How to install ProFTPd FTP Server on FreeBSD

FTP (File Transfer Protocol) is probably the most popular method of uploading files to a server. ProFTPD is a popular and easily configurable FTP server for Unix-like systems that supports SSL/TLS encryption.

This tutorial will show you how to set up the FTP Server on FreeBSD 12.0 using the ProFTPd server application. We will install the ProFTPd server, set up and secure the deployment with SSL/TLS security, and set up the FTP user.

Prerequisite

For this guide, we will use the FreeBSD operating system. The server has 1 GB of RAM and 2 CPUs.

What we will do:

  • Update and Upgrade Packages
  • Install ProFTPd
  • Configure ProFTPd
  • Setup SSL/TLS ProFTPd
  • Setup FTP User
  • Testing

Step 1 - Update and Upgrade Packages

Firstly, we will update the packages repository and upgrade all packages to the latest version using the pkg package management tool for FreeBSD.

Update all available repository and upgrade all packages to the latest version using the following command.

pkg update
pkg upgrade

Once all installation is complete, go to the next step and install the ProFTPd package.

Step 2 - Install ProFTPd

In this step, we're going to install the ProFTPd package. The FreeBSD repository provides the ProFTPd package and another module for the backend database, such as a module for MySQL, PostgreSQL, and SQLite databases.

Show all available ProFTPd package using the following command.

pkg search proftpd

And you will get the result as below.

Now install the ProFTPd package only using the pkg command below.

pkg install proftpd

Once the installation is complete, add the ProFTPd service to the system boots.

sysrc proftpd_enable=yes

Then start the ProFTPd service and check its status.

service proftpd start
service proftpd status

Now you will get the ProFTPd service is up and running on FreeBSD 12.0 system.

And by default, the service used the default FTP port '21'. Check the opened ports on the system using the sockstat command below.

sockstat -4 -l -P tcp

And you will get the ProFTPd service is running on port '21'.

Step 3 - Configure ProFTPd

Now we will configure our ProFTPd installation by editing its configuration on the '/usr/local/etc' directory.

Go to the '/usr/local/etc' directory and edit the configuration file 'proftpd.conf' using vim editor.

cd /usr/local/etc/
vim proftpd.conf

Change the 'ServerName' with your info and leave the port as default '21'.

ServerName    "Hakase-Labs ProFTPd Server"
Port          21

Turn off the IPv6 support and enable the jail for every user.

UseIPv6       off
DefaultRoot   ~

For additional configuration, add the configuration below to hide the server identity and disable the required valid shell for users log in.

# Hide Server Identity
ServerIdent   off
RequireValidShell  no

Now enable logs for ProFTPd system and every transfer on the system.

# Setup Log Files
TransferLog   /var/log/proftpd/xferlog
SystemLog     /var/log/proftpd/proftpd.log

Save and close.

Next, create the ProFTPd log directory '/var/log/proftpd'.

mkdir -p /var/log/proftpd

Then restart the ProFTP service using the following command.

service proftpd restart

As a result, the ProFTPd service has been restarted. And it's is up and running with the basic configuration.

Step 4 - Setup SSL/TLS ProFTPd

In this step, we will secure our ProFTPd installation by enabling the TLS module for ProFTPd server. We will enable the mod_tls module, then add additional TLS configuration to the ProFTPd config directory.

Before going any further, make sure you have got the SSL certificates. Then copy the certificate files to the '/usr/local/etc/ssl' directory.

cp /pat/to/ssl/*.pem /usr/local/etc/ssl/

Afterward, go to the '/usr/local/etc' directory and edit the ProFTPd configuration file 'proftpd.conf' using vim editor.

cd /usr/local/etc/
vim proftpd.conf

Add the 'Include' configuration below to the end of the line.

Include /usr/local/etc/proftpd/tls.conf

Save and close.

Next, create the 'tls.conf' configuration to the '/usr/local/etc/proftpd/' directory.

vim proftpd/tls.conf

Change details with your own and paste the configuration into it.

# Load the TLS Module
LoadModule mod_tls.c

# Define the SSL/TLS Configuration
<IfModule mod_tls.c>
TLSEngine                   on
TLSRSACertificateFile       /usr/local/etc/ssl/fullchain.pem
TLSRSACertificateKeyFile    /usr/local/etc/ssl/privkey.pem
TLSLog                      /var/log/proftpd/tls.log
TLSProtocol                 TLSv1.2
TLSRequired on
TLSVerifyClient             off
</IfModule>

Save and close.

Now restart the proFTPd service using the following command.

service proftpd restart

And as a result, the ProFTPd service is up and running with the SSL/TLS enabled on it. And you can transfer your files securely using the FTP to the server.

Step 5 - Setup FTP Users

In this step, we're going to set up a new FTP user. We will create a new system user with the home directory, with the password, but without the shell login.

Create a new user called 'hakase' with the home directory '/home/hakase' and with the default shell 'nologin'.

Run the command below.

adduser

Now type details as below.

Username: hakase
Full name: Hakase Labs
Uid (Leave empty for default):
Login group [hakase]:
Login group is hakase. Invite hakase into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]: nologin
Home directory [/home/hakase]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]: no
Use a random password? (yes/no) [no]: no
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : hakase
Password   : *****
Full Name  : Hakase Labs
Uid        : 1001
Class      :
Groups     : hakase
Home       : /home/hakase
Home Mode  :
Shell      : /usr/sbin/nologin
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (hakase) to the user database.
Add another user? (yes/no): no
Goodbye!

Now the new FTP user 'hakase' has been created.

Step 6 - Testing

This step will test our ProFTPd installation using the 'FileZilla' software. It can be installed on Mac, Windows, and Linux operating systems.

Open the Filezilla application and type the server details, username, password, and the FTP port '21'.

Now click the 'Quickconnect' button, and you will be asked to verify the SSL/TLS certificate.

Click 'Ok' to verify the server certificate.

As a result, you will be connected to the ProFTPd server. And you can transfer your files securly through the ProFTPd server with the SSL/TLS enabled on it.

The installation and configuration of the ProFTPd server on FreeBSD have been completed successfully.

Reference

Share this page:

0 Comment(s)