Large-scale cluster FTP Proxy Solution

Source: Internet
Author: User

In our daily work, we often need to enable the FTP (Server) service on a Server. However, such a simple thing is often complicated for the following reasons:

1. the FTP server to be activated does not have a public IP address; that is, it cannot be accessed directly)

2. There are many such servers, probably hundreds or even thousands;

3. All FTP accounts must be virtual accounts, not local, and must be stored centrally.

There are many such cases. For example, an enterprise usually needs to provide development and testing environments for developers and testers. The machines in this environment usually only have private network addresses, developers need to upload their own code through FTP.

Solution]

1. There are many solutions for problem 1 (no public IP addresses), such as using Iptables for port ing or even Using VPN, which are too complicated and costly to maintain; A better solution is to use a Server with both a public network and a private network as an FTP Proxy. If this proxy is enabled, you do not need to set NAT for each real FTP Server. This is different from the iptables method)

2. For question 2 and 3, you can only use a virtual account and store all account information in a database.

The general architecture is as follows:

This architecture is assumed to be:

* The IP addresses of the FTP Proxy Server are 8.8.8.8.8 public network and 192.168.1.10 (Private Network)

* The FTP Server uses pureftpd with the address 192.168.1.11.

* The IP address of the MySQL Server is 192.168.1.15.

In this architecture, the user login FTP process:

1. the user submits the user name and password to the FTP Proxy

2. FTP Proxy access to FTP Server

3. the FTP Server accesses the MySQL Server to verify the user name and password.

Configuration process]

1. Configure the FTP Proxy Server-8.8.8.8

1.1 download and install FTP proxy:

wget ftp://ftp.ftpproxy.org/pub/ftp.proxy/ftpproxy-1.2.3.tgztar czvf ftpproxy-1.2.3.tgzcd ftpproxy-1.2.3make && make install

1.2 start ftp. proxy

ftp.proxy -D 2121 -e -l -m -t 1800

Parameters are described as follows:

1)-D 2121: the specified port is 2121.

2)-e. Enable Client Server SelectionVery important), Usually our ftp account is ftpuser, so after using this parameter, we can access a backend server, such as 192.168.1.15, And the account name used becomes ftpuser.@ 192.168.1.15

3)-l Logging

4)-m monitor mode

5)-t 1800 timeout

2. Configure MySQL Server192.168.1.15)

2.1 install mysql: if it is not installed yet)

yum install mysql-server

2.2 Modify/etc/my. cnf:

bind-address=192.168.1.15

2.3

service mysqld start

2.4 modify the mysql root Password:

mysqladmin -u root password rootpassword

2.5 create a database required by pure-ftpd

mysql -u root -p rootpassword

Run the following SQL statement:

CREATE DATABASE pureftpd;USE pureftpd;CREATE TABLE `users` (`id` int(32) unsigned NOT NULL auto_increment,`User` varchar(16) NOT NULL default '',`Password` varchar(64) NOT NULL default '',`Uid` varchar(11) NOT NULL default '-1',`Gid` varchar(11) NOT NULL default '-1',`Dir` varchar(128) NOT NULL default '',`QuotaSize` smallint(5) NOT NULL default '0',`QuotaFiles` int(11) NOT NULL default '0',`ULBandwidth` smallint(5) NOT NULL default '0',`DLBandwidth` smallint(5) NOT NULL default '0',`ULRatio` smallint(6) NOT NULL default '0',`DLRatio` smallint(6) NOT NULL default '0',`comment` tinytext NOT NULL,`ipaccess` varchar(15) NOT NULL default '*',`status` enum('0','1') NOT NULL default '0',`create_date` datetime NOT NULL default '0000-00-00 00:00:00',`modify_date` datetime NOT NULL default '0000-00-00 00:00:00',PRIMARY KEY (`id`,`User`),UNIQUE KEY `User` (`User`)) TYPE=MyISAM AUTO_INCREMENT=5 ;

3. Configure the pureftpd PHP Manager on the FTP Proxy Server (8.8.8.8:

3.1 If Apache2 is not installed, install it on your own.) It is already installed in the/usr/local/apache2 directory. Run the following command:

mkdir -p /usr/local/apache2/htdocs/ftpcd /usr/local/apache2/htdocs/ftpchown -R nobody:nobody /usr/local/apache2/htdocs/ftpwget http://bbs.chinaunix.net/attachments/month_0701/pureftpd_php_manager_BbPy87OS0Gaj.zipunzip pureftpd_php_manager_BbPy87OS0Gaj.zipcp pureftpd-mysql.conf.sample pureftpd-mysql.conf

3.2 modify pureftp. config. php (the configuration file address for connecting pureftp_php_manager to mysqld)

$PUREFTP_CONFIG_FILE = '/usr/local/apache2/htdocs/ftp/pureftpd-mysql.conf';

3.3 modify information in/usr/local/apache2/htdocs/ftp/pureftpd-mysql.conf:

MYSQLServer 192.168.1.15MYSQLPort 3306 MYSQLSocket/var/lib/mysql. sockMYSQLUser rootMYSQLPassword rootpasswordMYSQLDatabase pureftpdMYSQLCrypt crypt (password encryption method)

4. Configure the FTP server-192.168.1.11 to install and configure pure-ftpd)

4.1 install pure-ftpd (added to MySQL Support)

wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.29.tar.bz2tar jxvf pure-ftpd-1.0.29.tar.bz2cd pure-ftpd-1.0.29./configure --prefix=/usr/local/pureftpd --with-mysql --with-shadow --with-pam --with-paranoidmsg --with-welcomemsg --with-uploadscript --with-cookie --with-virtualchroot --with-virtualhosts --with-diraliases --with-quotas --with-sysquotas --with-ratios --with-ftpwho --with-throttlingmake && make installcd configuration-filecp pure-config.pl /usr/local/pureftpd/bin/chmod +x/usr/local/pureftpd/bin/pure-config.plmkdir -p /usr/local/pureftpd/etccp pure-ftpd.conf /usr/local/pureftpd/etccd ..cp pureftpd* /usr/local/pureftpd/etc/

4.2 Modify/usr/local/pureftpd/etc/pure-ftpd.conf:

MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf

Tip: If the FTP account has the nobody permission, UID is usually 99) less than 1024, You need to modify the MinUID parameter:

MinUID 98

Otherwise, an error occurs:

Can't login as [xxx] account disabled pureftpd

4.3. Modify/us/local/pureftpd/etc/pureftpd-mysql.conf:

The content is exactly the same as that of 3.3.

4.4 start pure-ftpd:

/usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

5. log onto the Pureftpd PHP Manager page to create an FTP virtual account:

Log on to http: // 8.8.8.8/ftp and create an account:


The created account name is testftp, and the main directory is/opt/wwwroot. You can also perform other settings, as shown in the figure :)

Note::

1. This account is only a virtual account and does not exist on any FTP Server (in the/etc/passwd file), but is stored in MySQL.

2. IP Access is set to *, indicating that any FTP Server can be accessed.

6. Test Logon:

Ftp 8.8.8.8 2121 Connected to 8.8.8.8.220 server ready-login please530 login first530 login first1_ OS _v4 rejected as an authentication typeName (8.8.8.8: root): testftp@ 192.168.1.11 Add the @ ip suffix to the host to be accessed)331 password requiredPassword: 230 login acceptedRemote system type is UNIX. Using binary mode to transfer files. ftp>

Note: If the FTP Server has another address such as 192.168.1.12, you can also use the testftp@192.168.1.12 to log on to 192.168.1.12 This FTP Server

Original article: http://www.sapub.net/html/y2010/ftp-proxy-large-scale-site.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.