SSL and certs for SFTP
-
Hi,
I am setting up some gitlab CI/CD and would like to ftp files onto my wordpress instance. Also I would like to secure with ssl... and certs. Is that possible with cloudron?
Here is the command I was looking at using, any ideas? What layers of security can and can't i have while performing sftp?
update_wpressapi: stage: update_wpressapi rules: - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # && $CI_MERGE_REQUEST_APPROVALS_REQUIRED && $CI_MERGE_REQUEST_APPROVED' script: - apt-get install -y lftp - | lftp -e "set ftp:ssl-allow yes; set ftp:ssl-auth TLS; set \ ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ cd /path/to/destination; \ ls -R --max-depth=2; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com - lftp -e "set ftp:ssl-allow yes; \ set ftp:ssl-auth TLS; \ set ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ put base-plugin.zip -o /path/to/destination/base- plugin.zip; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com -
Hi,
I am setting up some gitlab CI/CD and would like to ftp files onto my wordpress instance. Also I would like to secure with ssl... and certs. Is that possible with cloudron?
Here is the command I was looking at using, any ideas? What layers of security can and can't i have while performing sftp?
update_wpressapi: stage: update_wpressapi rules: - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # && $CI_MERGE_REQUEST_APPROVALS_REQUIRED && $CI_MERGE_REQUEST_APPROVED' script: - apt-get install -y lftp - | lftp -e "set ftp:ssl-allow yes; set ftp:ssl-auth TLS; set \ ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ cd /path/to/destination; \ ls -R --max-depth=2; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com - lftp -e "set ftp:ssl-allow yes; \ set ftp:ssl-auth TLS; \ set ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ put base-plugin.zip -o /path/to/destination/base- plugin.zip; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com -
Hi,
I am setting up some gitlab CI/CD and would like to ftp files onto my wordpress instance. Also I would like to secure with ssl... and certs. Is that possible with cloudron?
Here is the command I was looking at using, any ideas? What layers of security can and can't i have while performing sftp?
update_wpressapi: stage: update_wpressapi rules: - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # && $CI_MERGE_REQUEST_APPROVALS_REQUIRED && $CI_MERGE_REQUEST_APPROVED' script: - apt-get install -y lftp - | lftp -e "set ftp:ssl-allow yes; set ftp:ssl-auth TLS; set \ ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ cd /path/to/destination; \ ls -R --max-depth=2; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com - lftp -e "set ftp:ssl-allow yes; \ set ftp:ssl-auth TLS; \ set ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ put base-plugin.zip -o /path/to/destination/base- plugin.zip; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com@roofboard Cloudron only runs an Sftp serfver, not ftpS
If the app data is exposed through ftp or not, is dependent on the app, however the wordpress package does support it.
Further info on the connection can be found at https://docs.cloudron.io/apps/#ftp-access
-
N nebulon marked this topic as a question on
-
Hi,
I am setting up some gitlab CI/CD and would like to ftp files onto my wordpress instance. Also I would like to secure with ssl... and certs. Is that possible with cloudron?
Here is the command I was looking at using, any ideas? What layers of security can and can't i have while performing sftp?
update_wpressapi: stage: update_wpressapi rules: - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # && $CI_MERGE_REQUEST_APPROVALS_REQUIRED && $CI_MERGE_REQUEST_APPROVED' script: - apt-get install -y lftp - | lftp -e "set ftp:ssl-allow yes; set ftp:ssl-auth TLS; set \ ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ cd /path/to/destination; \ ls -R --max-depth=2; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com - lftp -e "set ftp:ssl-allow yes; \ set ftp:ssl-auth TLS; \ set ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ put base-plugin.zip -o /path/to/destination/base- plugin.zip; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com@roofboard I guess your real question is how to automate this. We automate SFTP in testing like this - https://git.cloudron.io/cloudron/lamp-app/-/blob/master/test/test.js#L120
sshpass -p${process.env.PASSWORD} sftp -P 222 -o StrictHostKeyChecking=no -oHostKeyAlgorithms=+ssh-rsa -oBatchMode=no -b - ${process.env.USERNAME}@${app.fqdn}@${apiEndpoint} -
Hi,
I am setting up some gitlab CI/CD and would like to ftp files onto my wordpress instance. Also I would like to secure with ssl... and certs. Is that possible with cloudron?
Here is the command I was looking at using, any ideas? What layers of security can and can't i have while performing sftp?
update_wpressapi: stage: update_wpressapi rules: - if: '$CI_MERGE_REQUEST_ID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' # && $CI_MERGE_REQUEST_APPROVALS_REQUIRED && $CI_MERGE_REQUEST_APPROVED' script: - apt-get install -y lftp - | lftp -e "set ftp:ssl-allow yes; set ftp:ssl-auth TLS; set \ ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ cd /path/to/destination; \ ls -R --max-depth=2; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com - lftp -e "set ftp:ssl-allow yes; \ set ftp:ssl-auth TLS; \ set ftp:ssl-protect-data yes; \ set ssl:key-file $FTP_SSL_KEY; \ set ssl:cert-file $FTP_SSL_CERT; \ put base-plugin.zip -o /path/to/destination/base- plugin.zip; bye" -u \ $FTP_USERNAME,$FTP_PASSWORD ftps://my.domain.com -
@roofboard also, if you want to use lftp , I think you have to use
sftp://my.domain.cominstead of ftps . IIRC, we had some trouble automating with lftp. This is why we use sftp command.@girish I tried this 7 ways from Sunday, then gave up and tried to just get access from the terminal. Every time I get permission denied.
Did the above command work for you?
I am trying to do this with a App Passwords
and just having no luck even when i hardcode the usernames and passwords. -
@girish I tried this 7 ways from Sunday, then gave up and tried to just get access from the terminal. Every time I get permission denied.
Did the above command work for you?
I am trying to do this with a App Passwords
and just having no luck even when i hardcode the usernames and passwords.@roofboard You can try this on our demo. Password is
cloudron.$ sftp -P 222 cloudron@site.demo.cloudron.io@my.demo.cloudron.io cloudron@site.demo.cloudron.io@my.demo.cloudron.io's password: Connected to my.demo.cloudron.io. sftp>I also tested with app password (
ee8431debcc35383) . Same command above works.
Can you test above? Hopefully, nobody deletes the app before you get to it.
-
@roofboard You can try this on our demo. Password is
cloudron.$ sftp -P 222 cloudron@site.demo.cloudron.io@my.demo.cloudron.io cloudron@site.demo.cloudron.io@my.demo.cloudron.io's password: Connected to my.demo.cloudron.io. sftp>I also tested with app password (
ee8431debcc35383) . Same command above works.Can you test above? Hopefully, nobody deletes the app before you get to it.
@girish said in SSL and certs for SFTP:
sftp -P 222 cloudron@site.demo.cloudron.io@my.demo.cloudron.io
Please note the double '@' . It's not a typo. The username contains an @ .
-
@girish said in SSL and certs for SFTP:
sftp -P 222 cloudron@site.demo.cloudron.io@my.demo.cloudron.io
Please note the double '@' . It's not a typo. The username contains an @ .
-
G girish has marked this topic as solved on