[BlueOnyx:25296] Re: Proftpd, configuration issues / wishes
Michael Stauber
mstauber at blueonyx.it
Tue Jan 11 20:25:54 -05 2022
Hi Tobias,
> 1) Users complain about certificate warnings, even when there is a valid
> certificate installed.
>
> This can be fixed by delivering the proper ca cert, like i.e. dovecot
> does. This can easily be accomplished by adding an entry
>
>
> TLSCertificateChainFile /etc/pki/dovecot/certs/ca.pem
It's only since recently that ProFTPd can do SNI and the general idea is
that BlueOnyx 5211R will get a ProFTPd with SNI support enabled and I
then port that back to 5210R and 5209R.
> 2) We restrict PassivePorts to a smaller value than default to not have
> to open firewalls too much to the outside.
>
> 3) We disable mod_ban as we already have a working fail2ban
> installation. I don't like to have too many sources to look for the
> reason of a connection problem.
>
> But these changes are getting overriden every now an then.
Yes, these are currently hard-coded into the config and we replace that
with every ProFTPd update. I'll see if we can make it configurable via
the GUI and then retain the settings through updates.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list