#!/bin/sh ############ MASQUERADE MASQUERADE=${MASQUERADE:-127.0.0.1} echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf ############ AUTH [ ! -f /auth/passwd ] && touch /auth/passwd chmod 0600 /auth/passwd chmod 0700 /auth ############ TLS TLS_CERT=${TLS_CERT:-/certs/cert.pem} TLS_KEY=${TLS_KEY:-/certs/privkey.pem} TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem} cat </etc/proftpd/conf.d/tls.conf TLSEngine on TLSVerifyClient off TLSRenegotiate none TLSProtocol TLSv1.2 TLSRSACertificateFile $TLS_CERT TLSRSACertificateKeyFile $TLS_KEY TLSCertificateChainFile $TLS_CHAIN TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" TLSOptions NoSessionReuseRequired AllowClientRenegotiations TLSRequired on EOF ############ START proftpd -n