Renamed file and edited to render it exemplar

2025-11-16 13:57:30 -05:00
parent 960f54efca
commit 8c88322621
2 changed files with 93 additions and 41 deletions
--- a/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2
+++ b/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2
@@ -0,0 +1,93 @@
 <IfModule !mod_tls.c>
    LoadModule mod_tls.c
 </IfModule>
 <IfModule mod_tls.c>
    <VirtualHost 0.0.0.0>
        ServerName "{{ ftp_server_name }}"
        ServerIdent on "Our head librarians Furcas and Marbas welcome you!"
        ServerAlias {{ hostvars[inventory_hostname].fqdn }} ftp.{{ hostvars[inventory_hostname].fqdn }} {{ hostvars[inventory_hostname].fqdn.split('.')[0] }}
        ServerLog /var/log/proftpd/{{ hostvars[inventory_hostname].fqdn }}.log
        Protocols ftps
        Port 990
        DefaultRoot ~
        # AllowStoreRestart on
        MaxStoreFileSize 10 Gb
        MaxTransfersPerUser STOR,RETR 9
        MaxTransfersPerHost STOR,RETR 36
        DirFakeUser on ~
        DirFakeGroup on ~
        # AuthOrder mod_auth_pam.c mod_auth_unix.c*
        AuthOrder mod_auth_file.c
        AuthUserFile {{ config.proftpd.auth_filepaths.users_path }}
        AuthGroupFile {{ config.proftpd.auth_filepaths.groups_path }}
        AuthFileOptions SyntaxCheck
        TLSEngine on
        TLSLog /var/log/proftpd/tls.log
        # @NOTE: "SSLv23" means all SSL versions
        TLSProtocol SSLv23
        TLSOptions AllowClientRenegotiations
        TLSVerifyClient off
        TLSRequired on
        TLSRenegotiate required off
        TLSECCertificateFile {{ config.proftpd.tls_paths.cert }}
        TLSECCertificateKeyFile {{ config.proftpd.tls_paths.privkey }}
        TLSCACertificateFile {{ config.proftpd.tls_paths.cert }}
        <Limit LOGIN>
            AllowUser OR {{ allowed_users}}
        </Limit>
        <Directory ~>
            <Limit READ DIRS>
                AllowAll
            </Limit>
        </Directory>
        <Directory ~/*>
            UserOwner ftp
            GroupOwner ftp
            HideUser !~
            HideFiles ^\.(.+)?
            HideNoAccess on
            <Limit ALL>
                AllowAll
            </Limit>
        </Directory>
        <Anonymous {{ anon_root }}>
            User ftp
            Group ftp
            RequireValidShell off
            DirFakeUser on anon
            DirFakeGroup on anon
            DirFakeMode 0444
            UserAlias anon {{ anon_user }}
            AllowStoreRestart off
            MaxStoreFileSize 4 Gb
            MaxTransfersPerUser STOR,RETR 3
            MaxTransfersPerHost STOR,RETR 10
            HideUser !~
            HideNoAccess on
            <Directory {{ anon_root }}>
                <Limit READ DIRS>
                    AllowAll
                </Limit>
            </Directory>
            <Directory {{ anon_root }}/*>
                # <Limit READ DIRS MKD RMD XMKD XRMD>
                <Limit READ DIRS>
                    AllowAll
                </Limit>
                HideFiles ^\.(.+)?
            </Directory>
        </Anonymous>
    </VirtualHost>
 </IfModule>
--- a/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1.conf.j2
+++ b/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1.conf.j2
@@ -1,41 +0,0 @@
 <VirtualHost 0.0.0.0>
    ServerName {{ ftp_server_name }}
    ServerIdent on "You have arrived at {{ ftp_server_name }}!"
    ServerAlias {{ hostvars[inventory_hostname].fqdn }}
    ServerAlias ftp.{{ hostvars[inventory_hostname].fqdn }}
    ServerAlias {{ hostvars[inventory_hostname].fqdn.split('.')[0] }}
    ServerLog /var/log/proftpd/{{ hostvars[inventory_hostname].fqdn.split('.')[0] }}.log
    Protocols ftps
    Port 990
    # AuthOrder mod_auth_pam.c mod_auth_unix.c*
    AuthOrder mod_auth_file.c
    AuthUserFile /etc/proftpd/ftpd.passwd
    AuthGroupFile /etc/proftpd/ftpd.group
    AuthFileOptions SyntaxCheck
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log
    # @NOTE: "AALv23" means all SSL versions
    TLSProtocol SSLv23
    TLSOptions AllowClientRenegotiations
    TLSVerifyClient off
    TLSRequired on
    TLSRenegotiate required off
    TLSECCertificateFile {{ config.proftpd.tls_paths.cert }}
    TLSECCertificateKeyFile {{ config.proftpd.tls_paths.privkey }}
    TLSCACertificateFile {{ config.proftpd.tls_paths.cert }}
    <Anonymous /srv/ftp/public>
        <Directory *>
            <Limit WRITE CDUP CWD PWD>
                DenyAll
            </Limit>
            <Limit READ>
                AllowAll
            </Limit>
        </Directory>
    </Anonymous>
 <VirtualHost>