Install pure-ftp
apt-get update
apt-get install pure-ftpd
Ensure
File /etc/inetd.conf has ftp
commented out
File /etc/default/pure-ftpd-common STANDALONE_OR_INETD=standalone
Add ftp users group
groupadd ftpusers
Add ftp user - ftpuser or any other id as preferred
useradd -g ftpusers -d /dev/null -s /bin/false ftpuser
Home dir for all ftp users
mkdir /home/ftpusers
Create directory for each ftp user
mkdir /home/ftpusers/alice
pure-pw useradd alice -u ftpuser -d /home/ftpusers/alice
pure-pw mkdb
ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd
ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb
ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
Edit /etc/pure-ftpd/conf/UnixAuthentication, entry "no" without quotes
chown ftpuser:ftpusers /home/ftpusers
chown -R ftpuser:ftpusers /home/ftpusers/*
Edit /etc/pure-ftpd/conf/PassivePortRange, add entry 1024 1048 Edit /etc/pure-ftpd/conf/ForcePassiveIP, add entry "your_public_ip" Ensure inbound is allowed on ports 20-21, 1024-1048
To enable both plain-text and TLS encryption
echo "1" > /etc/pure-ftpd/conf/TLS
Or disable plain-text and use TLS encryption only
echo "2" > /etc/pure-ftpd/conf/TLS
Obtaining a TLS Certificate
apt install -y certbot
certbot certonly --standalone --agree-tos --cert-name ftp.yourdomain.tld -n -m [email protected] -d ftp.yourdomain.tld -d ftp2.yourdomain.tld --pre-hook "service apache2 stop" --post-hook "service apache2 start"
Certificate will be save at /etc/letsencrypt/live/ftp.yourdomain.tld/ directory.
Installing the Certificate
Pure FTPd requires that the certificate and private key are combined into one file named pure-ftpd.pem and stored under /etc/ssl/private/ directory.
echo $(certbot certonly --standalone --agree-tos --cert-name ftp.yourdomain.tld -n -m [email protected] -d ftp.yourdomain.tld -d ftp2.yourdomain.tld --pre-hook "service apache2 stop" --post-hook "service apache2 start") \
&& cd /etc/letsencrypt/live/ftp.yourdomain.tld/ \
&& cat cert.pem privkey.pem > pure-ftpd.pem \
&& rm /etc/ssl/private/pure-ftpd.pem \
&& mv pure-ftpd.pem /etc/ssl/private/ \
&& chmod 600 /etc/ssl/private/pure-ftpd.pem \
&& service pure-ftpd restart
echo "DONE CERT IS INSTALLED!"
service pure-ftpd restart