mirror of
https://github.com/GeekOops/doc.git
synced 2024-05-20 05:12:21 +00:00
2.4 KiB
2.4 KiB
title | author | date |
---|---|---|
Ansible PureFTPd | phoenix | 2021-03-26T09:49:33+01:00 |
The geekoops-pureftpd role is a configurable ansible role for setting up a PureFTPd
ftp server. I choose PureFTPd
because it appears to be more secure than ProFTPd
. In comparison to vsftp
, one server program can run both IPv4 and IPv6.
This role works on openSUSE Leap.
Role Variables
PureFTPd
is a highly configurable ansible role. See the following list of possible variables, but you probably don't need much of them.
Value | Description | Default |
---|---|---|
config_firewall |
Apply firewall rules | false |
firewall_zone |
Firewall zone where ftp will be allowed | public |
MaxClientsNumber |
Maximum number of anonymous clients | 10 |
MaxClientsPerIP |
Maximum clients per IP address | 3 |
AnonymousOnly |
Forbid user login | yes |
NoAnonymous |
Disallow anonymous | no |
PAMAuthentication |
Allow PAM authentication | no |
MaxIdleTime |
Maximum idle time in minutes before disconnecting | 5 |
MaxLoad |
Disallow anonymous download if system load is above this value | 4 |
PassivePortMin |
Passive port range - lower bound | 30000 |
PassivePortMax |
Passive port range - upper bound | 30100 |
ForcePassiveIP |
Use this IP for passive mode, useful if PureFTPd is behind a NAT |
"" (disabled) |
Bind |
Bind address and port (e.g. 127.0.0.1,21 ) |
"" (disabled) |
Bandwidth |
Max bandwidth for all users in KB/s | "" (disabled) |
TrustedIP |
Allow login only from this IP | "" (disabled) |
MaxUserSessions |
Maximum number of open session per user | 3 |
MaxAnonSessions |
Maximum number of open anonymous sessions | 20 |
IPV4Only |
Bind to IPv4 only. By default we bind to IPv4 and IPv6 | no |
IPV6Only |
Bind to IPv6 only. By default we bind to IPv4 and IPv6 | no |
Example
With this example playbook we setup a PureFTPd
server that allows only anonymous access. Because we have only some resources, we allow up to 100 session in parallel.
- hosts: jellyfish
user: root
roles:
- role: geekoops-pureftp
vars:
config_firewall: true
AnonymousOnly: yes
PassivePortMin: 30000
PassivePortMax: 31000
MaxAnonSessions: 100