Ftp File Store | beVault

Description	An FTP(S) server to manage files
Type	ftp
Category	File

TLS support

Due to poor support of TLS client session resumption in the .NET framework (and others), which is mandated by many FTPS servers, only the control channel (logins/ file names / file modes) is encrypted. This is compatible with PureFtpd's --tls=2 option, which is what we deploy. But the data channel will remain unencrypted. Ideally, switch to SFTP or S3 on the internet.

No verification of the server certificates is performed. Ideally, switch to SFTP or S3 on the internet.

Configuration in States

The FTP File Store can be configured directly in the States interface via the Data Stores module. The following configuration mode is available:

Parameters

Name	Description	Mandatory	Default	Comment
Host	The hostname or IP address of the FTP(S) server	Yes	—
Port	The port of the FTP(S) server	Yes	`21`
Username	The username used to connect to the FTP server	Yes	—
Password	The password used to connect to the FTP server	Yes	—	Value is hidden
Base Path	The base directory on the FTP server	Yes	—
Use TLS	Whether the store should use TLS encryption	Yes	`false`
Encryption Mode	The FTP connection encryption mode: `None`, `Implicit` (deprecated), `Explicit`, `Auto`	No	`Auto`
SSL Protocols	The list of allowed SSL/TLS protocol(s): `None`, `Ssl2` (deprecated), `Ssl3` (deprecated), `Tls` / Tls 1.0 (deprecated), `Tls11` (deprecated), `Tls12`, `Tls13`	No	`[Tls12]`	These are the protocols the worker will used during protocol negotiation with the FTP server.
Data Connection Encryption	Whether the data channel must also be encrypted	No	`false`	Not supported by the dFakto FTP server. Available since version 1.4.14

Local Configuration

The local configuration is defined in a JSON file (stores.json) deployed directly on the Workers' server. A locally configured store takes priority over a store with the same name configured in the States interface.

Name	Description	Type	Mandatory	Comment
HostName	Host address of the FTP(S)	string	True
Port	Port of the FTP(S)	int	True
Username	The user used to connect to the FTP	string	True
Password	The password of the user to connect to the FTP	string	True
BasePath	The base directory on the FTP server	string	True
UseTls	Should the store use TLS	bool	True
EncryptionMode	Choose FTP connection mode None (does not encrypt) Implicit (deprecated) Explicit Auto (finds the best way on its own)	string	False	Defaults to "Auto"
SslProtocols	Select allowed protocols in: None (does not encrypt) Ssl2 (deprecated) Ssl3 (deprecated) Tls (Tls 1.0, deprecated) Tls11 (deprecated) Tls12 Tls13	string array	False	Defaults to ["Tls12"]. These are the protocols the worker will used during protocol negotiation with the FTP server.
DataConnectionEncryption	Data connection must be encrypted or not	Boolean	False	default to FALSE and is not supported by dFakto ftp server right now (see remark above) Available since version 1.4.14

JSON

{
    "Name": "ftp-server",
    "Type": "ftp",
    "HealthCheck": true,
    "Config": {
        "HostName": "ftp.dfakto.com",
        "Port": "21",
	 	"Username": "username",
	 	"Password": "password",
		"BasePath": "/",
		"UseTls": "true",
        "SslProtocols": ["Tls12"]
    }
}