This post is older than a year. Consider some information might not be accurate anymore.
This post illustrates a quick setup for ProFTPD with TLS. It allows only TLSv1.2 secured connections with Let’s Encrypt certificates.
First of all, make a backup of the existing configuration, after that edit the TLS configuration.
root@cinhtau:~# cp /etc/proftpd/tls.conf tls.conf.example root@cinhtau:~# vim /etc/proftpd/tls.conf
The contents of the TLS configuration
root@cinhtau:~# cat /etc/proftpd/tls.conf # # Proftpd configuration for FTPS connections. # TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol TLSv1.2 TLSRSACertificateFile /etc/letsencrypt/live/cinhtau.net/cert.pem TLSRSACertificateKeyFile /etc/letsencrypt/live/cinhtau.net/privkey.pem TLSCertificateChainFile /etc/letsencrypt/live/cinhtau.net/chain.pem TLSRequired on TLSRenegotiate none
The important settings are the
TLSRequired ↠ on. Ensure that the TLS module conf is included (uncommented)
root@cinhtau:~# cat /etc/proftpd/proftpd.conf | grep tls Include /etc/proftpd/tls.conf
You can restrict the access in
Order allow,deny Allow from 192.168.1.100 Deny from all
Restart the service and there you go.
root@cinhtau:~# /etc/init.d/proftpd restart [ ok ] Restarting proftpd (via systemctl): proftpd.service.
Using FileZilla will still require to accept the certificate, but you can check if it is yours :-) . FileZilla doesn’t check the CA.