cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with Alfresco's FTPes

upforsin
Star Collaborator
Star Collaborator

Hello,

I'm trying to set up secure FTP (FTPes). Unfortunately, the server is not responding. I see 0 logs - even after swtiching o.a.ftp.server, o.a.f.protocol, o.a.f.auth.ftp  to TRACE. What can be wrong?

To make no mistakes I followed step by step with the formtektips tutorial. But still the same error and lack of logs. I'm using Alfresco Community 6.1.2.

imageimage

Previously I tested FTP and it was working. I'm trying to connect via FileZilla.

My alfresco-global.properties settings:

ftp.enabled=true
ftp.port=2021
ftp.ipv6.enabled=false
ftp.keyStore=/opt/alfresco/.keystore
ftp.trustStore=/opt/alfresco/.truststore
ftp.keyStorePassphrase=secret
ftp.trustStorePassphrase=secret
ftp.requireSecureSession=true
howkymike
Alfresco Developer
1 ACCEPTED ANSWER

@angelborroy  Ok, I changed openJDK version from 8u292-b10-0ubuntu1~18.04 to 8u162-b12-1 (8u252 also works) and now I am one step closer.

TLS connection is establised but there is still data connection error.

In logs I can see

 2021-11-19 10:10:00,123  ERROR [org.alfresco.fileserver] [Sess_FTP6_113.132.19.22] Error from JLAN
 java.net.SocketException: Network is unreachable (connect failed)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)

And when i debugged, I can see that socket is trying to connect the private network address - 192.168.x.x

FileZilla output:

image

I alfresco-global.properties config, 'alfresco.host' is set to 'localhost' and I have nginx, but I dont know if it's a problem, because FTP is working....

EDIT. Alright, I managed to get it working. There is some kind of a bug (?) in Ubuntu's FileZilla, on Windows it just works... (setting ftp.externalAddress does not help)

PS. For future readers:

to enable FTP debugging, aprart from setting log4j options, you should also specifiy those settings in the alfresco-global.properties file:

ftp.sessionDebug=SSL
ftp.sslEngineDebug=SSL
ftp.sslEngineDebug=true

And if someone is using a Firewall it's good to specify ftp data range and then add those ports in Firewall rules

ftp.dataPortFrom=34000
ftp.dataPortTo=44000

EDIT2. I tested it on Alfresco 7.2 with JDK11 and it's even worse. It still works only on Windows and you have to set additional Java proeprties to make it work:

JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.server.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.acknowledgeCloseNotify=true"
howkymike
Alfresco Developer

View answer in original post

5 REPLIES 5

angelborroy
Community Manager Community Manager
Community Manager

Did you try following this tutorial?

https://community.venzia.es/how-to-enable-and-configure-ftps-on-alfresco/

I guess that should still be working for 6.1.2

Hyland Developer Evangelist

@angelborroy well, it's almost the same but still I followed it and there is the same problem. 

This is Wireshark's FTP conversation:

image

Maybe Aflresco does not understand the current TLS version (1.3)? It just does not respond after switching to TLS secure session.

If only there were any logs..

howkymike
Alfresco Developer

Are you using a certificate for the client connection from your FTP Client?

Hyland Developer Evangelist

No. While connecting to other FTP over TLS servers I have a popup with a certificate to accept after the connection is established.

howkymike
Alfresco Developer

@angelborroy  Ok, I changed openJDK version from 8u292-b10-0ubuntu1~18.04 to 8u162-b12-1 (8u252 also works) and now I am one step closer.

TLS connection is establised but there is still data connection error.

In logs I can see

 2021-11-19 10:10:00,123  ERROR [org.alfresco.fileserver] [Sess_FTP6_113.132.19.22] Error from JLAN
 java.net.SocketException: Network is unreachable (connect failed)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)

And when i debugged, I can see that socket is trying to connect the private network address - 192.168.x.x

FileZilla output:

image

I alfresco-global.properties config, 'alfresco.host' is set to 'localhost' and I have nginx, but I dont know if it's a problem, because FTP is working....

EDIT. Alright, I managed to get it working. There is some kind of a bug (?) in Ubuntu's FileZilla, on Windows it just works... (setting ftp.externalAddress does not help)

PS. For future readers:

to enable FTP debugging, aprart from setting log4j options, you should also specifiy those settings in the alfresco-global.properties file:

ftp.sessionDebug=SSL
ftp.sslEngineDebug=SSL
ftp.sslEngineDebug=true

And if someone is using a Firewall it's good to specify ftp data range and then add those ports in Firewall rules

ftp.dataPortFrom=34000
ftp.dataPortTo=44000

EDIT2. I tested it on Alfresco 7.2 with JDK11 and it's even worse. It still works only on Windows and you have to set additional Java proeprties to make it work:

JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.server.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.acknowledgeCloseNotify=true"
howkymike
Alfresco Developer