FTP Server connectors provide connection credentials to access the full-featured FTP Server.
Key Capabilities
- Full-featured embedded FTP server with FTPS (FTP over TLS/SSL) support
- Multi-client architecture with individual user profiles and directory isolation
- Configurable permissions for send and receive directories per trading partner
- Welcome banners, file filtering, and temporary file handling for reliable operations
- Support for both active and passive modes with configurable port ranges
Overview
The FTP Server is primarily configured on the Profiles page. Then, individual FTP Server connectors provide a unique client profile to authenticate to the FTP Server. The client profile consists of a username (which matches the FTP Server connector’s Connector Id), a password, a set of send and receive directories, and permissions to read and/or write files in these directories.
FTP clients are not given permissions to the root of the FTP Server, which means that FTP clients should always cd into the send (to download) and receive (to upload) directories after connecting.
Video Resources
Watch this short video for an overview of how to configure an FTP Server. The video uses an SFTP Server in the example, but the principles are the same for FTP.
Profile Configuration
The FTP Server Profile must be configured before connections can be established with individual FTP Server connectors. Click Profiles on the navbar, then click the FTP Server tab.
Server Configuration
Server implementation settings.
| Setting | Description |
|---|
| Port | The port on which the FTP Server listens for incoming connections. |
| FTP Over TLS | How TLS/SSL should be negotiated when clients connect to the server. Choose Explicit to establish a plain text connection where TLS/SSL is then started with an explicit command. Choose Implicit to immediately negotiate TLS/SSL without establishing a plain text connection. |
| Server TLS Certificate | The TLS certificate that identifies the server. Only required if the server is operating as an FTPS server (in other words, if TLS/SSL is enabled). |
| Certificate Password | The password required to access the Server TLS Certificate. |
| Welcome Message | The banner presented to FTP clients when they connect to the server. |
| Root Directory | The root directory for the server. Subfolders are created in the root for individual client profiles (in other words, for each configured FTP Server connector). Each client profile includes a Send folder, where clients can download files from the server, and a Receive folder, where clients can upload files to the server. |
| Allowed Files Filter | A glob pattern that determines which files are accepted by the FTP server. You can use negative patterns to indicate files that should not be downloaded (for example, -*.tmp). Separate multiple file types by commas (for example, *.x12,*.edi). |
Other Settings
Settings that do not fall into the previous category.
| Setting | Description |
|---|
| Active Mode | Check this to enable Active mode on the remote FTP server. Keep in mind that Passive mode is less likely to result in firewall interference with the connection. |
| Inactivity Timeout | The length of time (in seconds) that must pass without activity for a user to time out. |
| Passive Port Range | When using Passive mode, the application uses any available port to listen for incoming data connections. You can override this by setting this field to a port range in start-end format. For example: 1024- refers to ports higher than 1024 (inclusive) and 1024-2048 refers to ports between 1024 and 2048 (inclusive). |
| Passive Address | When using Passive mode, the application returns the IP address for the local interface. You can override this by setting this field to a specific public IP address. |
| TLS Enabled Protocols | The list of TLS/SSL protocols supported when establishing outgoing connections. Best practice is to only use TLS protocols. SSL v2 and SSL v3 are considered vulnerable and should only be used if your partner does not support higher versions. Keep in mind that TLS v1.3 is not universally adopted, and might be refused if the destination server does not support it. |
Logging
Miscellaneous
Connector Settings
Once you configure the FTP Server profile settings, create and configure an individual FTP Server connector for each trading partner on the Flows page.
Settings Tab
Configuration
User Configuration
Credentials for authenticating to the local FTP server.
| Setting | Description |
|---|
| User | The username credential for logging in to the local FTP server. This value is always the same as the Connector Id. |
| Password | The password credential associated with the User. |
Permissions
Settings related to the read and write permissions the configured client has for the Send and Receive folders.
| Setting | Description |
|---|
| Send Directory Permissions | Use the checkboxes to set read and write permissions for the Send directory. This directory is where files are downloaded. |
| Receive Directory Permissions | Use the checkboxes to set read and write permissions for the Receive directory. This directory is where files are uploaded. |
Advanced Tab
Local Folders
Settings related to the folders where clients upload and download files.
| Setting | Description |
|---|
| Input Folder (Send) | Files in the Send folder are available to be downloaded by clients. |
| Output Folder (Receive) | Files uploaded by the client are placed in the Receive folder. Files remain in the Receive folder or are passed along to the next connector in the flow. |
Other Settings
Settings not included in the previous categories.
| Setting | Description |
|---|
| Allowed Files Filter | A glob pattern that determines which files are accepted by the FTP server. Overrides the Allowed Files Filter option on the FTP Profile page. |
| Remove File After Send | Whether files in the Send folder should be removed after the client receives them. |
| Temp Receive Extensions | Files with a matching extension are not recorded in the Receive table and do not fire the After Receive event until they are renamed. Supply a comma-delimited list of file extensions. |
| Timeout | The length of time (in seconds) the server waits for a connection response before throwing a timeout error. |
| Save Subfolder | Check this to add a SubFolder header to received messages. This header represents the path relative to the Local Folders. |
| Local File Scheme | A scheme for assigning filenames to messages that are output by the connector. You can use macros in your filenames dynamically to include information such as identifiers and timestamps. For more information, see Macros. |
Message
Logging
Miscellaneous
Alerts Tab
SLAs Tab
Establishing a Connection
Each FTP Server connector represents a single trading partner’s connection parameters. The trading partner should connect to the FTP server using the server settings (such as port and TLS mode) from the Profile page and the user configuration settings in the dedicated FTP Server connector (User and Password).
Each trading partner has separate Send and Receive directories that are subfolders of the root. The partner should download files from the Send folder and upload files to the Receive folder. The client is not permitted to upload or download files from the root.
Macros
Examples
Common Errors
Error: Could not bind server socket: Permission denied.
Cause
This error can appear when you attempt to connect to an FTP server and the process hosting does not have sufficient privileges to establish a listener on the specified port.
In some cases (such as Linux environments and hosted instances running in an Amazon AMI), you cannot use ports below 1024.
ufw allow 21/tcp
ufw allow 8021/tcp
echo "
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 21 -j REDIRECT --to-port 8021
COMMIT" >> /etc/ufw/before.rules
iptables to route incoming requests on the desired port to the allowed port:
iptables -t nat -I PREROUTING -p tcp --dport 21 -j REDIRECT --to-port 8021 
