uftp-server-configuration
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
uftp-server-configuration [2022/11/27 18:31] – kingk | uftp-server-configuration [2024/05/04 16:58] (current) – kingk | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | **uFTP Server configuration** | + | **uFTP |
uFTP server can be configured with the " | uFTP server can be configured with the " | ||
Line 13: | Line 13: | ||
####################################################### | ####################################################### | ||
- | MAXIMUM_ALLOWED_FTP_CONNECTION = 30 | ||
#MAXIMUM ALLOWED CONNECTIONS ON THE SERVER | #MAXIMUM ALLOWED CONNECTIONS ON THE SERVER | ||
+ | MAXIMUM_ALLOWED_FTP_CONNECTION = 30 | ||
- | FTP_PORT = 21 | ||
#TCP/IP PORT SETTINGS (DEFAULT 21) | #TCP/IP PORT SETTINGS (DEFAULT 21) | ||
+ | FTP_PORT = 21 | ||
- | SINGLE_INSTANCE = true | ||
#Allow only one server instance (true or false) | #Allow only one server instance (true or false) | ||
+ | SINGLE_INSTANCE = true | ||
- | DAEMON_MODE = true | ||
#Run in background, daemon mode ok | #Run in background, daemon mode ok | ||
+ | DAEMON_MODE = true | ||
+ | |||
+ | # Folder where to save the logs, use the same format below, the folder must terminate with / | ||
+ | LOG_FOLDER = /var/log/ | ||
+ | |||
+ | # Maximum number of logs to keep, if 0 log functionality is disabled | ||
+ | MAXIMUM_LOG_FILES = 0 | ||
- | IDLE_MAX_TIMEOUT = 3600 | ||
# Idle timeout in seconds, client are disconnected for inactivity after the | # Idle timeout in seconds, client are disconnected for inactivity after the | ||
# specified amount of time in seconds, set to 0 to disable | # specified amount of time in seconds, set to 0 to disable | ||
+ | IDLE_MAX_TIMEOUT = 3600 | ||
- | MAX_CONNECTION_NUMBER_PER_IP = 10 | ||
#MAX CONNECTIONS PER IP | #MAX CONNECTIONS PER IP | ||
#LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS | #LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS | ||
# 0 TO DISABLE | # 0 TO DISABLE | ||
+ | MAX_CONNECTION_NUMBER_PER_IP = 10 | ||
- | MAX_CONNECTION_TRY_PER_IP = 10 | ||
#MAX LOGIN TRY PER IP | #MAX LOGIN TRY PER IP | ||
#THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD | #THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD | ||
#0 TO DISABLE | #0 TO DISABLE | ||
+ | MAX_CONNECTION_TRY_PER_IP = 10 | ||
+ | |||
+ | #USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT | ||
+ | #SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE | ||
+ | #IF NOT IN USE LEAVE IT COMMENTED OR BLANK | ||
+ | #USE , instad of . eg: 192,168,1,1 | ||
+ | #SERVER_IP = 192,168,1,1 | ||
#TLS CERTIFICATE FILE PATH | #TLS CERTIFICATE FILE PATH | ||
Line 45: | Line 57: | ||
#Enable system authentication based on /etc/passwd | #Enable system authentication based on /etc/passwd | ||
#and /etc/shadow | #and /etc/shadow | ||
- | ENABLE_PAM_AUTH = true | + | ENABLE_PAM_AUTH = false |
+ | |||
+ | # Force usage of the TLS | ||
+ | # If enabled, only TLS connections will be allowed | ||
+ | FORCE_TLS = false | ||
+ | |||
+ | # | ||
+ | # Random port for passive FTP connections range | ||
+ | # | ||
+ | RANDOM_PORT_START = 10000 | ||
+ | RANDOM_PORT_END | ||
#USERS | #USERS | ||
Line 64: | Line 86: | ||
PASSWORD_2 = anotherPassowrd | PASSWORD_2 = anotherPassowrd | ||
HOME_2 = / | HOME_2 = / | ||
+ | |||
+ | #blocked user that are not allowed to login | ||
+ | BLOCK_USER_0 = user1 | ||
+ | BLOCK_USER_1 = user2 | ||
+ | BLOCK_USER_2 = user3 | ||
</ | </ | ||
Line 69: | Line 96: | ||
**Parameters explained.** | **Parameters explained.** | ||
+ | Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced. | ||
< | < | ||
MAXIMUM_ALLOWED_FTP_CONNECTION = 30 | MAXIMUM_ALLOWED_FTP_CONNECTION = 30 | ||
</ | </ | ||
- | Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced. | ||
+ | If the parameter MAXIMUM_LOG_FILE is set different to zero, uFTP logs are enabled and data retention is the specified number of log files in days. | ||
+ | Logs are useful to debug software issues, possible bugs and brute force attacks. | ||
< | < | ||
- | FTP_PORT | + | # Folder where to save the logs, use the same format below, the folder must terminate with / |
+ | LOG_FOLDER | ||
+ | |||
+ | # Maximum number of logs to keep, if 0 log functionality is disabled | ||
+ | MAXIMUM_LOG_FILES = 0 | ||
</ | </ | ||
+ | |||
FTP server TCP/IP port, 21 is the standard FTP service port. | FTP server TCP/IP port, 21 is the standard FTP service port. | ||
+ | < | ||
+ | FTP_PORT = 21 | ||
+ | </ | ||
