How to install and configure ProFTPD with TLS server on Ubuntu 18.04

Step 1 #

Please update and upgrade your current OS:

$ sudo apt-update && sudo apt-upgrade -y

Step 2 #

Now install ProFTPD server:

$ sudo apt install proftpd -y

Step 3 #

You can edit the configuration file located in: /etc/proftpd/proftpd.conf

Default configuration should looks like this:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#

# Includes DSO modules

Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Debian"
# Set to inetd only if you would run proftpd by inetd/xinetd.
# Read README.Debian for more information on proper configuration.
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~
# Port 21 is the standard FTP port.
Port 21
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

By default, ProFTPD will use system accounts to log in. Feel free to change ServerName to your desired server’s name.

 

Step 4 #

Secure your connection with TLS:

$ apt install openssl -y

Now generate SSL certificates with following command:

$ openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

Secure now your certificate files with proper permissions:

$ chmod 600 /etc/ssl/private/proftpd.key
$ chmod 600 /etc/ssl/certs/proftpd.crt

Inside your configuration file: /etc/proftpd/proftpd.conf please add following line:

Include /etc/proftpd/tls.conf

Now edit /etc/proftpd/tls.conf and change following lines:

TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient off

 

Step 5 #

Restart now your ProFTPD daemon:

$ systemctl restart proftpd