{"id":21745162,"url":"https://github.com/zuazo/proftpd-cookbook","last_synced_at":"2026-01-07T09:33:40.432Z","repository":{"id":16393533,"uuid":"19144289","full_name":"zuazo/proftpd-cookbook","owner":"zuazo","description":"Chef cookbook to install and configure ProFTPD.","archived":false,"fork":false,"pushed_at":"2015-09-09T19:24:06.000Z","size":420,"stargazers_count":2,"open_issues_count":2,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-04T19:37:03.663Z","etag":null,"topics":["chef","cookbook","devops","ftp","proftpd"],"latest_commit_sha":null,"homepage":"https://supermarket.chef.io/cookbooks/onddo_proftpd","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zuazo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-04-25T11:47:53.000Z","updated_at":"2023-09-11T07:06:45.000Z","dependencies_parsed_at":"2022-09-24T11:52:51.533Z","dependency_job_id":null,"html_url":"https://github.com/zuazo/proftpd-cookbook","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fproftpd-cookbook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fproftpd-cookbook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fproftpd-cookbook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zuazo%2Fproftpd-cookbook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zuazo","download_url":"https://codeload.github.com/zuazo/proftpd-cookbook/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246230500,"owners_count":20744346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","cookbook","devops","ftp","proftpd"],"created_at":"2024-11-26T07:13:47.961Z","updated_at":"2026-01-07T09:33:40.402Z","avatar_url":"https://github.com/zuazo.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"ProFTPD Cookbook\n================\n[![Cookbook Version](https://img.shields.io/cookbook/v/onddo_proftpd.svg?style=flat)](https://supermarket.chef.io/cookbooks/onddo_proftpd)\n[![GitHub Source](https://img.shields.io/badge/source-GitHub-blue.svg?style=flat)](https://github.com/zuazo/onddo_proftpd-cookbook)\n[![Dependency Status](http://img.shields.io/gemnasium/zuazo/proftpd-cookbook.svg?style=flat)](https://gemnasium.com/zuazo/proftpd-cookbook)\n[![Code Climate](http://img.shields.io/codeclimate/github/zuazo/proftpd-cookbook.svg?style=flat)](https://codeclimate.com/github/zuazo/proftpd-cookbook)\n[![Build Status](http://img.shields.io/travis/zuazo/proftpd-cookbook.svg?style=flat)](https://travis-ci.org/zuazo/proftpd-cookbook)\n\n[Chef](http://www.chef.io/) Cookbook to install and configure the [ProFTPD](http://www.proftpd.org/) FTP server.\n\nRequirements\n============\n\n## Supported Platforms\n\nThis cookbook has been tested on the following platforms:\n\n* Amazon\n* CentOS\n* Debian\n* Fedora\n* RedHat\n* Ubuntu\n\nPlease, [let us know](https://github.com/zuazo/proftpd-cookbook/issues/new?title=I%20have%20used%20it%20successfully%20on%20...) if you use it successfully on any other platform.\n\n## Required Cookbooks\n\n* [ohai](http://supermarket.chef.io/cookbooks/ohai)\n* [yum-epel](http://supermarket.chef.io/cookbooks/yum-epel)\n\n## Required Applications\n\n* Ruby `\u003e= 1.9.3`\n\nAttributes\n==========\n\n| Attribute                             | Default      | Description                       |\n|:--------------------------------------|:-------------|:----------------------------------|\n| `node['proftpd']['conf_files_user']`  | `'root'`     | System user to own the ProFTPD configuration files.\n| `node['proftpd']['conf_files_group']` | `'root'`     | System group to own the ProFTPD configuration files.