Installs and configures ProFTPd Server (http://www.proftpd.org/) and some of
its modules. It also setups configuration like Apache's scripts (
(eg. sites-available/
sites-enabled`).
It provides an LWRP for easily deploying virtualhosts. It's recommended to always use a vhost configuration instead of the default, global configuration.
The latest and greatest revision of this cookbook will always be available at https://github.com/Movile/chef-proftpd-ii
The following cookbooks are dependencies for this:
- yum-repoforge - needed to install RPM packages for proftpd.
The following platforms are supported and tested:
- CentOS 6.7
- CentOS 7.2
The recommended chef version is at least >= 11.0
To use the cookbook, you can just add the default
recipe to the run_list. It
will install and configure the daemon. Then you can use attributes or LWRPs to
configure custom values and virtual hosts.
-
ldap.rb
installs the LDAP module, enables it and provides a sample configuration. -
sftp.rb
installs the sFTP module, enables it and provides a sample configuration. -
example_lwrp.rb
provides some examples on using the LWRP resources.
Attributes are documented on attributes/default.rb
file. This way I don't need
to duplicate definitions here and there :)
This cookbook includes proftpd_vhost
LWRP which facilitates creating a new
virtual host. It also contains support for using notifies
, so you can notify
the server to reload after some configuration changes.
For example, to use the proftpd_vhost
:
# install first
include_recipe 'proftpd-ii'
# a normal ftp site
proftpd_vhost 'ftp' do
enable true
port 21
notifies :restart, 'service[proftpd]', :delayed
end
# a tls and ldap-enabled site
proftpd_vhost 'ldap' do
port 990
debug_level 10
auth_order 'mod_ldap.c'
tls true
tls_required true
tls_cert /etc/proftpd/ssl/proftpd.crt.pem
tls_key /etc/proftpd/ssl/proftpd.key.pem
ldap true
ldap_use_tls true
ldap_server 'ldap.example.com:389'
ldap_user_base_dn 'ou=users,dc=example,dc=com'
ldap_user_filter '(uid=%u)'
ldap_group_base_dn 'ou=groups,dc=example,dc=com'
ldap_group_filter '(&(memberUid=%u)(objectclass=posixGroup))'
options = {
'QueryTimeout' => 30,
'ForceGeneratedHomedir' => 'on'
}
ldap_extra_options options
notifies :restart, 'service[proftpd]', :delayed
end
# sftp, if module enabled
proftpd_vhost 'sftp' do
port 2222
sftp true
notifies :restart, 'service[proftpd]', :delayed
end
If you want to configure but not enable the virtual host, you can use
enable false
on the LWRP definition.
Enables a module in the configuration.
It creates a LoadModule
directive and puts it on mods-enabled
directory.
For example, enabling some custom modules:
proftpd_module 'ldap'
proftpd_module 'sftp'
- Author:: Hugo Cisneiros (hugo.cisneiros@movile.com)
Copyright 2016, Movile
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.