maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Added TLS by default for Gentoo

Browse Source
This commit is contained in:
Johannes Feichtner
2016-02-27 21:03:14 +01:00
parent 45bf41db4c
commit f4a9152d8f
1 changed files with 57 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/configfiles/gentoo.xml
View File

@@ -2871,6 +2871,11 @@ MAILDIRPATH=.maildir
<daemon name="proftpd" title="ProFTPd" default="true">
<command><![CDATA[echo "net-ftp/proftpd mysql" >> /etc/portage/package.use]]></command>
<install><![CDATA[emerge net-ftp/proftpd]]></install>
<commands>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd.crt ] || openssl req -new -x509 -newkey rsa:4096 -days 3650 -nodes -out /etc/ssl/certs/proftpd.crt -keyout /etc/ssl/private/proftpd.key -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[[ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=<SERVERNAME>"]]></command>
<command><![CDATA[chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key]]></command>
</commands>
<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
backup="true">
<content><![CDATA[
@@ -2947,20 +2952,23 @@ SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, b
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
# TLS settings
#<IfModule mod_tls.c>
#TLSEngine on
#TLSLog /var/log/proftpd-tls.log
#TLSProtocol SSLv23
#TLSTimeoutHandshake 120
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-tls.log
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
#TLSTimeoutHandshake 120
# Really important for WinClients and some clients
#TLSOptions NoCertRequest NoSessionReuseRequired
#TLSRSACertificateFile /etc/ssl/server/<SERVERNAME>.crt
#TLSRSACertificateKeyFile /etc/ssl/server/<SERVERNAME>.key
TLSOptions NoCertRequest NoSessionReuseRequired
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
# Authenticate client that want to use FTP over TLS?
#TLSVerifyClient off
TLSVerifyClient off
# Uncomment the following line to force tls login
#TLSRequired off
#</IfModule>
#TLSRequired on
</IfModule>
# LOG settings
# Logging Formats