\n| `node['proftpd']['conf_files_mode']`  | `'00640'`    | ProFTPD configuration files system file mode bits.\n| `node['proftpd']['module_packages']`  | *calculated* | ProFTPD system packages required to use some modules. This is distribution specific and usually there is no need to change it.\n| `node['proftpd']['conf']`             | *calculated* | ProFTPD configuration as key/value multi-level Hash.\n\nRecipes\n=======\n\n## onddo_proftpd::default\n\nInstalls and Configures ProFTPD.\n\n## onddo_proftpd::ohai_plugin\n\nInstalls ProFTPD ohai plugin. Called by the `::default` recipe.\n\nUsage\n=====\n\n## Including in a Cookbook Recipe\n\nYou can simply include it in a recipe:\n\n```ruby\n# from a recipe\ninclude_recipe 'onddo_proftpd'\n```\n\nDon't forget to include the `onddo_proftpd` cookbook as a dependency in the metadata.\n\n```ruby\n# metadata.rb\n# [...]\n\ndepends 'onddo_proftpd'\n```\n\n## Including in the Run List\n\nAnother alternative is to include the default recipe in your Run List.\n\n```json\n{\n  \"name\": \"ftp.example.com\",\n  \"[...]\": \"[...]\",\n  \"run_list\": [\n    \"[...]\",\n    \"recipe[onddo_proftpd]\"\n  ]\n}\n```\n\n## Changing the Configuration\n\nConfiguration directives will be created inside the `proftpd.conf` file. Other configuration files will be ignored unless included. By default, only the `conf.d` directory will be included:\n\n```ruby\nnode.default['proftpd']['conf']['include'] = %w{/etc/proftpd/conf.d}\n```\n\nAll the configuration for the `proftpd.conf` file is read from the `node['proftpd']['conf']` attribute.\n\nUnder this namespace, you can set configuration directives using both the *CamelCase* and *the_underscore* syntax.\n\nFor example, using the underscore syntax:\n\n```ruby\nnode.default['proftpd']['conf']['use_ipv6'] = false\nnode.default['proftpd']['conf']['ident_lookups'] = false\nnode.default['proftpd']['conf']['server_name'] = 'My FTP server'\n\ninclude_recipe 'onddo_proftpd'\n```\n\nUsing the camelcase syntax:\n\n```ruby\nnode.default['proftpd']['conf']['UseIPv6'] = false\nnode.default['proftpd']['conf']['IdentLookups'] = false\nnode.default['proftpd']['conf']['ServerName'] = 'My FTP server'\n\ninclude_recipe 'onddo_proftpd'\n```\n\nThe cookbook will try to do the correct conversion from underscore to camelcase including some edge cases, like for example `UseIPv6` (you don't need to use `use_i_pv6`, `use_ipv6` is OK also).\n\nIn any case, use the syntax you prefer.\n\n## Block Directives\n\nSome of the directives set in the attributes will be treated in a special way:\n\n* `Global` or `global`: will create a `\u003cGlobal\u003e` block, must contain an *Array* of directives.\n* `Directory` or `directory`: will create a `\u003cDirectory\u003e` block, must contain a *Hash* of directives.\n* `VirtualHost` or `virtual_host`: will create a `\u003cVirtualHost\u003e` block, must contain a *Hash* of directives.\n* `Anonymous` or `anonymous`: will create a `\u003cAnonymous\u003e` block, must contain a *Hash* of directives.\n* `Limit` or `limit`: will create a `\u003cLimit\u003e` block, must contain a *Hash* of directives.\n* `IfAuthenticated` or `if_authenticated`: will create a `\u003cIfAuthenticated\u003e` block, must contain an *Array* of directives.\n* `IfModule` or `if_module`: will create a `\u003cIfModule\u003e` block, must contain a *Hash* of directives.\n* `IfClass` or `if_class`: will create a `\u003cIfClass\u003e` block, must contain a *Hash* of directives.