0

i'm trying to set up proftpd with virtual server settings, but there are always problems during connection.

I have two domains which are pointing to the same External IP Address:

ftp.domain.tld -> 1.2.3.4 ftp1.domain.tld -> 1.2.3.4

The connection should go over TLS.

So i created 2 virtual Server in the /etc/proftpd/proftpd.conf:

<VirtualHost ftp.domain.tld>


    ServerName          "FTP Server"
    RequireValidShell   no
    TransferLog         /var/log/proftpd/xferlog.ftp
    MaxClients          50
    DefaultServer       on
    DefaultRoot         ~ ftpuser
    AllowOverwrite      yes
    TimeoutLogin        120
    TimeoutIdle         600
    TimeoutNoTransfer   900

    <Limit LOGIN>
        DenyGroup !ftpuser
    </Limit>

<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/log/proftpd/tls.log
        TLSProtocol SSLv3
        TLSRSACertificateFile /etc/letsencrypt/live/ftp.domain.tld/cert.pem
        TLSRSACertificateKeyFile /etc/letsencrypt/live/ftp.domain.tld/privkey.pem
        TLSCACertificateFile /etc/letsencrypt/live/ftp.domain.tld/chain.pem
        TLSVerifyClient no
        TLSRequired on
        TLSRenegotiate required off
        TLSOptions NoSessionReuseRequired
</IfModule>
</VirtualHost>


<VirtualHost ftp1.domain.tld>


    ServerName          "FTP 1 Server"
    RequireValidShell   no
    TransferLog         /var/log/proftpd/xferlog.ftp1
    MaxClients          50
    DefaultServer       on
    DefaultRoot         ~ ftpuser1
    AllowOverwrite      yes
    TimeoutLogin        120
    TimeoutIdle         600
    TimeoutNoTransfer   900
    
    <Limit LOGIN>
        DenyGroup !ftpuser1
    </Limit>

<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/log/proftpd/tls.log
        TLSProtocol SSLv3
        TLSRSACertificateFile /etc/letsencrypt/live/ftp1.domain.tld/cert.pem
        TLSRSACertificateKeyFile /etc/letsencrypt/live/ftp1.domain.tld/privkey.pem
        TLSCACertificateFile /etc/letsencrypt/live/ftp1.domain.tld/chain.pem
        TLSVerifyClient no
        TLSRequired on
        TLSRenegotiate required off
        TLSOptions NoSessionReuseRequired
</IfModule>
</VirtualHost>

When i try to connect i get the following Error Code:

Antwort:    220 ProFTPD Server (ProFTPD Default Installation) 
Befehl: AUTH TLS
Antwort:    500 AUTH not understood
Befehl: AUTH SSL
Antwort:    500 AUTH not understood

Can someone help me?

What i would like to do in the end is:

  • connect to this 2 domains with ssl connection

  • vhost 1 has its own users and directory

  • vhost 2 has its own users and directory

  • use the same ports for both virtual hosts (21)

Is that possible?

Best regards

sangul

Improve this question
3
  • "TLSProtocol SSLv3" - enforcing SSL 3.0 is a serious security problem and apart from that makes it impossible to have different virtual hosts on the same IP address (no SNI extension supported). I recommend that you look into the logs of the server for information of what might be wrong here. Commented Dec 15, 2021 at 8:05
  • Hello Steffen, ok but according to this, it sould work: Note that with the advent of RFC 7151, FTP now has a HOST command for supporting true name-based virtual hosts, just as the Host header does for HTTP 1.1. And ProFTPD implements this HOST command as of the 1.3.6rc1 release. To use it, you can either simply use DNS names in your <VirtualHost> section, like so: <VirtualHost mysite.example.com> Commented Dec 15, 2021 at 9:27
  • Interesting. But a) does your client actually support and use this host command and b) did you look into the logs of your server? Commented Dec 15, 2021 at 9:37

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.