IIS and FTP
Last updated
Last updated
IIS: Web server software developed by Microsoft for hosting websites and web applications on Windows Server. Supports various web protocols and provides a platform for web development.
FTP: File Transfer Protocol is a standard protocol for transferring files between a client and a server over a network. It enables file uploads, downloads, and management on a remote server.
IIS and FTP
This lab outlines the steps to install IIS (Internet Information Services) version 10 and FTP (File Transfer Protocol) on Windows Server. The Web Server (IIS) role in Windows Server provides a secure, easy-to-manage, modular, and extensible platform for reliably hosting websites, services, and applications.
Open Server Manager Console.
Go to Manage > Add Roles and Features.
Before you begin the screen, click Next
Keep "Role-based or feature-based installation" selected and click Next.
Select the appropriate server. The local server is selected by default. Click Next.
From the Select server roles window, check the box next to Web Server (IIS).
Click on the Add Features button to install the required features as well.
Make sure the Web server role is selected, Click on Next.
No extra features needed for Web Server role, click Next.
On the Web Server Role (IIS) dialog box, click Next.
On the Select role services dialog box, you can install additional services for IIS if required. Add FTP Server’ checkbox and the corresponding FTP sub-options (FTP service and FTP extensibility) and Click Next.
Verify that your settings are correct and click Install.
When the installation completes, click Close to exit the wizard.
At this point, the default website should be running using TCP http protocol 80. We can test our web hosting service by using a web browser and typing in our fully qualified domain name (FQDN) http://winserver.harchit.local and pressing enter:
Note: There are multiple ways to access our web server, the samples below are the entries you can make on the browser's navigation bar:
http://localhost
http://192.168.10.1 (the IP address of our web server)
http://127.0.0.1 (loopback address)
But to easily apply the concept of self-signed certificates, we will be accessing our web server using a fully qualified domain name (FQDN) for the next examples.
You should see the default IIS web page in your web browser, we will use the our web server's FQDN for this case.
1. We need to open the IIS Manager console. First, open server manager console.
2. Click on tools and select Internet Information Services (IIS) Manager.
3. Click on the server name in the Connections column on the left and double-click on Server Certificates.
4. Click on Create Self-Signed Certificate in the Actions column on the right.
5. Enter the friendly name you wish to use to identify the self-signed certificate, and then click OK to complete the process.
6. You now have an IIS Self Signed Certificate listed under Server Certificates. The validity of the Self Signed Certificate is one year.
The next step is to bind the certificate to the default web site.
7. Browse to the Connections column on the left-hand side, expand the Sites folder and click on the website you wish to bind the SSL certificate to. In this case, we want to bind the certificate to the default web site.
8. On the right side, click on Bindings under Edit Site section in the Actions column.
9. Click the Add.. button.
10. Click the type drop down menu. Select https.
11. Click on the SSL Certificate drop-down, choose the newly created Self Signed certificate.
12. We will add winserver as our host name and click OK.
Note: The hostname can also use a fully qualified domain name if you would prefer. We intend to simplify the example for this lab.
13. You should now see the bindings for port 443. Click on Close to save the changes.
A self-signed certificate is successfully bound to the default website. Now you can access the default website using HTTPS without any issue.
14. To test if we can establish an ssl connection to our web server, open a web browser. Type the full name of the server with https in the URL bar and press enter key.
Create an FTP Server
To this point, we have installed the FTP server feature on the system, and a root default directory is created to that effect. The path of the root directory is at C:\inetpub.
We are going to create a custom FTP directory where we are going to place files and directories which can be accessed by authorized users across the network.
To do this, we can begin by navigating to C:\inetpub and creating our own folder.
Right click and select ‘New’ then ‘Folder’. Give the folder your preferred name. In this case, we have created a folder called myFTPdirectory.
We need to assign this directory the required permissions so that an authorized user can read from its contents. To achieve this, right-click on the directory and select ‘Properties’.
In the ‘Properties’ window, click on the ‘Security’ tab to be able to modify the permissions. Select the group which you want to allow access to the directory, in this case, we are selecting the ‘Users’ group. Click on the ‘Edit’ button to assign permissions to the group.
We will give ‘Full control’ permissions to our domain users group and hit the ‘Apply’ button.
Then click ‘Ok’. This takes you back to the Properties window and then press the ‘OK’ button.
Step 1: Create an FTP Site
We have assigned all permissions on our FTP directory to the Users group. The next step will be to create an FTP site which we shall map to the FTP directory.
On the Server manager, click on ‘Tools’ then select ‘Internet Services Information (IIS) Manager’ option.
On the IIS Manager window that appears, click the server name at the left pane to reveal more options. Right-click on the ‘Sites’ option and select ‘Add FTP site’.
In the next step, provide the FTP site name and the Physical Path by clicking on the adjacent button with three dots and navigating to the FTP directory that we created in the previous step.
Then click ‘Ok’ then ‘Next’ to go to the next step.
In the ‘Binding and SSL settings’ step, provide your server’s IP address, FTP port. Be sure to select the -‘No SSL’ option since we are not using an SSL certificate to secure the site.
The final step requires you to select the authentication type and configure which users will have access to the FTP site. Select ‘Basic’ authentication.
Under authorization, click on the ‘Specified users’ option – if you wish to grant access to a specific user to access the site – and right below that, specify the username of the user.
Alternatively, you can allow a group of users by selecting ‘Specified roles or user groups’ and specifying the user group in the ‘text field’ provided. Then check off ‘Read’ and ‘Write’ permissions and hit ‘Finish’.
Up until this point, we have successfully configured the FTP server. The last thing to do is to configure the firewall to allow remote users to access the FTP site.
Step 2: Configure the Firewall
FTP listens on port 21, and therefore, we need to allow this port across the firewall. To begin, click on the ‘Start’ menu button and search for ‘Firewall with Advanced security’
On the left pane, click on ‘Inbound rules’ and the head over to the extreme right and click on ‘New rule’.
On the ‘Rule Type’ window, select the ‘Predefined’ option and select ‘FTP server’ in the drop-down menu. Click ‘Next’.
Ensure that all the firewall rules are checked off and click ‘Next’.
Finally, click on ‘Allow the connection’ and click ‘Finish’.
Our FTP server can now be accessed remotely from either a Windows or Linux/UNIX system. The only remaining task is to test if we can make a connection to our FTP server.
Step 3: Test the FTP server
To test if your FTP server is working as expected, head over to a remote system and launch command prompt. Next, type the command below:
ftp <ftp server's ip address>
You will be required to authenticate, so provide your username and password.
The output above confirms that we were able to successfully log in.
Let’s try something more ambitious. We are going to create a directory and navigate into it using the commands shown:
ftp> mkdir reports
ftp> cd reports
To verify the existence of the directory, use the ls command , just as you would in a Linux system when listing files.
ftp> ls
Alternatively, You can head over to your browser and head over to the URL shown:
ftp://server-ip
In the authentication pop-up, provide your username and password and click on the ‘Sign In’ button.
This confirms that our FTP server is working as expected.
