40 lines
1.5 KiB
Bash
40 lines
1.5 KiB
Bash
#!/bin/sh
|
|
|
|
############ MASQUERADE
|
|
|
|
MASQUERADE=${MASQUERADE:-127.0.0.1}
|
|
echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf
|
|
|
|
############ AUTH
|
|
|
|
[ ! -f /auth/passwd ] && touch /auth/passwd
|
|
|
|
chmod 0600 /auth/passwd
|
|
chmod 0700 /auth
|
|
|
|
############ TLS
|
|
|
|
TLS_CERT=${TLS_CERT:-/certs/cert.pem}
|
|
TLS_KEY=${TLS_KEY:-/certs/privkey.pem}
|
|
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}
|
|
|
|
cat <<EOF >/etc/proftpd/conf.d/tls.conf
|
|
<IfModule mod_tls.c>
|
|
TLSEngine on
|
|
TLSVerifyClient off
|
|
TLSRenegotiate none
|
|
TLSProtocol TLSv1.2
|
|
TLSRSACertificateFile $TLS_CERT
|
|
TLSRSACertificateKeyFile $TLS_KEY
|
|
TLSCertificateChainFile $TLS_CHAIN
|
|
TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
|
|
TLSOptions NoSessionReuseRequired AllowClientRenegotiations
|
|
TLSRequired on
|
|
</IfModule>
|
|
EOF
|
|
|
|
|
|
############ START
|
|
|
|
proftpd -n
|