skato-ansible/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2

<IfModule !mod_tls.c>
    LoadModule mod_tls.c
</IfModule>

<IfModule mod_tls.c>
    <VirtualHost 0.0.0.0>
        ServerName "{{ ftp_server_name }}"
        ServerIdent on "Our head librarians Furcas and Marbas welcome you!"
        ServerAlias {{ hostvars[inventory_hostname].fqdn }} ftp.{{ hostvars[inventory_hostname].fqdn }} {{ hostvars[inventory_hostname].fqdn.split('.')[0] }}
        ServerLog /var/log/proftpd/{{ hostvars[inventory_hostname].fqdn }}.log
        Protocols ftps
        Port 990
        DefaultRoot ~
        # AllowStoreRestart on
        MaxStoreFileSize 10 Gb
        MaxTransfersPerUser STOR,RETR 9
        MaxTransfersPerHost STOR,RETR 36
        DirFakeUser on ~
        DirFakeGroup on ~

        # AuthOrder mod_auth_pam.c mod_auth_unix.c*
        AuthOrder mod_auth_file.c
        AuthUserFile {{ config.proftpd.auth_filepaths.users_path }}
        AuthGroupFile {{ config.proftpd.auth_filepaths.groups_path }}
        AuthFileOptions SyntaxCheck

        TLSEngine on
        TLSLog /var/log/proftpd/tls.log
        # @NOTE: "SSLv23" means all SSL versions
        TLSProtocol SSLv23
        TLSOptions AllowClientRenegotiations
        TLSVerifyClient off
        TLSRequired on
        TLSRenegotiate required off

        TLSECCertificateFile {{ config.proftpd.tls_paths.cert }}
        TLSECCertificateKeyFile {{ config.proftpd.tls_paths.privkey }}
        TLSCACertificateFile {{ config.proftpd.tls_paths.cert }}

        <Limit LOGIN>
            AllowUser OR {{ allowed_users}}
        </Limit>

        <Directory ~>
            <Limit READ DIRS>
                AllowAll
            </Limit>
        </Directory>

        <Directory ~/*>
            UserOwner ftp
            GroupOwner ftp
            HideUser !~
            HideFiles ^\.(.+)?
            HideNoAccess on

            <Limit ALL>
                AllowAll
            </Limit>
        </Directory>

        <Anonymous {{ anon_root }}>
            User ftp
            Group ftp
            RequireValidShell off
            DirFakeUser on anon
            DirFakeGroup on anon
            DirFakeMode 0444
            UserAlias anon {{ anon_user }}
            AllowStoreRestart off
            MaxStoreFileSize 4 Gb
            MaxTransfersPerUser STOR,RETR 3
            MaxTransfersPerHost STOR,RETR 10
            HideUser !~
            HideNoAccess on

            <Directory {{ anon_root }}>
                <Limit READ DIRS>
                    AllowAll
                </Limit>
            </Directory>

            <Directory {{ anon_root }}/*>
                # <Limit READ DIRS MKD RMD XMKD XRMD>
                <Limit READ DIRS>
                    AllowAll
                </Limit>
                
                HideFiles ^\.(.+)?
            </Directory>
        </Anonymous>
    </VirtualHost>
</IfModule>