Q: How can I enable AES256 encryption, or higher encryption for SSL, SSH, PGP, and keystores?
A: The policy files must be downloaded manually and installed in your Java lib/security folder replacing the old files. (DO NOT KEEP THE OLD FILES)
Java6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Java7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Java8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
You may also search google for: 'java unlimited cryptography policy files'
OS X Java 6 install location: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security/
OS X Java 7 install location: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/
OS X Java 8 install location: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/
Windows install location: C:\Program Files\Java\jre6\lib\security\ or C:\Program Files\Java\jre7\lib\security\ or C:\Program Files\Java\jre8\lib\security\
CrushFTP must be restarted after making this change. (The service or daemon.)
Once this has been done, edit the cipher list in the server prefs SSH port item, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256. Your Encryption, SSL tab items will automatically include the new items. Stronger key and keystore files will now work properly too.
Q: What are browser limitations when dealing with Drag and Drop, and the Java Applet for advanced mode?
A: Browsers are a mess in many ways...lets try and detail it here:
Chrome is the only browser that can natively upload a folder structure. Other browsers will make an attempt, but the browser is missing the support to do it, so it will fail. The advanced mode runs a java applet and it overcomes that ability.
Windows Limitations:
Chrome - no limitations
FireFox - can't upload folders unless using advanced mode
IE - Only handles drag and drop starting with IE11. IE is slow in all operations due to its poor rendering speed on javascript. Chrome is *much* faster in many areas.
OSX Limitations:
Chrome - Cannot do advanced mode since Google hasn't bothered updating Chrome to be 64 bit, and Java on OSX is only 64bit.
FireFox - No drag and drop to the advanced mode applet. Apple/Oracle block all DND operations to Java applets in the browser.
Safari - No drag and drop to the advanced mode applet. Apple/Oracle block all DND operations to Java applets in the browser.
In all browsers, resume is only supported if using advanced mode as browsers lack resume capabilities.
Q: How do I make a SSL cert? How do SSL certs work in CrushFTP?
A: SSL Background:
You create a private key. This is the key generation that asks things like the common name, organization, state, etc. This private key is a once in a lifetime event…its your private unique key to the world, and should never be shared, distributed or otherwise made "public" in any way. Its private, store it, and keep it secure.
From this key, a unique signature is made, and this is called the CSR, and this file is given to a certificate authority. They then sign this CSR with their own information and give it back to you. This is your "cert". Its unique to your private key, and only goes with your private key.
Now we have to add this cert back with your private key to create a system of trust. We can't trust the cert you have yet until we can verify each of its parents back up the chain of certs to your certificate authority where you bought it from. This is the cert chain, and its the same chain the web browser will use in deciding if your cert is valid or not.
You add each of these chain certs into the keystore, saying you trust it. Once all the pieces are there, you then "Import the CA Reply" which adds the "cert" you got back to your original private key information.
Now when users connect to you, the server is providing this information to them, and because they already trust the chain for where it came from, they then trust your server is who it says it is…or someone else has your private key and is impersonating you. Portecle makes this process easier.
Q: How do you install CrushFTP as a daemon on Linux?
A: Each Linux distro has its own way of handling startup items. Refer to your distro's documentation on how to add a reference to a script for starting CrushFTP. (crushftp_init.sh)
Q: Is it possible to run the server on ports below 1024 and not run as root on a Linux/Unix system?
A: Yes. Use the built in firewall to setup a port rewrite.
sudo iptables -t nat -A PREROUTING -p tcp -d 192.168.0.5 -m tcp --dport 21 -j DNAT --to 192.168.0.5:2121
sudo iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.5 -m tcp --sport 2020 -j SNAT --to 192.168.0.5:20
If you do change the source port to 2020, add an entry into the prefs.xml specifying this. The entry goes in the individual server_item you want the source port changed on.
<source_port>2020</source_port>
Alternatively you may just want this:
sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j REDIRECT --to-ports 2121
Then just run CrushFTP on port 2121 instead.
Q: How do groups, inheritance and templates work in CrushFTP?
A: Groups and templating/inheritance cover two different types of things.
Groups just define lists of users. A better name would be "Lists" instead of "Groups" as that is all it does. So just keep that in mind.
Having a list of users is important when you want to do a batch update to everyone in that "List/Group". Instead of applying to all users, it only applies to that "List/Group".
Batch changes such as adding a user into the template inheritance list is done by holding the "control" key when clicking on the add button. It is also used when holding control and de-selecting a checkbox in the list of inheritance/templates, and lastly its used when holding control and clicking on the checkboxes to the left of any setting that overrides the inherited value. Every setting has a checkbox like this on the left.
So you make some "setting users" that have settings you want applied to your users. You then choose a user in a group, and control click the add button to add this "setting user" to the list of their inheritance.
Q: How do I get SMTP email working with a SMTP server that has an untrusted SSL certificate?
