This Web page gives a commented configuration file that is usable to let you use ProFTPD as a server that can automatically accept pictures from a Canon 5D Mark IV, assuming you've done all the setup given on the main page. The rest of this page is a sample configuration file; comments are given after various sections. If you select the sample configuration from here on down, copy it, and paste it into your own configuration, the comments should disappear and you should have a working config file! (How cool is that?)
# This is a ProFTPD configuration file usable for serving a Canon 5D # Mark IV. ServerName "ProFTPD" ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 # FireWall PortRange for PASV PassivePorts 40000 40999
If you have a network administrator who believes in harsh firewalling, you may need to change the passive port range.
# Set DebugLevel to values between 0 and 9 # default is 0 DebugLevel 0 # SystemLog -- Redirect syslogging to a file SystemLog /var/log/proftpd/proftpd.log
It's a good idea to log the daemon's activity so you can monitor
misbehavior and debug problems. If you installed ProFTPD from your
distro, it should have set up that log file and also created a
logrotate configuration to keep the file from growing too
large. If you didn't, or it didn't, you should configure rotation.
You might also need to change the location of the log.
# Don't use IPv6 support by default; the 5D4 doesn't support it anyway. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
Some people might prefer 077, especially if the server is a shared machine.
# To prevent DoS attacks, set the maximum number of child processes # to 5. If you need to allow more than 5 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 5
Unless you have multiple 5D4's, this number could probably be set to 1. This is basically the maximum number of cameras that are allowed to upload at the same time.
# Set the user and group under which the server will run. User ftp Group ftp
If you did a distro install, the distro should have created this
user. Note that the ftp user is different from the user
you created earlier for your camera to use (canon5d4 in
my examples).
# Some logging formats LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" # FIFO log format for automating upload repsonses LogFormat fifo "%r" # ------------------------------ # Global Settings # ------------------------------# ------------------------------ # Login # ------------------------------ ServerIdent on "FTP server ready" DeferWelcome on IdentLookups off UseFtpUsers off RequireValidShell off TimeoutLogin 60 MaxLoginAttempts 3 #MaxClientsPerHost none #MaxClientsPerUser 1 "Only one connection at a time." # ------------------------------ # Authentication # ------------------------------ ### PAM Authentication # AuthPAM: default: on AuthPAM on # changed AuthPAMConfig file AuthPAMConfig proftpd ### PAM Authentication #AuthUserFile /etc/proftpd/auth/passwd #AuthGroupFile /etc/group ### order of auth modules #AuthOrder mod_auth_unix.c mod_auth_file.c AuthOrder mod_auth_unix.c mod_auth_pam.c
Most of the above settings were installed by my distro, including the commented-out lines. You can change them to your taste if you know what you're doing.
# ------------------------------ # Post-Login # ------------------------------ DisplayLogin welcome.msg DisplayChdir .message AllowOverride off TimeoutIdle 7200 TimeoutNoTransfer 900 TimeoutStalled 300 TimeoutSession 7200
The above timeouts are given in seconds; 7200 is two hours. I chose quite long timeouts because I didn't want the ftp server to give up on the camera in the middle of a picture transfer.
# ------------------------------
# Session
# ------------------------------
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~ web,!users
DenyFilter \*.*/
ListOptions "-A +R" strict
UseGlobbing off
ShowSymlinks on
TimesGMT on
# ------------------------------
# Up- & Download
# ------------------------------
# having to delete before uploading is a pain ;)
AllowOverwrite on
AllowRetrieveRestart on
HiddenStores on
DeleteAbortedStores on
#AllowStoreRestart off # is contrary to "DeleteAbortedStores"
# ------------------------------
# Logging
# ------------------------------
WtmpLog off
TransferLog /var/log/proftpd/xferlog
# Record all logins
ExtendedLog /var/log/proftpd/auth.log AUTH auth
# Logging file/dir access
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
# Paranoia logging level....
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
# SQLLogFile
#SQLLogFile /var/log/proftpd/SQL.log
# Log uploads to a pipe
#ExtendedLog /etc/proftpd/fifo WRITE fifo
The lines immediately above control logging. If you uncomment the
very last one, you can make your server do something automatically
every time an image is uploaded. On each upload, ProFTPD will write
the name of the new file to /etc/proftpd/fifo, which you
must have first created with mkfifo. It must be owned
and writable by the ftp user, and readable by everyone.
You can the write a program that reads the file names and does
whatever you want; I won't cover that here. (The program has to be
running before ProFTPD starts; I also won't cover how to arrange that.)
# Bar use of SITE CHMOD by defaultDenyAll ##### # Include other confs, e.g. tls.conf #Include /etc/proftpd/conf.d/*.conf ##### # ------------------------------ # Anonymous Settings # ------------------------------
My distribution had a lot of stuff under "Anonymous Settings" in case you want to run anonymous ftp. I deleted all that stuff because anonymous ftp isn't really compatible with what we're doing here. In truth, anonymous ftp is pretty obsolete nowadays; ordinary Web sites are a better solution to the problem it tried to address.
# ------------------------------ # TLS Settings # ------------------------------
In my distribution, the following material (to the end of the file) is
kept in /etc/proftpd/conf.d/tls.conf and included with
"Include /etc/proftpd/conf.d/*.conf". I have moved it
here for convenience, but if your setup includes a conf.d it would
probably be cleaner to put it in the tls.conf file.
# If mod_tls was built as a shared/DSO module, load it LoadModule mod_tls.c TLSEngine on TLSProtocol TLSv1 TLSv1.1 TLSv1.2 # Are clients required to use FTP over TLS when talking to this server? TLSRequired on # Server's RSA certificate TLSRSACertificateFile /etc/proftpd/ssl/proftpd.pem TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key
The above lines need to point to wherever you created your
openssl certificate.
# CA (or CA chain) to verify client certs
TLSCACertificateFile /etc/proftpd/ssl/proftpd.pem
# CA (or CA chain) to verify certification path of server cert
TLSCertificateChainFile /etc/proftpd/ssl/proftpd.pem
Again, the above lines need to point to where you made your certificate.
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
# Allow the camera to NOT re-use sessions
TLSOptions NoSessionReuseRequired
TLSCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
# Debugging
#TraceLog /var/log/proftpd/trace.log
#Trace DEFAULT:10 tls:10 signal:0
If you have trouble connecting, you can uncomment the above two lines to turn on some logging that might help.