|
|
|
##############################################################################################################
|
|
# Server config
|
|
#
|
|
|
|
# Includes required DSO modules. This is mandatory in proftpd 1.3
|
|
Include /etc/proftpd/modules.conf
|
|
|
|
ServerType standalone
|
|
ServerIdent off
|
|
UseIPv6 on
|
|
Port 21
|
|
|
|
SystemLog /var/log/proftpd/proftpd.log
|
|
LogFormat awstats "%t %h %u %m %f %s %b"
|
|
ScoreboardFile /var/run/proftpd.scoreboard
|
|
|
|
UseReverseDNS on
|
|
MultilineRFC2228 on
|
|
# Needed to map UIDs & GIDs to names
|
|
PersistentPasswd on
|
|
|
|
#RLimitCPU session 60 120
|
|
# Duck: do not enforce too low memory level, you can experience strange "cannot allocate" PAM errors
|
|
#RLimitMemory 50M 70M
|
|
RLimitOpenFiles 100 128
|
|
|
|
MaxInstances 30
|
|
MaxConnectionRate 11
|
|
|
|
# This is used for FTPS connections
|
|
Include /etc/proftpd/tls.conf
|
|
# Automatic bans
|
|
Include /etc/proftpd/ban.conf
|
|
|
|
<IfModule mod_ctrls.c>
|
|
ControlsEngine on
|
|
ControlsMaxClients 2
|
|
ControlsLog /var/log/proftpd/controls.log
|
|
ControlsInterval 5
|
|
ControlsSocket /var/run/proftpd.sock
|
|
|
|
ControlsACLs all allow user root
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls_admin.c>
|
|
AdminControlsEngine off
|
|
</IfModule>
|
|
|
|
<IfModule mod_ban.c>
|
|
BanControlsACLs all allow user root
|
|
</IfModule>
|
|
|
|
|
|
##############################################################################################################
|
|
# Global config (affect main server and every vhost)
|
|
#
|
|
|
|
<Global>
|
|
PassivePorts 49152 65534
|
|
tcpNoDelay on
|
|
|
|
ExtendedLog /var/log/proftpd/xferlog read,write awstats
|
|
TransferLog none
|
|
|
|
TimeoutLogin 60
|
|
TimeoutSession 10800
|
|
TimeoutStalled 300
|
|
TimeoutNoTransfer 300
|
|
TimeoutIdle 600
|
|
MaxClients 10
|
|
MaxClientsPerHost 3
|
|
|
|
User proftpd
|
|
Group nogroup
|
|
|
|
AuthPAM no
|
|
RootLogin off
|
|
RequireValidShell no
|
|
IdentLookups on
|
|
|
|
AllowRetrieveRestart on
|
|
AllowStoreRestart on
|
|
CapabilitiesEngine on
|
|
CapabilitiesSet -CAP_CHOWN
|
|
# This feature is great but conflicts with Retrieve/Store restart, it SUX !!!
|
|
HiddenStores off
|
|
# Allow FXP for DC users
|
|
AllowForeignAddress on
|
|
#TransferRate APPE,STOR,STOU 60.0:1024
|
|
#TransferRate RETR 320.0:1024
|
|
DenyFilter \*.*/
|
|
PathDenyFilter "(\.ftpaccess)$"
|
|
DeflateEngine on
|
|
|
|
Umask 022
|
|
|
|
ListOptions "-l"
|
|
TimesGMT off
|
|
DisplayLogin welcome.msg
|
|
DisplayChdir .message true
|
|
DisplayReadme README
|
|
</Global>
|
|
|
|
|
|
##############################################################################################################
|
|
# Main instance config
|
|
#
|
|
|
|
ServerName "DuckLand FTP Server"
|
|
SocketBindTight on
|
|
DefaultAddress 127.0.0.1 ::1 193.200.43.161 2001:67c:1740:a000::1
|
|
#DefaultAddress elwing.hq.duckcorp.org
|
|
DefaultServer on
|
|
ServerAdmin duck@duckcorp.org
|
|
DefaultRoot /srv/share
|
|
|
|
ShowSymlinks on
|
|
AllowOverwrite on
|
|
|
|
TLSEngine on
|
|
TLSRSACertificateFile /etc/proftpd/certs/duckcorp_ftp_dl.crt
|
|
TLSRSACertificateKeyFile /etc/proftpd/certs/duckcorp_ftp_dl.key
|
|
TLSDHParamFile /etc/proftpd/certs/duckcorp_ftp_dl.dh
|
|
|
|
# don't use "on", as it would prevent NAT connections from working
|
|
# (kernel module nf_nat_ftp would not be able to peek at PASV/PORT commands)
|
|
# (see http://www.proftpd.org/docs/howto/TLS.html for more info)
|
|
TLSRequired auth+data
|
|
|
|
# Alternative authentication frameworks
|
|
Include /etc/proftpd/ldap.conf
|
|
|
|
<Limit LOGIN>
|
|
AllowAll
|
|
</Limit>
|
|
|
|
# Don't use IgnoreHidden on anything wider than READ and WRITE limit, or legitimate commands may be restricted by mistake (like PROT)
|
|
<Limit READ WRITE>
|
|
IgnoreHidden on
|
|
</Limit>
|
|
|
|
<Directory />
|
|
HideGroup root
|
|
HideNoAccess yes
|
|
</Directory>
|
|
|