\n* `IfGroup` or `if_group`: will create a `\u003cIfGroup\u003e` block, must contain a *Hash* of directives.\n* `IfUser` or `if_user`: will create a `\u003cIfUser\u003e` block, must contain a *Hash* of directives.\n\nSee the examples below to learn how to use them.\n\n## Valueless Directives\n\nIf the directive has no value, like `AllowAll` or `DenyAll`, you set it to `nil` to enable it. For example:\n\n```ruby\nnode.default['proftpd']['conf']['anonymous']['~ftp']['directory']['*']['limit']['write']['deny_all'] = nil\nnode.default['proftpd']['conf']['anonymous']['~ftp']['directory']['incoming']['limit']['read write']['deny_all'] = nil\nnode.default['proftpd']['conf']['anonymous']['~ftp']['directory']['incoming']['limit']['stor']['allow_all'] = nil\n```\n\n## Configuring a Module\n\nThe best way to set a module configuration is to use the `\u003cIfModule\u003e` configuration directive. For example:\n\n```ruby\n# mod_ctrls_admin.c module\nnode.default['proftpd']['conf']['if_module']['ctrls_admin']['admin_controls_engine'] = false\n```\n\nYou can use the full module name if you prefer (`mod_*.c`):\n\n```ruby\nnode.default['proftpd']['conf']['if_module']['mod_ctrls_admin.c']['admin_controls_engine'] = false\n```\n\nYou can also use the special `['prefix']` key to save putting a prefix in all the configuration directives:\n\n```ruby\n# Create a \u003cIfModule mod_ctls.so\u003e directive block\nnode.default['proftpd']['conf']['if_module']['ctrls']['prefix'] = 'Controls'\nnode.default['proftpd']['conf']['if_module']['ctrls']['engine'] = false # ControlsEngine\nnode.default['proftpd']['conf']['if_module']['ctrls']['max_clients'] = 2 # ControlsMaxClients\nnode.default['proftpd']['conf']['if_module']['ctrls']['log'] = '/var/log/proftpd/controls.log' # ControlsLog\nnode.default['proftpd']['conf']['if_module']['ctrls']['interval'] = 5 # ControlsInterval\nnode.default['proftpd']['conf']['if_module']['ctrls']['socket'] = '/var/run/proftpd/proftpd.sock' # ControlsSocket\n```\n\nThis prefix will only be applied under the current block (`\u003cIfModule mod_ctls.so\u003e` in this example), **excluding** deeper blocks under `['ctrls']`, like for example `['ctrls']['directory']['*'][...]`.\n\n## Enabling SSL/TLS\n\nIn the following example, we are using the [ssl_certificate](http://supermarket.chef.io/cookbooks/ssl_certificate) cookbook to create the certificate:\n\n```ruby\n# TLS configuration\ncert = ssl_certificate 'proftpd' do\n  common_name node['fqdn'] || 'ftp.example.com'\nend\nnode.default['proftpd']['conf']['if_module']['tls']['prefix'] = 'TLS'\nnode.default['proftpd']['conf']['if_module']['tls']['engine'] = true\nnode.default['proftpd']['conf']['if_module']['tls']['log'] = '/var/log/proftpd/tls.log'\n# Support both SSLv3 and TLSv1\nnode.default['proftpd']['conf']['if_module']['tls']['protocol'] = 'SSLv3 TLSv1'\n# Are clients required to use FTP over TLS when talking to this server?\nnode.default['proftpd']['conf']['if_module']['tls']['required'] = false\nnode.default['proftpd']['conf']['if_module']['tls']['rsa_certificate_file'] = cert.cert_path\nnode.default['proftpd']['conf']['if_module']['tls']['rsa_certificate_key_file'] = cert.key_path\n# Authenticate clients that want to use FTP over TLS?\nnode.default['proftpd']['conf']['if_module']['tls']['verify_client'] = false\n# Avoid CA cert with relaxed session use for some clients (e.g. FireFtp)\nnode.default['proftpd']['conf']['if_module']['tls']['options'] = 'NoCertRequest EnableDiags NoSessionReuseRequired'\n# Allow SSL/TLS renegotiations when the client requests them, but\n# do not force the renegotations.  