Jump to content
Froxlor Forum
  • 0
BigD

Encrypt FTP connection (PureFTPD)

Question

Hi,

I'm using PureFTP with TLS since years for Froxlor with purchased SSL certificates. Now the certificate expired and I want to use Let's encrypt.
Here is my suggestion for a more secure PureFTP configuration - in addition to the current parameters from the froxlor setup guide:

Making TLS mandatory:

echo "2" > /etc/pure-ftpd/conf/TLS

Reduce the Ciphers to the secure ones:

echo "HIGH:!aNULL:!LOW:!EXP:!RC4:!3DES:!SSLv3:!SSLv2" > /etc/pure-ftpd/conf/TLSCipherSuite

Doing this every time the host certificates are updated (or once a night ;-) ):

cat /etc/ssl/froxlor-custom/{{hostname}}.crt /etc/ssl/froxlor-custom/{{hostname}}_chain.pem /etc/ssl/froxlor-custom/{{hostname}}.key > /etc/ssl/private/pure-ftpd.pem
systemctl restart pure-ftpd-mysql

Maybe it's an option to make this part of the default configuration and integrate the certificate merging into the froxlor-cron? Any ideas how this could look like on different distributions (Gentoo / RHEL / Ubuntu)?

Thanks for your feedback

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 1

current git version generates and stores the FULLCHAIN, as others wanted to use the certificate in other services

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Boruch Weisfish
      Hi all,
       
      I am new to Froxlor and so far enjoying it but unsure how to use it and have a few questions.
      I have pointed an A record from my domain provider to the server and am able to access the web panel using the domain but my FTP client (filezilla) can't find it. Does it have a mail server built in or do I have to configure that. Can I use it as a nameserver? What ports does it  need to function (so I can setup my firewall) Thanks in advance for all your help.
    • By Kieron Boswell
      Hi guys, have just got froxlor set-up and looking around it getting it ready to move all my clients into, one or two things I haven't been able to see yet.
      Mail settings, I'm used to being spoon-fed mail settings when I create an account, generally are these fixed so I can make a note? And is there a way to use mail.domain.tld rather than using the primary server domain for example? I'd really like something like that to be the default when I create a new website/email etc if possible. Ftp, is it possible to set ftp.domain.tld as a record that works for FTP automatically when an account is made under a customer? Many thanks, enjoying froxlor so far :-)
    • By Robert08020
      Hallo,
      Wenn ich einen neuen Kunden anlege, Doamin zuweise und FTP einrichte und gehe dann via WinSCP auf den Server, finde ich nichts. Der Ordner /var/customers wurde nicht erstellt.
      Kann mir jemand helfen?
      Mfg Robert08020
    • By Kyle Willets
      =================================================================================================================
       Package                       Arch                   Version                         Repository            Size
      =================================================================================================================
      Reinstalling:
       proftpd                       x86_64                 1.3.5e-4.el7                    epel                 3.7 M
       proftpd-mysql                 x86_64                 1.3.5e-4.el7                    epel                  50 k
      Transaction Summary
      =================================================================================================================
      Reinstall  2 Packages
      Total download size: 3.7 M
      Installed size: 9.7 M
      Is this ok [y/d/N]: y
      Downloading packages:
      (1/2): proftpd-1.3.5e-4.el7.x86_64.rpm                                                    | 3.7 MB  00:00:00
      (2/2): proftpd-mysql-1.3.5e-4.el7.x86_64.rpm                                              |  50 kB  00:00:00
      -----------------------------------------------------------------------------------------------------------------
      Total                                                                            4.0 MB/s | 3.7 MB  00:00:00
      Running transaction check
      Running transaction test
      Transaction test succeeded
      Running transaction
        Installing : proftpd-1.3.5e-4.el7.x86_64                                                                   1/2
        Installing : proftpd-mysql-1.3.5e-4.el7.x86_64                                                             2/2
        Verifying  : proftpd-mysql-1.3.5e-4.el7.x86_64                                                             1/2
        Verifying  : proftpd-1.3.5e-4.el7.x86_64                                                                   2/2
      Installed:
        proftpd.x86_64 0:1.3.5e-4.el7                        proftpd-mysql.x86_64 0:1.3.5e-4.el7
      Complete!
      [root@s128426 ~]# mv "/etc/proftpd/proftpd.conf" "/etc/proftpd/proftpd.conf.frx.bak"
      mv: cannot stat ‘/etc/proftpd/proftpd.conf’: No such file or directory
      [root@s128426 ~]# ^C
      [root@s128426 ~]# cd /etc/proftpd/
      -bash: cd: /etc/proftpd/: No such file or directory
       

      I am unable to setup ProFTP. I am using the latest version of Centos 7 and PHP 7. It says it installed, but yeah as ya can see. With the SSL it says to config something but does nto say what. So was wondering if anyone had any tips on how to get Lets Encypt working properly.
      Thank You.
    • By jnje
      Hallo Forum,
      is there a way to setup an FTP Lock in Froxlor  for the User/costumer?
      On a server that I use in the UK (see attachment) the user / costumer can
      open the FTP for a selected peridot of time. After which then it closes automatically.
      Is this not a useful solution to obtain a little more security with costumers that are
      not that conscious about safty etc.

×
×
  • Create New...