+ | If the single instance check is enabled, only one server instance can be executed. | ||
< | < | ||
SINGLE_INSTANCE = true | SINGLE_INSTANCE = true | ||
</ | </ | ||
- | If the single instance check is enabled, only one server instance can be executed. | ||
+ | When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose. | ||
< | < | ||
DAEMON_MODE = true | DAEMON_MODE = true | ||
</ | </ | ||
- | When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose. | ||
+ | Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP. | ||
< | < | ||
IDLE_MAX_TIMEOUT = 3600 | IDLE_MAX_TIMEOUT = 3600 | ||
</ | </ | ||
- | Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP. | ||
+ | FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP. | ||
< | < | ||
MAX_CONNECTION_NUMBER_PER_IP = 2 | MAX_CONNECTION_NUMBER_PER_IP = 2 | ||
</ | </ | ||
- | FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP. | ||
+ | To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts. | ||
< | < | ||
MAX_CONNECTION_TRY_PER_IP = 3 | MAX_CONNECTION_TRY_PER_IP = 3 | ||
</ | </ | ||
- | To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts. | ||
+ | |||
+ | To enforce security, you can set FORCE_TLS = true, clients will need to use SSL. | ||
< | < | ||
- | CERTIFICATE_PATH=/ | + | # Force usage of the TLS |
+ | # If enabled, only TLS connections will be allowed | ||
+ | FORCE_TLS | ||
</ | </ | ||
- | The path of the public certificate (needed only if TLS/SSL support is enabled). | ||
+ | Enables/ | ||
< | < | ||
ENABLE_PAM_AUTH = true | ENABLE_PAM_AUTH = true | ||
</ | </ | ||
- | Enables/ | ||
+ | The path of the public certificate (needed only if TLS/SSL support is enabled). | ||
< | < | ||
- | PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem | + | CERTIFICATE_PATH=/etc/uFTP/cert.pem |
</ | </ | ||
+ | |||
The path of the private certificate (needed only if TLS/SSL support is enabled). | The path of the private certificate (needed only if TLS/SSL support is enabled). | ||
+ | < | ||
+ | PRIVATE_CERTIFICATE_PATH=/ | ||
+ | </ | ||
+ | The range of random port will be used for data exchange between data and server for pasv mode. | ||
< | < | ||
RANDOM_PORT_START = 10000 | RANDOM_PORT_START = 10000 | ||
RANDOM_PORT_END | RANDOM_PORT_END | ||
</ | </ | ||
- | The range of random port will be used for data exchange between data and server for pasv mode. | ||
+ | You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set. | ||
+ | < | ||
+ | #USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT | ||
+ | #SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE | ||
+ | #IF NOT IN USE LEAVE IT COMMENTED OR BLANK | ||
+ | #USE , instad of . eg: 192,168,1,1 | ||
+ | SERVER_IP = 192,168,1,1 | ||
+ | </ | ||
+ | |||
+ | Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from " | ||
+ | Mandatory user list parameters: | ||
+ | **USER_**(N) is the FTP username parameter. | ||
+ | |||
+ | **PASSWORD_**(N) is the FTP password parameter written in plain text. | ||
+ | |||
+ | **HOME_**(N) is the user home path, every user can be limited inside a directory. | ||
+ | |||
+ | Option parameters: | ||
+ | **GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter. | ||
+ | |||
+ | **USER_NAME_OWNER_**(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter. | ||
+ | |||
+ | If one of the 2 optional parameter GROUP_NAME_OWNER_(N), | ||
< | < | ||
USER_0 = username | USER_0 = username | ||
Line 141: | Line 209: | ||
PASSWORD_2 = anotherPassowrd | PASSWORD_2 = anotherPassowrd | ||
HOME_2 = / | HOME_2 = / | ||
+ | |||
+ | #blocked user that are not allowed to login | ||
+ | BLOCK_USER_0 = user1 | ||
+ | BLOCK_USER_1 = user2 | ||
+ | BLOCK_USER_2 = user3 | ||
</ | </ | ||
- | Ftp users can be configured by using the user list pattern, | + | You can list in the format above the user you want to block the access, they will be rejected |
- | + | < | |
- | Mandatory user list parameters: | + | # |
- | **USER_**(N) is the FTP username parameter. | + | BLOCK_USER_0 = user1 |
- | + | BLOCK_USER_1 = user2 | |
- | **PASSWORD_**(N) is the FTP password parameter written in plain text. | + | BLOCK_USER_2 = user3 |
- | + | </ | |
- | **HOME_**(N) is the user home path, every user can be limited inside a directory. | + | |
- | + | ||
- | Option parameters: | + | |
- | **GROUP_NAME_OWNER_**(N) | + | |
- | + | ||
- | **USER_NAME_OWNER_**(N) if specified an existing | + | |
- | + | ||
- | If one of the 2 optional parameter GROUP_NAME_OWNER_(N), | + |
uftp-server-configuration.1669570310.txt.gz · Last modified: 2022/11/27 18:31 by kingk