FreeBSD 12.0: Pure-FTPd with inetd

I spent much time to configure Pure-FTPd for some problems. I wanted to:

  1. make it run by inetd.
  2. force users to connect with the strongest SSL/TLS connection.

inetd.conf

Pure-FTPd can be started and run by inetd set up like below:

ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd /usr/local/etc/pure-ftpd.conf

/etc/inetd.conf

We have to specify the path to its configuration file and write all settings in it. This keeps inetd.conf lines simple.

pure-ftpd.conf

First, finish setting up the other options except for ones about TLS (I don’t see details but sorry for my idleness).

Secondly, set these up like below:

TLS 2
TLSCipherSuite HIGH
#CertFile /etc/ssl/private/pure-ftpd.pem
CertFileAndKey “/path/to/cert.pem” “/path/to/privkey.pem”

/usr/local/etc/pure-ftpd.conf

Make sure “CertFile” is commented out. Set CertFileAndKey with certificate file and private key file together. Even symbolic links work fine, like ones created by letsencrypt/certbot.

The error message below is shown when CertFile option is set wrong:

Jul 28 16:45:50 home pure-ftpd[42438]: (?@?) [ERROR] Sorry, but that file doesn’t exist: [/etc/ssl/private/pure-ftpd.pem]

/var/log/xferlog

I hope this sample helps you.

コメントを残す

メールアドレスが公開されることはありません。

このサイトはスパムを低減するために Akismet を使っています。コメントデータの処理方法の詳細はこちらをご覧ください