117 lines
2.8 KiB
Plaintext
117 lines
2.8 KiB
Plaintext
# Includes DSO modules
|
|
Include /etc/proftpd/modules.conf
|
|
|
|
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
|
|
UseIPv6 off
|
|
# If set on you can experience a longer connection delay in many cases.
|
|
IdentLookups off
|
|
|
|
ServerName Cloudron
|
|
ServerType standalone
|
|
DeferWelcome off
|
|
|
|
MultilineRFC2228 on
|
|
DefaultServer on
|
|
ShowSymlinks on
|
|
|
|
TimeoutNoTransfer 600
|
|
TimeoutStalled 600
|
|
TimeoutIdle 1200
|
|
|
|
DisplayLogin welcome.msg
|
|
DisplayChdir .message true
|
|
ListOptions "-l"
|
|
|
|
DenyFilter \*.*/
|
|
|
|
# Use this to jail all users in their homes, will be homeDirectory LDAP attribute
|
|
DefaultRoot ~
|
|
|
|
# Users require a valid shell listed in /etc/shells to login.
|
|
# Use this directive to release that constrain.
|
|
# RequireValidShell off
|
|
|
|
# Port 21 is the standard FTP port.
|
|
Port 0
|
|
|
|
# To prevent DoS attacks, set the maximum number of child processes
|
|
# to 30. If you need to allow more than 30 concurrent connections
|
|
# at once, simply increase this value. Note that this ONLY works
|
|
# in standalone mode, in inetd mode you should use an inetd server
|
|
# that allows you to limit maximum number of processes per service
|
|
# (such as xinetd)
|
|
MaxInstances 10
|
|
|
|
# Set the user and group that the server normally runs at.
|
|
User www-data
|
|
Group www-data
|
|
|
|
# Umask 022 is a good standard umask to prevent new files and dirs
|
|
# (second parm) from being group and world writable.
|
|
Umask 022 022
|
|
# Normally, we want files to be overwriteable.
|
|
AllowOverwrite on
|
|
|
|
TransferLog /run/proftpd/xferlog
|
|
SystemLog /run/proftpd/proftpd.log
|
|
|
|
# disable ssh login log
|
|
WtmpLog off
|
|
|
|
<IfModule mod_quotatab.c>
|
|
QuotaEngine off
|
|
</IfModule>
|
|
|
|
<IfModule mod_ratio.c>
|
|
Ratios off
|
|
</IfModule>
|
|
|
|
# Delay engine reduces impact of the so-called Timing Attack described in
|
|
# http://www.securityfocus.com/bid/11430/discuss
|
|
# It is on by default.
|
|
<IfModule mod_delay.c>
|
|
DelayEngine on
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls.c>
|
|
ControlsEngine off
|
|
ControlsMaxClients 2
|
|
ControlsLog /var/log/proftpd/controls.log
|
|
ControlsInterval 5
|
|
ControlsSocket /var/run/proftpd/proftpd.sock
|
|
</IfModule>
|
|
|
|
<IfModule mod_ctrls_admin.c>
|
|
AdminControlsEngine off
|
|
</IfModule>
|
|
|
|
LoadModule mod_ldap.c
|
|
<IfModule mod_ldap.c>
|
|
# https://forums.proftpd.org/smf/index.php?topic=6368.0
|
|
LDAPServer "ldap://localhost:3002/??sub"
|
|
LDAPUsers "ou=proftpd,dc=cloudron" (username=%u)
|
|
|
|
LDAPLog /var/log/proftpd/ldap.log
|
|
</IfModule>
|
|
|
|
<IfModule mod_sftp.c>
|
|
SFTPEngine on
|
|
Port 222
|
|
SFTPLog /var/log/proftpd/sftp.log
|
|
|
|
# Configure both the RSA and DSA host keys, using the same host key
|
|
# files that OpenSSH uses.
|
|
SFTPHostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
SFTPAuthMethods password
|
|
|
|
# Enable compression
|
|
SFTPCompression delayed
|
|
|
|
RequireValidShell off
|
|
</IfModule>
|
|
|
|
<Directory />
|
|
HideNoAccess yes
|
|
</Directory>
|