Differences
This shows you the differences between the selected revisions of the page.
| guide_windows_ftps_server 2021-11-03 | guide_windows_ftps_server 2023-10-19 (current) | ||
| Line 1: | Line 1: | ||
| ====== Installing a secure FTP server on Windows using IIS ====== | ====== Installing a secure FTP server on Windows using IIS ====== | ||
| - | You may want to install a secure FTP server on Windows either as standalone file storage or to have means of editing your website hosted on IIS (Internet Information Services) web server. In both cases, you can use an optional //%%FTP%% Server// component of the %%IIS%%. It can be installed standalone or along with a //Web Server//.((This guide is partially based on article [[https://docs.microsoft.com/en-us/archive/blogs/mast/setting-up-a-passive-ftp-server-in-windows-azure-vm|Setting up a Passive FTP Server in Windows Azure VM]].)) | + | You may want to install a secure FTP server on Windows either as standalone file storage or to have means of editing your website hosted on IIS (Internet Information Services) web server. In both cases, you can use an optional //%%FTP%% Server// component of the %%IIS%%. It can be installed standalone or along with a //Web Server//.((This guide is partially based on article [[https://learn.microsoft.com/en-us/archive/blogs/mast/setting-up-a-passive-ftp-server-in-windows-azure-vm|Setting up a Passive FTP Server in Windows Azure VM]].)) |
| ===== Installing FTP Server ===== | ===== Installing FTP Server ===== | ||
| - | ==== On Windows Server 2016 and Windows Server 2012-R2 ==== | + | ==== On Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012 ==== |
| * In Windows //Server Manager// go to //Dashboard// and run //Manage > Add Roles and Features//. | * In Windows //Server Manager// go to //Dashboard// and run //Manage > Add Roles and Features//. | ||
| Line 13: | Line 13: | ||
| * In //Add Roles and Features// wizard: | * In //Add Roles and Features// wizard: | ||
| * Proceed to //Installation Type// step and confirm //Role-based or feature-based installation//. | * Proceed to //Installation Type// step and confirm //Role-based or feature-based installation//. | ||
| - | * Proceed to //Server Roles// step and check //Web Server (%%IIS%%)// role. Note that it is checked already, if you had IIS installed as a Web Server previously. Confirm installing //%%IIS%% Management Console// tool. | + | * Proceed to //Server Roles// step and check //Web Server (%%IIS%%)// role. Note that it is checked already, if you had IIS installed as a Web Server previously. If your are prompted to install //%%IIS%% Management Console// tool, confirm it. |
| * Proceed to //Web Server Role (%%IIS%%) > Role Services// step and check //%%FTP%% Server// role service. Uncheck //Web Server// role service, if you do not need it. | * Proceed to //Web Server Role (%%IIS%%) > Role Services// step and check //%%FTP%% Server// role service. Uncheck //Web Server// role service, if you do not need it. | ||
| * Proceed to the end of the wizard and click //Install//. | * Proceed to the end of the wizard and click //Install//. | ||
| Line 51: | Line 51: | ||
| Skip to the [[#opening_iis_manager|next step]]. | Skip to the [[#opening_iis_manager|next step]]. | ||
| - | ==== On Windows Desktop (Windows 10, Windows 8, Windows 7 and Windows Vista) ==== | + | ==== On Windows Desktop (Windows 11, Windows 10, Windows 8, Windows 7 and Windows Vista) ==== |
| - | * Go to //Control Panel > Programs > Program and Features > Turn Windows features on or off//. &wincp | + | * Go to //Control Panel > Programs > Programs and Features > Turn Windows features on or off//. &wincp |
| * On a //Windows Features// window: | * On a //Windows Features// window: | ||
| * Expand //Internet Information Services > %%FTP%% Server// and check //%%FTP%% Service//. | * Expand //Internet Information Services > %%FTP%% Server// and check //%%FTP%% Service//. | ||
| Line 62: | Line 62: | ||
| &screenshotpict(iis_install_win10) | &screenshotpict(iis_install_win10) | ||
| - | &winvista &win7 &win8 &win10 | + | &winvista &win7 &win8 &win10 &win11 |
| ===== [[opening_iis_manager]] Opening IIS Manager ===== | ===== [[opening_iis_manager]] Opening IIS Manager ===== | ||
