Gabriele.vivinetto at 17:00, 30 November 2018

2018-11-30T17:00:17Z

← Older revision		Revision as of 17:00, 30 November 2018
Line 77:		Line 77:

	*Provare a connettersi con filezilla		*Provare a connettersi con filezilla

			* Se succede che proftpd va al 100% di cpu, provare ad aggiungere la direttiva:
			SocketOptions sndbuf 1024 rcvbuf 1024

	=Riferimenti=		=Riferimenti=
	https://www.server-world.info/en/note?os=Debian_8&p=ftp&f=7		https://www.server-world.info/en/note?os=Debian_8&p=ftp&f=7
			*[https://forums.proftpd.org/smf/index.php?topic=3510.0 100% CPU load for any TLS secured transfer]

Gabriele.vivinetto at 20:42, 26 June 2018

2018-06-26T20:42:25Z

← Older revision		Revision as of 20:42, 26 June 2018
Line 40:		Line 40:
	#		#
	# CA the server trusts...		# CA the server trusts...
	#TLSCACertificateFile /~~etc~~/~~ssl~~/certs/CA.pem		TLSCACertificateFile /var/lib/dehydrated/certs/ftp.diesis.priv/chain.pem
	# ...or avoid CA cert and be verbose		# ...or avoid CA cert and be verbose
	#TLSOptions NoCertRequest EnableDiags		#TLSOptions NoCertRequest EnableDiags

Gabriele.vivinetto: Created page with "Si ipotizza di avere o certificati SSL già pronti * Attivare il la configurazione SSL sed -i -e "s_^#Include /etc/proftpd/tls.conf_Include /etc/proftpd/tls.conf_" /etc/p..."

2018-06-25T10:47:14Z

Created page with "Si ipotizza di avere o certificati SSL già pronti * Attivare il la configurazione SSL sed -i -e "s_^#Include /etc/proftpd/tls.conf_Include /etc/proftpd/tls.conf_" /etc/p..."

New page

Si ipotizza di avere o certificati SSL già pronti

* Attivare il la configurazione SSL

sed -i -e "s_^#Include /etc/proftpd/tls.conf_Include /etc/proftpd/tls.conf_" /etc/proftpd/proftpd.conf

* Modificare la configurazione TLS, inserendo i nomi dei certificati corretti:

<pre>
cat | sudo tee /etc/proftpd/tls.conf <<EOFile
#
# Proftpd sample configuration for FTPS connections.
#
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
# for more information.
#

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
#
# Server SSL certificate. You can generate a self-signed certificate using
# a command like:
#
# openssl req -x509 -newkey rsa:1024 \
# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
# -nodes -days 365
#
# The proftpd.key file must be readable by root only. The other file can be
# readable by anyone.
#
# chmod 0600 /etc/ssl/private/proftpd.key
# chmod 0640 /etc/ssl/private/proftpd.key
#
TLSRSACertificateFile /var/lib/dehydrated/certs/ftp.diesis.priv/fullchain.pem
TLSRSACertificateKeyFile /var/lib/dehydrated/certs/ftp.diesis.priv/privkey.pem
#
# CA the server trusts...
#TLSCACertificateFile /etc/ssl/certs/CA.pem
# ...or avoid CA cert and be verbose
#TLSOptions NoCertRequest EnableDiags
# ... or the same with relaxed session use for some clients (e.g. FireFtp)
#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
#
#
# Per default drop connection if client tries to start a renegotiate
# This is a fix for CVE-2009-3555 but could break some clients.
#
#TLSOptions AllowClientRenegotiations
#
# Authenticate clients that want to use FTP over TLS?
#
#TLSVerifyClient off
#
# Are clients required to use FTP over TLS when talking to this server?
#
#TLSRequired on
#
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>
EOFile
</pre>

* Riavviare proftpd

systemctl restart proftpd
systemctl status proftpd.service -l

*Provare a connettersi con filezilla

=Riferimenti=
https://www.server-world.info/en/note?os=Debian_8&p=ftp&f=7

Configurazione SSL/TLS di ProFtpd - Revision history

Gabriele.vivinetto at 17:00, 30 November 2018

Gabriele.vivinetto at 20:42, 26 June 2018

Gabriele.vivinetto: Created page with "Si ipotizza di avere o certificati SSL già pronti * Attivare il la configurazione SSL sed -i -e "s_^#Include /etc/proftpd/tls.conf_Include /etc/proftpd/tls.conf_" /etc/p..."