FTP — file transfer protocol. It is used for transferring files by local network clients, as well as for uploading data to local and remote storage.
Consider configuring an FTP server from the Microsoft IIS Suite, creating a self-signed certificate, and configuring secure file transfer.
Operating System — Windows Server 2012 R2.
Install the IIS Web Server
We start the Server Manager from the Start menu or by clicking on the icon on the taskbar.
Select Add roles and components.
In the new window, select, on the left, the Installation Type, then Install roles or components, click the «Next» button.
From the proposed server pool, select the necessary one. In our case, he is alone, click «Next».
In the list of roles, we find the Web server (IIS) and put a tick in front of this item.
In the new window, the Add Roles and Features Wizard simply click on «Add components». This window usually appears when you first install Web Server (IIS). Click «Next».
On the left, click on the Role Service (sub-item Web Server Role (IIS)). We put a daw in front of the FTP server. If necessary, check the box next to FTP Extensibility. Click «Next».
We check the components for installation. At the first installation, we recommend that you check the box in the Automatically restarts the destination server, if necessary. Click «Install». Important! The first time you install Web Server (IIS), additional service components will be installed.
We are waiting for the installation process to complete. In the end, click «Close».
We proceed to configure the server
- Open Administration. You can from the Start menu, but if this item is not there, then Start -> Control Panel -> System and Security -> Administration
- Launch IIS Manager
- In the window that opens, on the left side, expand the branch under the necessary server. Right-click on the «Sites» element and select «Add FTP Site» …
- In the new window Add FTP Site, specify the name and path to the directory where the files will be located. Click «Next».
- In the updated window, specify on which IP addresses the FTP server will be launched (it is important when the server has several network interfaces or aliases), and also indicate the port that the service will listen on (by default, 21 TCP ports). Check for the presence of the Start FTP site automatically. In the SSL settings, specify Without SSL. If encryption is required, then select the appropriate item and specify the certificate. Click «Next».
- The next step is to configure authentication. In the Authentication section, select Normal (if anonymous access is required, select «Anonymous»). In the Authorization section, you can flexibly specify access for users. In our example, we will allow access to all users except anonymous. Allow reading and writing. Click “ Done ”
- If successful, a line with the name of the added FTP server (site) will be added to the IIS Manager window. Roll up or close this window. We will no longer need it.
Configuring the firewall
- In the Administration window, open Windows Firewall in Advanced Security mode.
- In the window that opens, in the left part, select the «Rules» for incoming connections. In the right part, click on «Create rule» …
- In the new window, select «Predefined». From the drop-down list, select the FTP server. Click «Next».
- We tick off all the items, click «Next».
- The next step is to select Allow connection, click «Done».
The selected rules will be added to the General list of incoming connection rules. To apply the firewall settings, you must restart the server.
You can connect to the server with any FTP client by specifying the server IP address, username and password, for example, FileZilla. However, server availability can also be checked using Internet Explorer. In the address bar, specify ftp: //IP.address.our.server/ (or domain name). Specify the user name and password.
Configure Secure FTP
To protect traffic, it is recommended to use SSL certificates. You can use self-signed certificates or issued by a certification authority. Please note that when connecting to a server with a self-signed certificate, the user will be notified about this.
Create a self-signed certificate
- We start the IIS Manager (see Server setup above).
- In the window that opens, on the left side, expand the branch under the necessary server. Select «Server Certificates».
- In the new window, on the right side, select «Create a self-signed certificate».
- In the window that opens, specify the name of the certificate and its type — «Personal». Click «OK».
The certificate has been generated. Now let’s move on to setting up secure FTP.
- In the IIS Manager window, on the left side, expand the branch under the necessary server, select the created server. In the main part of the window, select «FTP SSL Settings».
- In the updated window, in the drop-down list, select the created certificate, or issued by a certification authority, if any. Select «Require SSL Connection». In the right part of the window, select «Apply». Close the window, if necessary.
To connect to a secure FTP server, we recommend using WinSCP.
File Protocol — FTP
Encryption — TLS/SSL Explicit encryption
Host name — IP address or domain name.
Port — 21, or which was specified.
Name and password of the system user.