Skip to content
Snippets Groups Projects
Unverified Commit b954a7b7 authored by Todor Kondic's avatar Todor Kondic
Browse files

roles/ftpserver/tasks: TLS FTP enabled.

parent 4e760bf5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/ftpserver/tasks/main.yml
+ 23
0
View file @ b954a7b7
...@@ -26,6 +26,29 @@ ...@@ -26,6 +26,29 @@
AuthGroupFile /etc/proftpd/ftpd.group AuthGroupFile /etc/proftpd/ftpd.group
ServerName "{{hostvars[inventory_hostname].ansible_hostname}}" ServerName "{{hostvars[inventory_hostname].ansible_hostname}}"
AuthOrder mod_auth_file.c AuthOrder mod_auth_file.c
PassivePorts 50000 65534
notify: restart-ftp
- name: Touch tls.conf.
tags: proftpd-conf-text
file:
path: /etc/proftpd/conf.d/tls.conf
state: touch
- name: Add TLS to ProFTPd.
tags: proftpd-conf-text
blockinfile:
path: /etc/proftpd/conf.d/tls.conf
block: |
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/eci-platform/pub/certificate.key
TLSRSACertificateKeyFile /etc/eci-platform/priv/certificate.key
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSCipherSuite ALL :!ADH:!DES
TLSVerifyClient off
TLSRenegotiate required off
TLSLog /var/log/proftpd/tls.log
notify: restart-ftp notify: restart-ftp
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment