| At line 1 changed one line |
| __Q: How do you install CrushFTP as a service or daemon on Windows or OS X?__ |
| __Q: How can I enable AES256 encryption, or higher encryption for SSL, SSH, PGP, and keystores?__ |
| At line 3 changed 3 lines |
| A: From the File menu, choose the menu item to install the daemon / service. For newer versions of Windows past WinXP, be sure to right click and run CrushFTP as an administrator in order to install the service. |
| ------ |
| __Q: How do you install CrushFTP as a daemon on Linux?__ |
| A: See this guide: [JCEInstall] |
| At line 7 changed 3 lines |
| A: Each Linux distro has its own way of handling startup items. Refer to your distro's documentation on how to add a reference to a script for starting CrushFTP. (crushftp_init.sh) |
| ------ |
| __Q: The Windows service seems to be running, but when I open the GUI, I get an error about ports being in use, and to remove and reinstall the service.__ |
| ---- |
| At line 11 changed one line |
| A: First, try removing the service and reinstalling. If that doesn't fix things, this is how you can reset everything. |
| __Q: What are browser limitations when dealing with Drag and Drop, and the Java Applet for advanced mode?__ |
| At line 13 changed one line |
| Open the crush GUI. Go to manage servers. Remove all items in there, and click OK. |
| A: Browsers are a mess in many ways...lets try and detail it here: |
| At line 15 changed one line |
| If you don't have any server items listening on "lookup" or listening on "127.0.0.1", then open your server prefs, add a new server item on port 8080, sharing users and groups from another server item. |
| Chrome is the only browser that can natively upload a folder structure. Other browsers will make an attempt, but the browser is missing the support to do it, so it will fail. The advanced mode runs a java applet and it overcomes that ability. |
| At line 17 changed one line |
| Set its IP to be "127.0.0.1" instead of "lookup". |
| Windows Limitations:\\ |
| Chrome - no longer supports java, but does handle file/folder uploads natively\\ |
| FireFox - c32bit supports java, 64bit does not. So 32bit can sue the java applet for folder uploads, 64bit cannot. Natively it can upload files though.\\ |
| IE - Only handles drag and drop starting with IE11. IE is slow in all operations due to its poor rendering speed on javascript. Chrome is *much* faster in many areas. But IE can still run Java applets.\\ |
| At line 19 changed one line |
| Click OK. |
| OSX Limitations:\\ |
| Chrome - No longer supports Java, but it natively can handle folders.\\ |
| Safari / FireFox - No drag and drop to the advanced mode applet. Apple/Oracle block all DND operations to Java applets in the browser. It can support file uploads though.\\ |
| At line 21 changed one line |
| Now install the service again. |
| Resume is supported in the advanced mode, as well as the HTML5 upload mode Chrome, and Edge support. |
| At line 25 added 28 lines |
| __Q: How do I make a SSL cert? How do SSL certs work in CrushFTP?__ |
|
| A: [SSL] Background:\\ |
| ''You create a private key. This is the key generation that asks things like the common name, organization, state, etc. This private key is a once in a lifetime event…its your private unique key to the world, and should never be shared, distributed or otherwise made "public" in any way. Its private, store it, and keep it secure. |
|
| From this key, a unique signature is made, and this is called the CSR, and this file is given to a certificate authority. They then sign this CSR with their own information and give it back to you. This is your "cert". Its unique to your private key, and only goes with your private key. |
|
| Now we have to add this cert back with your private key to create a system of trust. We can't trust the cert you have yet until we can verify each of its parents back up the chain of certs to your certificate authority where you bought it from. This is the cert chain, and its the same chain the web browser will use in deciding if your cert is valid or not. |
|
| You add each of these chain certs into the keystore, saying you trust it. Once all the pieces are there, you then "Import the CA Reply" which adds the "cert" you got back to your original private key information. |
