Step 1: Update Your System

Before starting, ensure that your Ubuntu system is up to date. Run the following commands to update the package lists and install any available upgrades:

sudo apt update && sudo apt upgrade -y

Keeping your system updated ensures that you have the latest security patches, which is crucial when managing an FTP server, especially when using platforms like VPS Windows Servers.

Step 2: Install vSFTPd

The vSFTPd (Very Secure FTP Daemon) is a fast and secure FTP server for Unix-based systems. Install it using the following command:

sudo apt install vsftpd -y

After installation, start and enable the vSFTPd service:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Step 3: Configure vSFTPd

Now, let's configure vSFTPd for secure connections. Open the vSFTPd configuration file:

sudo nano /etc/vsftpd.conf

Add or modify the following lines to configure the FTP server:

# Enable write permissions for users
write_enable=YES

# Restrict users to their home directory
chroot_local_user=YES

# Enable passive mode
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=10100

# Disable anonymous login
anonymous_enable=NO

# Allow local users to login
local_enable=YES

# Enable TLS
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

Save and close the file.

Step 4: Create SSL/TLS Certificates

To secure FTP connections with TLS, you need to create an SSL certificate. You can create a self-signed certificate using OpenSSL:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem

Follow the prompts to provide certificate details. Once the certificate is created, make sure the permissions are set correctly:

sudo chmod 600 /etc/ssl/private/vsftpd.pem /etc/ssl/certs/vsftpd.pem

Step 5: Configure the Firewall

If you have a firewall enabled on your Ubuntu server, you need to allow FTP and the passive port range through the firewall. Use the following commands to allow the necessary ports:

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 10000:10100/tcp

Reload the firewall to apply the changes:

sudo ufw reload

Step 6: Restart vSFTPd

After configuring vSFTPd and creating the SSL certificate, restart the vSFTPd service to apply the changes:

sudo systemctl restart vsftpd

Step 7: Test FTP Server

You can now test your FTP server using an FTP client like FileZilla. Ensure that you connect using FTP over TLS. Use your server's IP address, FTP username, and password to connect securely. If you are hosting the server on a UK Windows VPS, make sure to use the correct external IP address provided by your VPS provider.