A: keytool -keystore /System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts -import -file my_mail-server.cer -alias my_mail_server
The default password when prompted is changeme, or changeit. (However, don't change it!)
Then restart CrushFTP and it should be able to send email.
On a windows system, the "keytool" application is in the JDK folder in your Program Files\Java\ folder.
Q: How can I setup Growl notifications?
A: First, you need the "growlnotify" from the "Extras" folder of the official Growl download.
Then, setup a CrushTask like the following screenshot. The most import thing is that the message item must be the last argument.
Q: How can I restart CrushFTP from the command line on Linux?
A: Here is an alternate command script for Linux to handle a friendly QUIT and RESTART. The startup_command in the prefs.xml must also have a –Ddir= value set to the path to CrushFTP.
Q: The CrushFTP host (Linux 2.6) is keeping a lot of information in the physical memory page cache. Please implement the following two changes to (1) control the usage of the swap file, and (2) increase the amount of memory reserved (i.e. not used as a cache for files).
A: Change One – adjust the swap value.
# Swappiness vm.swappiness=80Change Two – adjust the amount of reserved memory.
# Minimum Free Kbytes vm.min_free_kbytes=512000
Q: Why can't I access mapped drives in windows after installing the service?
A: When a Windows service is running, it cannot access "mapped" drives unless you go to the service properties, and enable the "interacts with desktop" flag. This however, does require that a session always be logged into the Windows machine to provide those mapped drive letters, and must be WinXP.
Otherwise, network resources must always be referenced by their UNC path. Then you can set the service to logon as a different account, and then it will be able to access those UNC paths it has access to.
Q: How do you stop IIS from binding to all IPs for a port?
A: IIS by default will bind to all IPs on the machine. So if you have multiple IP's and want CrushFTP on one, and IIS on the other, do the following: Download and install the Windows Server 2003 Support Tools
From a command prompt, run :
httpcfg set iplisten -i *your_iis_ip_goes_here* net stop http /y net start w3svc
Q: How can I setup port rules in the Windows server?
A: Follow up these screen shots... it's usually almost the same on the majority of Windows servers.
Q: How can I remove the OS X apache service to regain control over my ports?
A: In terminal, issue these commands. Once OSX Server starts its apache service, it won't stop it. It will only print a message saying its off.
sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist
sudo launchctl remove /System/Library/LaunchDaemons/org.apache.httpd.plist
Q: How can I configure CrushFTP to use a proxy for its update check and download system?
A: In a shell prompt, do a startup command like this for a socks proxy:
java -Dhttps.proxyHost=192.168.1.50 -Dhttps.proxyPort=3128 -Xmx384M -jar plugins/lib/CrushFTPJarProxy.jar –d
Q: How can I set up Symantec Endpoint Protection getting the email alerts to send out from CrushFTP.
A: You need to have the Custom Firewall Policy configured on the server -- in addition to the service running as domain admin.
Create a Separate Group on the Sep Server and dropp CrushFTP box into it. Disable the inherit policies, then do a copy policy on the AntiVirus and Antispyware policy.
Disable the Symantec Internet Email Auto-Protect on Server Policy See pic for Server and where to see it on Client
This is on the client – that is why it is greyed out.
Create Exceptions for the CrushFTP.exe and the Java.exe in the C:\Program Files\ on client and\or server policy
Q: How can I configure NGINX proxy to forward uploads without buffering everything first?
- Ensure we allow large files to be uploaded for CrushFTP
- Switch off buffering so large file uploaded are forwarded to CrushFTP immediately (otherwise just get an error)
(These settings can be placed in NGINX config in the http, server, or location sections, depending on what is best for your usage.)
Q: How can I default my login page to another language?
You can go to the Admin>>Preferences>>Webinterface>>LoginPage tab and there add the below custom javascript as needed:
window.showLanguageSelection = true; //true/false window.showLanguageSelectionPos = "left"; //left/right window.saveLanguageSelectionInCookie = true; //true/false window.defaultWILanguage = "de"; //any one from : en,cs,da,nl,fr,de,hu,it,pl,es window.detectBrowserLanguage = true; //true/false
Q: Who did your voice over audio?
A: On some videos, but not all, we used Eli Wood & Co http://eliwprod.com/. They were fast and professional on their delivery!
Add new attachment
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
png |
1.png | 48.8 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
2.png | 110.0 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
3.png | 12.3 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
4.png | 11.6 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
5.png | 14.1 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
6.png | 11.2 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
7.png | 9.3 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
sh |
crushftp_init.sh | 7.9 kB | 1 | 09-Oct-2016 18:14 | Ben Spink | |
png |
growl_setup.png | 52.5 kB | 2 | 09-Oct-2016 18:14 | Ben Spink | |
png |
image001.png | 18.6 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
image002.png | 17.2 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
jpg |
image003.jpg | 47.6 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
image003.png | 47.6 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád | |
png |
image004.png | 38.8 kB | 1 | 09-Oct-2016 18:14 | Halmágyi Árpád |