For this tutorial, im using vim as my text editor, you can use nano or another text editor (depend what you are prefer or familiar with you).
For server IP address, for this tutorial example im using my server private IP Address as 192.168.10.110, you can use your server public IP or host.
1. Install Required Package
apt-get install libpam-pwdfile
apt-get install apache2-utils
apt-get install db-util
apt-get install openssl
apt-get install vsftpd
2. Create TLS (SSL Certificate) for TLS Connection
openssl req -x509 -nodes -days 720 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Change red-colod depend on your country, company name, email and your company email.
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI Jakarta
Locality Name (eg, city) []:Jakarta Barat
Organization Name (eg, company) [Internet Widgits Pty Ltd]:True Digital Plus
Organizational Unit Name (eg, section) []:GSM
Common Name (e.g. server FQDN or YOUR name) []:ftp.truedigitalplus.id
Email Address []:gsm@truedigitalplus.com
3. Create configuration directory and files for FTP user database
mkdir /etc/vsftpd/
vim /etc/vsftpd/ftp_users.txt
User database text should be delimiter by “\n”. First line as username and second line is password, following by another users. Example for ftp_user.txt
user1
password1
user2
password2
4. Create database for Virtual Users
db_load -T -t hash -f /etc/vsftpd/ftp_users.txt /etc/vsftpd/virtualusers.db
5. Create or Change PAM for vsftpd.virtual
vim /etc/pam.d/vsftpd.virtual
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/virtualusers
account required pam_userdb.so db=/etc/vsftpd/virtualusers
session required pam_loginuid.so
6. Remove or backup original vsFTPD config and create new config
mv /etc/vsftpd.conf /etc/vsftpd/vsftpd.conf-original
vim /etc/vsftpd.conf
listen=YES
#listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
xferlog_file=/var/log/vsftpd-xferlog.log
#xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
#chroot_local_user=YES
#chroot_local_user=YES
#chroot_list_enable=NO
# (default follows)
#
#chroot_list_file=/etc/vsftpd.chroot_list
#
#ls_recurse_enable=YES
#
# Customization
secure_chroot_dir=/var/run/vsftpd/empty
#pam_service_name=vsftpd
pam_service_name=vsftpd.virtual
####################################
####################################
ssl_enable=YES
listen_port=21
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/ssl/private/vsftpd.pem
#rsa_cert_file=/etc/ssl/private/vsftpd.crt
#rsa_private_key_file=/etc/ssl/private/vsftpd.key
allow_writeable_chroot=YES
#
#userlist_file=/etc/vsftpd.denied_users
#userlist_file=/etc/vsftpd.allowed_users
#userlist_deny=YES
#userlist_enable=YES
guest_enable=YES
user_sub_token=$USER
local_root=/home/ftproot/$USER
chroot_local_user=YES
hide_ids=YES
# UTF-8 Charset
utf8_filesystem=YES
#pasv_promiscuous=YES
#### Passive Mode
tcp_wrappers=YES
pasv_address=192.168.10.110
pasv_enable=YES
pasv_promiscuous=NO
port_enable=YES
port_promiscuous=NO
pasv_min_port=10000
pasv_max_port=10250
7. Create Directory for Each virtual users
mkdir /home/ftproot/
mkdir /home/ftproot/user1/
mkdir /home/ftproot/user2/
8. Change owner of FTP Root directory for ftp user
chown -R ftp:ftp /home/ftproot/
9. Enable autostart vsftpd service and Restart FTP Server
systemctl enable vsftpd.service
/etc/init.d/vsftpd restart
10. Do not forget to remove your virtual users db plain text
rm -rf /etc/vsftpd/ftp_users.txt
Hope all going well without any misconfiguration, thank you
If you get any popup about SSL/TLS, just accept it, be cause we generate SSL Certificate locally
Reference: https://help.ubuntu.com/community/vsftpd
