uftp-server-configuration
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| uftp-server-configuration [2024/04/27 13:36] – kingk | uftp-server-configuration [2024/05/04 16:58] (current) – kingk | ||
|---|---|---|---|
| Line 24: | Line 24: | ||
| #Run in background, daemon mode ok | #Run in background, daemon mode ok | ||
| DAEMON_MODE = true | DAEMON_MODE = true | ||
| + | |||
| + | # Folder where to save the logs, use the same format below, the folder must terminate with / | ||
| + | LOG_FOLDER = /var/log/ | ||
| + | |||
| + | # Maximum number of logs to keep, if 0 log functionality is disabled | ||
| + | MAXIMUM_LOG_FILES = 0 | ||
| # Idle timeout in seconds, client are disconnected for inactivity after the | # Idle timeout in seconds, client are disconnected for inactivity after the | ||
| Line 90: | Line 96: | ||
| **Parameters explained.** | **Parameters explained.** | ||
| + | Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced. | ||
| < | < | ||
| MAXIMUM_ALLOWED_FTP_CONNECTION = 30 | MAXIMUM_ALLOWED_FTP_CONNECTION = 30 | ||
| </ | </ | ||
| - | Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced. | ||
| + | If the parameter MAXIMUM_LOG_FILE is set different to zero, uFTP logs are enabled and data retention is the specified number of log files in days. | ||
| + | Logs are useful to debug software issues, possible bugs and brute force attacks. | ||
| < | < | ||
| - | FTP_PORT | + | # Folder where to save the logs, use the same format below, the folder must terminate with / |
| + | LOG_FOLDER | ||
| + | |||
| + | # Maximum number of logs to keep, if 0 log functionality is disabled | ||
| + | MAXIMUM_LOG_FILES = 0 | ||
| </ | </ | ||
| + | |||
| FTP server TCP/IP port, 21 is the standard FTP service port. | FTP server TCP/IP port, 21 is the standard FTP service port. | ||
| + | < | ||
| + | FTP_PORT = 21 | ||
| + | </ | ||
| + | If the single instance check is enabled, only one server instance can be executed. | ||
| < | < | ||
| SINGLE_INSTANCE = true | SINGLE_INSTANCE = true | ||
| </ | </ | ||
| - | If the single instance check is enabled, only one server instance can be executed. | ||
| + | When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose. | ||
| < | < | ||
| DAEMON_MODE = true | DAEMON_MODE = true | ||
| </ | </ | ||
| - | When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose. | ||
| + | Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP. | ||
| < | < | ||
| IDLE_MAX_TIMEOUT = 3600 | IDLE_MAX_TIMEOUT = 3600 | ||
| </ | </ | ||
| - | Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP. | ||
| + | FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP. | ||
| < | < | ||
| MAX_CONNECTION_NUMBER_PER_IP = 2 | MAX_CONNECTION_NUMBER_PER_IP = 2 | ||
| </ | </ | ||
| - | FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP. | ||
| + | To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts. | ||
| < | < | ||
| MAX_CONNECTION_TRY_PER_IP = 3 | MAX_CONNECTION_TRY_PER_IP = 3 | ||
| </ | </ | ||
| - | To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts. | ||
| - | < | ||
| - | CERTIFICATE_PATH=/ | ||
| - | </ | ||
| - | The path of the public certificate (needed only if TLS/SSL support is enabled). | ||
| + | To enforce security, you can set FORCE_TLS = true, clients will need to use SSL. | ||
| < | < | ||
| # Force usage of the TLS | # Force usage of the TLS | ||
| Line 136: | Line 149: | ||
| </ | </ | ||
| - | To enforce security, you can set FORCE_TLS = true, clients will need to use SSL. | + | Enables/ |
| < | < | ||
| ENABLE_PAM_AUTH = true | ENABLE_PAM_AUTH = true | ||
| </ | </ | ||
| - | Enables/ | ||
| + | The path of the public certificate (needed only if TLS/SSL support is enabled). | ||
| < | < | ||
| - | PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem | + | CERTIFICATE_PATH=/etc/uFTP/cert.pem |
| </ | </ | ||
| + | |||
| The path of the private certificate (needed only if TLS/SSL support is enabled). | The path of the private certificate (needed only if TLS/SSL support is enabled). | ||
| + | < | ||
| + | PRIVATE_CERTIFICATE_PATH=/ | ||
| + | </ | ||
| + | The range of random port will be used for data exchange between data and server for pasv mode. | ||
| < | < | ||
| RANDOM_PORT_START = 10000 | RANDOM_PORT_START = 10000 | ||
| RANDOM_PORT_END | RANDOM_PORT_END | ||
| </ | </ | ||
| - | The range of random port will be used for data exchange between data and server for pasv mode. | ||
| + | You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set. | ||
| < | < | ||
| #USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT | #USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT | ||
| Line 162: | Line 179: | ||
| </ | </ | ||
| - | You can set SERVER_IP if you are under NAT, uFTP will respond | + | Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter |
| + | Mandatory user list parameters: | ||
| + | **USER_**(N) is the FTP username | ||
| + | **PASSWORD_**(N) is the FTP password parameter written in plain text. | ||
| + | |||
| + | **HOME_**(N) is the user home path, every user can be limited inside a directory. | ||
| + | |||
| + | Option parameters: | ||
| + | **GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter. | ||
| + | |||
| + | **USER_NAME_OWNER_**(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter. | ||
| + | |||
| + | If one of the 2 optional parameter GROUP_NAME_OWNER_(N), | ||
| < | < | ||
| USER_0 = username | USER_0 = username | ||
| Line 185: | Line 214: | ||
| BLOCK_USER_1 = user2 | BLOCK_USER_1 = user2 | ||
| BLOCK_USER_2 = user3 | BLOCK_USER_2 = user3 | ||
| - | |||
| </ | </ | ||
| - | Ftp users can be configured by using the user list pattern, | + | You can list in the format above the user you want to block the access, they will be rejected |
| - | + | ||
| - | Mandatory | + | |
| - | **USER_**(N) is the FTP username parameter. | + | |
| - | + | ||
| - | **PASSWORD_**(N) is the FTP password parameter written in plain text. | + | |
| - | + | ||
| - | **HOME_**(N) is the user home path, every user can be limited inside a directory. | + | |
| - | + | ||
| - | Option parameters: | + | |
| - | **GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password | + | |
| - | + | ||
| - | **USER_NAME_OWNER_**(N) | + | |
| - | + | ||
| - | If one of the 2 optional parameter GROUP_NAME_OWNER_(N), | + | |
| < | < | ||
| #blocked user that are not allowed to login | #blocked user that are not allowed to login | ||
| Line 210: | Line 223: | ||
| BLOCK_USER_2 = user3 | BLOCK_USER_2 = user3 | ||
| </ | </ | ||
| - | You can list in the format above the user you want to block the access, they will be rejected if they attempt to login. | ||
uftp-server-configuration.1714217771.txt.gz · Last modified: 2024/04/27 13:36 by kingk