Tag: ftp
COMMAND DUMP – upgrading a standard proftpd install to TLS
COMMAND DUMP – upgrading a standard proftpd install to TLS
upgrade a basic proftpd install to support FTPS with these commands
cd /etc/proftpd mkdir -p ssl openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem chmod 600 ssl/proftpd.*
Follow the prompts to put in your valid organization name
Then open the conf file #vi proftpd.conf and add the following (if the <IfModule mod_tls.c> directive already exist, replace the contents with the contenst below)
<IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log #TLSProtocol TLSv1.2 TLSCipherSuite AES128+EECDH:AES128+EDH TLSOptions NoCertRequest AllowClientRenegotiations TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem TLSVerifyClient off TLSRequired on RequireValidShell no </IfModule>
Restart proftpd
/etc/init.d/proftpd stop /etc/init.d/proftpd start
Your can test this by running the following command to make sure that you can connect using the certificate
openssl s_client -connect 127.0.0.1:21 -starttls ftp
proftpd stops running – once a week when logrotate.d runs
proftpd stops running – once a week when logrotate.d runs
On Sunday mornings at 6:30AM I receive this log entry at the bottom of my /var/log/proftpd/proftpd.log file and proftpd stops running
2015-07-05 06:28:24,870 servera proftpd[31258] 127.0.1.1: ProFTPD killed (signal 15) 2015-07-05 06:28:24,871 servera proftpd[31258] 127.0.1.1: ProFTPD 1.3.5rc3 standalone mode SHUTDOWN
The time (about 6:30AM) on sunday leads me to know from experience that is when the log files rotate if they are set to rotate weekly using logrotate.
So I go in search of the logrotate commands for proftpd with grep and find the following file
#grep proftpd -l /etc/logrotate.d/*
/etc/logrotate.d/proftpd-basic
Inside of /etc/logrotate.d/proftpd-basic file, there is a command which restarts proftpd after the logs files are rotated
postrotate
# reload could be not sufficient for all logs, a restart is safer
invoke-rc.d proftpd restart 2>/dev/null >/dev/null || true
When I run this at the CLI, I find that every other time I run the command, proftpd does not start! This seems to me to be a timing issue, so I simply but a sleep command between the stop and start commands in the restart script
/etc/init.d/proftpd force-reload|restart) if [ "x$RUN" = "xyes" ] ; then signal stop 1 sleep 1 #ADDED BY Michael Blood to avoid a timing issue that would not allow the start if the stop did not complete. start
This appears to fix the problem perfectly.