In our settings menu, look for the settings of the administration interface on the left side.

This settings page gives us the possibility to define the administrative password and port, which are listening on the localhost interface, so the port is correct unless it conflicts with another application that you run.

However, you may want to be the only user who can manage the FTP server and create users. If so, set an administrator password here. The minimum password length is 6 characters and can be reset to an empty password by leaving the field blank, which is probably unwise.

Securing the FileZilla server and transactions

FTP is a notoriously insecure protocol that uses plain text on a standard port, so the first thing we’re going to want to do is make some changes to lock things down a bit.

Definition of an obscure port for FTP use

The first step is to change the default FTP port from 21 to something more obscure that attacking bots will not find as easily. Changing the port doesn’t mean they won’t find or find the server, it just makes it a little less likely to be attacked.

To do this, go to the Edit> Settings menu. The page we are looking for, General Settings, will be the default page loaded.

To change the default listening port (21), you can modify this field and change it to another port open on your server. Although we cannot determine which ports are available to you, find a top port that is free for your use and assign it here. When you save the changes, the FTP service automatically restarts and your port is updated.

Configuring FTP over TLS (FTPS)

Using FTPS is the most effective way to secure your FTP server. By default, FTP will leave all data and transactions in plain text format, easily intercepted by users with network access. Username, password and transferred data can all be compromised very easily without setting up secure FTP over TLS.

To encrypt FileZilla, go to Edit> Settings> FTP Settings over TLS.

First, check the box labeled “Enable FTP over TLS (FTPS) support” as shown in the image above. This enables TLS support, but still needs to be configured. It would be wise to also choose the “Prohibit unencrypted FTP” option if you can.

You can also change the port to something non-standard, which might be a wise decision since you’ve already changed the normal FTP port. Again, this won’t really protect you, but it makes bots less of a nuisance.

To use FTPS, we need an SSL certificate to encrypt the communication. If you have an SSL certificate, you can assign this certificate here.

If you don’t already have a certificate open, FileZilla Server allows us to generate a self-signed certificate directly via the settings menu. To begin, select the “Generate new certificate” button.

Fill out the form the same way you fill out any other SSL certificate form, making sure to use your FTP server address as the common name for the certificate. This assumes that the domain is configured on the same server as the FTP server and probably the same IP address.

Once you have filled in this information, go ahead and generate the certificate. Select the generated file for the private key and the certificate file. Add a key password if necessary.

Make a note of your updated port numbers, as we will need them to create firewall rules to allow remote access to our FTP server.

Opening FileZilla to remote addresses

If your firewall is properly configured, your FTP server should not yet be accessible to the public. In order to allow remote access, we will need to manually add firewall rules and exceptions for our ports.

To do this, open the Windows Firewall with advanced security application on your server and access the incoming rules.

Create a new rule and select Port as the rule type.

In the next step, add the ports you define for FTP and FTPS. In the example below, the default ports 21 and 990 are configured. Update them to match the ports you previously configured.

Go ahead, click next in the rest of the menus and name your firewall rule. Select Finish to create our new rule.

Our FTP server should now be accessible remotely from any computer authorized to reach the server. Some servers may require you to make a firewall exception for the FileZilla program itself. This will depend on your server settings and configurations, but it should be noted that if you are having problems accessing your server remotely.

However, before we can log in and test this, we need to create an FTP user and share a folder for FTP.

Create users, assign groups and share folders

Before we can connect to our server, we need to create a user and group for FTP and define the folders to which this user should have access. To start, open Edit> Groups from the FileZilla server interface.

Let’s create a group by clicking on the Add button and naming our group. I defined the arbitrary name, FTP Users, as a group.

Once this is set, go to the shared folders on the left side of the Groups menu.

In the menu, add the desired folder location for FTP users. For our use, we want our single user and their group to have access to the entire C: inetpub folder.

In the example above, we did not provide write or delete access, or create and delete directories. If this is a desired authorization, which in most cases will be, check the Write and Delete boxes under Files as well as the Create and Delete boxes under Directories.

Once done, click OK.

Now let’s create our FTP user and assign it to our group. To do this, go to Edit> Users in the FileZilla server interface and add a new user.

Name your user and assign it to our FTP user group we just created, then click OK.

Now we need to set a password for our user. To do this, check the password box and enter the desired password! Easy!

Click on OK.

Congratulations! You have just created a secure FTP server with FileZilla Server!

You will now be able to connect by FTP to your server from another computer and connect with the user name and password that we defined during this guide. If you are working on FTP via TLS, we can connect to our server with FTPS to use encryption.

FileZilla Server facilitates the deployment of FTP servers and its simple interface facilitates the management of FTP users and services. Although there are many other features of FileZilla Server, these are the most important for setting up and securing a new server and many tests need to be done to ensure the highest quality services to end users.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.