|
| Now when users connect to you, the server is providing this information to them, and because they already trust the chain for where it came from, they then trust your server is who it says it is…or someone else has your private key and is impersonating you.'' [Portecle] makes this process easier. |
| ---- |
|
| __Q: Is CrushFTP HIPPA certified?__ |
|
| A: CrushFTP is not HIPPA compliant by default, but can be 'hardened' in a few simple steps, to be HIPPAA compliant. Practically, we need to use latest Java with JCE policy files installed then remove the plain HTTP ports, set enforce FTP to FTPES or use FTPS, disable all insecure SSL cyphers, possibly set <fips140>false</fips140> to true in the main config file, prefs.XML. That and paired with on premises hosting will make crush HIPPAA compliant ( actually we have quite a large number of customers from within healthcare environments). Please see our related docs, let us know if need further info |
|
| [Hardening]\\ |
| [JCEInstall]\\ |
| [SSL]\\ |
| ------ |
|
| __Q: How do you install CrushFTP as a daemon on Linux?__ |
|
| A: Each Linux distro has its own way of handling startup items. Refer to your distro's documentation on how to add a reference to a script for starting CrushFTP. (crushftp_init.sh) |
| ------ |
|
| At line 42 changed one line |
| __Q: How do groups, inheritance and templates work in CrushFTP 5?__ |
| __Q: How do groups, inheritance and templates work in CrushFTP?__ |
| At line 77 changed one line |
| __Q: How can I restart CrushFTP from the command line on Linux?__ |
| __Q: How can I set the cookie notification?__ |
| At line 79 changed one line |
| A: Here is an alternate command script for Linux to handle a friendly QUIT and RESTART. The startup_command in the prefs.xml must also have a –Ddir= value set to the path to CrushFTP. |
| A: You can go to the CrushFTP WebInterface Localizations folder and edit the en.js and update the fields below: |
| At line 81 changed one line |
| [attachments|crushftp_init.sh] |
| CookiePolicyNotificationText : "We use cookies on this site to facilitate your ability to login for technical reasons.", |
| CookiePolicyLinkText : "Cookie Policy", |
| CookiePolicyAcceptButtonText : "Accept", |
| CookiePolicyDismissButtonText : "Dismiss |
| At line 115 added 3 lines |
| In case want to disable this notification, can use this snippet on Prefernces->Webinterface->Custom javascript field |
|
| window.dontShowCookieNotification = true; |
| At line 85 changed one line |
| __Q: How can I enable AES256 encryption, or higher encryption for SSL?__ |
| __Q: How can I restart CrushFTP from the command line on Linux?__ |
| At line 87 changed one line |
| A: The policy files must be downloaded manually and installed in your Java lib/security folder. |
| A: Here is an alternate command script for Linux to handle a friendly QUIT and RESTART. The startup_command in the prefs.xml must also have a –Ddir= value set to the path to CrushFTP. |
| At line 89 changed one line |
| https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer |
| [attachments|crushftp_init.sh] |
| At line 91 removed 8 lines |
| You may also search google for: 'java unlimited cryptography policy files' |
|
| OS X install location: /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib/security/ |
|
| Windows install location: C:\Program Files\Java\jre6\lib\security\ |
|
| Once this has been done, edit the cipher list in the server prefs, Encryption tab, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256, or in the SSH tab of the individual server item in your list of ports. |
|
| At line 141 added 124 lines |
|
| ---- |
| __Q: Why can't I access mapped drives in windows after installing the service?__ |
|
| A: When a Windows service is running, it cannot access "mapped" drives unless you go to the service properties, and enable the "interacts with desktop" flag. This however, does require that a session always be logged into the Windows machine to provide those mapped drive letters, and must be WinXP. |
|
| Otherwise, network resources must always be referenced by their UNC path. Then you can set the service to logon as a different account, and then it will be able to access those UNC paths it has access to. |
