ProFTPD Plugin for unRAID v6.8.x


SlrG

Recommended Posts

  • 4 weeks later...
  • 3 weeks later...

Hi,

 

I could not start the FTP server without any idea. Could someone help me?

In addition, I cannot view Edit proftpd.conf session in unraid.

 

=======Configuration file=====

 

# Server Settings
ServerName              ProFTPd
ServerType              standalone
DefaultServer           on
PidFile                 /var/run/ProFTPd/ProFTPd.pid

# Port 21 is the standard FTP port. You propably should not connect to the
# internet with this port. Make your router forward another port to
# this one instead.
Port                    21

# Set the user and group under which the server will run.
User                    nobody
Group                   users

# Prevent DoS attacks
MaxInstances            30

# Speedup Login
UseReverseDNS           off
IdentLookups            off

# Control Logging - comment and uncomment as needed
# If logging Directory is world writeable the server won't start!
# If no SystemLog is defined proftpd will log to servers syslog.
#SystemLog               NONE
SystemLog               /boot/config/plugins/ProFTPd/slog
#TransferLog             NONE
TransferLog             /boot/config/plugins/ProFTPd/xferlog
#WtmpLog                 NONE
WtmpLog            /boot/config/plugins/ProFTPd/WtmpLog

# As a security precaution prevent root and other users in
# /etc/ftpuser from accessing the FTP server.
UseFtpUsers             on
RootLogin               off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# "Jail" FTP-Users into their home directory. (chroot)
# The root directory has to be set in the description field
# when defining an user:
# ftpuser /mnt/cache/FTP
# See README for more information.
DefaultRoot ~

# Shell has to be set when defining an user. As a security precaution
# it is set to "/bin/false" as FTP-Users should not have shell access.
# This setting makes proftpd accept invalid shells.
RequireValidShell       no

# Normally, we want files to be overwriteable.
AllowOverwrite          on


# Added by Tom Wong 20191130
# Allow to restart a download 
AllowStoreRestart              on
 

 

=== Webserver configuration in unraid====

Enable ProFTPd: Yes

Webserver available: Yes

Webserver Path: /mnt/user/appdata/

Webserver Port: 8088

 

 

 

 

 

 

Regards,

Tom

Link to comment

The functionality to edit the proftpd.conf file from the plugins settings page is sadly currently broken. You have to open a shell window and use nano (or any other editor of your choice) to edit /etc/proftpd.conf.

 

If you have your log files on the flash, like your config file suggests, the server will propably run into problems and not start, as the file system of the flash doesn't support access rights and is therefore deemed insecure by proftpd. If you don't want to log into the syslog, I recommend to create a folder on the array to host the log files and set the correct access rights for that. (not world writeable)

 

Make sure you can access the ftp by a normal client (e.g. FileZilla) first before trying more advanced stuff like trying to run some backup software.

 

It might be necessary to enable Debug Logging, to maybe get more information on the problem. See here.

Link to comment
On 12/1/2019 at 5:46 AM, SlrG said:

The functionality to edit the proftpd.conf file from the plugins settings page is sadly currently broken. You have to open a shell window and use nano (or any other editor of your choice) to edit /etc/proftpd.conf.

 

If you have your log files on the flash, like your config file suggests, the server will propably run into problems and not start, as the file system of the flash doesn't support access rights and is therefore deemed insecure by proftpd. If you don't want to log into the syslog, I recommend to create a folder on the array to host the log files and set the correct access rights for that. (not world writeable)

 

Make sure you can access the ftp by a normal client (e.g. FileZilla) first before trying more advanced stuff like trying to run some backup software.

 

It might be necessary to enable Debug Logging, to maybe get more information on the problem. See here.

 

Thanks for your advice. I finally can upload the file through proftpd to upload file to destination folder which is created by other user account (not nobody users).

 

a) can upload to below new created folder

drwxrwxrwx 1 starslight users 28 Dec  3 22:54 DCIM/

 

But when I change destination folder and try to upload file again, it didn't work again.

 

b) cannot upload to existing folder

drwxrwxrwx 1 nobody users  96 Dec  1 22:07 DCIM/

 

c) error in slog

2019-12-03 23:29:15,436 Tower proftpd[30059] 127.0.0.1: ProFTPD 1.3.6 (stable) (built Thu Mar 14 2019 17:45:29 CET) standalone mode STARTUP
2019-12-03 15:30:03,039 Tower proftpd[30649] 127.0.0.1 (192.168.1.43[192.168.1.43]): notice: user twftp: aborting transfer: Broken pipe
2019-12-03 15:30:26,155 Tower proftpd[30649] 127.0.0.1 (192.168.1.43[192.168.1.43]): notice: user twftp: aborting transfer: Data connection closed

 

anything I miss for proftpd setup?? 

Link to comment

Its a bit hard for me to understand, as I am not a native English speaker.

 

How are the upload folders created? Through the shell console or through the ftp client?

As they are both user, group and world writeable, there should be no problems uploading to both of them in theory.

