Symptoms
- Plesk Obsidian running on a Linux-based operating system
-
An attempt to connect to FTP using website domain fails and the following output is shown:
connect to 123.456.789.012 port 21 failed: Connection timed out
Trying 123.456.789.012:21... -
The website is using Cloudflare nameservers and the primary DNS zone for the domain resides on the end of Cloudflare
-
Migration attempts done via the Site Import extension fail with an error that is similar to the following in the
/usr/local/psa/var/modules/site-import/sessions/site-migration-1/debug.log:+|2021-06-08_04:05:48,768|D|MT|core.utils.ftp|||Try to establish FTPS connection to host 'example.com'
+|2021-06-08_04:07:48,901|D|MT|core.utils.ftp|||Connection and login by FTPS to host 'example.com' with username 'username' failed.
+|2021-06-08_04:07:48,904|D|MT|core.utils.ftp|||Try to establish FTP connection to host 'example.com'
+|2021-06-08_04:09:49,037|D|MT|core.utils.ftp|||Connection and login by FTP to host 'example.com' with username 'username' failed.
=|2021-06-08_04:09:49,927|D|MT|core.cli.common_cli|||MigrationError: Failed to connect to source domain
=|2021-06-08_04:09:49,927|D|MT|core.cli.common_cli|||Cause: timed out
=|2021-06-08_04:09:49,927|D|MT|core.cli.common_cli|||That is a critical error, migration was stopped.
Cause
The Cloudflare DNS service currently does not proxy FTP traffic, which is mentioned on the following page of their documentation:
Proxy status · Cloudflare DNS docs
Due to this, the FTP traffic cannot reach your Plesk server in order to establish a connection.
Only certain HTTP and HTTPS ports are compatible with Cloudflare's proxy.
The full list of allowed HTTP/HTTPS ports can be checked on the following page of the Cloudflare documentation:
Network ports · Cloudflare Fundamentals docs
Resolution
To access an FTP server for a domain that uses the Cloudflare DNS service, it is needed to create a new and separate DNS record for the domain (ftp.example.com is a good option) within the Cloudflare DNS zone and set it with the DNS only Proxy status, so that the FTP traffic is not proxied through Cloudflare and will therefore be able to reach your Plesk server.
The steps to manage DNS records within Cloudflare are available on the following page of the Cloudflare documentation:
Manage DNS records · Cloudflare DNS docs
Once the FTP traffic goes through a DNS record that is not proxied via Cloudflare, the FTP connection will become possible.
Additional information
Connecting with FTP - DNS & Network - Cloudflare Community
What is the difference between "Proxied" and "DNS Only"? - Website, Application, Performance / DNS & Network - Cloudflare Community