All Products
Search
Document Center

Elastic Compute Service:Build an FTP site on a Windows instance

Last Updated:Oct 20, 2023

You can build an FTP site on a Windows Elastic Compute Service (ECS) instance so that you can transfer files to or from the instance after you connect to the instance. This topic describes how to build an FTP site on a Windows ECS instance.

Prerequisites

An ECS instance that meets the following requirements is created:

  • The instance is associated with an auto-assigned public IP address or an elastic IP address (EIP). For more information, see Associate or disassociate an EIP.

  • The instance runs Windows Server 2008 or later.

Step 1: Add Internet Information Services (IIS) and FTP server roles

Make sure that the IIS and FTP services are installed on the Windows instance on which you want to build an FTP site. If you have not installed the IIS and FTP services on the instance, perform the following steps to install the services.

  1. Connect to the Windows instance.

    For more information, see Connect to a Windows instance by using a username and password.

  2. In the lower-left corner of the Windows desktop, click the win图标 icon. Then, find and click Server Manager.

  3. In the top navigation bar, choose Manage > Add Roles and Features.

    IIS win2016
  4. In the dialog box that appears, accept the default settings and click Next until you reach the Select server roles step.

  5. Select Web Server (IIS). In the dialog box that appears, click Add Features and then click Next.

    ftp2
  6. Accept the default settings and click Next until you reach the Select role services step.

  7. Select IIS Management Console and FTP Server and click Next.

    ftp3
  8. Click Install. After the IIS and FTP server roles are added, click Close.

(Optional) Step 2: Create a Windows user

Create a Windows user to access the FTP site to be built. If you want to access the FTP site as an anonymous user with the anonymous or ftp username, skip the steps described in this section.

  1. In the lower-left corner of the Windows desktop, click the image.png icon. Then, choose Windows Administrative Tools > Computer Management.

  2. In the left-side navigation pane, choose System Tools > Local Users and Groups > Users.

    ftp4
  3. In the Actions column in the right part of the window, click More Actions and then click New User...

    ftp5Configure the following parameters or settings:

    • User name: Enter a username. In this example, the ftptest username is used.

    • Password and Confirm password: Enter a password.

      Note

      The password must contain uppercase letters, lowercase letters, and digits. Keep your password confidential to prevent data security risks caused by password leaks.

    • Password-related settings: Select Password never expires.

  4. Click Create and close the New User dialog box.

Step 3: Configure permissions for sharing files

Create a folder for sharing files with the FTP site and grant the access and modification permissions on the folder. Subsequently, when clients access the FTP site, all files are transferred by using this folder. Perform the following operations:

  1. On a disk of the Windows instance, create a folder for the FTP site to use.

    In this example, a folder named ftp is created on Disk C.

  2. Right-click the ftp folder and select Properties.

  3. Click the Security tab and then click Edit.

  4. Click Add...

  5. In the dialog box that appears, enter ftptest as the object name and click Check Names.

  6. Check that the entered object name is correct and click OK.

  7. In the Group or user names section, click the ftptest username, configure permissions in the Permissions for ftptest section, and then click OK.

    In this example, all permissions in the Allow column are selected. You can select or clear permissions in the Allow or Deny column based on your business requirements.username

Step 4: Create and configure an FTP site

  1. In the lower-left corner of the Windows desktop, click the win图标 icon. Then, find and click Server Manager.

  2. In the top navigation bar, choose Tools > Internet Information Services (IIS) Manager.

    ftp8
  3. In the left-side navigation pane, choose <Hostname of the Windows instance> > Sites. Then, in the Actions column in the right part, click Add FTP Site.

    ftp9
  4. In the dialog box that appears, configure parameters and click Next.

    10Configure the following parameters:

    • FTP site name: Enter a name for the FTP site. Example: ftptest.

    • Content Directory: Specify the path to the shared folder required by FTP. In this example, the shared folder is the ftp folder created on Disk C.

  5. Configure the IP address and SSL settings and click Next.

    绑定IP和SSLConfigure the following parameters:

    • IP Address: Accept the default settings.

    • SSL: In this example, No SSL is selected, which indicates that SSL encryption is not required. If you want to secure data transfers and already have an SSL certificate, select Allow SSL or Require SSL.

      • No SSL: SSL encryption is not required.

      • Allow SSL: The FTP server is allowed to support both non-SSL and SSL connections with a client.

