Proftpd: Unterschied zwischen den Versionen

Aus WIKI
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „Test config mit tsl / fxp / virtueller Benutzer in /etc/proftpd/ftpd.passwd den man wie folgt anlegen kann...<code>ftpasswd --passwd --name benutzername --uid…“)
(kein Unterschied)

Version vom 12. September 2021, 04:52 Uhr

Test config mit tsl / fxp / virtueller Benutzer in /etc/proftpd/ftpd.passwd den man wie folgt anlegen kann...ftpasswd --passwd --name benutzername --uid 1001 --home /pfad/zum/userdir --shell /bin/false 

ServerName "FTP Server"
ServerType standalone
DefaultServer on
RequireValidShell off
AuthPAM off
AuthPAMConfig ftp

# Auth file for virtual users
AuthUserFile /etc/proftpd/ftpd.passwd

# Use only AuthUserFiles when authenticating, and not the system's /etc/passwd
AuthOrder mod_auth_file.c

# Listen on the standard FTP port 21.
Port 21

# enable masquerade
MasqueradeAddress       ftp.mydomain

# passive ports
PassivePorts 40000 45000

# fxp support
AllowForeignAddress on

# logging
SyslogLevel debug
ServerLog /var/log/proftpd/server.log
SystemLog /var/log/proftpd/system.log
TransferLog /var/log/proftpd/transfer.log

# Disable IPv6 support
UseIPv6 off

# New directories and files should not be group or world writable.
Umask 022

# To prevent DoS attacks set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once simply increase this value.
MaxInstances 10

# The server will run under ftp/ftp.
User ftp
Group ftp

# Every FTP sessions is "jailed" into the user's home directory.
DefaultRoot /opt/ftp

<IfModule mod_dso.c>
  # If mod_tls was built as a shared/DSO module, load it
  LoadModule mod_tls.c
</IfModule>

<IfModule mod_tls.c>
  TLSEngine on
  TLSLog /var/log/proftpd/tls.log

  # Support TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3
  TLSProtocol TLSv1 TLSv1.1 TLSv1.2 TLSv1.3

  # Are clients required to use FTP over TLS when talking to this server?
  TLSRequired off

  # Server's RSA certificate
  TLSRSACertificateFile      /etc/letsencrypt/live/ftp.mydomain/cert.pem
  TLSRSACertificateKeyFile   /etc/letsencrypt/live/ftp.mydomain/privkey.pem

  # CA the server trusts
  TLSCACertificateFile       /etc/letsencrypt/live/ftp.mydomain/chain.pem

  # Authenticate clients that want to use FTP over TLS?
  TLSVerifyClient off

  # Allow SSL/TLS renegotiations when the client requests them, but
  # do not force the renegotiations.  Some clients do not support
  # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
  # clients will close the data connection, or there will be a timeout
  # on an idle data connection.
  TLSRenegotiate none

  TLSOptions NoSessionReuseRequired
</IfModule>

# ....
DefaultTransferMode binary
TimeoutNoTransfer 90
AllowOverwrite on
AllowStoreRestart on
DeleteAbortedStores on
Abgerufen von „https://wiki.sig-nux.de/index.php?title=Proftpd&oldid=686