AlternC/etc/alternc/templates/proftpd/proftpd.conf

#
# Fichier de configuration de ProFTPd pour AlternC
# $Id: proftpd.conf,v 1.11 2006/01/17 12:04:14 benjamin Exp $
# 
# %%warning_message%%
# version ETCH

#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf

ServerName                      "%%hosting%%"
ServerIdent                     on "FTP Server Ready"
ServerType                      standalone
DeferWelcome                    on

ShowSymlinks                    on
MultilineRFC2228                on
DefaultServer                   on
AllowOverwrite                  on
AllowStoreRestart               on
DefaultRoot                     ~
UseReverseDNS                   off
IdentLookups                    off
UseIPv6 			off

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    /etc/welcome.msg
DisplayFirstChdir               .message

ListOptions                     "-al"

DenyFilter                      \*.*/
Port                            21
MaxInstances                    30
User                            nobody
Group                           nogroup
RequireValidShell		off

# Use the IANA registered ephemeral port range
# If you have a firewall, you should open this portrange 
# (or change it)
# since ip_conntrack_ftp cannot decrypt TLS session.
PassivePorts 49152 65534

<Directory /*>
        DenyAll
</Directory>

<Directory /var/alternc/html>
  Umask                         022  022
  AllowOverwrite                on
# Limit the allowed bandwith for each connexion, prevent ressource hold-up ;) 
TransferRate RETR 64
TransferRate APPE,STOR 64

  AllowAll
</Directory>

MaxClientsPerHost 6 "Sorry, no more than 6 simultaneous connections"
AccessGrantMsg  "Welcome on AlternC, %u"

# database@host:port login password
SQLConnectInfo                  %%dbname%%@%%dbhost%%:3306 %%dbuser%% %%dbpwd%%
# Table :
SQLUserInfo ftpusers name encrypted_password 33 uid homedir NULL

# Use mysql PASSWORD function
SQLAuthTypes                    Crypt
# Only mysql authentication enabled
SQLAuthenticate users
AuthPAM                         off
# Default : www-data.www-data
SQLDefaultGID                   33
SQLDefaultUID                   33
# Do NOT create the homedir if it does not exist
SQLHomedirOnDemand              off
# Minimum ID allowed to log in. Other users should use SFTP
SQLMinID                        33

# We don't use Unix rights managment on AlternC, so let's hide real owner/group/rights
DirFakeGroup    on alternc
DirFakeMode     0640
DirFakeUser     on ~

# And chmod command is forbidden too : 
<Limit SITE_CHMOD>
        DenyAll
</Limit>

UseIPv6 off

<IfModule mod_tls.c>
       TLSEngine on
       TLSLog /var/log/proftpd/tls.log
       TLSProtocol TLSv1

       # Are clients required to use FTP over TLS when talking to this server?
       TLSRequired off

       # Server's certificate
       TLSRSACertificateFile /etc/alternc/apache.pem
       # TLSRSACertificateKeyFile /etc/ftpd/server.key.pem

       # CA the server trusts
       # TLSCACertificateFile /etc/ftpd/root.cert.pem

       # Authenticate clients that want to use FTP over TLS?
       TLSVerifyClient off

       # Allow SSL/TLS renegotiations when the client requests them, but
       # do not force the renegotations.  Some clients do not support
       # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
       # clients will close the data connection, or there will be a timeout
       # on an idle data connection.
       TLSRenegotiate required off
</IfModule>
:P 2007-05-23 19:53:59 +00:00			`#`
			`# Fichier de configuration de ProFTPd pour AlternC`
			`# $Id: proftpd.conf,v 1.11 2006/01/17 12:04:14 benjamin Exp $`
			`#`
			`# %%warning_message%%`
Fixing etch ftp configuration, Fixes #1046 2007-08-22 22:32:12 +00:00			`# version ETCH`

			`#`
			`# Includes required DSO modules. This is mandatory in proftpd 1.3`
			`#`
			`Include /etc/proftpd/modules.conf`
:P 2007-05-23 19:53:59 +00:00
			`ServerName "%%hosting%%"`
			`ServerIdent on "FTP Server Ready"`
			`ServerType standalone`
			`DeferWelcome on`

