How to install ProFTPd FTP Server on FreeBSD
FTP (File Transfer Protocol) is probably the most popular method of uploading files to a server. ProFTPD is a popular and easily configurable FTP server for Unix-like systems that supports SSL/TLS encryption.
This tutorial will show you how to set up the FTP Server on FreeBSD 12.0 using the ProFTPd server application. We will install the ProFTPd server, set up and secure the deployment with SSL/TLS security, and set up the FTP user.
Prerequisite
For this guide, we will use the FreeBSD operating system. The server has 1 GB of RAM and 2 CPUs.
What we will do:
- Update and Upgrade Packages
- Install ProFTPd
- Configure ProFTPd
- Setup SSL/TLS ProFTPd
- Setup FTP User
- Testing
Step 1 - Update and Upgrade Packages
Firstly, we will update the packages repository and upgrade all packages to the latest version using the pkg package management tool for FreeBSD.
Update all available repository and upgrade all packages to the latest version using the following command.
pkg update
pkg upgrade
Once all installation is complete, go to the next step and install the ProFTPd package.
Step 2 - Install ProFTPd
In this step, we're going to install the ProFTPd package. The FreeBSD repository provides the ProFTPd package and another module for the backend database, such as a module for MySQL, PostgreSQL, and SQLite databases.
Show all available ProFTPd package using the following command.
pkg search proftpd
And you will get the result as below.
Now install the ProFTPd package only using the pkg command below.
pkg install proftpd
Once the installation is complete, add the ProFTPd service to the system boots.
sysrc proftpd_enable=yes
Then start the ProFTPd service and check its status.
service proftpd start
service proftpd status
Now you will get the ProFTPd service is up and running on FreeBSD 12.0 system.
And by default, the service used the default FTP port '21'. Check the opened ports on the system using the sockstat command below.
sockstat -4 -l -P tcp
And you will get the ProFTPd service is running on port '21'.
Step 3 - Configure ProFTPd
Now we will configure our ProFTPd installation by editing its configuration on the '/usr/local/etc' directory.
Go to the '/usr/local/etc' directory and edit the configuration file 'proftpd.conf' using vim editor.
cd /usr/local/etc/
vim proftpd.conf
Change the 'ServerName' with your info and leave the port as default '21'.
ServerName "Hakase-Labs ProFTPd Server"
Port 21
Turn off the IPv6 support and enable the jail for every user.
UseIPv6 off
DefaultRoot ~
For additional configuration, add the configuration below to hide the server identity and disable the required valid shell for users log in.
# Hide Server Identity
ServerIdent off
RequireValidShell no
Now enable logs for ProFTPd system and every transfer on the system.
# Setup Log Files
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
Save and close.
Next, create the ProFTPd log directory '/var/log/proftpd'.
mkdir -p /var/log/proftpd
Then restart the ProFTP service using the following command.
service proftpd restart
As a result, the ProFTPd service has been restarted. And it's is up and running with the basic configuration.
Step 4 - Setup SSL/TLS ProFTPd
In this step, we will secure our ProFTPd installation by enabling the TLS module for ProFTPd server. We will enable the mod_tls module, then add additional TLS configuration to the ProFTPd config directory.
Before going any further, make sure you have got the SSL certificates. Then copy the certificate files to the '/usr/local/etc/ssl' directory.
cp /pat/to/ssl/*.pem /usr/local/etc/ssl/
Afterward, go to the '/usr/local/etc' directory and edit the ProFTPd configuration file 'proftpd.conf' using vim editor.
cd /usr/local/etc/
vim proftpd.conf
Add the 'Include' configuration below to the end of the line.
Include /usr/local/etc/proftpd/tls.conf
Save and close.
Next, create the 'tls.conf' configuration to the '/usr/local/etc/proftpd/' directory.
vim proftpd/tls.conf
Change details with your own and paste the configuration into it.
# Load the TLS Module
LoadModule mod_tls.c
# Define the SSL/TLS Configuration
<IfModule mod_tls.c>
TLSEngine on
TLSRSACertificateFile /usr/local/etc/ssl/fullchain.pem
TLSRSACertificateKeyFile /usr/local/etc/ssl/privkey.pem
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1.2
TLSRequired on
TLSVerifyClient off
</IfModule>
Save and close.
Now restart the proFTPd service using the following command.
service proftpd restart
And as a result, the ProFTPd service is up and running with the SSL/TLS enabled on it. And you can transfer your files securely using the FTP to the server.
Step 5 - Setup FTP Users
In this step, we're going to set up a new FTP user. We will create a new system user with the home directory, with the password, but without the shell login.
Create a new user called 'hakase' with the home directory '/home/hakase' and with the default shell 'nologin'.
Run the command below.
adduser
Now type details as below.
Username: hakase
Full name: Hakase Labs
Uid (Leave empty for default):
Login group [hakase]:
Login group is hakase. Invite hakase into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]: nologin
Home directory [/home/hakase]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]: no
Use a random password? (yes/no) [no]: no
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : hakase
Password : *****
Full Name : Hakase Labs
Uid : 1001
Class :
Groups : hakase
Home : /home/hakase
Home Mode :
Shell : /usr/sbin/nologin
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (hakase) to the user database.
Add another user? (yes/no): no
Goodbye!
Now the new FTP user 'hakase' has been created.
Step 6 - Testing
This step will test our ProFTPd installation using the 'FileZilla' software. It can be installed on Mac, Windows, and Linux operating systems.
Open the Filezilla application and type the server details, username, password, and the FTP port '21'.
Now click the 'Quickconnect' button, and you will be asked to verify the SSL/TLS certificate.
Click 'Ok' to verify the server certificate.
As a result, you will be connected to the ProFTPd server. And you can transfer your files securly through the ProFTPd server with the SSL/TLS enabled on it.
The installation and configuration of the ProFTPd server on FreeBSD have been completed successfully.