# Example config file /etc/vsftpd/vsftpd.conf
#
seccomp_sandbox=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022

anon_upload_enable=NO
anon_mkdir_write_enable=NO

dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
setproctitle_enable=YES

#chown_uploads=YES
#chown_username=whoever

xferlog_enable=YES
xferlog_std_format=NO
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=NO

# You may change the default value for timing out an idle session.
idle_session_timeout=600
data_connection_timeout=120

# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES

# You may fully customise the login banner string:
ftpd_banner=Welcome to FTP service.

#deny_email_enable=YES
#banned_email_file=/etc/vsftpd/banned_emails

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd/chroot_list

# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES

# listen
listen=YES
listen_port=21
listen_ipv6=NO

# enable passive connections
pasv_address=192.168.1.2
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100
port_enable=YES
pasv_addr_resolve=NO

guest_enable=NO
hide_ids=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=NO

# SSL
#
#
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=YES
ssl_ciphers=HIGH
rsa_cert_file=/etc/letsencrypt/live/club3d.ro-0001/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/club3d.ro-0001/privkey.pem