ftp.config

Type: object

Type: array
No Additional Items

FtpEntry

Type: object
No Additional Properties

Id

Type: integer

Placeholder identifier. Not used as there is only one.

Port

Type: integer

TCP port number on which the FTP service listens for incoming connections.

Value must be greater or equal to 1 and lesser or equal to 65535

Clients

Type: integer

Maximum number of simultaneous client connections allowed.

Value must be greater or equal to 1 and lesser or equal to 10000

Ipconnections

Type: integer

Maximum number of connections allowed from a single IP address. 0 means unlimited.

Value must be greater or equal to 0 and lesser or equal to 1000

Loginattempt

Type: integer

Maximum number of failed login attempts before blocking an IP address. 0 disables this limit.

Value must be greater or equal to 0 and lesser or equal to 1000

Timeout

Type: integer

Idle timeout in seconds before disconnecting inactive clients. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Timeout Notransfer

Type: integer

Timeout in seconds for clients that connect but do not transfer data. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Onlyanonymous

Type: boolean

Whether to allow only anonymous FTP access, disabling authenticated user login.

Anonpath


Filesystem path for anonymous FTP users. null to use the default anonymous FTP directory.

Type: string
Type: null

Onlylocal

Type: boolean

Whether to allow only local system users to login, disabling anonymous access.

Banner

Type: string

Welcome message displayed to FTP clients upon connection.

Filemask

Type: string

Default Unix permissions (umask) for files created by FTP users.

Dirmask

Type: string

Default Unix permissions (umask) for directories created by FTP users.

Fxp

Type: boolean

Whether to enable File eXchange Protocol (FXP) for server-to-server transfers.

Resume

Type: boolean

Whether to allow clients to resume interrupted file transfers.

Defaultroot

Type: boolean

Whether to restrict users to their home directories (chroot jail).

Ident

Type: boolean

Whether to perform RFC 1413 ident lookups on connecting clients.

Reversedns

Type: boolean

Whether to perform reverse DNS lookups on client IP addresses for logging.

Masqaddress

Type: string

Public IP address to advertise to clients for passive mode connections when behind NAT.

Passiveportsmin

Type: integer

Minimum port number for passive mode data connections. Must be 0 or between 1024-65535.

Passiveportsmax

Type: integer

Maximum port number for passive mode data connections. Must be 0 or between 1024-65535.

Localuserbw

Type: integer

Maximum upload bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Localuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserbw

Type: integer

Maximum upload bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Tls

Type: boolean

Whether to enable TLS/SSL encryption for FTP connections.

Tls Policy

Type: enum (of string)

TLS policy for connections. Values include: "on" (required), "off" (disabled), "data" (data only), "auth" (authentication only), "ctrl" (control only), or combinations with + and ! modifiers.

Must be one of:
  • ""
  • "on"
  • "off"
  • "data"
  • "!data"
  • "auth"
  • "ctrl"
  • "ctrl+data"
  • "ctrl+!data"
  • "auth+data"
  • "auth+!data"

Tls Opt Allow Client Renegotiations

Type: boolean

Whether to allow TLS clients to initiate renegotiation of the TLS connection.

Tls Opt Allow Dot Login

Type: boolean

Whether to allow .ftpaccess files to override TLS requirements for specific users.

Tls Opt Allow Per User

Type: boolean

Whether to allow per-user TLS configuration overrides.

Tls Opt Common Name Required

Type: boolean

Whether to require client certificates to have a Common Name field.

Tls Opt Enable Diags

Type: boolean

Whether to enable detailed TLS diagnostic logging.

Tls Opt Export Cert Data

Type: boolean

Whether to export client certificate data to environment variables.

Tls Opt No Empty Fragments

Type: boolean

Whether to disable empty TLS record fragments to improve compatibility with some clients. Disabling increases vulnerability to some attack vectors.

Tls Opt No Session Reuse Required

Type: boolean

Whether to disable the requirement for TLS session reuse.

Tls Opt Stdenvvars

Type: boolean

Whether to export standard TLS environment variables for use by external programs.

Tls Opt Dns Name Required

Type: boolean

Whether to require client certificates to contain a DNS name in the Subject Alternative Name extension. The reversedns setting must also be enabled.

Tls Opt Ip Address Required

Type: boolean

Whether to require client certificates to contain an IP address in the Subject Alternative Name extension.

Ssltls Certificate


ID of the certificate to use for TLS/SSL connections. null to use the default system certificate.

Type: integer
Type: null

Options

Type: string

Additional ProFTPD configuration directives to include in the server configuration. Manual directives may render the FTP service non-functional and should be used with caution.


Required roles: SHARING_FTP_READ