Gee1 Posted January 14, 2022 Share Posted January 14, 2022 Is it possible to live change download speed limit by command line ? Quote Link to comment
SlrG Posted January 16, 2022 Author Share Posted January 16, 2022 @Gee1 I think this is not possible. To be absolutely sure, its probably better to ask in the proftpd forum. Quote Link to comment
eFrame Posted January 28, 2022 Share Posted January 28, 2022 I have installed the plugin without any problems. When I establish an unencrypted connection, everything works without problems. However, when I want to establish a TLS connection, I get an error message. --------------------------- Fehler --------------------------- Verbindung verloren. --------------------------- Server sent passive reply with unroutable address 192.168.2.19, using host address instead. Zeit abgelaufen (Datenverbindung) Verzeichnisinhalt konnte nicht abgerufen werden Fehler beim Anzeigen des Verzeichnisses „/Download“. Here is the translation into English --------------------------- Error --------------------------- Connection lost. --------------------------- Server sent passive reply with unroutable address 192.168.2.19, using host address instead. Time expired (data connection) Directory content could not be retrieved Error displaying the directory "/Download". All keys were created correctly and are also in the corresponding directories. Here is my proftpd.config # Server Settings ServerName ProFTPd ServerType standalone DefaultServer on PidFile /var/run/ProFTPd/ProFTPd.pid # Port 21 is the standard FTP port. You propably should not connect to the # internet with this port. Make your router forward another port to # this one instead. Port 21 # Set the user and group under which the server will run. User nobody Group users # Prevent DoS attacks MaxInstances 30 # Speedup Login UseReverseDNS off # Control Logging - comment and uncomment as needed # If logging Directory is world writeable the server won't start! # If no SystemLog is defined proftpd will log to servers syslog. #SystemLog NONE #SystemLog /boot/config/plugins/ProFTPd/slog TransferLog NONE #TransferLog /boot/config/plugins/ProFTPd/xferlog WtmpLog NONE # As a security precaution prevent root and other users in # /etc/ftpuser from accessing the FTP server. UseFtpUsers on RootLogin off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 000 # "Jail" FTP-Users into their home directory. (chroot) # The root directory has to be set in the description field # when defining an user: # ftpuser /mnt/cache/FTP # See README for more information. DefaultRoot ~ # Shell has to be set when defining an user. As a security precaution # it is set to "/bin/false" as FTP-Users should not have shell access. # This setting makes proftpd accept invalid shells. RequireValidShell no # Normally, we want files to be overwriteable. AllowOverwrite on <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd.tls.log TLSProtocol SSLv23 TLSv1 TLSOptions NoCertRequest NoSessionReuseRequired TLSRSACertificateFile /boot/config/plugins/proftpd/ssl/ftp.cert.pem TLSRSACertificateKeyFile /boot/config/plugins/proftpd/ssl/ftp.key.pem TLSVerifyClient off TLSRequired on </IfModule> # Allow to restart a download AllowStoreRestart on Where could the fault lie. I am already despairing. Quote Link to comment
SlrG Posted January 29, 2022 Author Share Posted January 29, 2022 @eFrame You seem to be establishing a connection in passive mode. Please make sure you define a passive port range and make sure the firewall on your router opens the passive ftp port range to your server, too. Also you probably need to set a masquerade address (your dyndns hostname or static external ip). Also my usual "disclaimer". I don't recommend for the unraid server to be directly accessible from the internet. IMHO it is better to create a VPN connection to your home network and then using that to connect to your server. Then the VPN handles the encryption and FTP can be used unencrypted. This works only for your own and family devices, however and not if you need other "clients" to connect., too. Quote Link to comment
eFrame Posted January 29, 2022 Share Posted January 29, 2022 Thank you for your quick reply. Now everything works as it should 🙂 Quote Link to comment
Mr_Jay84 Posted February 8, 2022 Share Posted February 8, 2022 How do you install the webserver? Quote Link to comment
SlrG Posted February 9, 2022 Author Share Posted February 9, 2022 @Mr_Jay84 You don't. The functionality is sadly broken since a long time. But you don't really need it anyway. Just use the shell editor of your choice (nano, vi or mc's editor) to edit the proftpd.conf directly. nano /etc/proftpd.conf Check the changes by running: /usr/local/SlrG-Common/usr/local/sbin/proftpd -t -c /etc/proftpd.conf Which will look like this, if no errors are found (the mod_lang message can be ignored). Checking syntax of configuration file 2022-02-09 17:42:39,824 lafiel proftpd[18318] 127.0.0.1: mod_lang/1.1: unable to scan the localised files in '/usr/local/share/locale': No such file or directory Restart the ProFTPd server afterwards in the plugins settings or from the shell for the changes to take effect. /etc/rc.d/rc.ProFTPd restart 1 Quote Link to comment
Mr_Jay84 Posted February 9, 2022 Share Posted February 9, 2022 Thanks for the info mate. Quote Link to comment
