122 lines
3.5 KiB
Plaintext
122 lines
3.5 KiB
Plaintext
#
|
|
# Fichier de configuration de ProFTPd pour AlternC
|
|
# $Id: proftpd.conf,v 1.11 2006/01/17 12:04:14 benjamin Exp $
|
|
#
|
|
# %%warning_message%%
|
|
# version ETCH
|
|
|
|
#
|
|
# Includes required DSO modules. This is mandatory in proftpd 1.3
|
|
#
|
|
Include /etc/proftpd/modules.conf
|
|
|
|
ServerName "%%hosting%%"
|
|
ServerIdent on "FTP Server Ready"
|
|
ServerType standalone
|
|
DeferWelcome on
|
|
|
|
ShowSymlinks on
|
|
MultilineRFC2228 on
|
|
DefaultServer on
|
|
AllowOverwrite on
|
|
AllowStoreRestart on
|
|
DefaultRoot ~
|
|
UseReverseDNS off
|
|
IdentLookups off
|
|
UseIPv6 off
|
|
|
|
TimeoutNoTransfer 600
|
|
TimeoutStalled 600
|
|
TimeoutIdle 1200
|
|
|
|
DisplayLogin /etc/welcome.msg
|
|
DisplayFirstChdir .message
|
|
|
|
ListOptions "-al"
|
|
|
|
DenyFilter \*.*/
|
|
Port 21
|
|
MaxInstances 30
|
|
User nobody
|
|
Group nogroup
|
|
RequireValidShell off
|
|
|
|
# Use the IANA registered ephemeral port range
|
|
# If you have a firewall, you should open this portrange
|
|
# (or change it)
|
|
# since ip_conntrack_ftp cannot decrypt TLS session.
|
|
PassivePorts 49152 65534
|
|
|
|
<Directory /*>
|
|
DenyAll
|
|
</Directory>
|
|
|
|
<Directory /var/alternc/html>
|
|
Umask 022 022
|
|
AllowOverwrite on
|
|
# Limit the allowed bandwith for each connexion, prevent ressource hold-up ;)
|
|
TransferRate RETR 64
|
|
TransferRate APPE,STOR 64
|
|
|
|
AllowAll
|
|
</Directory>
|
|
|
|
MaxClientsPerHost 6 "Sorry, no more than 6 simultaneous connections"
|
|
AccessGrantMsg "Welcome on AlternC, %u"
|
|
|
|
# database@host:port login password
|
|
SQLConnectInfo %%dbname%%@%%dbhost%%:3306 %%dbuser%% %%dbpwd%%
|
|
# Table :
|
|
SQLUserInfo ftpusers name encrypted_password 33 uid homedir NULL
|
|
|
|
# Use mysql PASSWORD function
|
|
SQLAuthTypes Crypt
|
|
# Only mysql authentication enabled
|
|
SQLAuthenticate users
|
|
AuthPAM off
|
|
# Default : www-data.www-data
|
|
SQLDefaultGID 33
|
|
SQLDefaultUID 33
|
|
# Do NOT create the homedir if it does not exist
|
|
SQLHomedirOnDemand off
|
|
# Minimum ID allowed to log in. Other users should use SFTP
|
|
SQLMinID 33
|
|
|
|
# We don't use Unix rights managment on AlternC, so let's hide real owner/group/rights
|
|
DirFakeGroup on alternc
|
|
DirFakeMode 0640
|
|
DirFakeUser on ~
|
|
|
|
# And chmod command is forbidden too :
|
|
<Limit SITE_CHMOD>
|
|
DenyAll
|
|
</Limit>
|
|
|
|
UseIPv6 off
|
|
|
|
<IfModule mod_tls.c>
|
|
TLSEngine on
|
|
TLSLog /var/log/proftpd/tls.log
|
|
TLSProtocol TLSv1
|
|
|
|
# Are clients required to use FTP over TLS when talking to this server?
|
|
TLSRequired off
|
|
|
|
# Server's certificate
|
|
TLSRSACertificateFile /etc/alternc/apache.pem
|
|
# TLSRSACertificateKeyFile /etc/ftpd/server.key.pem
|
|
|
|
# CA the server trusts
|
|
# TLSCACertificateFile /etc/ftpd/root.cert.pem
|
|
|
|
# Authenticate clients that want to use FTP over TLS?
|
|
TLSVerifyClient off
|
|
|
|
# Allow SSL/TLS renegotiations when the client requests them, but
|
|
# do not force the renegotations. Some clients do not support
|
|
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
|
|
# clients will close the data connection, or there will be a timeout
|
|
# on an idle data connection.
|
|
TLSRenegotiate required off
|
|
</IfModule>
|