Project

General

Profile

Enhancement #536 » elwing__proftpd.conf

Marc Dequènes, 2017-05-23 19:31

 

##############################################################################################################
# Server config
#

# Includes required DSO modules. This is mandatory in proftpd 1.3
Include /etc/proftpd/modules.conf

ServerType standalone
ServerIdent off
UseIPv6 on
Port 21

SystemLog /var/log/proftpd/proftpd.log
LogFormat awstats "%t %h %u %m %f %s %b"
ScoreboardFile /var/run/proftpd.scoreboard

UseReverseDNS on
MultilineRFC2228 on
# Needed to map UIDs & GIDs to names
PersistentPasswd on

#RLimitCPU session 60 120
# Duck: do not enforce too low memory level, you can experience strange "cannot allocate" PAM errors
#RLimitMemory 50M 70M
RLimitOpenFiles 100 128

MaxInstances 30
MaxConnectionRate 11

# This is used for FTPS connections
Include /etc/proftpd/tls.conf
# Automatic bans
Include /etc/proftpd/ban.conf

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd.sock

ControlsACLs all allow user root
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

<IfModule mod_ban.c>
BanControlsACLs all allow user root
</IfModule>


##############################################################################################################
# Global config (affect main server and every vhost)
#

<Global>
PassivePorts 49152 65534
tcpNoDelay on

ExtendedLog /var/log/proftpd/xferlog read,write awstats
TransferLog none

TimeoutLogin 60
TimeoutSession 10800
TimeoutStalled 300
TimeoutNoTransfer 300
TimeoutIdle 600
MaxClients 10
MaxClientsPerHost 3

User proftpd
Group nogroup

AuthPAM no
RootLogin off
RequireValidShell no
IdentLookups on

AllowRetrieveRestart on
AllowStoreRestart on
CapabilitiesEngine on
CapabilitiesSet -CAP_CHOWN
# This feature is great but conflicts with Retrieve/Store restart, it SUX !!!
HiddenStores off
# Allow FXP for DC users
AllowForeignAddress on
#TransferRate APPE,STOR,STOU 60.0:1024
#TransferRate RETR 320.0:1024
DenyFilter \*.*/
PathDenyFilter "(\.ftpaccess)$"
DeflateEngine on

Umask 022

ListOptions "-l"
TimesGMT off
DisplayLogin welcome.msg
DisplayChdir .message true
DisplayReadme README
</Global>


##############################################################################################################
# Main instance config
#

ServerName "DuckLand FTP Server"
SocketBindTight on
DefaultAddress 127.0.0.1 ::1 193.200.43.161 2001:67c:1740:a000::1
#DefaultAddress elwing.hq.duckcorp.org
DefaultServer on
ServerAdmin duck@duckcorp.org
DefaultRoot /srv/share

ShowSymlinks on
AllowOverwrite on

TLSEngine on
TLSRSACertificateFile /etc/proftpd/certs/duckcorp_ftp_dl.crt
TLSRSACertificateKeyFile /etc/proftpd/certs/duckcorp_ftp_dl.key
TLSDHParamFile /etc/proftpd/certs/duckcorp_ftp_dl.dh

# don't use "on", as it would prevent NAT connections from working
# (kernel module nf_nat_ftp would not be able to peek at PASV/PORT commands)
# (see http://www.proftpd.org/docs/howto/TLS.html for more info)
TLSRequired auth+data

# Alternative authentication frameworks
Include /etc/proftpd/ldap.conf

<Limit LOGIN>
AllowAll
</Limit>

# Don't use IgnoreHidden on anything wider than READ and WRITE limit, or legitimate commands may be restricted by mistake (like PROT)
<Limit READ WRITE>
IgnoreHidden on
</Limit>

<Directory />
HideGroup root
HideNoAccess yes
</Directory>

    (1-1/1)