thegeneral Posted February 24, 2022 Share Posted February 24, 2022 Hello, Hope someone can help me i installed the package and I created the user I can access it locally but i want to allow access for a friends folder without using vpn so in the conf file i added and also port forward 21 and port range 60000-65535 I have also verifed using a port checker that those ports are open it works locally I can login just my friend cant externally MasqueradeAddress 216.***.**.*** PassivePorts 60000 65535 Status: Connecting to **********:21... Status: Connection established, waiting for welcome message... Status: Insecure server, it does not support FTP over TLS. Status: Logged in Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (***,***,*,***,253,190). Command: MLSD Error: The data connection could not be established: ECONNREFUSED - Connection refused by server Status: Disconnected from server Quote Link to comment
postboy99 Posted March 29, 2022 Share Posted March 29, 2022 Hi, can someone tell me if there is a way to monitor the ftp traffic. I want to see if there is traffic and who is downloading. Quote Link to comment
SlrG Posted March 29, 2022 Author Share Posted March 29, 2022 @postboy99 It's possible to check if there are users connected and what they are doing by calling /usr/local/SlrG-Common/usr/local/bin/ftptop from a shell. Quote Link to comment
postboy99 Posted March 30, 2022 Share Posted March 30, 2022 9 hours ago, SlrG said: /usr/local/SlrG-Common/usr/local/bin/ftptop TYVM! Quote Link to comment
RThoman Posted September 6, 2022 Share Posted September 6, 2022 Unsure what happened but after updating from 6.7 to 6.10 my proftpd stopped giving me permissions in completely random shares (3 out of 5). after some messing around I noticed that the shares I was given permissions to were ones listed as 'public' and the other ones the permissions got removed. To fix this I went to Tools > New Permissions, set disks to all, and User Shares to the effected shares and hit start (even though they say this is for upgrading from pre-5.0). I don't think this is specifically a proftpd thing but since it's the first time I noticed it when using proftpd and I spent so long looking at my proftpd settings trying to fix it some other people might as well so figured I would post it here in case some other people are searching around for it. (I saw absolutely no help googling on any forum about this issue, maybe I got unlucky and it was just me) Quote Link to comment
solomonshv Posted September 25, 2022 Share Posted September 25, 2022 (edited) i can't thank you enough for this plugin. this is the only FTP plugin or docker app that i could find that actually works. other apps worked inconsistently, allowed FTP users root access event though they were configured to only use a specific folder, stored files in the "appdata" folder instead of a share, etc. they are all terrible. except this one. this is a god send. thank you i'm using this to record surveillance camera footage about a dozen cameras in 4 different locations. using unraid 6.11.0. webserver doesn't work but i don't care. was never going to use it anyway. Edited September 25, 2022 by solomonshv 1 Quote Link to comment
SlrG Posted September 26, 2022 Author Share Posted September 26, 2022 @solomonshv Thank you very much for your kind words. 🥰 I wish I had time to work on the plugin and remove the old and broken webserver based configuration functionality. I'm very happy it works for you as it is. Quote Link to comment
kricker Posted November 21, 2022 Share Posted November 21, 2022 (edited) So connecting to ProFTP with passive mode is flummoxing me yet again and I just can't understand why. I just made a few small edits to my conf file for folder access and things got messed up, so I started from scratch. I have this in my .conf file: # Server Settings ServerName ProFTPd ServerType standalone DefaultServer on PidFile /var/run/ProFTPd/ProFTPd.pid # using a DNS name MasqueradeAddress xxxxxx.duckdns.org # NAT ports should be safe... PassivePorts 60000 65535 When connecting from an FTP application like FileZilla I get this error and it fails to list the directories even though the user was able to log in: Quote Command: MLSD Error: The data connection could not be established: ECONNREFUSED - Connection refused by server I have ports 60000-60005 open on my router. I had to open them each separately as Google's Home app on Android is broken and does not allow entering a range. I had this same issue in the past and never could figure out how/why it just started working when the configuration is exactly the same. Oddly enough I can use the site net2ftp.com and can connect to ProFTP without issues. EDIT: Okay. I figured out the issue but I do not know the networking voodoo behind it. Since I can only enter one port at a time in my broken Google Home App I only entered from 60000-60005. Once I changed the range in the conf to just be those ports it worked perfectly. Edited November 22, 2022 by kricker Quote Link to comment
SlrG Posted November 23, 2022 Author Share Posted November 23, 2022 @kricker I'm glad you got it working. 😀 The number of ports in the range should match the range of ports opened in your router. Of course it would be possible to open more ports than proftpd needs, but that wouldn't really make sense. And going the other way round and declaring ports as open, that really are not, is not advised either. It increases the chance the connection fails, as AFAIK the passive ports are opened randomly and not in order starting with the lowest one. 1 Quote Link to comment
