계정추가
Remark:
CentOS 에 계정을 추가 하고 fileziller 로 파일을 계정폴더에 올려 보자.
1. 디렉토리 생성 (계정생성시 디렉토리 만들지 않는 경우)
1 2 3 |
# mkdir /var/www/helloworld |
2. helloworld 계정 생성
1 2 3 |
# sudo useradd -c helloworld -d /var/www/helloworld -s /usr/sbin/nologin -p passwd hello |
3. hello passwd 설정
1 2 3 |
# sudo passwd hello |
4. helloworld 폴더권한 설정
1 2 3 4 |
# sudo chown -R hello:apache /var/www/helloworld/ # sudo chmod -R 755 /var/www/helloworld/ |
5. vsfpd setting and port change
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# cat vim /etc/vsftpd/vsftpd.conf listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES #connect_from_port_20=YES chroot_local_user=YES #listen_ipv6=YES rsa_cert_file=/etc/ssl/certs/vsftpd.pem pam_service_name=vsftpd listen_port=50021 pasv_min_port=60010 pasv_max_port=60018 pasv_address= {내 Server IP} pasv_addr_resolve=YES pasv_enable=YES log_ftp_protocol=YES force_dot_files=YES hide_ids=YES max_per_ip=10 max_clients=100 allow_writeable_chroot=YES |
6. port services change – 필요 없음
1 2 3 4 5 |
# sudo vi /etc/services ftp 21/tcp => ftp 50021/tcp |
7. firewall open (OR iptable)
1 2 3 4 5 |
Inbound range : * use IP Only Open fpt tcp : 50021 passv tcp : 60010:60018 |
8. restart vsftpd
1 2 3 |
# systemctl restart vsftpd |
9. SSL (if need) – 다른 SSL 필요시
1 2 3 |
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem |
10. SSL vsftpd add – 다른 SSL 필요시
1 2 3 4 5 |
rsa_cert_file=/etc/vsftpd/vsftpd.pem rsa_private_key_file=/etc/vsftpd/vsftpd.pem ssl_enable=YES |
ERR : “ECONNREFUSED – 서버에서의 연결 거부”(으)로 연결 시도 실패.