I spent much time to configure Pure-FTPd for some problems. I wanted to:
- make it run by inetd.
- force users to connect with the strongest SSL/TLS connection.
Pure-FTPd can be started and run by inetd set up like below:
ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd /usr/local/etc/pure-ftpd.conf/etc/inetd.conf
We have to specify the path to its configuration file and write all settings in it. This keeps inetd.conf lines simple.
First, finish setting up the other options except for ones about TLS (I don’t see details but sorry for my idleness).
Secondly, set these up like below:
CertFileAndKey “/path/to/cert.pem” “/path/to/privkey.pem”
Make sure “CertFile” is commented out. Set CertFileAndKey with certificate file and private key file together. Even symbolic links work fine, like ones created by letsencrypt/certbot.
The error message below is shown when CertFile option is set wrong:
Jul 28 16:45:50 home pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn’t exist: [/etc/ssl/private/pure-ftpd.pem]/var/log/xferlog
I hope this sample helps you.