Jump to content
Froxlor Forum
  • 0

Encrypt FTP connection (PureFTPD)


BigD
 Share

Question

Hi,

I'm using PureFTP with TLS since years for Froxlor with purchased SSL certificates. Now the certificate expired and I want to use Let's encrypt.
Here is my suggestion for a more secure PureFTP configuration - in addition to the current parameters from the froxlor setup guide:

Making TLS mandatory:

echo "2" > /etc/pure-ftpd/conf/TLS

Reduce the Ciphers to the secure ones:

echo "HIGH:!aNULL:!LOW:!EXP:!RC4:!3DES:!SSLv3:!SSLv2" > /etc/pure-ftpd/conf/TLSCipherSuite

Doing this every time the host certificates are updated (or once a night ;-) ):

cat /etc/ssl/froxlor-custom/{{hostname}}.crt /etc/ssl/froxlor-custom/{{hostname}}_chain.pem /etc/ssl/froxlor-custom/{{hostname}}.key > /etc/ssl/private/pure-ftpd.pem
systemctl restart pure-ftpd-mysql

Maybe it's an option to make this part of the default configuration and integrate the certificate merging into the froxlor-cron? Any ideas how this could look like on different distributions (Gentoo / RHEL / Ubuntu)?

Thanks for your feedback

Link to comment
Share on other sites

1 answer to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



×
×
  • Create New...