From 508debb930740233a260bf0238a3ad929dbb2283 Mon Sep 17 00:00:00 2001
From: VirtuBox <thomas@virtubox.net>
Date: Mon, 24 Oct 2022 16:00:17 +0200
Subject: [PATCH] Cleanup proftpd configuration and fix modules

---
 CHANGELOG.md                          |  1 +
 wo/cli/templates/proftpd-tls.mustache |  2 +
 wo/cli/templates/proftpd.mustache     | 65 +++------------------------
 3 files changed, 9 insertions(+), 59 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index da21284..de6b49c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - Netdata upgrade failure on old servers
 - MariaDB service disabled after upgrade with `wo stack migrate --mariadb`
+- Proftpd install on Ubuntu 22.04
 
 ### v3.15.2 - 2022-09-23
 
diff --git a/wo/cli/templates/proftpd-tls.mustache b/wo/cli/templates/proftpd-tls.mustache
index e4290e0..99fcf9a 100644
--- a/wo/cli/templates/proftpd-tls.mustache
+++ b/wo/cli/templates/proftpd-tls.mustache
@@ -4,6 +4,8 @@ TLSEngine                     on
 TLSRequired                   on
 TLSLog                        /var/log/proftpd/tls.log
 
+TLSDHParamFile                /etc/proftpd/dhparams.pem
+
 # intermediate configuration from ssl-config.mozilla.org
 TLSProtocol                   TLSv1.2
 TLSCipherSuite                ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
diff --git a/wo/cli/templates/proftpd.mustache b/wo/cli/templates/proftpd.mustache
index 2d87c9f..d708a69 100644
--- a/wo/cli/templates/proftpd.mustache
+++ b/wo/cli/templates/proftpd.mustache
@@ -2,7 +2,7 @@
 # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
 # To really apply changes, reload proftpd after modifications, if
 # it runs in daemon mode. It is not required in inetd/xinetd mode.
-# 
+#
 
 # Includes DSO modules
 Include /etc/proftpd/modules.conf
@@ -10,8 +10,9 @@ Include /etc/proftpd/modules.conf
 # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
 UseIPv6				off
 # If set on you can experience a longer connection delay in many cases.
+<IfModule mod_ident.c>
 IdentLookups			off
-
+</IfModule>
 ServerName			"Debian"
 # Set to inetd only if you would run proftpd by inetd/xinetd.
 # Read README.Debian for more information on proper configuration.
@@ -32,7 +33,7 @@ ListOptions                	"-l"
 
 DenyFilter			\*.*/
 
-# Use this to jail all users in their homes 
+# Use this to jail all users in their homes
 DefaultRoot			~
 
 # Users require a valid shell listed in /etc/shells to login.
@@ -98,7 +99,7 @@ SystemLog   /var/log/proftpd/proftpd.log
 # from /etc/localtime.  If this is not set, and proftpd is configured to
 # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
 # savings timezone regardless of whether DST is in effect.
-#SetEnv TZ :/etc/localtime
+SetEnv TZ :/etc/localtime
 
 <IfModule mod_quotatab.c>
 QuotaEngine off
@@ -111,7 +112,7 @@ Ratios off
 
 # Delay engine reduces impact of the so-called Timing Attack described in
 # http://www.securityfocus.com/bid/11430/discuss
-# It is on by default. 
+# It is on by default.
 <IfModule mod_delay.c>
 DelayEngine on
 </IfModule>
@@ -128,64 +129,10 @@ ControlsSocket        /var/run/proftpd/proftpd.sock
 AdminControlsEngine off
 </IfModule>
 
-#
-# Alternative authentication frameworks
-#
-#Include /etc/proftpd/ldap.conf
-#Include /etc/proftpd/sql.conf
 
-#
 # This is used for FTPS connections
 #
 Include /etc/proftpd/tls.conf
 
-#
-# Useful to keep VirtualHost/VirtualRoot directives separated
-#
-#Include /etc/proftpd/virtuals.conf
-
-# A basic anonymous configuration, no upload directories.
-
-# <Anonymous ~ftp>
-#   User				ftp
-#   Group				nogroup
-#   # We want clients to be able to login with "anonymous" as well as "ftp"
-#   UserAlias			anonymous ftp
-#   # Cosmetic changes, all files belongs to ftp user
-#   DirFakeUser	on ftp
-#   DirFakeGroup on ftp
-# 
-#   RequireValidShell		off
-# 
-#   # Limit the maximum number of anonymous logins
-#   MaxClients			10
-# 
-#   # We want 'welcome.msg' displayed at login, and '.message' displayed
-#   # in each newly chdired directory.
-#   DisplayLogin			welcome.msg
-#   DisplayChdir		.message
-# 
-#   # Limit WRITE everywhere in the anonymous chroot
-#   <Directory *>
-#     <Limit WRITE>
-#       DenyAll
-#     </Limit>
-#   </Directory>
-# 
-#   # Uncomment this if you're brave.
-#   # <Directory incoming>
-#   #   # Umask 022 is a good standard umask to prevent new files and dirs
-#   #   # (second parm) from being group and world writable.
-#   #   Umask				022  022
-#   #            <Limit READ WRITE>
-#   #            DenyAll
-#   #            </Limit>
-#   #            <Limit STOR>
-#   #            AllowAll
-#   #            </Limit>
-#   # </Directory>
-# 
-# </Anonymous>
-
 # Include other custom configuration files
 Include /etc/proftpd/conf.d/