If you’re managing a Windows Server and you need a way to transfer files, you might need to resort to using FTP, and the best way to do that is with FileZilla Server. Here’s how to set it up.
FileZilla is open-source software that is available for free under the GNU General Public License. FileZilla Server is the server hosting component, which supports both FTP and FTPS, and the FileZilla Client is the application for utilizing FTP and connecting to FTP servers. It’s worth noting that FileZilla Server works fine on Windows 10 as well, but that’s probably a less common use.
To get started setting up your new FTP host, login to your server and download FileZilla Server for Windows.
Installing FileZilla Server
To begin installing, run the FileZilla Server installer as an administrator user on your server. For this part of the process, there are no special configurations or changes that need to be made during the installation. You can leave all the default settings as they are and finish the installation.
The default settings leave the FileZilla Server running if any user logs in and will keep the server running as a service. This way, even if you log out, the FTP server will still continue to function.
Once the installer is complete, open FileZilla Server if it did not automatically open itself.
Configuring FileZilla Server
The first thing you will see when you open the FileZilla Server interface is a login. Because we have not set a password yet and left our administrative port as is, you can simply select Connect to login to the server from the administration end.
Setting the Administrative Password and Port
To set the password used to manage FileZilla Server, let’s go to Edit > Settings in the top navigation menu.
From our settings menu, find Admin Interface settings on the left-hand side.
This settings page gives us the opportunity to set the administrative password and port, which is listening on the localhost interface, so the port is fine unless it conflicts with some other application you’re running.
However, you may want to be the only user who can manage the FTP server and create users. If this is the case, set an administrative password at this location. The minimum password length is 6 characters and can be reverted to a blank password by leaving the field empty, which probably isn’t wise.
Securing FileZilla Server and Transactions
FTP is a notoriously insecure protocol that uses plain-text over a standard port, so the first thing we’re going to want to do is make some changes to lock things down a bit.
Setting an Obscure Port for FTP Use
The first step is to change the default FTP port from 21 to something more obscure that attacking bots won’t be scanning for as easily. Changing the port doesn’t mean they won’t or can’t find the server, it just makes it a little less likely to be attacked.
To do this, navigate to the Edit > Settings menu. The page we are looking for, General Settings, will be the default page loaded.
To change the default listening port (21), you can modify this field and change it to another open port on your server. While we can’t determine what ports are available for you, find a high port that is free for your use and assign this here. When you save changes, the FTP service will restart automatically and your port will be updated.
Configuring FTP over TLS (FTPS)
Utilizing FTPS is the most effective way to secure your FTP server. By default, FTP will leave all data and transactions in a plain-text format, easily intercepted by users with network access. The username, password, and data being transferred can all be compromised very easily without configuring secured FTP over TLS.
To encrypt FileZilla, navigate to Edit > Settings > FTP over TLS settings.
First, check the box labeled “Enable FTP over TLS support (FTPS)” as shown in the image above. This enables TLS support, but still needs to be configured. It would be wise to choose the “Disallow plain unencrypted FTP” option as well if you are able to.
You can also change the port to something non-standard, which might be a wise decision considering you already changed the regular FTP port. Again, it won’t actually protect you, but it makes bots less of a nuisance.
To use FTPS, we need a SSL certificate to encrypt communication. If you have an SSL certificate available, you can assign this certificate here.
If you do not already have an open certificate, FileZilla Server allows us to generate a self-signed certificate right through settings menu. To get started, select the “Generate New Certificate” button.
Fill out the form the same way you would fill out any other SSL certificate form, making sure to use your FTP server address as the common name for the certificate. This assumes the domain is configured on the same server as the FTP server, and likely the same IP address.
Once you have filled this information out, go ahead and generate the certificate. Select the generated file for the private key and certificate file. Add a key password if necessary.
Take note of your updated port numbers, as we will need these to create firewall rules to allow remote access to our FTP server.
Opening FileZilla to Remote Addresses
If your firewall is configured properly, your FTP server should not be accessible to the public yet. In order to allow remote access, we will have to manually add firewalls rules and exceptions for our ports.
To do this, open up up the Windows Firewall with Advanced Security application on your server and navigate to Inbound Rules.
Create a New Rule and select Port as the type of rule.
At the next step, add the ports you set for FTP and FTPS. In the example below, we have the default ports 21 and 990 configured. Update these to match the ports that you configured earlier.
Go ahead and click next through the rest of the menus and name your firewall rule. Select Finish to create our new rule.
Our FTP server should now be remotely accessible from any computer that is allowed to reach the server. Some servers may require you to make a firewall exception for the FileZilla program itself. This will depend on your server settings and configurations, but is worth noting in case you run into issues accessing your server remotely.
However, before we can login and test this, we have to create an FTP user and share a folder for FTP.
Creating Users, Assigning Groups, and Sharing Folders
Before we can login to our server, we have to create a user and group for FTP and set which folders this user should have access to. To get started, open Edit > Groups from the FileZilla Server Interface.
Let’s create a group by clicking the Add button and naming our group. I have set the arbitrary name, FTP Users, as our group.
Once this is set, navigate to Shared Folders on the left-hand side of the Groups menu.
In the menu, Add the desired folder location for FTP users. For our use, we want our single user and group to have access to the entire C:\inetpub folder.
In the example above, we have not provided Write or Delete access, or the creation and deletion of directories. If this is a desired permission, which it will be in most cases, check the Write and Delete check boxes under Files as well as the Create and Delete check boxes under Directories.
Once this is done, click OK.
Now let’s create our FTP user and assign it to our group. To do this, navigate to Edit > Users in the FileZilla Server Interface and Add a new user.
Name your user and assign it to our FTP Users group we just created and click OK.
Now we must set a password for our user. To do this, check the password box and enter the desired password! Easy!
Congratulations! You have now created a secured FTP server with FileZilla Server!
You will now be able to FTP to your server from another computer, and login with the username and password’s we set during this guide. If working on FTP over TLS, we can connect to our server with FTPS to utilize encryption.
FileZilla Server makes it easy to deploy FTP servers and its simple interface makes managing FTP users and services a breeze. While there are many more features of FileZilla Server, these are the most important to configuring and securing a new server and plenty of testing should be performed to ensure the highest quality services for end-users.