#
# Fichier de configuration de ProFTPd pour AlternC
# $Id: proftpd.conf,v 1.11 2006/01/17 12:04:14 benjamin Exp $
# 
# %%warning_message%%
# version ETCH

#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf

ServerName                      "%%hosting%%"
ServerIdent                     on "FTP Server Ready"
ServerType                      standalone
DeferWelcome                    on

ShowSymlinks                    on
MultilineRFC2228                on
DefaultServer                   on
AllowOverwrite                  on
AllowStoreRestart               on
DefaultRoot                     ~
UseReverseDNS                   off
IdentLookups                    off
UseIPv6 			off

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    /etc/welcome.msg
# lenny-only
#DisplayChdir                    .message

ListOptions                     "-al"

DenyFilter                      \*.*/
Port                            21
MaxInstances                    30
User                            nobody
Group                           nogroup
RequireValidShell		off

# Use the IANA registered ephemeral port range
# If you have a firewall, you should open this portrange 
# (or change it)
# since ip_conntrack_ftp cannot decrypt TLS session.
PassivePorts 49152 65534

<Directory /*>
        DenyAll
</Directory>

<Directory /var/alternc/html>
  Umask                         022  022
  AllowOverwrite                on
# Limit the allowed bandwith for each connexion, prevent ressource hold-up ;) 
TransferRate RETR 64
TransferRate APPE,STOR 64

  AllowAll
</Directory>

MaxClientsPerHost 6 "Sorry, no more than 6 simultaneous connections"
AccessGrantMsg  "Welcome on AlternC, %u"

# database@host:port login password
SQLConnectInfo                  %%dbname%%@%%dbhost%%:3306 %%dbuser%% %%dbpwd%%
# Table :
SQLUserInfo ftpusers name encrypted_password 33 uid homedir NULL

# Use mysql PASSWORD function
SQLAuthTypes                    Crypt
# Only mysql authentication enabled
SQLAuthenticate users
AuthPAM                         off
# Default : www-data.www-data
SQLDefaultGID                   33
SQLDefaultUID                   33
# Minimum ID allowed to log in. Other users should use SFTP
SQLMinID                        33

# We don't use Unix rights managment on AlternC, so let's hide real owner/group/rights
DirFakeGroup    on alternc
DirFakeMode     0640
DirFakeUser     on ~

# And chmod command is forbidden too : 
<Limit SITE_CHMOD>
        DenyAll
</Limit>

UseIPv6 off

<IfModule mod_tls.c>
       TLSEngine on
       TLSLog /var/log/proftpd/tls.log
       TLSProtocol TLSv1

       # Are clients required to use FTP over TLS when talking to this server?
       TLSRequired off

       # Server's certificate
       TLSRSACertificateFile /etc/alternc/apache.pem
       # TLSRSACertificateKeyFile /etc/ftpd/server.key.pem

       # CA the server trusts
       # TLSCACertificateFile /etc/ftpd/root.cert.pem

       # Authenticate clients that want to use FTP over TLS?
       TLSVerifyClient off

       # Allow SSL/TLS renegotiations when the client requests them, but
       # do not force the renegotations.  Some clients do not support
       # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
       # clients will close the data connection, or there will be a timeout
       # on an idle data connection.
       TLSRenegotiate required off
</IfModule>