xiaoysh8 · September 30, 2017 05:29
diff --git a/setup vsftpd b/setup vsftpd
 ##setup vsftpd
 ###install vsftpd
  sudo apt update
  sudo apt install vsftpd
 ###add user
  useradd ftpuser -p <password>  -g ftp -d /var/www -s bin/false
  //user home
  sudo usermod -d /var/www ftpuser
  sudo usermod -G www-data ftpuser //将用户ami8加入到www-data群中
  chmod -R ug+rw /home/ftpfolder
  usermod -g www-data ftpuser //将ftp用户加入到www-data组里
  //add user no home and add to existing fpt group
 ###configuration
 //no anonymous user access in vsftpd.conf
  anonymous_enable=NO
  write_enable=YES //可上传
  chroot_local_user=YES //限制用户在用户目录
  local_umask=022 //设定权限
  echo 'allow_writeable_chroot=YES' >> /etc/vsftpd/vsftpd.conf //增加根目录可写权限
  /usr/sbin/nologin add to /etc/shells
  local_mask=012
  //take effect
  sudo restart vsftpd
 ###SSL vsftpd
  sudo vi /etc/vsftpd.conf
  //create ssl certificatition.
  sudo openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
  //add
  rsa_cert_file=/etc/ssl/private/vsftpd.pem
  rsa_private_key_file=/etc/ssl/private/vsftpd.pem
  //After that, we will add the following lines to force SSL. This will restrict clients that can't deal with TLS, but that is what we want.
  ssl_enable=YES
  allow_anon_ssl=NO
  force_local_data_ssl=YES
  force_local_logins_ssl=YES
  //After this we configure the server to use TLS, which is actually a successor to SSL, and preferred.
  ssl_tlsv1=YES
  ssl_sslv2=NO
  ssl_sslv3=NO
  //Finally, we will require add some additional options to flesh out our configuration file.
  require_ssl_reuse=NO
  ssl_ciphers=HIGH
  //Debuging. The default log file is /var/log/vsftpd.log.
  debug_ssl=YES

  //question
  状态: 服务器发回了不可路由的地址。使用服务器地址代替。
  解决方法：更改Filezilla设置，编辑-设置-连接-FTP-被动模式，将“使用服务器的外部ip地址来代替”改为“回到主动模式”即可。
	##setup vsftpd
	###install vsftpd
	sudo apt update
	sudo apt install vsftpd
	###add user
	useradd ftpuser -p <password> -g ftp -d /var/www -s bin/false
	//user home
	sudo usermod -d /var/www ftpuser
	sudo usermod -G www-data ftpuser //将用户ami8加入到www-data群中
	chmod -R ug+rw /home/ftpfolder
	usermod -g www-data ftpuser //将ftp用户加入到www-data组里
	//add user no home and add to existing fpt group
	###configuration
	//no anonymous user access in vsftpd.conf
	anonymous_enable=NO
	write_enable=YES //可上传
	chroot_local_user=YES //限制用户在用户目录
	local_umask=022 //设定权限
	echo 'allow_writeable_chroot=YES' >> /etc/vsftpd/vsftpd.conf //增加根目录可写权限
	/usr/sbin/nologin add to /etc/shells
	local_mask=012
	//take effect
	sudo restart vsftpd
	###SSL vsftpd
	sudo vi /etc/vsftpd.conf
	//create ssl certificatition.
	sudo openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
	//add
	rsa_cert_file=/etc/ssl/private/vsftpd.pem
	rsa_private_key_file=/etc/ssl/private/vsftpd.pem
	//After that, we will add the following lines to force SSL. This will restrict clients that can't deal with TLS, but that is what we want.
	ssl_enable=YES
	allow_anon_ssl=NO
	force_local_data_ssl=YES
	force_local_logins_ssl=YES
	//After this we configure the server to use TLS, which is actually a successor to SSL, and preferred.
	ssl_tlsv1=YES
	ssl_sslv2=NO
	ssl_sslv3=NO
	//Finally, we will require add some additional options to flesh out our configuration file.
	require_ssl_reuse=NO
	ssl_ciphers=HIGH
	//Debuging. The default log file is /var/log/vsftpd.log.
	debug_ssl=YES

	//question
	状态: 服务器发回了不可路由的地址。使用服务器地址代替。
	解决方法：更改Filezilla设置，编辑-设置-连接-FTP-被动模式，将“使用服务器的外部ip地址来代替”改为“回到主动模式”即可。