#!/bin/sh

############ MASQUERADE

MASQUERADE=${MASQUERADE:-127.0.0.1}
echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf

############ AUTH

[ ! -f /auth/passwd ] && touch /auth/passwd

chmod 0600 /auth/passwd
chmod 0700 /auth

############ TLS

TLS_CERT=${TLS_CERT:-/certs/cert.pem}
TLS_KEY=${TLS_KEY:-/certs/privkey.pem}
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}

cat <<EOF >/etc/proftpd/conf.d/tls.conf 
<IfModule mod_tls.c>
  TLSEngine                               on
  TLSVerifyClient                         off
  TLSRenegotiate                          none
  TLSProtocol                             TLSv1.2
  TLSRSACertificateFile                   $TLS_CERT
  TLSRSACertificateKeyFile                $TLS_KEY
  TLSCertificateChainFile                 $TLS_CHAIN
  TLSCipherSuite                          "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" 
  TLSOptions                              NoSessionReuseRequired AllowClientRenegotiations
  TLSRequired                             on
</IfModule>
EOF


############ START

proftpd -n