			`ShowSymlinks on`
			`MultilineRFC2228 on`
			`DefaultServer on`
			`AllowOverwrite on`
			`AllowStoreRestart on`
			`DefaultRoot ~`
			`UseReverseDNS off`
			`IdentLookups off`
Fixing etch ftp configuration, Fixes #1046 2007-08-22 22:32:12 +00:00			`UseIPv6 off`
:P 2007-05-23 19:53:59 +00:00
			`TimeoutNoTransfer 600`
			`TimeoutStalled 600`
			`TimeoutIdle 1200`

			`DisplayLogin /etc/welcome.msg`
			`DisplayFirstChdir .message`

			`ListOptions "-al"`

			`DenyFilter \./`
			`Port 21`
			`MaxInstances 30`
			`User nobody`
			`Group nogroup`
			`RequireValidShell off`

Fixing TLS for proftpd : CertificateFile IS REQUIRED for TLS to work 2008-08-11 10:19:29 +00:00			`# Use the IANA registered ephemeral port range`
			`# If you have a firewall, you should open this portrange`
			`# (or change it)`
			`# since ip_conntrack_ftp cannot decrypt TLS session.`
			`PassivePorts 49152 65534`

:P 2007-05-23 19:53:59 +00:00			`<Directory /*>`
			`DenyAll`
			`</Directory>`

			`<Directory /var/alternc/html>`
			`Umask 022 022`
			`AllowOverwrite on`
			`# Limit the allowed bandwith for each connexion, prevent ressource hold-up ;)`
			`TransferRate RETR 64`
			`TransferRate APPE,STOR 64`

			`AllowAll`
			`</Directory>`

			`MaxClientsPerHost 6 "Sorry, no more than 6 simultaneous connections"`
			`AccessGrantMsg "Welcome on AlternC, %u"`

			`# database@host:port login password`
			`SQLConnectInfo %%dbname%%@%%dbhost%%:3306 %%dbuser%% %%dbpwd%%`
			`# Table :`
			`SQLUserInfo ftpusers name encrypted_password 33 uid homedir NULL`

			`# Use mysql PASSWORD function`
			`SQLAuthTypes Crypt`
			`# Only mysql authentication enabled`
			`SQLAuthenticate users`
			`AuthPAM off`
			`# Default : www-data.www-data`
			`SQLDefaultGID 33`
			`SQLDefaultUID 33`
			`# Do NOT create the homedir if it does not exist`
			`SQLHomedirOnDemand off`
			`# Minimum ID allowed to log in. Other users should use SFTP`
			`SQLMinID 33`

			`# We don't use Unix rights managment on AlternC, so let's hide real owner/group/rights`
			`DirFakeGroup on alternc`
			`DirFakeMode 0640`
			`DirFakeUser on ~`

			`# And chmod command is forbidden too :`
			`<Limit SITE_CHMOD>`
			`DenyAll`
			`</Limit>`

:P 2007-05-23 19:55:39 +00:00			`UseIPv6 off`
use a working FTP/TLS configuration 2008-10-14 23:14:42 +00:00
			`<IfModule mod_tls.c>`
			`TLSEngine on`
			`TLSLog /var/log/proftpd/tls.log`
			`TLSProtocol TLSv1`

			`# Are clients required to use FTP over TLS when talking to this server?`
			`TLSRequired off`

			`# Server's certificate`
			`TLSRSACertificateFile /etc/alternc/apache.pem`
			`# TLSRSACertificateKeyFile /etc/ftpd/server.key.pem`

			`# CA the server trusts`
			`# TLSCACertificateFile /etc/ftpd/root.cert.pem`

			`# Authenticate clients that want to use FTP over TLS?`
			`TLSVerifyClient off`

			`# Allow SSL/TLS renegotiations when the client requests them, but`
			`# do not force the renegotations. Some clients do not support`
			`# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these`
			`# clients will close the data connection, or there will be a timeout`
			`# on an idle data connection.`
			`TLSRenegotiate required off`
			`</IfModule>`