Some clients do not support\n# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these\n# clients will close the data connection, or there will be a timeout\n# on an idle data connection.\nnode.default['proftpd']['conf']['if_module']['tls']['renegotiate'] = 'none'\n\ninclude_recipe 'onddo_proftpd'\n```\n\n## Creating a VirtualHost\n\n```ruby\nnode.default['proftpd']['conf']['virtual_host']['ftp.server.com'] = {\n  'server_admin' =\u003e 'ftpmaster@server.com',\n  'server_name' =\u003e 'Big FTP Archive',\n  'transfer_log' =\u003e '/var/log/proftpd/xfer-ftp.server.com.log',\n  'max_login_attempts' =\u003e 3,\n  'require_valid_shell' =\u003e false,\n  'default_root' =\u003e '/tmp',\n  'allow_overwrite' =\u003e true,\n}\n\ninclude_recipe 'onddo_proftpd'\n```\n\n## Creating an Anonymous FTP\n\n```ruby\nuser 'ftp' do\n  system true\n  shell '/bin/false'\n  supports :manage_home =\u003e true\nend\n\nnode.default['proftpd']['conf']['require_valid_shell'] = false\n\nnode.default['proftpd']['conf']['anonymous']['~ftp'] = {\n  'user' =\u003e 'ftp',\n  'group' =\u003e 'nogroup',\n  'user_alias' =\u003e 'anonymous ftp',\n  'dir_fake_user' =\u003e 'on ftp',\n  'dir_fake_group' =\u003e 'on ftp',\n  'require_valid_shell' =\u003e false,\n  'max_clients' =\u003e 10,\n  'display_login' =\u003e 'welcome.msg',\n  'display_chdir' =\u003e '.message',\n  'directory' =\u003e {\n    '*' =\u003e {\n      'limit' =\u003e {\n        'write' =\u003e {\n          'deny_all' =\u003e nil,\n        },\n      },\n    },\n    'incoming' =\u003e {\n      'umask' =\u003e '022 022',\n      'limit' =\u003e {\n        'read write' =\u003e {\n          'deny_all' =\u003e nil,\n        },\n        'stor' =\u003e {\n          'allow_all' =\u003e nil,\n        },\n      },\n    },\n  },\n}\n```\n\nTesting\n=======\n\nSee [TESTING.md](https://github.com/zuazo/proftpd-cookbook/blob/master/TESTING.md).\n\nContributing\n============\n\nPlease do not hesitate to [open an issue](https://github.com/zuazo/proftpd-cookbook/issues/new) with any questions or problems.\n\nSee [CONTRIBUTING.md](https://github.com/zuazo/proftpd-cookbook/blob/master/CONTRIBUTING.md).\n\nTODO\n====\n\nSee [TODO.md](https://github.com/zuazo/proftpd-cookbook/blob/master/TODO.md).\n\n\nLicense and Author\n==================\n\n|                      |                                          |\n|:---------------------|:-----------------------------------------|\n| **Author:**          | [Xabier de Zuazo](https://github.com/zuazo) (\u003cxabier@zuazo.org\u003e)\n| **Copyright:**       | Copyright (c) 2015, Xabier de Zuazo\n| **Copyright:**       | Copyright (c) 2014, Onddo Labs, SL.\n| **License:**         | Apache License, Version 2.0\n\n    Licensed under the Apache License, Version 2.0 (the \"License\");\n    you may not use this file except in compliance with the License.\n    You may obtain a copy of the License at\n    \n        http://www.apache.org/licenses/LICENSE-2.0\n    \n    Unless required by applicable law or agreed to in writing, software\n    distributed under the License is distributed on an \"AS IS\" BASIS,\n    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n    See the License for the specific language governing permissions and\n    limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzuazo%2Fproftpd-cookbook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzuazo%2Fproftpd-cookbook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzuazo%2Fproftpd-cookbook/lists"}