* Wed May 28 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme

- fix proftpd used instead of ftp service [SME: 13015]

createlinks

@@ -60,8 +60,8 @@ foreach my $event (qw(
     smeserver-proftpd-update
     ))
 {
-    templates2events("/var/service/ftp/peers/0", $event);
-    templates2events("/var/service/ftp/peers/local", $event);
+    templates2events("/var/service/proftpd/peers/0", $event);
+    templates2events("/var/service/proftpd/peers/local", $event);
 }
 foreach my $event (qw(
     network-create
@@ -80,4 +80,12 @@ templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
 event_link("systemd-reload", $event, "89");
 templates2events("/etc/rsyslog.conf", $event);
 
+$event = "dhparam-update";
+templates2events("/etc/proftpd.conf", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/ftp"); 
+
+$event = "smeserver-base-update";
+templates2events("/etc/proftpd.conf", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/ftp");
+
 exit 0;

root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS

@@ -18,29 +18,35 @@
 
         my $chain_file = $modSSL{CertificateChainFile} ||
         "# no chain cert";
-	$chain_file = "# no chain cert" unless -e $chain_file;
-        
+        $chain_file = "# no chain cert" unless -e $chain_file;
         $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file  : "TLSCertificateChainFile $chain_file";
+
+        #/home/e-smith/dh.pem/4096.pem
+        my $ftpdhparam = "#no dh param";
+        $ftpdhparam = "SFTPDHParamFile            /home/e-smith/dh.pem/2048.pem" if (dh_exists_good_size("2048","/home/e-smith/dh.pem/2048.pem"));
+        $ftpdhparam = "SFTPDHParamFile            /home/e-smith/dh.pem/4096.pem" if (dh_exists_good_size("4096","/home/e-smith/dh.pem/4096.pem"));
+
         my $ciphers = $ftp{CipherSuite} || $modSSL{CipherSuite} || $smeCiphers;
         #SME11 proftpd 1.3.6 branch does not support TLS v1.3
         $smeSSLprotocol =~ s/TLSv1.3//;
         # NoSessionReuseRequired is required with newer clients and TLS to be bale to list folder
-    	$OUT .= <<SSL_END;
+        $OUT .= <<SSL_END;
 
 <IfModule mod_tls.c>
 TLSEngine                  on
 TLSLog                     /var/log/proftpd/tls.log
 TLSProtocol                $smeSSLprotocol
-TLSCipherSuite						 $ciphers
+TLSCipherSuite             $ciphers
 TLSOptions                 NoCertRequest AllowClientRenegotiations NoSessionReuseRequired
 TLSRSACertificateFile      $crt
 TLSRSACertificateKeyFile   $key
 $chain_file
+$ftpdhparam
 TLSVerifyClient            $tlsclient
 TLSRequired                $tlsrequired
 </IfModule>
 SSL_END
 
-	}
+  }
 }
 

root/usr/lib/systemd/system/dhparam-generator.service.d/52proftpd.conf

@@ -0,0 +1,2 @@
+[Service]
+ExecStartPost=-/sbin/e-smith/expand-template /etc/proftpd.conf

smeserver-proftpd.spec

@@ -4,7 +4,7 @@ Summary: smeserver specific proftpd configuration files and templates
 %define name smeserver-proftpd
 Name: %{name}
 %define version 11.0.0
-%define release 7
+%define release 10
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -26,6 +26,15 @@ Provides: e-smith-proftpd
 AutoReqProv: no
 
 %changelog
+* Wed May 28 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
+- fix proftpd used instead of ftp service [SME: 13015]
+
+* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
+- handle dhparams [SME: 12963]
+
+* Mon Feb 24 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
+- move peer template from /var/service/ftp to proftpd [SME: 12942]
+
 * Sat Feb 15 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
 - disable anonymous by default [SME: 931]
 - add passive port [SME: 12454]