H
H
Hikmat Abdunabiev2018-12-07 10:30:01
FTP
Hikmat Abdunabiev, 2018-12-07 10:30:01

How to use a different certificate for each FTP user on VSFTPD?

Hello!
I have an Ubuntu 18.04 server running a web server (nginx) and an ftp server (vsftpd).
Several users have been created on the server, and each user has its own domain configured and FTP access granted.
For example, there is a user user1. His home folder is /home/user1 and he has the user1_domain.org domain configured and ftp access enabled. Each domain has its own certificate from Let's Encrypt.
At this point, a self-signed certificate has been generated for all FTP users.
Need advice on how to enable a separate certificate issued by Let's Encrypt for each user?
Here are the vsftpd.conf settings:

vsftpd.conf
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
dual_log_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to FTP service.
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
user_sub_token=$USER
local_root=/home/$USER
user_config_dir=/etc/vsftpd_users
utf8_filesystem=YES
force_dot_files=YES

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=41000

ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
allow_anon_ssl=NO
rsa_cert_file=/etc/ssl/private/hostname.crt
rsa_private_key_file=/etc/ssl/private/hostname.key
force_local_data_ssl=YES
force_local_logins_ssl=YES
#debug_ssl=YES


Separate user config specified in /etc/vsftpd_users/user1
local_root=/home/user1
rsa_cert_file=/etc/letsencrypt/live/user1_domain.org/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/user1_domain.org/privkey.pem

But vsftpd does not accept the specified user1 certificate, but takes the one specified in the main vsftpd.conf config.
How to make vsftpd accept a separate certificate for each user?!
Thank you very much in advance!

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question