Hero Image

Pure-ftp setup (inlcuding virtualusers and letsencrypt) under ubuntu

Install pure-ftp

apt-get update
apt-get install pure-ftpd

Ensure File /etc/inetd.conf has ftp commented out File /etc/default/pure-ftpd-common STANDALONE_OR_INETD=standalone

Add ftp users group

groupadd ftpusers

Add ftp user - ftpuser or any other id as preferred

useradd -g ftpusers -d /dev/null -s /bin/false ftpuser

Home dir for all ftp users

mkdir /home/ftpusers

Create directory for each ftp user

mkdir /home/ftpusers/alice
pure-pw useradd alice -u ftpuser -d /home/ftpusers/alice
pure-pw mkdb
ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd
ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb
ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB

Edit /etc/pure-ftpd/conf/UnixAuthentication, entry "no" without quotes

chown ftpuser:ftpusers /home/ftpusers
chown -R ftpuser:ftpusers /home/ftpusers/*

Edit /etc/pure-ftpd/conf/PassivePortRange, add entry 1024 1048 Edit /etc/pure-ftpd/conf/ForcePassiveIP, add entry "your_public_ip" Ensure inbound is allowed on ports 20-21, 1024-1048

To enable both plain-text and TLS encryption
echo "1" > /etc/pure-ftpd/conf/TLS
Or disable plain-text and use TLS encryption only
echo "2" > /etc/pure-ftpd/conf/TLS

Obtaining a TLS Certificate

apt install -y certbot
certbot certonly --standalone --agree-tos --cert-name ftp.yourdomain.tld -n -m [email protected] -d ftp.yourdomain.tld -d ftp2.yourdomain.tld --pre-hook "service apache2 stop" --post-hook "service apache2 start"

Certificate will be save at /etc/letsencrypt/live/ftp.yourdomain.tld/ directory.

Installing the Certificate

Pure FTPd requires that the certificate and private key are combined into one file named pure-ftpd.pem and stored under /etc/ssl/private/ directory.

echo $(certbot certonly --standalone --agree-tos --cert-name ftp.yourdomain.tld -n -m [email protected] -d ftp.yourdomain.tld -d ftp2.yourdomain.tld --pre-hook "service apache2 stop" --post-hook "service apache2 start") \
&& cd /etc/letsencrypt/live/ftp.yourdomain.tld/ \
&& cat cert.pem privkey.pem > pure-ftpd.pem \
&& rm /etc/ssl/private/pure-ftpd.pem \
&& mv pure-ftpd.pem /etc/ssl/private/ \
&& chmod 600 /etc/ssl/private/pure-ftpd.pem \
&& service pure-ftpd restart
echo "DONE CERT IS INSTALLED!"
service pure-ftpd restart

Other Related Posts: