185 lines
4.9 KiB
Django/Jinja
185 lines
4.9 KiB
Django/Jinja
#
|
|
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
|
|
# To really apply changes, reload proftpd after modifications, if
|
|
# it runs in daemon mode. It is not required in inetd/xinetd mode.
|
|
#
|
|
|
|
# Includes DSO modules
|
|
Include /etc/proftpd/modules.conf
|
|
|
|
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
|
|
UseIPv6 on
|
|
# If set on you can experience a longer connection delay in many cases.
|
|
<IfModule mod_ident.c>
|
|
IdentLookups on
|
|
</IfModule>
|
|
|
|
ServerName "{{ ftp_server_name }}"
|
|
# Set to inetd only if you would run proftpd by inetd/xinetd/socket.
|
|
# Read README.Debian for more information on proper configuration.
|
|
ServerType standalone
|
|
DeferWelcome off
|
|
MaxInstances {{ max_conns }}
|
|
|
|
# Disable MultilineRFC2228 per https://github.com/proftpd/proftpd/issues/1085
|
|
# MultilineRFC2228on
|
|
DefaultServer on
|
|
DefaultRoot ~
|
|
|
|
DenyFilter \*.*/
|
|
|
|
# Users require a valid shell listed in /etc/shells to login.
|
|
# Use this directive to release that constrain.
|
|
# RequireValidShell off
|
|
|
|
# Port 21 is the standard FTP port.
|
|
Port 21
|
|
|
|
# If your host was NATted, this option is useful in order to
|
|
# allow passive tranfers to work. You have to use your public
|
|
# address and opening the passive ports used on your firewall as well.
|
|
# MasqueradeAddress 1.2.3.4
|
|
|
|
# This is useful for masquerading address with dynamic IPs:
|
|
# refresh any configured MasqueradeAddress directives every 8 hours
|
|
# <IfModule mod_dynmasq.c>
|
|
# DynMasqRefresh 28800
|
|
# </IfModule>
|
|
|
|
# Set the user and group that the server normally runs at.
|
|
User proftpd
|
|
Group nogroup
|
|
|
|
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
|
|
# PersistentPasswd off
|
|
|
|
# This is required to use both PAM-based authentication and local passwords
|
|
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
|
|
|
|
# Be warned: use of this directive impacts CPU average load!
|
|
# Uncomment this if you like to see progress and transfer rate with ftpwho
|
|
# in downloads. That is not needed for uploads rates.
|
|
#
|
|
# UseSendFile off
|
|
|
|
TransferLog /var/log/proftpd/transfer.log
|
|
SystemLog /var/log/proftpd/connection.log
|
|
|
|
# Logging onto /var/log/lastlog is enabled but set to off by default
|
|
#UseLastlog on
|
|
|
|
# In order to keep log file dates consistent after chroot, use timezone info
|
|
# from /etc/localtime. If this is not set, and proftpd is configured to
|
|
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
|
|
# savings timezone regardless of whether DST is in effect.
|
|
#SetEnv TZ :/etc/localtime
|
|
|
|
<IfModule mod_quotatab.c>
|
|
QuotaEngine off
|
|
</IfModule>
|
|
|
|
<IfModule mod_ratio.c>
|
|
Ratios off
|
|
</IfModule>
|
|
|
|
|
|
# Delay engine reduces impact of the so-called Timing Attack described in
|
|
# http://www.securityfocus.com/bid/11430/discuss
|
|
# It is on by default.
|
|
<IfModule mod_delay.c>
|
|
DelayEngine on
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls.c>
|
|
ControlsEngine off
|
|
ControlsMaxClients 2
|
|
ControlsLog /var/log/proftpd/controls.log
|
|
ControlsInterval 5
|
|
ControlsSocket /var/run/proftpd/proftpd.sock
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls_admin.c>
|
|
AdminControlsEngine off
|
|
</IfModule>
|
|
|
|
#
|
|
# Alternative authentication frameworks
|
|
#
|
|
#Include /etc/proftpd/ldap.conf
|
|
#Include /etc/proftpd/sql.conf
|
|
|
|
#
|
|
# This is used for FTPS connections
|
|
#
|
|
#Include /etc/proftpd/tls.conf
|
|
|
|
#
|
|
# This is used for SFTP connections
|
|
#
|
|
#Include /etc/proftpd/sftp.conf
|
|
|
|
#
|
|
# This is used for other add-on modules
|
|
#
|
|
#Include /etc/proftpd/dnsbl.conf
|
|
#Include /etc/proftpd/geoip.conf
|
|
#Include /etc/proftpd/snmp.conf
|
|
|
|
#
|
|
# Useful to keep VirtualHost/VirtualRoot directives separated
|
|
#
|
|
#Include /etc/proftpd/virtuals.conf
|
|
|
|
# A basic anonymous configuration, no upload directories.
|
|
|
|
# <Anonymous ~ftp>
|
|
# User ftp
|
|
# Group nogroup
|
|
# # We want clients to be able to login with "anonymous" as well as "ftp"
|
|
# UserAlias anonymous ftp
|
|
# # Cosmetic changes, all files belongs to ftp user
|
|
# DirFakeUser on ftp
|
|
# DirFakeGroup on ftp
|
|
#
|
|
# RequireValidShell off
|
|
#
|
|
# # Limit the maximum number of anonymous logins
|
|
# MaxClients 10
|
|
#
|
|
# # We want 'welcome.msg' displayed at login, and '.message' displayed
|
|
# # in each newly chdired directory.
|
|
# DisplayLogin welcome.msg
|
|
# DisplayChdir .message
|
|
#
|
|
# # Limit WRITE everywhere in the anonymous chroot
|
|
# <Directory *>
|
|
# <Limit WRITE>
|
|
# DenyAll
|
|
# </Limit>
|
|
# </Directory>
|
|
#
|
|
# # Uncomment this if you're brave.
|
|
# # <Directory incoming>
|
|
# # # Umask 022 is a good standard umask to prevent new files and dirs
|
|
# # # (second parm) from being group and world writable.
|
|
# # Umask 022 022
|
|
# # <Limit READ WRITE>
|
|
# # DenyAll
|
|
# # </Limit>
|
|
# # <Limit STOR>
|
|
# # AllowAll
|
|
# # </Limit>
|
|
# # </Directory>
|
|
#
|
|
# </Anonymous>
|
|
|
|
<Limit LOGIN>
|
|
DenyAll
|
|
</Limit>
|
|
|
|
# Include other custom configuration files
|
|
# !! Please note, that this statement will read /all/ file from this subdir,
|
|
# i.e. backup files created by your editor, too !!!
|
|
# Eventually create file patterns like this: /etc/proftpd/conf.d/*.conf
|
|
#
|
|
Include /etc/proftpd/conf.d/ |