FTPS cannot connect – “Socket closed”


#1

I’m brand new to automated deployment, so I’m blundering in the dark a bit here. Please bear with me. :slight_smile:

I’m the de facto IT guy at the small company where I work; the actual IT guy left a few years ago, and the company’s finances haven’t allowed for hiring a proper replacement, so I sort of took over as best I could. I’m now trying to figure out some ways to improve a very old-fashioned workflow for any changes I make on our website; among other things, I’m looking into some kind of automated deployment.

I’m trying to set up an FTPS pipeline to our server, but I cannot get a connection through Buddy. The server itself is a VPS, hosted offsite, running Windows Server 2012 R2 with IIS 8, administered through Plesk Onyx. I’m trying to connect to a subdomain with a (valid) Let’s Encrypt certificate. As far as I can tell, both in Plesk and when RDP’ing into the server itself, the server accepts FTP connections on port 21 (TCP) from all IP addresses; there are no blacklisted addresses or exceptions. If I use a regular FTP program, I can successfully connect to the server using FTPS on port 21, regardless of my IP address; but when I try to do so through Buddy using the exact same user name, password and server settings, I get the following error no matter what I try:

Listing files that will be deployed...
List of files is ready. Starting uploading...
works.buddy.ws.transfer.exceptions.FTPException: Server response: java.net.SocketException: Socket closed

Being brand new to this whole deployment business, and also not exactly a veteran server admin, I’m pretty much at my wits’ end here. I have no idea why the server is closing the socket seemingly before any kind of connection is even made, nor what I can do to make it stop doing so.

Can anyone give me some pointers on where to look for a way to fix this so I can start playing around with deployment?


#2

Have you whitelisted the Buddy IP’s ? You can find the full list here: https://buddy.works/knowledge/deployments/what-are-buddy-ip-addresses


#3

The trouble is, I don’t know where to whitelist them.

If I go (on the server itself, through RDP) to Windows Firewall with Advanced Security → Inbound Rules, there are four FTP-related rules:

  • FTP Server [group: Plesk] / Port 21
  • FTP Server (FTP Traffic-In) [group: FTP Server] / Port 21
  • FTP Server Passive (FTP Passive Traffic-In) [group: FTP Server] / Port 1024–65536
  • FTP Server Secure (FTP SSL Traffic-In) [group: FTP Server] / Port 990

All these are set to allow incoming connections from any IP address. As far as I can tell, whitelisting the Buddy IPs (by going to Scope → Remote IP address, selecting “These IP addresses” and adding the Buddy IPs) would blacklist any other IP, which I do not want to do, because both I and others do actually use FTP through regular FTP clients, from various different locations (several of which have dynamic IPs).

In Plesk, there is only one FTP-related rule in the Firewall, which is set to “ Allow incoming connections from all on port 21/TCP , profiles: domain,private,public”.

I just tried connecting in passive mode on port 990, as well as in both active and passive mode on various random ports between 1024 and 65536 – all of these time out.

Is there a way to somehow ‘extra-whitelist’ the Buddy IPs without blacklisting other IPs?


#4

Hey Kokoshneta,
It would be best to contact our support and provide us with a link to the pipeline with this action there so our devs could have a look, I believe we will be able to find a solution.


#5

Will do!