On 5/31/2018 8:01 AM, Frank M. Ramaekers wrote:
I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990). (The latest instructions I've used are at:https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/)
Here's what I'm using. The tutorial site I used is currently down with a bandwidth exceeded warning, so I guess it must be quite popular.
I'm using LetsEncrypt certificates. My site domain is replaced with example.com. Use your own domain name there as registered with LetsEncrypt.
# see # http://beginlinux.com/blog/2009/01/secure-ftp-with-ssl-on-centos/
rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem ssl_enable=YES force_local_logins_ssl=NO force_local_data_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES
# limit pasv ports to range that iptables can check pasv_min_port=6900 pasv_max_port=6969
# added 20120213 to deal with FileZilla 3.5.3 stricter cipher list # see http://forum.filezilla-project.org/viewtopic.php?f=2&t=23275 ssl_ciphers=HIGH
dual_log_enable=YES
allow_writeable_chroot=YES user_sub_token=$USER