kricker Posted November 23, 2022 Share Posted November 23, 2022 Random I think is the key. If ProFTP thinks it has all these ports to randomly choose from but they are not ALL open in the router, then the connection can't happen. Now that I understand this, it makes sense! Quote Link to comment
PlanetDyna Posted November 25, 2022 Share Posted November 25, 2022 (edited) I managed to run the SFTP modul. However when I set it to listen on port 21 (FTP) and 2222 (STP) at the same time I get this error message: Server refused public-key signature despite accepting key! Quote <IfModule mod_sftp.c> <VirtualHost 0.0.0.0> SFTPEngine on Port 2222 SFTPLog /var/log/sftp.log SFTPHostKey /etc/ssh/sftp_rsa_key SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keys SFTPAuthMethods publickey SFTPKeyBlacklist none SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem </VirtualHost> </IfModule> 2022-11-25 02:06:07,858 mod_sftp/1.0.1[3957]: handling connection from SSH2 client 'FileZilla_3.60.1' 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session key exchange: ecdh-sha2-nistp256 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session server hostkey: rsa-sha2-512 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session client-to-server encryption: aes256-ctr 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session server-to-client encryption: aes256-ctr 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session client-to-server MAC: hmac-sha2-256 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session server-to-client MAC: hmac-sha2-256 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session client-to-server compression: none 2022-11-25 02:06:07,861 mod_sftp/1.0.1[3957]: + Session server-to-client compression: none 2022-11-25 02:06:07,876 mod_sftp/1.0.1[3957]: sending acceptable userauth methods: publickey 2022-11-25 02:06:07,877 mod_sftp/1.0.1[3957]: public key SHA256 fingerprint: 96:65:54:f3:a7:5c:48:01:45:e9:b9:8f:51:4b:e3:4f:d9:7e:26:48:39:8b:99:62:88:c2:39:4c:a2:38:8b:dd 2022-11-25 02:06:07,877 mod_sftp/1.0.1[3957]: sending publickey OK 2022-11-25 02:06:07,901 mod_sftp/1.0.1[3957]: public key SHA256 fingerprint: 96:65:54:f3:a7:5c:48:01:45:e9:b9:8f:51:4b:e3:4f:d9:7e:26:48:39:8b:99:62:88:c2:39:4c:a2:38:8b:dd 2022-11-25 02:06:07,901 mod_sftp/1.0.1[3957]: authentication for user 'test' failed: Invalid shell Edited November 25, 2022 by PlanetDyna Quote Link to comment
SlrG Posted November 25, 2022 Author Share Posted November 25, 2022 @PlanetDyna That looks as if you didn't add the keyword "ftpuser" in the comment field of your user test, or didn't restart the plugin after creating the user. The plugin prevents "normal" users without the keyword from logging in via FTP by assigning an invalid shell for security reasons. Quote Link to comment
PlanetDyna Posted November 25, 2022 Share Posted November 25, 2022 Thanks for your answer, SlrG. The addition "ftpuser" was present. If I remove the addition "VirtualHost" I can log in via SFTP but not FTP anymore. But I need both. Quote Link to comment
SlrG Posted November 26, 2022 Author Share Posted November 26, 2022 @PlanetDyna Looking at your config and the error message a bit more, I would try to add "RequireValidShell no" to your virtual server config, as the global one probably doesn't carry over. Also following proftpds example sftp conf from here, I would try to remove the "SFTPAuthMethods publickey" clause and add "MaxLoginAttempts 6". Quote Link to comment
PlanetDyna Posted November 29, 2022 Share Posted November 29, 2022 On 11/26/2022 at 9:27 AM, SlrG said: [...] as the global one probably doesn't carry over. [...] That was the solution. Thank you SlrG! 1 Quote Link to comment
Thulsa Doom Posted February 18, 2023 Share Posted February 18, 2023 Hello everyone! Tell me how to set up an FTP server on your domain? Quote Link to comment
SlrG Posted February 19, 2023 Author Share Posted February 19, 2023 @Thulsa Doom You don't need the Webserver functionality to setup a FTP server. It was used to edit the proftpd.conf and configure the FTP server from the plugins settings page. Some unRAID security updates broke this functionality a long time ago and it has been broken since then. I have sadly no time to work on this plugin any longer. If you want to use the FTP server, only the first setting you have already enabled is relevant. Just edit the proftpd.conf from the shell using vi or nano or by accessing your boot drive from any linux, windows or mac system you have, where you can use a text editor of your choice. Afterwards don't forget to reboot the FTP server, so the new settings get activated. Read through the thread to find how to error check your config and how to enable encryption. Be aware, that as FTP is by default an unencrypted protocol, it is not recommended to expose it to the internet. @all I stopped using unRAID myself so I can't support this plugin any further. If other developers want to take over, feel free to use my code. Thank you all for your support over the years. ❤️ Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.