hi guys, once again i am back with more questions...seems the more i ask and learn...the more questions i ask.
From having played a bit with ISPConfig, i went through the arduous task of coming to a basic understanding of using passive mode with ftp when one has multiple shared resources (im assuming in virtualmin terms i am correctly calling these virtual servers?).
From my previous study, this meant 1. opening the correct range of ports on my firewall (i have used ports 40110-40210 in the past so i have stuck with this on my google cloud network for now) 2. configuring proftp server to work with said ports.
Now before i launch into an essay of thoughts and questions and confusion about all of this i note the following in the Webmin documentation about Pro ftp...
Creating virtual servers -"Virtual servers are only really useful if your system has multiple IP addresses."
So in light of the above...im totally confused about how this is supposed to work, because i am wanting a setup that functions in parrallel with the various virtual servers i am setting up for hosting clients. They have a virtual server (webhosting) and have ftp access to only their webhosting files.
Questions
I say this because i can navigate inside ftp to the default apache2 webserver index.html file (which is not the index.html that belongs to the ftp.domain.com that im logged into with proftp.). My belief is that this is the default index.html for webmin and not the virtualmin virtual server i just created. So i need to jail the user only to the virtualmin virtual server user account.
To add to my above...after some research i have found the following https://www.virtualmin.com/documentation/id%2Cvirtualmin_for_cpanel_users.
This does shed some light on the issues i raise, however, if it is indeed the case that a Virtualmin-Virtual Server is essentially the same as a Cpanel account within WHM, then i feel it also appears to contradict the statement in Virtualmin documentation that says "Virtual servers are only really useful if your system has multiple IP addresses."
Is this to mean external ip addresses or internal ones? Does it really matter as the same would be true of shared cpanel accounts as well would it not?
One thing about the Virtualmin documentation...it really isnt for the faint hearted!
I have sorted one of my problems...the innability to log into ftp. It worked, and then it didnt and i have no idea why. In the end, i deleted the user and created a new one...now i can log into ftp. Havent a clue what was wrong!
https://ajecreative.com.au
Can i just say this for others who may make this mistake...the creation of "ftp users" in its own panel is highly misleading and confusing.
The "create ftp user with website access" button is sitting in "no mans land" on the extreme rhs of the bloody panel, so its easily confused with the standard "create website user" which sits in a very obvious location on the lhs of the panel.
This needs to be fixed, its an absolute disaster considering its accessed from the "ftp user" panel! I am no English teacher but surely the focus here is ftp (and not creating server users...which should be somewhere else!)
https://ajecreative.com.au
Creating virtual servers -"Virtual servers are only really useful if your system has multiple IP addresses."
That doesn't mean what you think it means. In the context ProFTPd a "Virtual Server" is not a Virtualmin Virtual Server. It is a dedicated IP-based virtual FTP server....you don't need it. You don't want it. Don't even think about it. Don't turn it on. Ignore it completely.
Also, please tell me where you found that specific sentence in the documentation, as it is misleading and should be changed to make it very clear that ProFTPd "virtual servers" are not a useful thing in a modern system. (The feature is used to offer anonymous FTP service...which is documented in the cPanel to Virtualmin doc you mentioned, but maybe needs to be more clear. It is an ancient things. Nobody needs anonymous FTP servers in the past several years...even Debian has turned off their anonymous FTP servers.)
--
Check out the forum guidelines!
1. For shared webhosting, am i thinking about this all wrong? (ie how virtual servers are supposed to be used - i was thinking each virtual server is a shared webhosting account for 1 client website/s)
It is. You're reading one line that is specifically about ProFTPd (and not about Virtualmin), and it's confused you. I need to fix that line, but I can't find it in the doc you linked.
2. I have Proftp working but as i have seen in other posts...how do i jail a user to their home directory. i think its supposed to do this by default but i fear mine is giving access to the entire "google cloud instance" internal ipaddress directory?
It is not supposed to do it by default. Virtualmin defaults to a standard UNIX/Linux permissions model, and does not jail users in either ssh or FTPd.
It's easy to turn on for FTP logins, however. Docs for the are here:
https://www.virtualmin.com/documentation/security/faq#toc-how-can-i-prev...
For ssh, we don't currently support jailing users (I have historically had security concerns about using chroot as a security feature), but Virtualmin 6 coming in a few days will have Jailkit support out of the box (it's always been possible to enable it, yourself, for some users...but Virtualmin 6 will have it built-in and will manage the jails for you). We still trust regular old UNIX/Linux security more than we trust the somewhat fiddly process of building and managing safe jails, but recent versions of Jailkit mitigate all of the major security concerns I had in the past with chroot jails, so we're comfortable supporting them going forward.
I say this because i can navigate inside ftp to the default apache2 webserver index.html file (which is not the index.html that belongs to the ftp.domain.com that im logged into with proftp.). My belief is that this is the default index.html for webmin and not the virtualmin virtual server i just created. So i need to jail the user only to the virtualmin virtual server user account.
What do you mean by "default apache2 webserver index.html file"?
--
Check out the forum guidelines!
Oh, nevermind. I found the docs you're referencing about that. It's in the Webmin ProFTPd module docs (and I see you said that, I thought you were talking about finding that line in the Virtualmin docs). I'm not sure how to change that without being confusing...virtual servers are a thing in ProFTPd and I guess still need to be documented in the Webmin docs. the term just doesn't mean the same thing it means in Virtualmin, and they aren't connected in any way (a Virtual Server in Virtualmin does not create a virtual server configuration in ProFTPd--and you wouldn't want it to, as it requires a dedicated IP, as the docs point out).
--
Check out the forum guidelines!