On 18/12/16 22:58, Hilmar Preuße wrote:
> On 01.12.2016 14:09, Daniel Swarbrick wrote:
>
> Hi Daniel,
>
> Upstream asked to provide full configuration of proftp including
> possible include file. Please be so kind.
Apologies for the late response. Here we go, blank lines, comments and
empty conditional blocks stripped for brevity. The main proftpd.conf is
pretty much the vanilla Debian config with a few changes. Most of our
site-specific config is in the conf.d directory.
proftpd.conf:
Include /etc/proftpd/modules.conf
UseIPv6 off
IdentLookups off
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer off
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
Port 0
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
Include /etc/proftpd/conf.d/
modules.conf:
ModulePath /usr/lib/proftpd
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
LoadModule mod_dynmasq.c
LoadModule mod_exec.c
LoadModule mod_shaper.c
LoadModule mod_ratio.c
LoadModule mod_site_misc.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
LoadModule mod_facl.c
LoadModule mod_unique_id.c
LoadModule mod_copy.c
LoadModule mod_deflate.c
LoadModule mod_ifversion.c
LoadModule mod_tls_memcache.c
LoadModule mod_ifsession.c
conf.d/global.conf
LoadModule mod_sql.c
LoadModule mod_sql_postgres.c
LoadModule mod_sql_passwd.c
TLSProtocol TLSv1
SocketBindTight on
UseReverseDNS off
LogFormat uploadtrigger "%v %a %u %m %b %{transfer-status}
%{transfer-failure} %f"
<Global>
TLSRequired off
TLSOptions NoSessionReuseRequired
SQLBackend postgres
SQLConnectInfo (redacted)
SQLAuthenticate users
SQLDefaultUID 64890
SQLDefaultGID 64890
SQLPasswordEngine on
SQLAuthTypes sha256
SQLPasswordEncoding hex
SQLNamedQuery pb-get-user-by-name SELECT "username, password, null,
null, homedir, null FROM get_proftpd_user('%U', 'pb.domain') LIMIT 1"
SQLNamedQuery pb-get-user-salt SELECT "salt FROM
get_proftpd_user('%{0}', 'pb.domain') LIMIT 1"
CreateHome on 775 skel /srv/images/skel uid 64890 gid 64890
Umask 0002
DefaultRoot ~
MaxStoreFileSize 1000 Gb
RequireValidShell off
AuthPAM off
IdentLookups off
WtmpLog off
MaxClientsPerUser 3
PathDenyFilter [[:blank:]]
PassivePorts 49152 65534
AllowOverwrite on
AllowStoreRestart on
ExtendedLog /var/run/proftpd/xferlog.fifo WRITE uploadtrigger
ExtendedLog /var/log/proftpd/extendedlog ALL
</Global>
conf.d/vhost1.conf:
<VirtualHost 1.2.3.4>
ServerIdent on "Foo FTP"
ServerName "ftp.example.com"
TransferLog /var/log/proftpd/xferlog-foo
TLSEngine on
TLSRSACertificateFile /etc/ssl/certs/foo.crt
TLSRSACertificateKeyFile /etc/ssl/private/foo.key
TLSCACertificateFile /etc/ssl/certs/Thawte_SSL_CA_G2_Bundle.pem
SQLUserInfo custom:/pb-get-user-by-name
SQLPasswordUserSalt sql:/pb-get-user-salt Prepend
</VirtualHost>
