{{tag>Serveur FTP FTPS}}

= Notes FTP ProFTPd

Voir aussi :
* [[draft-monter-un-serveur-sftp-ssh|Monter un serveur SFTP avec ProFTPd]]
* https://wiki.evolix.org/HowtoProFTPD
* https://www.alsacreations.com/tuto/lire/617-Serveur-FTP-Proftpd.html

Debian
<code bash>
apt-get install proftpd-basic
</code>

RedHat
<code bash>
yum install proftpd proftpd-utils 
</code>

RedHat

''/etc/sysconfig/proftpd''
<code bash> 
#PROFTPD_OPTIONS=""
PROFTPD_OPTIONS="-DTLS -DDYNAMIC_BAN_LISTS"
</code>

''/etc/proftpd/proftpd.conf''
<code ->
UseIPv6                         off
UseReverseDNS                   off
ServerType                      standalone
DefaultRoot                     ~

AuthPAM                         off
#AuthOrder                      mod_auth_pam.c* mod_auth_unix.c
AuthOrder                       mod_auth_file.c
</code>

FTPS passif

''/etc/proftpd.conf''
<code ->
MasqueradeAddress     55.128.131.215

# ServerName                    "ProFTPD server"
ServerName                    "ftp.acme.fr"

SystemLog /var/log/proftpd/proftpd.log
TransferLog /var/log/proftpd/xferlog

TLSRSACertificateFile               /etc/pki/tls/certs/wildcard.acme.fr.cer
TLSRSACertificateKeyFile            /etc/pki/tls/certs/wildcard.acme.fr.key

#   TLSOptions                  NoCertRequest                                                      
    TLSOptions                  NoCertRequest NoSessionReuseRequired

    PassivePorts 40000 40200

#   BanOnEvent                  MaxLoginAttempts 2/00:10:00 01:00:00                          
    BanOnEvent                  MaxLoginAttempts 5/00:10:00 01:00:00
</code>


''/etc/shells''
<code ->
/bin/false
</code>

<code bash>
ftpasswd --passwd --name=ftpuser --uid=$(id -u linuxuser) --gid=$(id -g linuxuser) --home=/home/ftp --shell=/bin/false --file=/etc/proftpd/ftpd.passwd
ftpasswd --group  --name=ftpuser --gid=$(id -g linuxuser) --file=/etc/proftpd/ftpd.group --member=ftpuser
</code>

''/etc/proftpd/conf.d/plop.conf''
<code apache>
AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
UseFtpUsers on

<Directory />
  HideFiles (lost\+found|welcome\.msg|\.message|^\..*)
  <Limit ALL>
        IgnoreHidden            on
  </Limit>
</Directory>

</code>

Validate - check syntax
<code bash>
#proftpd -td10
proftpd -td10 -c /etc/proftpd.conf
</code>

Lancer & activer le service
<code bash>
systemctl start proftpd.service
systemctl enable proftpd.service
</code>

Autres
Liste des modules
<code bash>
proftpd -l
</code>

<code bash>
proftpd -V
proftpd -vv
proftpd -nd6
</code>

Test TLS/SSL
<code bash>
openssl s_client -connect 192.0.2.10:21 -starttls ftp
</code>


== Pb

=== Pb error: no valid servers configured

<code ->
journalctl -xe
Aug 10 14:36:11 acme proftpd[1331]: Starting ftp server: proftpd2017-08-10 14:36:11,019 acme proftpd[1338]: warning: unable to determine IP address of 'acme'
Aug 10 14:36:11 acme proftpd[1331]: 2017-08-10 14:36:11,019 acme proftpd[1338]: error: no valid servers configured
Aug 10 14:36:11 acme proftpd[1331]: 2017-08-10 14:36:11,020 acme proftpd[1338]: fatal: error processing configuration file '/etc/proftpd/proftpd.conf'
</code>

Cela peut arriver à la suite d'un changement de hostname

<code ->
hostname -i
hostname: Temporary failure in name resolution
</code>


=== Solution

Le hostname doit être résolvable

<code bash>
echo "127.0.1.1       $(hostname -s).localdomain     $(hostname -f)" >> /etc/hosts
</code>

''/etc/hosts''
<code ->
127.0.0.1       localhost
127.0.1.1       acme.localdomain      acme
</code>

Autre solution
''/etc/proftpd/proftpd.conf''
<code ->
DefaultAddress 127.0.0.1
</code>

<code bash>
sed -i -e 's/^LoadModule mod_unique_id.c/#&/' /etc/proftpd/modules.conf
</code>