Página inicial Explorar Ajuda
Entrar
yosoyhendrix
/
hestiacp
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Branch: feature/osal
Branches Tags
hestiacp
/
install
/
deb
/
proftpd
/
tls.conf

tls.conf 2.4 KB
Link permanente Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. #
    2. 

  2. # Proftpd sample configuration for FTPS connections.
    3. 

  3. #
    4. 

  4. # Note that FTPS impose some limitations in NAT traversing.
    5. 

  5. # See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
    6. 

  6. # for more information.
    7. 

  7. #
    8. 

  8. <IfModule mod_dso.c>
    9. 

  9.     # If mod_tls was built as a shared/DSO module, load it
    10. 

  10.     LoadModule mod_tls.c
    11. 

  11. </IfModule>
    12. 

  12. <IfModule mod_tls.c>
    13. 

  13. TLSEngine                               on
    14. 

  14. TLSLog                                  /var/log/proftpd/tls.log
    15. 

  15. # this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2
    16. 

  16. TLSProtocol                             TLSv1.1 TLSv1.2
    17. 

  17. #
    18. 

  18. # Server SSL certificate. You can generate a self-signed certificate using
    19. 

  19. # a command like:
    20. 

  20. #
    21. 

  21. # openssl req -x509 -newkey rsa:1024 \
    22. 

  22. #          -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
    23. 

  23. #          -nodes -days 365
    24. 

  24. #
    25. 

  25. # The proftpd.key file must be readable by root only. The other file can be
    26. 

  26. # readable by anyone.
    27. 

  27. #
    28. 

  28. # chmod 0600 /etc/ssl/private/proftpd.key
    29. 

  29. # chmod 0640 /etc/ssl/private/proftpd.key
    30. 

  30. #
    31. 

  31. TLSRSACertificateFile                   /usr/local/hestia/ssl/certificate.crt
    32. 

  32. TLSRSACertificateKeyFile                /usr/local/hestia/ssl/certificate.key
    33. 

  33. #
    34. 

  34. # CA the server trusts...
    35. 

  35. #TLSCACertificateFile                    /etc/ssl/certs/CA.pem
    36. 

  36. # ...or avoid CA cert and be verbose
    37. 

  37. #TLSOptions                      NoCertRequest EnableDiags
    38. 

  38. # ... or the same with relaxed session use for some clients (e.g. FireFtp)
    39. 

  39. #TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
    40. 

  40. #
    41. 

  41. #
    42. 

  42. # Per default drop connection if client tries to start a renegotiate
    43. 

  43. # This is a fix for CVE-2009-3555 but could break some clients.
    44. 

  44. #
    45. 

  45. #TLSOptions                                                     AllowClientRenegotiations
    46. 

  46. #
    47. 

  47. TLSOptions                       NoSessionReuseRequired AllowClientRenegotiations
    48. 

  48. # Authenticate clients that want to use FTP over TLS?
    49. 

  49. #
    50. 

  50. #TLSVerifyClient                         off
    51. 

  51. #
    52. 

  52. # Are clients required to use FTP over TLS when talking to this server?
    53. 

  53. #
    54. 

  54. TLSRequired                             off
    55. 

  55. #
    56. 

  56. # Allow SSL/TLS renegotiations when the client requests them, but
    57. 

  57. # do not force the renegotations.  Some clients do not support
    58. 

  58. # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    59. 

  59. # clients will close the data connection, or there will be a timeout
    60. 

  60. # on an idle data connection.
    61. 

  61. #
    62. 

  62. TLSRenegotiate                          required off
    63. 

  63. </IfModule>
    64.