Archives September 2023

How To Set Up vsftpd (FTP server) On Ubuntu

FTP (File Transfer Protocol) is a network protocol that is used for transferring a file between computers. FTP is still used to support legacy applications and workflows with very specific needs. If you have a choice of protocol, consider modern options that are more efficient, secure, and convenient for delivering files like SFTP (Secure File Transfer Protocol).

vsftpd, very secure FTP daemon, is an FTP server for many Unix-like systems, including Linux, and is often the default FTP server for many Linux distributions as well. vsftpd is beneficial for optimizing security, performance, and stability. It also provides strong protection against security problems found in other FTP servers.

Read more: How To Set Up vsftpd (FTP server) On Ubuntu

In this tutorial, we will try to install and configure vsftpd to our server. And here’s the step to do that:

1. Installing vsftpd

Update your package list first:

sudo apt update

Next, install the vsftpd daemon:

sudo apt install vsftpd

And now vsftpd is already installed on your server.

2. Opening the Firewall

First, check the firewall status to see if it’s enabled. If it is, then you’ll make adjustments to ensure that FTP traffic is permitted so firewall rules don’t block our FTP requests.

sudo ufw status

You should see output like this, if it states that the status is active, then our server firewall is active and we need to add additional config:

Start by opening ports 2021, and 990 so they’re ready when you enable TLS:

sudo ufw allow 20,21,990/tcp

Next, open ports 40000-50000 for the range of passive ports you will be setting in the configuration file:

sudo ufw allow 40000:50000/tcp

Check the status of your firewall again, and it should add more additional configs like this:

3. Configure vsftpd Configuration

Open up the file at /etc/vsftpd.conf in your favorite text editor (vim, nano, …), and make sure the following lines are uncommented:


local_enable allows system-defined users in the /etc/passwd file to log in through vsftpd.


write_enable allows changes to the filesystem through FTP, such as uploading.


ascii_upload_enable and ascii_download_enable tell vsftpd to disable ascii mangling. It’s a horrible feature of the FTP protocol that basically replaces line endings regardless of whether or not the FTP server is running on a Windows or Unix machine.


chroot is shorthand for change root and will basically enable an environment that prevents the user from leaving its home directory.

4. Add New User

Although we can use system-defined users to log in through vsftpd, let’s create our own user to access the vsftpd service.

Run this command to create a new user:

adduser ftpuser

This will create a user named ftpuser, you will be asked some basic questions and also be asked to set up a password for that user.

And now we can use vsftpd service for our server.

How To Install MySQL on Ubuntu

MySQL is one of the most used RDBMS (Relational Database Management System) that used in the world. So learning to use this will bring us a great skill that can be used almost everywhere.

In this tutorial, we will learn how to install MySQL on our own server. So let’s start.

1. Install MySQL to Our Server

On Ubuntu, we can install MySQL server using APT package repository.

To install it, we need to update the server’s package index first with this command:

sudo apt update

Then install the mysql-server package:

sudo apt install mysql-server

Ensure that the server is running using these commands:

sudo systemctl start mysql.service
sudo systemctl enable mysql.service

These commands will install, start, and enable MySQL on server start, but will not prompt you to set a password or make any other configuration changes. Because this leaves your installation of MySQL insecure, we will address this next.

2. Configuring MySQL

For fresh installations of MySQL, you’ll want to run the database management system’s included security script. This script changes some of the less secure default options for things like disallowing remote root logins and removing sample users.

Run the security script with this command:

sudo mysql_secure_installation

This will take you through a series of prompts where you can make some changes to your MySQL installation’s security options. The first prompt will ask whether you’d like to set up the Validate Password Plugin, which can be used to test the password strength of new MySQL users before deeming them valid.

If you elect to set up the Validate Password Plugin, any MySQL user you create that authenticates with a password will be required to have a password that satisfies the policy you select:

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:

Regardless of whether you choose to set up the Validate Password Plugin, the next prompt will be to set a password for the MySQL root user. Enter and then confirm a secure password of your choice:

Please set the password for root here.

New password:

Re-enter new password:

If you use the Validate Password Plugin, you’ll receive feedback on the strength of your new password. Then the script will ask if you want to continue with the password you just entered or if you want to enter a new one. Assuming you’re satisfied with the strength of the password you just entered, enter Y to continue the script:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y

From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MySQL immediately respects the changes you have made.

3. Creating a Dedicated MySQL User and Granting Privileges

Upon installation, MySQL creates a root user account which you can use to manage your database. This user has full privileges over the MySQL server, meaning it has complete control over every database, table, user, and so on. Because of this, it’s best to avoid using this account outside of administrative functions. This step outlines how to use the root MySQL user to create a new user account and grant it privileges.

