Problem with Alfresco's FTPes

cancel
Showing results for 
Search instead for 
Did you mean: 
upforsin
Senior Member

Problem with Alfresco's FTPes

Jump to solution

Hello,

I'm trying to set up secure FTP (FTPes). Unfortunately, the server is not responding. I see 0 logs - even after swtiching o.a.ftp.server, o.a.f.protocol, o.a.f.auth.ftp  to TRACE. What can be wrong?

To make no mistakes I followed step by step with the formtektips tutorial. But still the same error and lack of logs. I'm using Alfresco Community 6.1.2.

 

Screenshot from 2021-07-28 09-56-39.pngScreenshot from 2021-07-28 09-57-14.png

Previously I tested FTP and it was working. I'm trying to connect via FileZilla.

My alfresco-global.properties settings:

 

ftp.enabled=true
ftp.port=2021
ftp.ipv6.enabled=false
ftp.keyStore=/opt/alfresco/.keystore
ftp.trustStore=/opt/alfresco/.truststore
ftp.keyStorePassphrase=secret
ftp.trustStorePassphrase=secret
ftp.requireSecureSession=true

 

howkymike
Alfresco Developer
1 Solution

Accepted Solutions
upforsin
Senior Member

Re: Problem with Alfresco's FTPes

Jump to solution

@angelborroy  Ok, I changed openJDK version from 8u292-b10-0ubuntu1~18.04 to 8u162-b12-1 (8u252 also works) and now I am one step closer.

TLS connection is establised but there is still data connection error.

In logs I can see

 

 2021-11-19 10:10:00,123  ERROR [org.alfresco.fileserver] [Sess_FTP6_113.132.19.22] Error from JLAN
 java.net.SocketException: Network is unreachable (connect failed)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)

And when i debugged, I can see that socket is trying to connect the private network address - 192.168.x.x

 

FileZilla output:

Screenshot from 2021-11-19 13-39-08.png

I alfresco-global.properties config, 'alfresco.host' is set to 'localhost' and I have nginx, but I dont know if it's a problem, because FTP is working....

 

EDIT. Alright, I managed to get it working. There is some kind of a bug (?) in Ubuntu's FileZilla, on Windows it just works... (setting ftp.externalAddress does not help)

 

PS. For future readers:

to enable FTP debugging, aprart from setting log4j options, you should also specifiy those settings in the alfresco-global.properties file:

ftp.sessionDebug=SSL
ftp.sslEngineDebug=SSL
ftp.sslEngineDebug=true

And if someone is using a Firewall it's good to specify ftp data range and then add those ports in Firewall rules

ftp.dataPortFrom=34000
ftp.dataPortTo=44000

 

EDIT2. I tested it on Alfresco 7.2 with JDK11 and it's even worse. It still works only on Windows and you have to set additional Java proeprties to make it work:

JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.server.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.acknowledgeCloseNotify=true"

 

howkymike
Alfresco Developer

View solution in original post

5 Replies
angelborroy
Alfresco Employee

Re: Problem with Alfresco's FTPes

Jump to solution

Did you try following this tutorial?

https://community.venzia.es/how-to-enable-and-configure-ftps-on-alfresco/

I guess that should still be working for 6.1.2

Hyland Developer Evangelist
upforsin
Senior Member

Re: Problem with Alfresco's FTPes

Jump to solution

@angelborroy well, it's almost the same but still I followed it and there is the same problem. 

This is Wireshark's FTP conversation:

Screenshot from 2021-07-28 17-08-29.png

Maybe Aflresco does not understand the current TLS version (1.3)? It just does not respond after switching to TLS secure session.

If only there were any logs..

howkymike
Alfresco Developer
angelborroy
Alfresco Employee

Re: Problem with Alfresco's FTPes

Jump to solution

Are you using a certificate for the client connection from your FTP Client?

Hyland Developer Evangelist
upforsin
Senior Member

Re: Problem with Alfresco's FTPes

Jump to solution

No. While connecting to other FTP over TLS servers I have a popup with a certificate to accept after the connection is established.

howkymike
Alfresco Developer
upforsin
Senior Member

Re: Problem with Alfresco's FTPes

Jump to solution

@angelborroy  Ok, I changed openJDK version from 8u292-b10-0ubuntu1~18.04 to 8u162-b12-1 (8u252 also works) and now I am one step closer.

TLS connection is establised but there is still data connection error.

In logs I can see

 

 2021-11-19 10:10:00,123  ERROR [org.alfresco.fileserver] [Sess_FTP6_113.132.19.22] Error from JLAN
 java.net.SocketException: Network is unreachable (connect failed)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:589)

And when i debugged, I can see that socket is trying to connect the private network address - 192.168.x.x

 

FileZilla output:

Screenshot from 2021-11-19 13-39-08.png

I alfresco-global.properties config, 'alfresco.host' is set to 'localhost' and I have nginx, but I dont know if it's a problem, because FTP is working....

 

EDIT. Alright, I managed to get it working. There is some kind of a bug (?) in Ubuntu's FileZilla, on Windows it just works... (setting ftp.externalAddress does not help)

 

PS. For future readers:

to enable FTP debugging, aprart from setting log4j options, you should also specifiy those settings in the alfresco-global.properties file:

ftp.sessionDebug=SSL
ftp.sslEngineDebug=SSL
ftp.sslEngineDebug=true

And if someone is using a Firewall it's good to specify ftp data range and then add those ports in Firewall rules

ftp.dataPortFrom=34000
ftp.dataPortTo=44000

 

EDIT2. I tested it on Alfresco 7.2 with JDK11 and it's even worse. It still works only on Windows and you have to set additional Java proeprties to make it work:

JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.server.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.acknowledgeCloseNotify=true"

 

howkymike
Alfresco Developer