Full documentation to configure FTP server with proftpd is provided at http://www.proftpd.org. Here we confirm the configuration in practice.
In addition to the default configuration in Omarine, you add the configuration directives below.
First, load the mod_tls module
<IfModule mod_dso.c>LoadModule mod_tls.c </IfModule>
Then add the section <IfModule mod_tls.c>. The directives for the configuration have comments attached to explain:
<IfModule mod_tls.c> TLSEngine on TLSLog /var/ftpd/tls.log # Support both SSLv3 and TLSv1 TLSProtocol SSLv3 TLSv1 # We don't require clients to use FTP over TLS TLSRequired off # Server's RSA certificate, assume your server certificate file is server-cert.pem # and the certificate's private key file is server-key.pem TLSRSACertificateFile /etc/ftpd/server-cert.pem TLSRSACertificateKeyFile /etc/ftpd/server-key.pem # CA certificate file of the server, assume server.ca-bundle TLSCACertificateFile /etc/ftpd/server.ca-bundle # Do not authenticate clients over TLS TLSVerifyClient off # Do not force SSL/TLS renegotiations TLSRenegotiate none # Relax the requirement that the SSL session be reused for data transfers TLSOptions NoSessionReuseRequired </IfModule>
Which client works with the FTP server over TLS?
FileZilla is one of the most suitable clients. You can use the binary version or build it from source for use in Omarine. I am also using FileZilla.
Configuring the log
This is a supplement to the proftpd configuration in general. We often want to record anonymous activities. You add the following directive to the section <Anonymous ~ ftp>:
ExtendedLog /var/log/ftp.log read, write
Below is an example of the content being logged