In Ubuntu systems running MySQL 5.7 (and later versions), the root MySQL user is set to authenticate using the auth_socket plugin by default rather than with a password. This plugin requires that the name of the operating system user that invokes the MySQL client matches the name of the MySQL user specified in the command, so you must invoke mysql with sudo privileges to gain access to the root MySQL user:

sudo mysql

 If you installed MySQL with another tutorial and enabled password authentication for root, you will need to use a different command to access the MySQL shell. The following will run your MySQL client with regular user privileges, and you will only gain administrator privileges within the database by authenticating:

mysql -u root -p

Run the following command to create a user that authenticates with a password. Be sure to change jack to your preferred username and password to a strong password of your choosing:

CREATE USER 'jack'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

After creating your new user, you can grant them the appropriate privileges. The general syntax for granting user privileges is as follows:

GRANT PRIVILEGE ON database.table TO 'username'@'host';

The PRIVILEGE value in this example syntax defines what actions the user is allowed to perform on the specified database and table. You can grant multiple privileges to the same user in one command by separating each with a comma. You can also grant a user privileges globally by entering asterisks (*) in place of the database and table names. In SQL, asterisks are special characters used to represent “all” databases or tables.

Following this, it’s good practice to run the FLUSH PRIVILEGES command. This will free up any memory that the server cached as a result of the preceding CREATE USER and GRANT statements:


Then you can exit the MySQL client:


In the future, to log in as your new MySQL user, you’d use a command like the following:

mysql -u jack-p

And, you’ve already succeeded in installing MySQL to your own server.

Deploy WordPress with Nginx and Let’s Encrypt Certbot (SSL)

WordPress is a widely used web content management system (CMS) originally designed for blogging but now supports various types of web content. It allows users to create and manage websites, blogs, forums, media galleries, e-commerce stores, and more.

WordPress is written in PHP. So, we can deploy it easily using Nginx, the same way as we deploy another PHP application.

And we will also protect our WordPress traffic data by using SSL.

Here we will see how to deploy WordPress on our own with Nginx and SSL to our server:

Read more: Deploy WordPress with Nginx and Let’s Encrypt Certbot (SSL)

1. Download WordPress to Your Server

The first thing to do of course is to put the files needed to your server. You can download it directly from the WordPress official website or you can run this command to download it from a terminal:


This command will download the latest WordPress version files to your server. I recommend using the latest version so if there’s some issue with security or the feature before, it will be addressed.

The file is using zip extension, so let’s unzip the files first:


And put it to /var/www directory:

sudo mv wordpress /var/www/wordpress

Because Nginx will use www-data user and group to access the files, we need to change the owner of the WordPress files to www-data:

sudo chown -R www-data:www-data /var/www/wordpress

Now, our WordPress files are ready to be served and accessed by Nginx.

2. Create Our Nginx Configuration

If we want Nginx to be able to find and serve our website to the users, we need to create a configuration for our website.

I’m not using a real domain for this tutorial, so if you have your own domain, you can use that for this tutorial. Or you can buy it from a domain provider on the internet, and there are so many domain providers available.

I usually copy the configuration from the default configuration from Nginx. So I will do it with this command:

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wordpress

And let’s change the content of /etc/nginx/sites-available/wordpress into this:

server {
        listen 80;
        listen [::]:80;

        # SSL configuration
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        # Note: You should disable gzip for SSL traffic.
        # See:
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See:
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        # include snippets/snakeoil.conf;

        root /var/www/wordpress;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html index.php;


        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?$query_string;

        # pass PHP scripts to FastCGI server
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #       # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass;

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #location ~ /\.ht {
        #       deny all;

In this config, we are using as the domain, you can change it to your own domain.

And I’m also using php-fpm 8.1 version. You still can use version 7.4 or as stated on their website .

Then let’s check our Nginx configuration with this command:

sudo nginx -t

And when you get this message:

That means there’s no misconfiguration on your Nginx file. But if there’s one, you need to fix it first.

Then let’s restart our Nginx service so our configuration will be applied with this command:

sudo systemctl restart nginx

And our Nginx configuration is finished.

3. Setup Database Configuration

Like other web applications, of course, WordPress needs a database too. So let’s set up the database for our application.

Change file /var/www/wordpress/wp-config-sample.php file to /var/www/wordpress/wp-config.php so WordPress can read the config that we will write to the file.

sudo mv /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php

Fill these fields with your database configuration.

If you don’t have any database installed, you can install MySQL database first on your server like in this link. Then you can fill the configuration in the file with the MySQL configuration that you just created.

4. Protect Your WordPress Traffic With Let’s Encrypt Certbot

We can protect our site with SSL. To be able to do this, we need an application named Certbot that will help us set up an SSL for our site.

But before doing that, we need to install Certbot on our website. We can install it using snapd. So let’s install it first:

sudo apt install snapd

sudo snap install core; sudo snap refresh core

And finally, install Certbot:

sudo snap install --classic certbot

And create a symbolic link so we can run Certbot everywhere:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

After we have Certbot, let’s apply it to our WordPress site with this command:

sudo certbot --nginx -d

If it shows a success message, then your WordPress site is protected by SSL successfully.

5. Setup Your WordPress Website

Then, you can set up your WordPress app from your browser by opening this link:

And follow the instructions that are available there.

6. Setup FTP Server Configuration

When you try to install a plugin like in this menu:

You will across a menu that requires you to insert an FTP configuration like this:

So, you need to set up an FTP server on your server. You can check how to do it here.

Don’t forget to include the FTP server username in the www-data group so it can put and modify files there using this command:

sudo usermod -a -G www-data ftpuser

And now, you can use your WordPress app fully, yay!

If you have any questions, don’t hesitate to comment or contact me on LinkedIn, thank you!