user-access/rootfs/etc/confd/templates/proftpd.conf.tmpl

ServerName "{{getenv "SERVER_NAME"}}"
ServerType standalone
DefaultServer on
Port 21
UseIPv6 off
Umask 006 007
MaxInstances 30
User proftp
Group proftp
DefaultRoot /var/lib/proftp/data
DefaultChdir /var/lib/proftp/data
AllowOverwrite on
RequireValidShell off

PassivePorts {{getenv "PASSIVE_LOWER_BOUND"}} {{getenv "PASSIVE_UPPER_BOUND"}}

<Limit SITE_CHMOD>
  DenyAll
</Limit>

<IfModule mod_tls.c>
    TLSEngine on
    TLSProtocol {{getenv "TLS_PROTOCOL" "TLSv1.2"}}
    TLSRequired on

    TLSRSACertificateFile /etc/ssl/proftp/{{getenv "CERT_NAME" "fullchain.pem"}}
    TLSRSACertificateKeyFile /etc/ssl/proftp/{{getenv "KEY_NAME" "privkey.pem"}}

    TLSVerifyClient off
    TLSServerCipherPreference on
    TLSSessionCache internal: 1800
    TLSCipherSuite {{getenv "TLS_CIPHERS" "AES128+EECDH:AES128+EDH"}}
</IfModule>

<IfModule mod_ldap.c>
    AuthOrder mod_ldap.c
    
    LDAPAttr uid cn
    
    LDAPServer {{getenv "LDAP_URI"}}
    LDAPUseTLS {{getenv "LDAP_USE_TLS" "on"}}
    LDAPAuthBinds {{getenv "LDAP_USE_AUTH_BIND" "on"}}
    LDAPBindDN "{{getenv "LDAP_BIND_DN"}}" {{getenv "LDAP_BIND_PASSWORD"}}

    LDAPUsers {{getenv "LDAP_BASE"}} "{{getenv "LDAP_FILTER"}}"
    LDAPSearchScope subtree
    LDAPDefaultUID 2222
    LDAPDefaultGID 2222
    LDAPForceDefaultUID on
    LDAPForceDefaultGID on
    LDAPGenerateHomedir on
    LDAPGenerateHomedirPrefix /var/lib/proftp/data
    LDAPForceGeneratedHomedir on
</IfModule>