      • Require SSL: SSL encryption is required for communication between the FTP server and a client.

    • Accept the default settings for other parameters.

  6. Configure authentication and authorization information and click Finish.

    身份和授权Configure the following parameters:

    • Authentication: In this example, only Basic is selected. Then, you can use the ftptest user that you created to access the FTP site. If you do not have security requirements on data transfers, you can select Anonymous so that you can access the FTP site as an anonymous user.

      • Anonymous: allows users that provide the anonymous or ftp username to access content.

      • Basic: requires users to provide valid usernames and passwords to access content. Basic authentication transmits unencrypted passwords across the network. We recommend that you use basic authentication only when you are certain that the connection between the client and the FTP server is secure, such as when SSL encryption is used.

    • Authorization: In this example, Allow access to is set to Specified users, and ftptest is entered.

      • All users: All users are allowed to access the shared folder corresponding to the FTP site.

      • Anonymous users: Anonymous users can access the shared folder corresponding to the FTP site.

      • Specified roles or user groups: Only specified roles or members of specified groups can access the shared folder corresponding to the FTP site. Enter roles or groups in the corresponding field.

      • Specified users: Only specified users can access the shared folder corresponding to the FTP site. Enter usernames in the corresponding field. In this example, ftptest is entered.

    • Permissions: Select both Read and Write.

    After you preform the preceding steps, you can view the built FTP site in Internet Information Services (IIS) Manager.13

  7. Configure the firewall of the FTP site.

    1. In the Internet Information Services (IIS) Manager window, double-click the FTP site name ftptest to go to the ftptest Home page.

    2. Double-click FTP Firewall Support.

      FTP防火墙支持
    3. In the External IP Address of Firewall field, enter <Public IP address of the Windows instance>.

    4. In the Actions column on the right side, click Apply. In the message that appears, click OK.

Step 5: Configure security groups and the firewall

After you build the FTP site on the Windows instance, add inbound rules to the security groups of the instance to allow traffic to port 21 and the passive port range of 1024 to 65535 of the FTP server.

Note

Specify the port range based on your needs. We recommend that you use ports with higher numbers. In this example, the port range of 29000 to 30000 is used.

  1. In the security groups of the Windows instance, add inbound rules to allow traffic to port 21 and ports in the range of 29000 to 30000.

    For information about how to add a security group rule, see Add a security group rule.

    Note

    For more information about security groups, see Security groups for different use cases and Common ports.

  2. (Optional) Configure the firewall of the Windows instance.

    By default, the firewall of the Windows instance is disabled. If your firewall is enabled, open TCP port 21 and ports in the range of 29000 to 30000 for the FTP service.

    For more information about firewall settings, see Build an FTP Site on IIS.

Step 6: Use a client to test access to the FTP site

You can use Windows File Explorer, command-line tools, browsers, or third-party FTP connection tools to test the FTP server. In this example, a Windows computer is used as an FTP client and Windows File Explorer is used to access the FTP site.

  1. On the Windows computer, open Windows File Explorer and enter ftp://<Public IP address of the FTP site>:21 in the address bar.

    In this example, Window 10 is used.Windows文件目录

  2. In the Log On As dialog box, configure logon credentials and click OK.

    In this example, the ftptest username and its password are used as credentials to log on to the FTP site. 登录FTP站点When you use Windows File Explorer to access the FTP site, if Use Passive FTP is not enabled for the IE browser on Windows, you cannot access the FTP site and error codes 200 and 501 are returned. You can perform the following steps to enable Use Passive FTP for the IE browser and then access the FTP site again:

    1. On the Windows computer, open the IE browser.

    2. In the upper-right corner, click the IE工具图标 icon and select Internet Properties.

    3. Click the Advanced tab. In the Settings section, select Use Passive FTP (for firewall and DSL modem compatibility).使用被动FTP

    4. Click Apply and then click OK.

    After you access the shared ftp folder that corresponds to the FTP site, you can create a test folder named test. 新建测试文件夹Then, you can log on to the Windows instance again. If the FTP site is built and can be used for data transfers, you can find the test folder in the ftp folder on Disk C.实例ftp文件夹

What to do next

If you want to manage files stored in Object Storage Service (OSS) by using FTP, you can install ossftp. For more information, see Overview.

After ossftp receives a regular FTP request, ossftp maps operations on files and folders to operations on OSS objects.