A secure and fast FTP server for Hass.io

The FTP protocol might be come in handy sometimes. While old, it still has its use. For example, most IP Cameras still support the upload of images or videos via FTP.

This add-on provides an FTP Server for Hass.io in a reasonably secure manner. While FTP is not entirely secure by its (unencrypted) nature, this add-on supports FTP over SSL (FTPS) and jails (chroot) the virtual users in their home directories.

Of course, if you'd really want to, you could also use this add-on to again access to your Home Assistant configuration via FTP.

The installation of this add-on is pretty straightforward and not different in comparison to installing any other Hass.io add-on.

1. Add our Hass.io add-ons repository to your Hass.io instance.
2. Install the "FTP" add-on.
3. Start the "FTP" add-on
4. Check the logs of the "FTP" add-on to see if everything went well.

NOTE: Do not add this repository to Hass.io, please use: https://github.com/hassio-addons/repository.

Note: Remember to restart the add-on when the configuration is changed.

Example add-on configuration:

{
  "log_level": "info",
  "port": 21,
  "data_port": 20,
  "banner": "Welcome to the Hass.io FTP service.",
  "pasv": true,
  "pasv_min_port": 30000,
  "pasv_max_port": 30010,
  "pasv_address": "",
  "ssl": false,
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "implicit_ssl": false,
  "max_clients": 5,
  "users": [
    {
      "username": "hassio",
      "password": "changeme",
      "allow_chmod": true,
      "allow_download": true,
      "allow_upload": true,
      "allow_dirlist": true,
      "addons": false,
      "backup": true,
      "config": true,
      "share": true,
      "ssl": false
    },
    {
      "username": "camera",
      "password": "changeme",
      "allow_chmod": false,
      "allow_download": false,
      "allow_upload": true,
      "allow_dirlist": true,
      "addons": false,
      "backup": false,
      "config": false,
      "share": true,
      "ssl": false
    }
  ]
}

Note: This is just an example, don't copy and paste it! Create your own!

The log_level option controls the level of log output by the addon and can be changed to be more or less verbose, which might be useful when you are dealing with an unknown issue. Possible values are:

• trace: Show every detail, like all called internal functions.
• debug: Shows detailed debug information.
• info: Normal (usually) interesting events.
• warning: Exceptional occurrences that are not errors.
• error: Runtime errors that do not require immediate action.
• fatal: Something went terribly wrong. Add-on becomes unusable.

Please note that each level automatically includes log messages from a more severe level, e.g., debug also shows info messages. By default, the log_level is set to info, which is the recommended setting unless you are troubleshooting.

These log level also affects the log levels of the FTP server.

The port the FTP will listen on for incoming FTP connections.

The port from which PORT style connections originate.

This string option allows you to provide the greeting banner displayed by the FTP server when a connection first comes in.

Set to false if you want to disallow the PASV method of obtaining a data connection. For more information about passive versus active FTP, see this excellent Stack Overflow answer.

The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.

The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.

Use this option to override the IP address that the FTP server will advertise in response to the PASV command. Provide a numeric IP address, or provide a hostname which will be DNS resolved for you at startup. When left empty, the address is taken from the incoming connected socket.

Enables/Disables SSL on the FTP Server. Set it true to enable it, false otherwise.

The certificate file to use for SSL.

Note: The file MUST be stored in /ssl/, which is default for Hass.io

The private key file to use for SSL.

Note: The file MUST be stored in /ssl/, which is default for Hass.io

If set to true, an SSL handshake is the first thing expect on all connections (the FTPS protocol).

This is the maximum number of clients which may be connected at the same time. Any additional clients connecting will get an error message.

This option allows you to specify a list of one or more users. Each user can have its own permissions like defined in the sub-options below.

The username the user needs to use to login to the FTP server. A valid username has a maximum of 32 characters, contains only A-Z and 0-9. Usernames may contain a hyphen (-) but must not start or end with one.

Note: This option support secrets, e.g., !secret ftp_username.

The password the user logs in with.

Note: This option support secrets, e.g., !secret ftp_password.

Setting this option to true will allow the use of the SITE CHMOD command for that user.

Setting this option to true will allow the user to download files from the FTP server.

This controls whether any FTP commands which change the filesystem are allowed or not.

These commands are STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE.

Setting this option to true, allows to user to browse all directories the user was given access to by using the list commands.

Allow the user to access the /addons directory.

Allow the user to access the /backup directory.

Allow the user to access the /config directory.

Allow the user to access the /share directory.

Allow the user to access the /ssl directory.

Adding this option to the add-on configuration allows to you bypass the HaveIBeenPwned password requirement by setting it to true.

Note: We STRONGLY suggest picking a stronger/safer password instead of using this option! USE AT YOUR OWN RISK!

This repository keeps a change log using GitHub's releases functionality. The format of the log is based on Keep a Changelog.

Releases are based on Semantic Versioning, and use the format of MAJOR.MINOR.PATCH. In a nutshell, the version will be incremented based on the following:

• MAJOR: Incompatible or major changes.
• MINOR: Backwards-compatible new features and enhancements.
• PATCH: Backwards-compatible bugfixes and package updates.

Got questions?

You have several options to get them answered:

• The Community Hass.io Add-ons Discord chat server for add-on support and feature requests.
• The Home Assistant Discord chat server for general Home Assistant discussions and questions.
• The Home Assistant Community Forum.
• Join the Reddit subreddit in /r/homeassistant

You could also open an issue here GitHub.

This is an active open-source project. We are always open to people who want to use the code or contribute to it.

We have set up a separate document containing our contribution guidelines.

Thank you for being involved! 😍

The original setup of this repository is by Franck Nijhof.

For a full list of all authors and contributors, check the contributor's page.

Want some more functionality to your Hass.io Home Assistant instance?

We have created multiple add-ons for Hass.io. For a full list, check out our GitHub Repository.

MIT License

Copyright (c) 2017-2019 Franck Nijhof

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.