Ubuntu FTP Server虛擬主機

Configuring Virtual Hosts for Ubuntu FTP Server (vsftpd)

To set up virtual hosts on an Ubuntu FTP server using vsftpd (Very Secure FTP Daemon), follow these structured steps. Virtual hosting allows a single FTP server to serve multiple domains or users with isolated directories.

1. Install vsftpd

Update your package list and install vsftpd:

sudo apt update
sudo apt install vsftpd

2. Configure vsftpd

Edit the main configuration file (/etc/vsftpd.conf) to enable virtual hosting and basic security:

sudo nano /etc/vsftpd.conf

Make the following changes:

Enable local user login: local_enable=YES
Allow write operations: write_enable=YES
Restrict users to their home directories (chroot): chroot_local_user=YES
Permit chroot directory to be writable (avoids permission issues): allow_writeable_chroot=YES
Enable virtual host support: Add virtual_use_local_privs=YES and user_sub_token=$USER
Set dynamic local root for each user: local_root=/home/$USER
Disable anonymous access (optional but recommended for security): anonymous_enable=NO

Save and exit the editor.

3. Create Virtual Host Directories

For each virtual host (e.g., user1, user2), create a dedicated directory and set ownership:

sudo mkdir -p /home/user1/ftp
sudo mkdir -p /home/user2/ftp
sudo chown user1:user1 /home/user1/ftp
sudo chown user2:user2 /home/user2/ftp
sudo chmod 755 /home/user1/ftp
sudo chmod 755 /home/user2/ftp

Replace user1, user2 with your desired usernames and adjust directory paths as needed.

4. Create System Users for Virtual Hosts

Each virtual host requires a system user to associate with its directory. Create users without shell access (for security):

sudo adduser user1 --shell /usr/sbin/nologin
sudo adduser user2 --shell /usr/sbin/nologin

Set strong passwords when prompted.

5. Restart vsftpd

Apply configuration changes by restarting the service:

sudo systemctl restart vsftpd

6. Configure Firewall

Allow FTP traffic (port 21) and passive mode ports (typically 40000–50000) using UFW:

sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw reload

7. Test Virtual Hosts

Use an FTP client (e.g., FileZilla) to verify connectivity:

Host: Your server’s IP address
Username: user1 (or the virtual host username)
Password: The password set for the user

You should be restricted to the corresponding directory (e.g., /home/user1/ftp). Repeat for each virtual host.

Key Notes

Security: Always disable anonymous access (anonymous_enable=NO) in production. Use strong passwords and consider enabling SSL/TLS (FTPS) for encrypted connections.
Passive Mode: Ensure passive mode ports are open in your firewall to avoid connection issues for clients behind NAT.
Logs: Monitor /var/log/vsftpd.log for troubleshooting (e.g., login failures, permission errors).

By following these steps, you can successfully configure virtual hosts on an Ubuntu FTP server using vsftpd, providing isolated storage for multiple users or domains.