|
|
| ---- |
| __Q: How do you stop IIS from binding to all IPs for a port?__ |
|
| A: IIS by default will bind to all IPs on the machine. So if you have multiple IP's and want CrushFTP on one, and IIS on the other, do the following: |
|
| {{{ |
| netsh http add iplisten *your_iis_ip_goes_here* |
| net stop http /y |
| net start w3svc |
| }}} |
| \\ |
| \\ |
| For old servers, use this: Download and install the Windows Server 2003 Support Tools |
|
| From a command prompt, run : |
| {{{ |
| httpcfg set iplisten -i *your_iis_ip_goes_here* |
| net stop http /y |
| net start w3svc |
| }}} |
|
| ---- |
| __Q: How do you stop Apache on OSX to bind to ports that are used by CrushFTP ?__ |
|
| A: Try and run the following command from terminal: |
| sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist |
|
|
| ---- |
|
| __Q: How can I setup port rules in the Windows server?__ |
|
| A: Follow up these screen shots... it's usually almost the same on the majority of Windows servers. |
|
| [attachments|1.png] |
| [attachments|2.png] |
| [attachments|3.png] |
| [attachments|4.png] |
| [attachments|5.png] |
| [attachments|6.png] |
| [attachments|7.png] |
| ---- |
|
| __Q: How can I remove the OS X apache service to regain control over my ports?__ |
|
| A: In terminal, issue these commands. Once OSX Server starts its apache service, it won't stop it. It will only print a message saying its off. |
|
| sudo launchctl unload /System/Library/LaunchDaemons/org.apache.httpd.plist |
|
| sudo launchctl remove /System/Library/LaunchDaemons/org.apache.httpd.plist\\ |
| \\ |
| For OSX 10.11+:\\ |
| {{{ |
| sudo launchctl unload -w /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.serviceproxy.plist |
| }}} |
| ---- |
|
| __Q: How can I configure CrushFTP to use a proxy for its update check and download system?__ |
|
| A: In a shell prompt, do a startup command like this for a socks proxy: |
|
| java -Dhttps.proxyHost=192.168.1.50 -Dhttps.proxyPort=3128 -Xmx384M -jar plugins/lib/CrushFTPJarProxy.jar –d |
| ---- |
|
| __Q: How can I set up Symantec Endpoint Protection getting the email alerts to send out from CrushFTP.__ |
|
| A: You need to have the Custom Firewall Policy configured on the server -- in addition to the service running as domain admin. |
|
| Create a Separate Group on the Sep Server and dropp CrushFTP box into it. |
| Disable the inherit policies, then do a copy policy on the AntiVirus and Antispyware policy. |
|
| [attachents|FAQ/image001.png]\\ |
|
| Disable the Symantec Internet Email Auto-Protect on Server Policy |
| See pic for Server and where to see it on Client |
|
| [attachements|FAQ/image002.png]\\ |
|
| This is on the client – that is why it is greyed out. |
|
| [attachements|FAQ/image003.png] |
|
| Create Exceptions for the CrushFTP.exe and the Java.exe in the C:\Program Files\ on client and\or server policy |
|
| [attachemnts|FAQ/image004.png] |
|
| ---- |
|
| __Q: How can I configure NGINX proxy to forward uploads without buffering everything first?__ |
|
| # Ensure we allow large files to be uploaded for CrushFTP |
| client_max_body_size 10000M; |
|
| # Switch off buffering so large file uploaded are forwarded to CrushFTP immediately (otherwise just get an error) |
| proxy_request_buffering off; |
|
| (These settings can be placed in NGINX config in the http, server, or location sections, depending on what is best for your usage.) |
|
| ---- |
|
| __Q: How can I default my login page to another language?__ |
|
| You can go to the Admin>>Preferences>>Webinterface>>LoginPage tab and there add the below custom javascript as needed: |
| {{{ |
| window.showLanguageSelection = true; //true/false |
| window.showLanguageSelectionPos = "left"; //left/right |
| window.saveLanguageSelectionInCookie = true; //true/false |
| window.defaultWILanguage = "de"; //any one from : en,cs,da,nl,fr,de,hu,it,pl,es |
| window.detectBrowserLanguage = true; //true/false |
| }}} |
| ---- |
|
| __Q: Who did your voice over audio?__ |
|
| A: On some videos, but not all, we used Eli Wood & Co [http://eliwprod.com/]. They were fast and professional on their delivery! |
#