 

Can you give me the full paths of both users DCIM folders on your array?

What is the error message, when trying to upload to the nobody users DCIM?

 

Which ftp client do you use? Please try with FileZilla if it works and only then try another client.

 

I'm guessing from your description you are trying to upload not a file, but a folder with 10000+ files within it. I have never tried to upload  such a large number of files. I can only recommend trying with a single or a few files first and expanding from that.

 

Also please enable debug logging as described in the link above, to maybe get more information on what is going wrong.

Edited by SlrG
typo
Link to comment

(As a side note, a folder with many thousands of files in  will take *much* longer to transfer than a folder with a series of sub-folders containing the same files broken into a couple of hundred in each folder.  Long story short, a web-app I built lasted much longer than I expected - I hadn't really planned that an uploaded images folder would contain hundreds of thousands of thumbnails.  Backing them up over FTP, many days.  Rewriting system to store in sub-folders, couple of hours backup.)

Link to comment

@jenga201

In theory this is of course possible. But It might be necessary to add a new dependency on the openldap package which is not default on unRAID. Sadly I don't have the time at the moment to check out possible negative side affects. The plugin is heavily integrated info the unRAID user management and intended to use only that.

 

For a more ambitious setup it is better and far easier to setup a VM with a more flexible linux distro than unRAIDs Slackware. Within debian and ubuntu for example there are addon packages for proftpd with ldap that can be installed without compiling. Pointing to the shares on your unRAID for data storage should give you what you want without possible adverse effects.

Edited by SlrG
typo
Link to comment
8 hours ago, SlrG said:

@jenga201

In theory this is of course possible. But It might be necessary to add a new dependency on the openldap package which is not default on unRAID. Sadly I don't have the time at the moment to check out possible negative side affects. The plugin is heavily integrated info the unRAID user management and intended to use only that.

 

For a more ambitious setup it is better and far easier to setup a VM with a more flexible linux distro than unRAIDs Slackware. Within debian and ubuntu for example there are addon packages for proftpd with ldap that can be installed without compiling. Pointing to the shares on your unRAID for data storage should give you what you want without possible adverse effects.

Ok, Thanks for your response.

Link to comment
  • 3 weeks later...
On 6/30/2013 at 12:23 AM, Necrotic said:

Setting up SSL (YMMV, these are the settings I set for myself that I was able to get to work. Any change suggestions welcome)

 

1) Stop Proftpd (just in case)

 

2) Login through telnet and paste the following two lines in order. Please note I had to specify the config file (for some reason the default is .cnf but the one I had in my ssl folder is .cfg)

 


mkdir /boot/config/plugins/proftpd/ssl/
openssl req -new -x509 -config /etc/ssl/openssl.cfg -days 3650 -nodes -out /boot/config/plugins/proftpd/ssl/ftp.cert.pem -keyout /boot/config/plugins/proftpd/ssl/ftp.key.pem
 

 

 

3) Add following to the end of your proftpd.conf

 


<IfModule mod_tls.c>
TLSEngine on

TLSLog /var/log/proftpd.tls.log

TLSProtocol SSLv23 TLSv1

TLSOptions NoCertRequest NoSessionReuseRequired 

TLSRSACertificateFile /boot/config/plugins/proftpd/ssl/ftp.cert.pem

TLSRSACertificateKeyFile /boot/config/plugins/proftpd/ssl/ftp.key.pem

TLSVerifyClient off

TLSRequired on

</IfModule>
 

 

 

4) Start Proftpd again and log in. Remember to enable TLS/SSL authentication for your client.

 

 

 

Hey Guys!

 

I am quite new to unraid and proftpd. I am on Unraid 6.8.0 and ProFTPd 2019.05.26. The plugin works fine. Super easy to configure, Now I wanted to secure the data connection via TLS.

 

I followed the steps above, but have problems to perform step 2. I get following result:

 

 openssl req -new -x509 -config /etc/ssl/openssl.cfg -days 3650 -nodes -out /boot/config/plugins/proftpd/ssl/ftp.cert.pem -keyout /boot/config/plugins/proftpd/ssl/ftp.key.pem
Can't open /etc/ssl/openssl.cfg for reading, No such file or directory
22933469050688:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/etc/ssl/openssl.cfg','r')
22933469050688:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
Generating a RSA private key
........................................................................................................+++++
.................+++++
writing new private key to '/boot/config/plugins/proftpd/ssl/ftp.key.pem'
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
22933469050688:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:crypto/conf/conf_lib.c:269:

Is there something I am missing. I mean the post is from 2013. Are there new commands?

 

Seems that /openssl.cfg is missing. What does it mean? Do I need to install something more?

 

Thanks!

Link to comment
  • 3 weeks later...

I would like to setup ProFTPd to write to my cache drive and then invoke the mover at night so i can enjoy the benefit of faster xfer speeds.  That, along with SFTP or FTPS would be awesome but mainly, for now, writing to the cache drive would be great.  :)

 

What is the best way to approach this?  I have already installed and tested the server using flashFXP (windows) and it does write (slowly) to the array.