| - | * Go to //Control Panel > System and Security > Administrative Tools// and open //Internet Information Services (%%IIS%%) Manager//. &wincp | + | * Go to //Control Panel > System and Security > Administrative Tools// (//Windows Tools// on Windows 11) and open //Internet Information Services (%%IIS%%) Manager//. &wincp |
| * Navigate to your Windows server node. | * Navigate to your Windows server node. | ||
| Line 85: | Line 85: | ||
| &screenshotpict(iis_certificates) | &screenshotpict(iis_certificates) | ||
| - | Self-signed certificates created by %%IIS%% Manager do not work with %%FTPS%% clients that check for key usage violations.((E.g. clients that use GnuTLS, like FileZilla.)) To create a certificate with a correct key usage, use ''[[ps>pki/new-selfsignedcertificate|New-SelfSignedCertificate]]'' PowerShell as an Administrator: | + | Self-signed certificates created by old versions of %%IIS%% Manager do not work with %%FTPS%% clients that check for key usage violations.((E.g. clients that use GnuTLS, like FileZilla, do not accept certificates created by IIS on Windows 10 and Windows Server 2019 and older.)) To create a certificate with a correct key usage, use ''[[ps>pki/new-selfsignedcertificate|New-SelfSignedCertificate]]'' PowerShell as an Administrator: |
| <code powershell> | <code powershell> | ||
| Line 110: | Line 110: | ||
| An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535 when %%IIS%% %%FTP%% server is installed. | An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535 when %%IIS%% %%FTP%% server is installed. | ||
| - | The rules are not enabled initially though some versions of Windows.((The rules are enabled initially on Windows Server 2016.)) &win2016 To enable or change the rules, go to //Control Panel > System and Security > Windows Defender Firewall//((//Windows Firewall// on older versions of Windows.))// > Advanced Settings > Inbound Rules// &wincp &win10 and locate three "%%FTP%% server" rules. &wincp If the rules are not enabled, click on //Actions > Enable Rule//. | + | The rules are not enabled initially on some versions of Windows.((The rules are enabled initially on Windows Server 2016 and newer.)) &win2016 To enable or change the rules, go to //Control Panel > System and Security > Windows Defender Firewall//((//Windows Firewall// on older versions of Windows.))// > Advanced Settings > Inbound Rules// &wincp &win10 &win11 and locate three "%%FTP%% server" rules. &wincp If the rules are not enabled, click on //Actions > Enable Rule//. |
| ===== [[restart]] Restarting FTP Service ===== | ===== [[restart]] Restarting FTP Service ===== | ||
| Line 116: | Line 116: | ||
| While the internal Windows firewall is automatically configured to open FTP ports when %%FTP%% server is installed, this change does not seem to apply, until %%FTP%% service is restarted. The same is true for changing data channel port range. | While the internal Windows firewall is automatically configured to open FTP ports when %%FTP%% server is installed, this change does not seem to apply, until %%FTP%% service is restarted. The same is true for changing data channel port range. | ||
| - | To restart %%FTP%% service go to //Control Panel > System and Security > Administrative Tools// and open //Services//. Locate //Microsoft %%FTP%% Service// and click //Restart service//.((Try restarting whole system, if a service restart does not help.)) &wincp | + | To restart %%FTP%% service go to //Control Panel > System and Security > Administrative Tools// (//Windows Tools// on Windows 11) &win11 and open //Services//. Locate //Microsoft %%FTP%% Service// and click //Restart service//.((Try restarting whole system, if a service restart does not help.)) &wincp |
| ===== Adding FTP Site ===== | ===== Adding FTP Site ===== | ||
| ==== To a Web Site ==== | ==== To a Web Site ==== | ||
| - | If you want to add FTP server to manage your web site remotely, locate your web site node in //%%IIS%% Manager// and: | + | If you want to add FTP server to manage your existing web site remotely, locate your web site node in //%%IIS%% Manager// and: |
| * Click //Add %%FTP%% Publishing// action. | * Click //Add %%FTP%% Publishing// action. | ||