File: //etc/proftpd.conf
#
# For more information about Proftpd configuration
# see http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "FTP-Server"
ServerIdent off
ServerType standalone
DefaultServer on
ScoreboardFile /var/run/proftpd.scoreboard
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
DefaultAddress 83.138.87.173
tcpNoDelay off
PidFile /var/run/proftpd.pid
<Global>
# group writable is wanted for apache/nginx working
Umask 002
# all common users chrooted
DefaultRoot ~ !admin
# nice to have for admin
DefaultChdir /usr/local/www/apache24 admin
# Normally, we want files to be overwriteable.
AllowOverwrite on
# REMOVE this if you allow untrusted, chrooted ssh user
# allow creation of /etc /lib
RLimitChroot off
# allow resuming interupted up-/downloads
AllowRetrieveRestart on
AllowStoreRestart on
# Things to reduce wait times
IdentLookups off
# kill ended data connections faster
TimeoutLinger 0
# Fix possible filezilla dir listing timeouts
# This hides .file files in addtion
<IfModule mod_facts.c>
FactsAdvertise off
</IfModule>
ListOptions "-al"
UseEncoding on
# Use the IANA registered ephemeral port range
#PassivePorts 49152 65534
PassivePorts 62000 62050
</Global>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
CommandBufferSize 512
# Set the user and group under which the server will run.
User admin
Group vuser
ExtendedLog /var/log/ftp.log all
## Bar use of SITE CHMOD by default
#<Limit SITE_CHMOD>
# DenyAll
#</Limit>
## Normally, we want files to be overwriteable.
#<Directory /*>
# AllowOverwrite on
#</Directory>
LoadModule mod_tls.c
<IfModule mod_tls.c>
<Global>
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired ctrl
TLSRenegotiate none
# Server's certificate
TLSRSACertificateFile /usr/ssl/wild.han.pem
TLSRSACertificateKeyFile /usr/ssl/wild.han.key.pem
TLSCACertificateFile /usr/ssl/cacert.pem
</Global>
TLSOptions NoSessionReuseRequired
<VirtualHost 83.138.87.173>
# implicit section as VH
TLSOptions UseImplicitSSL NoSessionReuseRequired
# The "standard" implicit FTPS port is 990
Port 990
</VirtualHost>
</IfModule>
#http://www.castaglia.org/proftpd/modules/mod_geoip.html
#http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
<IfModule mod_geoip.c>
GeoIPEngine on
GeoIPLog /var/log/geoip.log
# NOT suported atm! Using default db in /usr/local/share/GeoIP/GeoIP.dat
# GeoIPTable /usr/local/GeoIP.dat Standard UTF8
GeoIPPolicy deny,allow
# Deny all connections or specify by filter:
# GeoIPDenyFilter Continent (NA|SA|AF|AN|AS|OC)
# Allow connections from Germany, Austria and Swiss only
GeoIPAllowFilter CountryCode (DE|CH|AT)
# GeoIPAllowFilter CountryCode (FR|NL)
</IfModule>
# Use this command as root, admin or web to control the delays at console:
# ftpdctl delay info
# ftpdctl delay reset
# When enbabling DelayEngine, look out to keep the delay info in shape
#
<IfModule mod_delay.c>
DelayEngine off
DelayControlsACLs all allow user root,admin,web
DelayTable /var/run/proftpd.delay
</IfModule>