Get the most out of your Centmin Mod LEMP stack
Become a Member

Pure-ftpd Connection Error on Google Cloud Computer

Discussion in 'Other Centmin Mod Installed software' started by selcukv, Sep 21, 2018.

  1. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    I can't connect FTP, tried everything:

    1. Forwarded ports on Google Cloud
    2. Stopped CSF
    3. Created new user with : pure-pw useradd newftpuser -u nginx -g nginx -D /home/nginx/domains/mydomain.com/public/
    3. Read other threads regarding connection problem

    Yet, no way. I'm stuck.

    What else can I try?

    Thank you so much for your help in advance.

    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.15.3
    • PHP Version Installed: 7.2.9
    • MariaDB MySQL Version Installed: 10.1.13
    • When was last time updated Centmin Mod code base ? : Clean install, Ran centmin.sh menu option 22 submenu, Got Letsencrypt SSL certificate Nginx vhost, Selected #4 to issue live cert with HTTPS default (trusted).
    • Persistent Config:
      NGXDYNAMIC_NGXPAGESPEED='y'
      NGINX_PAGESPEED='y'
      EMAIL='[email protected]'
      PUSHOVER_EMAIL='[email protected]'
      LETSENCRYPT_DETECT='y'
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    DO NOT Stop CSF Firewall, doing so disables CSF Firewall passive FTP firewall whitelisting and other whitelisted auto configured setups. The problem you have is with Google Cloud's own Firewall

    Centmin Mod installs CSF Firewall and auto configures all the ports whitelisting required for Centmin Mod installed software to function. You can see the outline of ports at CSF - Centmin Mod LEMP stack CSF Firewall default port listing - particularly passive FTP port range whitelisting etc.

    Google Cloud Compute like Amazon EC2 have their own Firewall in front of their virtual machine servers which is locked down tight by default see Firewall Rules Overview | VPC | Google Cloud. You need to configure Google Cloud's Firewall to open up and whitelist ports matching CSF Firewall's port list at CSF - Centmin Mod LEMP stack CSF Firewall default port listing

    More info
    With Google Cloud Compute watch your bandwidth costs as bandwidth is expensive at US$120-230/TB. Meaning if you have a traffic spike to 10TB, bandwidth costs alone will be 10x-120-230 = US$1,200-2,300 !
     
  3. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    Thank you for your reply honestly.

    I opened even all the ports and tried in that way too: https://goo.gl/FfMtWJ

    It might be something else, that's why I wanted to dig it more.

    After the installation, my ftp login was provided as:

    FTP hostname : 10.164.0.3
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for mydomain.com : username
    FTP password created for mydomain.com : password

    The hostname is the internal IP of my Google Cloud instance, I guess it should be external.

    I searched Google and could not find information regarding how to change it after doing CMM option 22. Although I had deleted it initially from /etc/hosts file and locked it with chattr +i - because no matter what when you restart network google adds its own configuration as well to your hosts file -, added my xternal IP and domain before adding the website with option 22.

    It's OK for now, my using FTP as STFP with root, but for security reasons I want to disable it in the future.

    Any further ideas?
     
    Last edited: Sep 22, 2018
  4. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    I know Google Compute costs a lot, I just want to stick to it a couple of months since they gave free credits 5 months ago. After that time I want to transfer to DO.

    In the meantime I can use root with SFTP for file transfers and a plugin like Sendgrid for SMTP emails (yes my CMM has a Postfix problem as well - I guess because of this hostname with internal IP issue), because apart from these two all seems fast and fine, very fine with good bechmarks indeed. Previously I used EE for a client website but no proper documentation mainly regarding webp support made me to choose CMM this time.
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what's output for
    Code (Text):
    ifconfig -a
    

    you can replace internel/externel IP actual values with dummy replacements just denote which is internel and which is external
     
  6. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    Thank you for your reply.

    Here is the output:
    Code (Text):
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
            inet 10.164.0.3  netmask 255.255.255.255  broadcast 10.164.0.3
            inet6 fe80::4001:aff:fea4:3  prefixlen 64  scopeid 0x20<link>
            ether 42:01:0a:a4:00:03  txqueuelen 1000  (Ethernet)
            RX packets 556812  bytes 438886510 (418.5 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 998622  bytes 2396376274 (2.2 GiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 9567  bytes 67164521 (64.0 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 9567  bytes 67164521 (64.0 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    Reconfiguring it with that change then reinstalling to make everything work smoothless is what I want actually, as a newbie. Thank you!

    P.S. What's the shortcode for codes, [ICODE] doesntt work? Edit: Found it.
     
    Last edited: Sep 22, 2018
  7. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    I never used Google Cloud, but looks like you're missing a step to assign an external IP to your Google Cloud Computer VM IP Addresses  |  Compute Engine Documentation  |  Google Cloud

     
  8. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    I had assigned it after 3 failed installs, before my last install. I assigned it then installed CMM and created the website with option 22.

    Now my last instance/droplet/server has a special static IP but the problem exists.

    This is what I have from as I read from another post.
    Code (Text):
    nano /etc/sysconfig/network-scripts/ifcfg-eth0

    Code (Text):
    # Generated by parse-kickstart
    DHCP_HOSTNAME="localhost"
    BOOTPROTO="dhcp"
    DEVICE="eth0"
    ONBOOT="yes"
    UUID="d215aefd-9127-4949-8449-cd367355a866"
    MTU=1460
    PERSISTENT_DHCLIENT="y"

    Should I add IP address here, what do you think?
     
    Last edited: Sep 22, 2018
  9. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    I have read on other posts that you don't have an experience with Google Cloud and I totally understand George but maybe I thought this could a reference for many GCE users like me, since Google provides a credit of 300$ for 12 months.
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Last edited: Sep 22, 2018
    • Like Like x 1
  11. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    It was a firewall issue, I sorted it out by adding rules via SSH:

    Code (Text):
    gcloud compute firewall-rules create <custom-rule-name-up-to-you> --allow tcp:20,tcp:21,tcp:22,tcp:25,tcp:53,tcp:80,tcp:110,tcp:143,tcp:161,tcp:443,tcp:465,tcp:587,tcp:993,tcp:995,tcp:1110,tcp:1186,tcp:1194,tcp:81,tcp:9418,tcp:30001-50011 --source-tags=<list-of-your-instance-names> --source-ranges=0.0.0.0/0 --description="<any-description-here>" --direction=INGRESS
    
    
    gcloud compute firewall-rules create <custom-rule-name-up-to-you> --allow udp:67,udp:68,udp:1110,udp:33434-33534,udp:20,udp:21,udp:53,udp:113,udp:123 --source-tags=<list-of-instance-names> --source-ranges=0.0.0.0/0 --description="<any-description-here>" --direction=INGRESS

    Thank you so much for enlightening me! :)
     
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    36,333
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    3:42 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Great to see you figured it out. Will be useful to others too :)
     
  13. selcukv

    selcukv New Member

    9
    3
    3
    Sep 21, 2018
    Ratings:
    +3
    Local Time:
    8:42 AM
    nginx/1.15.3
    mysql Ver 15.1 Distrib 10.1.36-MariaDB
    Thank you once again! Sorry for the headache :unsure:
     
    • Like Like x 1
..