 

Any help is greatly appreciated!

Link to comment
1 hour ago, danktankk said:

I would like to setup ProFTPd to write to my cache drive and then invoke the mover at night so i can enjoy the benefit of faster xfer speeds.  That, along with SFTP or FTPS would be awesome but mainly, for now, writing to the cache drive would be great.  :)

 

What is the best way to approach this?  I have already installed and tested the server using flashFXP (windows) and it does write (slowly) to the array.

 

Any help is greatly appreciated!

You want to make sure that you are writing to a share which has a Use Cache=Yes setting (turn on the Help in the GUI for a more detailed description of what the behabior of the possible options).   At the Linux level this share will be one that shows up as a path of the form /mnt/user/sharename.

Link to comment
10 hours ago, itimpi said:

You want to make sure that you are writing to a share which has a Use Cache=Yes setting (turn on the Help in the GUI for a more detailed description of what the behabior of the possible options).   At the Linux level this share will be one that shows up as a path of the form /mnt/user/sharename.

Thank you @itimpi,

 

I have the path that I write to already in a share i.e. I am writing to a folder in nextcloud.  Nextcloud is in the data folder which is a share.  So Im not sure what I am doing wrong.  Yes, total n00b. lol

Link to comment

@Kristijan

Sorry for the late reply. Somehow I got no notification of the latest posts even though I have notifications enabled for this thread.

 

I can't replicate your problem, as I am not able to enter "" in the comments field, unraid asks me to "Please match the requested format.", so I don't really know, what was going wrong for you. You can check the contents of /etc/shadow, which is the file that contains your unRAID users. A stock shadow file should probably look like this:

root::17990:0:99999:7:::
bin::14824:0:99999:7:::
daemon::14824:0:99999:7:::
adm::14824:0:99999:7:::
lp::14824:0:99999:7:::
mail::14824:0:99999:7:::
news::14824:0:99999:7:::
uucp::14824:0:99999:7:::
ftp::14824:0:99999:7:::
smmsp::14824:0:99999:7:::
mysql::14824:0:99999:7:::
rpc::14824:0:99999:7:::
sshd::14824:0:99999:7:::
oprofile::14824:0:99999:7:::
usbmux::14824:0:99999:7:::
sddm::14824:0:99999:7:::
pulse::14824:0:99999:7:::
avahi:!:14980:0:99999:7:::
avahi-autoipd:!:14980:0:99999:7:::
messagebus:!:14980:0:99999:7:::
pop::14824:0:99999:7:::
haldaemon::14824:0:99999:7:::
polkitd::14824:0:99999:7:::
nobody::14824:0:99999:7:::
tss:!:17825::::::

Though I am not sure, you will have the same "numbers".

 

If the file looks alright, to you, a reboot will probably fix your problem.

Link to comment

@fatmaddin2000

Sorry for the late reply. Notifications did not work.

 

It seems the naming of the file /etc/ssl/openssl.cfg has changed back to the default /etc/ssl/openssl.cnf.

So the command is now:

openssl req -new -x509 -config /etc/ssl/openssl.cnf -days 3650 -nodes -out /boot/config/plugins/proftpd/ssl/ftp.cert.pem -keyout /boot/config/plugins/proftpd/ssl/ftp.key.pem

 

Link to comment

@danktankk

Sorry for the late reply. See above for the reason.

 

What @itimpi told you should work in theory. I don't know, why I isn't. Might be it works only for samba connections and not ftp.

 

What you can try however is to write directly to /mnt/cache/yourfolder which should place the files on the cache and they will be copied to the array by the mover. So if you want to read them after they are moved, you will have to use /mnt/user/yourfolder again.

Link to comment

@danktankk

Maybe I misunderstood. I thought you had a share /mnt/user/nextclound, where your nextcloud data is located. Now you want to upload to that folder but have it using the cache, as that is faster and having the mover moving the files in the night to the share.

 

If you upload to /mnt/cache/nextcloud all files will be uploaded to the cache drive utilising its higher speed. In the night the mover will move the files to /mnt/user/nextcloud automatically. No need to move it yourself.

 

The only problem is probably if you have subfolders in your share and want to upload your files to them. The mover will probably move the folders as well as the files so one would have to recreate them each time. I did not test this however.

Edited by SlrG
typo
Link to comment

@SlrG

You didnt misunderstand,

 

I just simply do not have the technical ability/proficiency to upload to the cache drive and then have the mover *move* the files to the desired folder or folders.  Im an old windows user.  I find it odd that the ftp protocol is now so damn slow, even with an array that has to do A,B & C.  I was getting FAR better speeds on old ATA drives from way back in 2002, and this isnt even using any security all all other that a simple port swap.  

 

So for that reason ill just pass on ftp for unraid, which is sad, because I love ftp.  Who doesnt love ftp?

Edited by danktankk
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.