FTP (File Transfer Protocol) is a widely used method for transferring files to a server. ProFTPD is a robust and easily configurable FTP server for Unix-like systems that supports SSL/TLS encryption for secure connections.
In this guide, you will learn how to set up an FTP server on FreeBSD 12.0 using the ProFTPD server application. You will install ProFTPD, configure it for secure SSL/TLS connections, and set up FTP users.
Prerequisites
This guide uses the FreeBSD operating system on a server with 1 GB of RAM and 2 CPUs.
In this tutorial, we will:
- Update and Upgrade Packages
- Install ProFTPD
- Configure ProFTPD
- Setup SSL/TLS for ProFTPD
- Create FTP Users
- Test the Setup
Step 1 – Update and Upgrade Packages
First, update the package repository and upgrade all packages to the latest versions using the FreeBSD pkg management tool.
pkg update pkg upgrade
After the updates are complete, proceed to install the ProFTPD package.
Step 2 – Install ProFTPD
Next, install the ProFTPD package. The FreeBSD repository offers ProFTPD along with modules for backend databases such as MySQL, PostgreSQL, and SQLite.
pkg search proftpd
Install the ProFTPD package with the following command:
pkg install proftpd
Once installed, enable ProFTPD to start at boot time:
sysrc proftpd_enable=yes
Now, start the ProFTPD service and check its status:
service proftpd start service proftpd status
The ProFTPD service should now be running on your FreeBSD 12.0 system.
By default, the server uses the standard FTP port ’21’. Verify open ports using the following command:
sockstat -4 -l -P tcp
The ProFTPD service should be visible on port ’21’.
Step 3 – Configure ProFTPD
Edit the configuration file located in the ‘/usr/local/etc’ directory to configure your ProFTPD instance.
cd /usr/local/etc/ vim proftpd.conf
Update the ‘ServerName’ and keep the default FTP port ’21’.
ServerName "Hakase-Labs ProFTPd Server" Port 21
Disable IPv6 support and jail each user to their home directory:
UseIPv6 off DefaultRoot ~
Add additional settings to hide the server identity and allow users without valid shell access:
# Hide Server Identity ServerIdent off RequireValidShell no
Configure log paths for system and transfer logs:
# Setup Log Files TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log
Save and exit the editor.
Create the ProFTPD log directory:
mkdir -p /var/log/proftpd
Restart the ProFTPD service:
service proftpd restart
Your ProFTPD service has now been restarted with the provided configuration.
Step 4 – Setup SSL/TLS for ProFTPD
Secure the ProFTPD server by enabling SSL/TLS. Ensure you have valid SSL certificates available, and copy them to the ‘/usr/local/etc/ssl’ directory:
cp /path/to/ssl/*.pem /usr/local/etc/ssl/
Edit the ProFTPD configuration file to include your TLS settings:
cd /usr/local/etc/ vim proftpd.conf
Append the following line to include the TLS configuration:
Include /usr/local/etc/proftpd/tls.conf
Save and close the file.
Create a new configuration file ‘tls.conf’ in the ‘/usr/local/etc/proftpd/’ directory:
vim proftpd/tls.conf
Insert the following content, making sure to adjust file paths as appropriate:
# Load the TLS Module LoadModule mod_tls.c # SSL/TLS Configuration <IfModule mod_tls.c> TLSEngine on TLSRSACertificateFile /usr/local/etc/ssl/fullchain.pem TLSRSACertificateKeyFile /usr/local/etc/ssl/privkey.pem TLSLog /var/log/proftpd/tls.log TLSProtocol TLSv1.2 TLSRequired on TLSVerifyClient off </IfModule>
Save and exit the editor.
Restart the ProFTPD service:
service proftpd restart
Your ProFTPD server is now running with SSL/TLS enabled, allowing secure file transfers.
Step 5 – Create FTP Users
Create a new system user ‘hakase’ with a non-login shell and a home directory at ‘/home/hakase’:
adduser
Fill in the prompt as follows:
Username: hakase Full name: Hakase Labs Uid (Leave empty for default): Login group [hakase]: Login group is hakase. Invite hakase into other groups? []: Login class [default]: Shell (sh csh tcsh bash rbash nologin) [sh]: nologin Home directory [/home/hakase]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: no Use a random password? (yes/no) [no]: no Enter password: Enter password again: Lock out the account after creation? [no]: Username : hakase Password : ***** Full Name : Hakase Labs Uid : 1001 Class : Groups : hakase Home : /home/hakase Home Mode : Shell : /usr/sbin/nologin Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (hakase) to the user database. Add another user? (yes/no): no Goodbye!
The ‘hakase’ FTP user has been created.
Step 6 – Testing
Test the ProFTPD installation using the ‘FileZilla’ application, available for Mac, Windows, and Linux.
Open FileZilla and enter your server details, username, password, and the FTP port ’21’.
Click ‘Quickconnect’. When prompted, verify the SSL/TLS certificate by clicking ‘Ok’.
You should now be connected to the ProFTPD server, ready for secure file transfers.
The ProFTPD server installation and configuration on FreeBSD have been successfully completed.
References
FAQ
- What is ProFTPD?
- ProFTPD is a popular FTP server for Unix-like operating systems, known for its ease of configuration and support for secure SSL/TLS connections.
- Why use FTP over SSL/TLS?
- Using SSL/TLS provides encryption and secure data transmission, protecting sensitive data during transfers.
- How do I verify that SSL/TLS is enabled in ProFTPD?
- You can verify SSL/TLS functionality by checking the configuration files and attempting a secure connection with an FTP client like FileZilla.
- Is it possible to allow shell access for FTP users?
- Yes, you can modify the user’s shell from ‘nologin’ to any valid shell if you require shell access for your FTP users.