[BlueOnyx:11329] Re: 5108R FTPS

[Chris Gebhardt - VIRTBIZ Internet]

Thanks Michael,
The customer is working now and he's happy, so that's a good thing.

Michael Stauber wrote:

> Yeah, it can be made to work on the IP of the Vsite, too - if that one
> is different from the main IP.
> 
> At the bottom of /etc/proftpd.conf you got the VirtualHost containers
> for all the extra IP's. Just add a container like this for the IP of
> that Vsite where you want FTPS to work (and substitute the correct IP):

Ah, got it, OK!  That makes some sense.   Many thanks for that tip.

> If the client's Vsite has an SSL certificate, you could even use that
> one instead of defaulting to the Dovecot certificate, which I used here
> because it's there by default and saves us the hassle of creating yet
> another self-signed certificate just for FTPS.

Yes, that sure makes sense to me.   That also brings some interesting 
possibilities to mind.

> I'm thinking of hacking all this into the BlueOnyx GUI to finally
> provide working FTPS "out of the box". But I'm still a bit torn about
> running ProFTPD stand alone and no longer behind Xinetd (which has
> benefits for security reasons).

Seems to me that running ProFTPD in standalone mode with mod_wrap would 
provide some security here (ie: use of hosts.allow/hosts.deny).  There 
may be other considerations as well that I'm just not thinking about 
right now, but I admit to being a little fried at the end of the week!

But I know I have some other customers who would enjoy the ability to 
have the FTPS "just work".  They'd also like SFTP, but I know that is an 
entirely different story and my feeling is so long as there is an option 
one way or the other, that's good enough.

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