07-28-2021 04:04 AM
Hello,
I'm trying to set up secure FTP (FTPes). Unfortunately, the server is not responding. I see 0 logs - even after swtiching o.a.ftp.server, o.a.f.protocol, o.a.f.auth.ftp to TRACE. What can be wrong?
To make no mistakes I followed step by step with the formtektips tutorial. But still the same error and lack of logs. I'm using Alfresco Community 6.1.2.
Previously I tested FTP and it was working. I'm trying to connect via FileZilla.
My alfresco-global.properties settings:
ftp.enabled=true ftp.port=2021 ftp.ipv6.enabled=false ftp.keyStore=/opt/alfresco/.keystore ftp.trustStore=/opt/alfresco/.truststore ftp.keyStorePassphrase=secret ftp.trustStorePassphrase=secret ftp.requireSecureSession=true
11-19-2021 07:40 AM
@angelborroy Ok, I changed openJDK version from 8u292-b10-0ubuntu1~18.04 to 8u162-b12-1 (8u252 also works) and now I am one step closer.
TLS connection is establised but there is still data connection error.
In logs I can see
2021-11-19 10:10:00,123 ERROR [org.alfresco.fileserver] [Sess_FTP6_113.132.19.22] Error from JLAN java.net.SocketException: Network is unreachable (connect failed) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589)
And when i debugged, I can see that socket is trying to connect the private network address - 192.168.x.x
FileZilla output:
I alfresco-global.properties config, 'alfresco.host' is set to 'localhost' and I have nginx, but I dont know if it's a problem, because FTP is working....
EDIT. Alright, I managed to get it working. There is some kind of a bug (?) in Ubuntu's FileZilla, on Windows it just works... (setting ftp.externalAddress does not help)
PS. For future readers:
to enable FTP debugging, aprart from setting log4j options, you should also specifiy those settings in the alfresco-global.properties file:
ftp.sessionDebug=SSL ftp.sslEngineDebug=SSL ftp.sslEngineDebug=true
And if someone is using a Firewall it's good to specify ftp data range and then add those ports in Firewall rules
ftp.dataPortFrom=34000 ftp.dataPortTo=44000
EDIT2. I tested it on Alfresco 7.2 with JDK11 and it's even worse. It still works only on Windows and you have to set additional Java proeprties to make it work:
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.server.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.acknowledgeCloseNotify=true"
07-28-2021 06:58 AM
Did you try following this tutorial?
https://community.venzia.es/how-to-enable-and-configure-ftps-on-alfresco/
I guess that should still be working for 6.1.2
07-28-2021 11:09 AM
@angelborroy well, it's almost the same but still I followed it and there is the same problem.
This is Wireshark's FTP conversation:
Maybe Aflresco does not understand the current TLS version (1.3)? It just does not respond after switching to TLS secure session.
If only there were any logs..
07-29-2021 03:39 AM
Are you using a certificate for the client connection from your FTP Client?
07-29-2021 05:15 AM
No. While connecting to other FTP over TLS servers I have a popup with a certificate to accept after the connection is established.
11-19-2021 07:40 AM
@angelborroy Ok, I changed openJDK version from 8u292-b10-0ubuntu1~18.04 to 8u162-b12-1 (8u252 also works) and now I am one step closer.
TLS connection is establised but there is still data connection error.
In logs I can see
2021-11-19 10:10:00,123 ERROR [org.alfresco.fileserver] [Sess_FTP6_113.132.19.22] Error from JLAN java.net.SocketException: Network is unreachable (connect failed) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589)
And when i debugged, I can see that socket is trying to connect the private network address - 192.168.x.x
FileZilla output:
I alfresco-global.properties config, 'alfresco.host' is set to 'localhost' and I have nginx, but I dont know if it's a problem, because FTP is working....
EDIT. Alright, I managed to get it working. There is some kind of a bug (?) in Ubuntu's FileZilla, on Windows it just works... (setting ftp.externalAddress does not help)
PS. For future readers:
to enable FTP debugging, aprart from setting log4j options, you should also specifiy those settings in the alfresco-global.properties file:
ftp.sessionDebug=SSL ftp.sslEngineDebug=SSL ftp.sslEngineDebug=true
And if someone is using a Firewall it's good to specify ftp data range and then add those ports in Firewall rules
ftp.dataPortFrom=34000 ftp.dataPortTo=44000
EDIT2. I tested it on Alfresco 7.2 with JDK11 and it's even worse. It still works only on Windows and you have to set additional Java proeprties to make it work:
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.server.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.acknowledgeCloseNotify=true"
Explore our Alfresco products with the links below. Use labels to filter content by product module.