Backup FTP = AUTH TLS or AUTH SSL

hi! how to implement it?
In order for the backup client in Hestia to forcibly connect to a remote FTP server to save a backup, using AUTH TLS or AUTH SSL encryption.
Accept the certificate automatically.
So that the connection is not established without AUTH TLS or AUTH SSL encryption.

Hi @SHarksGANG,

Hestia uses ftp command to tranfer backup files and it doesn’t support ftps so you could use sftp or if you must use ftps, use rclone to configure an ftps connection for your backups.

1 Like

I read

Спойлер

Backup & Restore | Hestia Control Panel

this, there is no mention here of how to configure RClone to use an encrypted ssl or tls connection. In the settings [Config backups]

Спойлер

(hestiacp/bin/v-add-backup-host at main · hestiacp/hestiacp · GitHub )

, you can add a command to force TLS or SSl to be enabled. It will be happiness!

The doc is to use rclone in Hestia, if you want to use rclone, you should check their own doc to config it to fit your needs:

You should already have rclone installed as part of Hestia’s install so as root run:

rclone config

And add the new remote connection interactively or use something like this:

In the example I will use ftp-whatever as the connection name, ftp as the connection type, ftp.example.com as the ftp host, 21 as the port, foo as the user, sup3rSecret! as the password and will say to use explicit_tls connection.

rclone config create ftp-whatever ftp host=ftp.example.com port=21 user=foo pass='sup3erSecret!' explicit_tls=true 

If you don’t want to check the certificate, add the option no_check_certificate=true
If you want/need to use implicit tls instead of explicit tls then replace explicit_tls=true by implicit_tls=true

Once added you can test it with the command:

rclone ls ftp-whatever:

Now you can configure the backup in Hestia, selecting rclone and adding ftp-whatever as the remote.

2 Likes

Thanks for the help! It doesn’t work in my case! The provider issues only an IP address for access. Of course, I connected to the IP address using Filezilla, accepted the unsigned certificates and looked at the domain name in the certificate. But RClone cannot connect, writes the error “530 Invalid authentication data”. The question of connecting FTP using TLS is relevant. I do not understand where in the Hestia config to add a TLS forced connection string, how to fix v-add-backup-host?

If the ftp over tls is explicit you should not use tls = true, as far as i know it will default to implicit tls and as no port has been specified, it will use port 990 instead of 21.

1 Like

I tested it using tls = true and explicit_tls = true and rclone returns this error:

implicit TLS and explicit TLS are mutually incompatible, please revise your config

So you should use only one. Also. double check that the password you used when creating the conf was quoted inside single quotes. If you want to change it and modify the rclone.conf directly, you must obscure it before pasting it inside the conf file:

rclone obscure 'HereYourPassword'

1 Like