vsftpd: Support TLS in the Ubuntu role.

This commit is contained in:
Andrea Dell'Amico 2020-03-19 13:31:38 +01:00
parent 59717eae9c
commit 37d23844e3
2 changed files with 28 additions and 1 deletions

View File

@ -22,3 +22,10 @@ vsftpd_manage_user_acls: True
vsftpd_manage_real_users: False
vsftpd_manage_valid_shells: False
vsftpd_tls_enabled: True
vsftpd_force_tls: True
vsftpd_tls_letsencrypt: True
vsftpd_ssl_ca_certificate: '{{ letsencrypt_acme_certs_dir }}/fullchain'
vsftpd_ssl_certificate: '{{ letsencrypt_acme_certs_dir }}/cert'
vsftpd_ssl_certificate_key: '{{ letsencrypt_acme_certs_dir }}/privkey'

View File

@ -117,10 +117,30 @@ secure_chroot_dir=/var/run/vsftpd/empty
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
{% if vsftpd_tls_enabled %}
# SSL/TLS
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
{% if ansible_distribution_version is version_compare('18.04', '>=') %}
ssl_tlsv1=NO
ssl_tlsv1_1=NO
ssl_tlsv1_2=YES
{% else %}
ssl_tlsv1=YES
{% endif %}
ca_certs_file={{ vsftpd_ssl_ca_certificate }}
rsa_cert_file={{ vsftpd_ssl_certificate }}
rsa_private_key_file={{ vsftpd_ssl_certificate_key }}
{% if vsftpd_force_tls %}
force_local_logins_ssl=YES
force_local_data_ssl=YES
{% endif %}
{% else %}
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
{% endif %}
local_root={{ vsftpd_local_root }}
pasv_min_port={{ vsftpd_pasv_min_port }}