Installing pure-ftp on Ubuntu with TLS support, VirtualChroot, MySQL etc.

Published on Saturday, August 29, 2015

I recently built a NAS server for my local network as I want a secure (raid supported) working space with movie archive and a few more stuff. However besides accessing it with samba I wanted to be able to access it with ftp from either my local computer or remotely through the net. I also wanted to chroot the users for safety (which requires building the install myself to be able to access symlinks from a chrooted pure-ftp environment).

VirtualChroot: VirtualChroot means that a user may access and follow symlinks from within the chrooted environment of the user. For example, user is located in / (which is his chrooted home) and got a symlink to /mnt/stuff, then the user may follow this symlink and will get directed to /stuff which is totally awesome! :D

This is a short tutorial of how to install it with VirtualChroot, TLS support, possible mysql support.

Start by running:

sudo apt-get install openssl libssl-dev libssl0.9.8 libmysqlclient16-dev

Next go to and download the latest release

Untar the release by typing (replace name with your downloaded release name):

tar xzvf pure-ftpd-1.0.29.tar.gz

Next go into untared location

cd pure-ftpd-1.0.29

then run the configuration command

./configure --with-tls --with-virtualchroot --with-puredb --with-quotas --with-throttling --with-mysql

The above command may have to be changed if you want some other options and don’t want some options I have decided to add. All options may be found in the README file located in the directory you are located in when running

./configure –with-mysql: Enable mysql support for user database
–with-tls: Enable encrypted connections (TLS)
–with-quotas: Enable user quotas
–with-puredb: Support virtual users, ie. a local users database
–with-throttling: Support bandwidth throttling (see below).
–with-virtualchroot: Read earlier description

Next your configuring should be done after some moments depending on your hardware configuration and you should see something like this:

configure: +——————————————————–+
configure: | You can subscribe to the Pure-FTPd users mailing-list  |
configure: | to ask for help and to stay informed of new releases.  |
configure: | Go to now!                 |
configure: +——————————————————–+

After you see those lines run:

make install-strip

This will take a short while but not too long, after the make process is done you may install the compiled software by running. After the installation is done I simply started my version with:

pure-ftpd -A -E -B -D -z &

The above command doesn’t add TLS encryption, for this we must generate a certificate for pure-ftp to use, we can do this by calling the following command

sudo openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

The above command will generate a 1024-bit certificate that the ftp server may use. Now we should be able to run the pure-ftpd daemon with -Y 1 or -Y 2 to enable TLS encryption. -Y 1 will allow users to still connect with an unencrypted session (fallback) while -Y 2 will force TLS encryption, this will disconnect users who does not have TLS encryption enabled.

pure-ftpd -A -E -B -D -z -Y 1 &

For a detailed instruction about commands type

pure-ftpd --help

comments powered by Disqus