# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                     "ProFTPD"
ServerType                      inetd
DefaultServer                   on
MultilineRFC2228                on

# Port 21 is the standard FTP port.
Port                  21
PassivePorts 60000 65535
TimeoutLogin         120
TimeoutIdle          600
TimeoutNoTransfer    600
TimeoutStalled        90

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances            30
MaxClients              20
MaxClientsPerHost       10
MaxClientsPerUser       6
MaxLoginAttempts        6
DenyFilter              \*.*/

# Set the user and group under which the server will run.
User    nobody
Group   nobody

AccessGrantMsg  "Connected %u"
AccessDenyMsg   "Not Connected"

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                        ftp

# We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp

# Limit the maximum number of anonymous logins
#  MaxClients                   20

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
  DisplayLogin          /etc/issue
# DisplayFirstChdir             .message

# Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE>
#    DenyAll
#  </Limit>
#</Anonymous>

# Logging options
#TransferLog    /var/adm/proftp

# Record all logins
ExtendedLog     /var/adm/proftp.log AUTH auth

# Some logging formats
LogFormat       default "%h %l %u %t \"%r\" %s %b"
LogFormat       auth    "%v [%P] %h %t \"%r\" %s"
LogFormat       write   "%h %l %u %t \"%r\" %s %b"

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/adm/proftptls.log
    TLSProtocol TLSv1

    # Are clients required to use FTP over TLS when talking to this server?
    # off = clients can connect using insecure FTP or secure FTP/SSL
    # on  = clients can only connect using secure FTP/SSL
    TLSRequired off
    TLSVerifyClient off

    # Server's certificate
    # the cert I created
    TLSRSACertificateFile /usr/local/etc/ftpserver.proftpd.cert.pem
    # the key I created
    #TLSRSACertificateKeyFile /usr/local/etc/proftpd.nodeskey.pem

    # CA the server trusts
    #TLSCACertificateFile /usr/local/etc/proftpd.cacert.pem
    TLSCACertificateFile /usr/local/etc/ftpserver.proftpd.cert.pem

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    #TLSRenegotiate required on
    TLSRenegotiate required off

</IfModule>