FTP(S)

Pushing the Recording Files Through FTP(S)

The Pipe Platform can push the recording files to your destination server through the File Transfer Protocol.

You can only use one of the two protocols (FTP(S) or SFTP) at a time.

To set up the FTP(S) transfer, fill in the form on the FTP(S) page with the required credentials. The resulting recording files (mp4, raw recording, snapshot, and filmstrip) of new recordings will be pushed by the Pipe Platform to your storage using FTP(S). Currently, the Pipe Platform can’t be set up to push the files of existing recordings that have been processed.

When you choose FTP(S) as a storage option, you must fill in the following credentials:

  1. Host - The IPv4 or domain name of your FTP(S) server. We do not support IPv6. This value shouldn’t have any trailing slashes and shouldn’t be prefixed with ftp://. The max string length for the IP or domain name is 100 characters.
  2. Port - The port on which your FTP(S) server is listening (default port is 21). A number between 0 and 65536.
  3. Username - The username that will be used to login to your FTP(S) server. The max string length for the username is 100 characters and it is case-sensitive.
  4. Password - The password that will be used to login to your FTP(S) server. The max string length for the password is 100 characters and it is case-sensitive.
  5. Folder - The folder in which the files will be pushed (the path must exist and the user should have write privileges). The max string length for the folder name is 100 characters.

At any time, you can manually remove your FTP(S) credentials. The credentials are also deleted from our database when your account is manually or automatically deleted.

If you’re using an FTPS (FTP over SSL/TLS) connection, please ensure that your FTP server is configured to support explicit FTP over SSL/TLS connections and that any firewall (cloud-based or OS level) is configured to allow both the initial FTP control connection (usually on port 21) and the subsequent FTP data connection (towards the passive ports).

An FTP(S) test feature is available in the Pipe account dashboard, which will establish a connection, authenticate using the credentials in the form, change to the specified folder, upload a file (addpipe-ftp-test.test) and delete the file. As a result, the test will ensure your host is reachable, the username and password are correct, the folder exists, and the user has permission to write to the specific folder.

The production servers opening the FTP(S) connections have the following IPs:

  • 162.55.182.247 (EU2 region)
  • 167.99.110.163 (US1 region, west)
  • 68.183.96.15 (US2 region, east)
  • 165.227.38.98 (CA1 region)
  • 116.203.232.162 (FTP(S) test)

The Pipe Platform will first open a FTP(S) control connection to your server’s port 21 (or to the configured port). A 2nd data transfer connection will be opened in passive mode. As a result, if your FTP(S) server is protected by a firewall, your firewall rules must allow inbound connections on port 21 and inbound connections on the ports configured in your FTP(S) server for use with passive connections.

The files pushed by the Pipe Platform to your FTP(S) server are transferred in binary mode.

There is a 10-second timeout for each FTP command (connect, put a file, etc.) sent by us to your FTP(S) server.

We do not support anonymous connections.

All files belonging to a recording are pushed sequentially through the same FTP(S) connection pair. There will be a new connection pair for each such group of files.

Previous implementations of our FTP(S) push feature pushed an extra file, named addpipe-ftp-test.test, to your storage to test whether the passive data connection worked. This is not happening anymore, and the file can be safely deleted.

Whether or not a push attempt is deemed successful depends on establishing the FTP(S) connection, authenticating, switching to the desired folder, and pushing the main recording output file (processed .mp4 recording or raw recording) to the designated folder.

Securing your FTP Setup

Plain FTP does not encrypt its traffic; all transmissions are in clear text, and usernames, passwords, commands, and data can be read by anyone able to perform packet capture (sniffing) on the network. That's why we strongly recommend you use FTPS whenever possible.

  • Use FTPS (FTP over SSL/TLS) instead of plain FTP
  • limit the IPs that can open a connection to your server’s FTP port (21 is the default) to the IPv4 addresses above.
  • create a new FTP user that has writing permissions only on the folder where you want the final recording files to be pushed.
  • Set a disk quota for the user so that someone with access to the user credentials can’t mistakenly or maliciously fill up your disk.
  • Disable your FTP user’s ability to delete files. You can do that by denying deletion commands in your FTP server’s configuration.
  • Set up a cron job or similar mechanism to periodically scan the folder and copy out files.
  • Don’t expose your FTPS credentials by using them with FTP.

If, for some reason, you have to use plain FTP, the above measures can limit and isolate the damage that this insecurity brings. Adopting these measures does not in any way secure the data transmission over plain FTP.

FTP(S) Logs

We keep a log for each attempt to push a group of recording files to your configured FTP(S) storage. The logs are available for 30 days through https://dashboard.addpipe.com/ftp_logs.

The logs table contains the following information:

Recording IDThe ID of the recording for which this log was saved.
Date & timeDate and time for when the log was saved to our database.
FTP(S) detailsThe details of FTP(S) connection:
* Host - The address of the server to which we attempted to open the FTP(S) connections.
* Username - The username.
* Folder - The destination folder.
* Protocol/Port - The protocol and the port used to establish the connection.
File(s)The names of the files we attempted to upload. Up to 4 files will be listed here.
StatusThe upload status.

FTP(S) Upload Status Types

OKUpload of the main recording file (mp4 or raw recording) was successful.
FILE_MISSINGThe local main recording file (mp4 or raw recording) on Pipe’s transcoding server is missing.
UPLOAD_FAILEDThis may be triggered by various causes, but mostly it is a permission problem on the remote folder, a connection interruption while uploading, a file size constraint, or the firewall blocking the passive connection’s port.
FTP_LOGIN_FAILEDEither the username or password for the FTP(S) connection is incorrect.
INCORRECT_FTP_FOLDERThe directory or the path to the directory in which the files should have been uploaded did not exist or was incorrectly named.
FTP_PASV_FAILEDCould not switch the remote FTP(S) server to passive mode for the FTP(S) data connection.
FTP_CONNECTION_TIMEOUTThe attempt to open an FTP(S) connection to the remote server did not succeed in 10 seconds and timed out. This can happen if the remote server is behind a firewall, does not accept remote connections, or is offline altogether.