Project

General

Profile

elwing__proftpd.conf

Marc Dequènes, 2017-05-23 19:31

Download (4.37 KB)

 
1

    
2
##############################################################################################################
3
# Server config
4
#
5

    
6
# Includes required DSO modules. This is mandatory in proftpd 1.3
7
Include /etc/proftpd/modules.conf
8

    
9
ServerType                      standalone
10
ServerIdent			off
11
UseIPv6                         on
12
Port                            21
13

    
14
SystemLog                       /var/log/proftpd/proftpd.log
15
LogFormat                       awstats "%t     %h      %u      %m      %f      %s      %b"
16
ScoreboardFile			/var/run/proftpd.scoreboard
17

    
18
UseReverseDNS                   on
19
MultilineRFC2228                on
20
# Needed to map UIDs & GIDs to names
21
PersistentPasswd                on
22

    
23
#RLimitCPU                      session 60      120
24
# Duck: do not enforce too low memory level, you can experience strange "cannot allocate" PAM errors
25
#RLimitMemory                   50M     70M
26
RLimitOpenFiles                 100     128
27

    
28
MaxInstances                    30
29
MaxConnectionRate               11
30

    
31
# This is used for FTPS connections
32
Include /etc/proftpd/tls.conf
33
# Automatic bans
34
Include /etc/proftpd/ban.conf
35

    
36
<IfModule mod_ctrls.c>
37
	ControlsEngine        on
38
	ControlsMaxClients    2
39
	ControlsLog           /var/log/proftpd/controls.log
40
	ControlsInterval      5
41
	ControlsSocket        /var/run/proftpd.sock
42

    
43
	ControlsACLs          all allow user root
44
</IfModule>
45

    
46
<IfModule mod_ctrls_admin.c>
47
	AdminControlsEngine   off
48
</IfModule>
49

    
50
<IfModule mod_ban.c>
51
	BanControlsACLs       all allow user root
52
</IfModule>
53

    
54

    
55
##############################################################################################################
56
# Global config (affect main server and every vhost)
57
#
58

    
59
<Global>
60
	PassivePorts                    49152 65534
61
	tcpNoDelay                      on
62

    
63
	ExtendedLog                     /var/log/proftpd/xferlog read,write awstats
64
	TransferLog                     none
65

    
66
	TimeoutLogin                    60
67
	TimeoutSession                  10800
68
	TimeoutStalled                  300
69
	TimeoutNoTransfer               300
70
	TimeoutIdle                     600
71
	MaxClients                      10
72
	MaxClientsPerHost               3
73

    
74
	User                            proftpd
75
	Group                           nogroup
76

    
77
	AuthPAM                         no
78
	RootLogin                       off
79
	RequireValidShell               no
80
	IdentLookups                    on
81

    
82
	AllowRetrieveRestart            on
83
	AllowStoreRestart               on
84
	CapabilitiesEngine              on
85
	CapabilitiesSet                 -CAP_CHOWN
86
	# This feature is great but conflicts with Retrieve/Store restart, it SUX !!!
87
	HiddenStores                    off
88
	# Allow FXP for DC users
89
	AllowForeignAddress             on
90
	#TransferRate                   APPE,STOR,STOU  60.0:1024
91
	#TransferRate                   RETR            320.0:1024
92
	DenyFilter                      \*.*/
93
	PathDenyFilter                  "(\.ftpaccess)$"
94
	DeflateEngine			on
95

    
96
	Umask                           022
97

    
98
	ListOptions                     "-l"
99
	TimesGMT                        off
100
	DisplayLogin                    welcome.msg
101
	DisplayChdir                    .message true
102
	DisplayReadme                   README
103
</Global>
104

    
105

    
106
##############################################################################################################
107
# Main instance config
108
#
109

    
110
ServerName			"DuckLand FTP Server"
111
SocketBindTight			on
112
DefaultAddress			127.0.0.1 ::1 193.200.43.161 2001:67c:1740:a000::1
113
#DefaultAddress			elwing.hq.duckcorp.org
114
DefaultServer			on
115
ServerAdmin			duck@duckcorp.org
116
DefaultRoot			/srv/share
117

    
118
ShowSymlinks			on
119
AllowOverwrite			on
120

    
121
TLSEngine                       on
122
TLSRSACertificateFile           /etc/proftpd/certs/duckcorp_ftp_dl.crt
123
TLSRSACertificateKeyFile        /etc/proftpd/certs/duckcorp_ftp_dl.key
124
TLSDHParamFile			/etc/proftpd/certs/duckcorp_ftp_dl.dh
125

    
126
# don't use "on", as it would prevent NAT connections from working
127
# (kernel module nf_nat_ftp would not be able to peek at PASV/PORT commands)
128
# (see http://www.proftpd.org/docs/howto/TLS.html for more info)
129
TLSRequired                     auth+data
130

    
131
# Alternative authentication frameworks
132
Include /etc/proftpd/ldap.conf
133

    
134
<Limit LOGIN>
135
	AllowAll
136
</Limit>
137

    
138
# Don't use IgnoreHidden on anything wider than READ and WRITE limit, or legitimate commands may be restricted by mistake (like PROT)
139
<Limit READ WRITE>
140
	IgnoreHidden            on
141
</Limit>
142

    
143
<Directory />
144
	HideGroup			root
145
	HideNoAccess			yes
146
</Directory>
147