Using a domain to connect to the server via FTP instead of the ip.

December 7, 2016 735 views
DigitalOcean Ubuntu 16.04

Hey, so I am running an Ubuntu 16.04 server with vsftpd installed according to this tutorial. Everything works fine and I can upload files using an ftp client.

However I would like to use one of my domains instead of the IP in the ftp client to connect to the server.

I am using the digital ocean name server with basically all default settings. My domain points to the server IP.

On my server I am running docker and an nginx proxy. This proxy redirects the incoming traffic to an upstream e.g. a nodejs server (also docker).

The nginx config is the following:

server {
    server_name ~. ;
    listen 80;
    listen [::]:80;
    # config for .well-known
    include /etc/nginx/includes/letsencrypt.conf;

    location / {
        return         301 https://$host$uri;
    }
}

# Redirect all www to non-www
#
server {
    listen 80;
    listen [::]:80;
    server_name "~^www\.(.*)$" ;
    return 301 https://$1$request_uri;
}

# Redirect https www to non-www
#
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.domain.com;
    ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
    return 301 https://domain.com$request_uri;
}
server {
    server_name domain.com;
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

isten 443 ssl http2;
listen [::]:443 ssl http2;

# access_log
access_log            /var/log/nginx/access.log;
# proxy_pass config
location / {
    # include proxy presets
    include /etc/nginx/includes/proxy.conf;
    proxy_pass              http://upstream$uri;
}
# general ssl parameters
include /etc/nginx/includes/ssl-params-with-preload.conf;

root         /var/www/html;
}

I am using the suggested FTP with SSL method in my ftp client.

Any idea what I am doing wrong? Thanks.

2 Answers

Hey There. Thanks for posting here, this was not going to be easy to troubleshoot over social media. As we've already ruled out a service in front of your droplet like CloudFlare lets dig into this.

You mentioned that you can reach your droplet's FTP service by using the IP address but not when using your domain. Can you share the domain name you're having trouble with? If you're not comfortable sharing it publicly you can include it in an email to me (ryan[at]digitalocean.com)

  • Hey, one domain for example is lukasoppermann.com

    • I was able to confirm that that domain is resolving properly for me to the same IP address as your droplet. I then attempted an FTP connection on port 21:

      $ ftp lukasoppermann.com
      Connected to lukasoppermann.com.
      220 (vsFTPd 3.0.3)
      Name (lukasoppermann.com:ryan): 
      

      And it appears to be responding as expected there (from outside DO's network). If your attempts are not getting that far there may be a cached DNS result that is causing the name to resolve incorrectly (though if this were the case web requests would likely go to the same place).

      While your individual web services are being run in docker, as I understand it vsftpd is installed directly on the droplet so it also wouldn't be a port mapping issue.

      Are you getting a complete failure to connect to the service or a failure to authenticate?

      • Yes, correct vsftpd is directly on the droplet.

        I am getting an authentication error.

        Hmm, all other domains work now. Maybe it is something to do with the ssl certificate?

        • Further information:

          • I have 2 domains that use external name servers, they work fine.
          • I have one domain: lukas-oppermann.de which uses the digital ocean nameserver and works fine
          • I have 2 domains (lukasoppermann.de & lukasoppermann.com) which both use the digital ocean nameserver (same setup as for lukas-oppermann.de) but they do not work.

          The error I am getting is in transmit is:

          Could not connect to server “lukasoppermann.de”.

          Server said: Login incorrect.

          Your password may be incorrect. Please double-check your login settings.

          When using ftp -p domain.com I am getting this for both:

          Connected to domain.com.
          220 (vsFTPd 3.0.3)
          Name (domain.com:lukasoppermann): lukas
          530 Non-anonymous sessions must use encryption.
          ftp: Login failed

Why are you using FTP instead of SFTP?

  • How does this make a difference for the connection issue?

    • Because it uses the same port as SSH and it isn't extremely insecure like FTP.

      • But doesn't this involve the users having ssh access as well? This is not desired. Also why is is SFTP more secure than FTPS?

        Also if I would connect via SFTP wouldn't this domain instead of IP issue still exist?

Have another answer? Share your knowledge.