# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6				off
# If set on you can experience a longer connection delay in many cases.
IdentLookups			off

ServerName			"##SERVER_NAME"
ServerType			standalone
DeferWelcome			off

MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayChdir               	.message true
ListOptions                	"-l"

DenyFilter			\*.*/

# Use this to jail all users in their homes
# DefaultRoot			~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell		off

# Port 21 is the standard FTP port.
Port				0

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			10

# Set the user and group that the server normally runs at.
User				www-data
Group				www-data

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask				022  022
# Normally, we want files to be overwriteable.
AllowOverwrite			on

TransferLog /run/proftpd/xferlog
SystemLog   /run/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
    AdminControlsEngine off
</IfModule>

LoadModule mod_ldap.c
<IfModule mod_ldap.c>
# https://forums.proftpd.org/smf/index.php?topic=6368.0
LDAPServer "##LDAP_URL/??sub"
LDAPBindDN "##LDAP_BIND_DN" "##LDAP_BIND_PASSWORD"
LDAPUsers "##LDAP_USERS_BASE_DN" (username=%u)

LDAPForceDefaultUID on
LDAPDefaultUID ##LDAP_UID
LDAPForceDefaultGID on
LDAPDefaultGID ##LDAP_GID

LDAPForceGeneratedHomedir on
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix /app/data
LDAPGenerateHomedirPrefixNoUsername on

#LDAPUseTLS off
#LDAPLog /run/proftpd/ldap.log
</IfModule>

<IfModule mod_sftp.c>
SFTPEngine on
Port ##SFTP_PORT
SFTPLog /run/proftpd/sftp.log

# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /app/data/sftpd/ssh_host_rsa_key
SFTPHostKey /app/data/sftpd/ssh_host_dsa_key

SFTPAuthMethods password

# Enable compression
SFTPCompression delayed

RequireValidShell off
</IfModule>

<Directory />
  HideNoAccess yes
</Directory>