I recently had to set up FTPS for a client as SFTP wasn’t an option. The benefit of FTPS with Pure-FTPD is the ability to save files as another user when uploading files. Here’s how to do it:
Give ourselves root privileges
sudo -i
For Debian/Ubuntu:
Update our aptitude cache
apt-get update
Install openssl and Pure-FTPD
apt-get install openssl pure-ftpd
For Centos/Fedora/Redhat
Update our yum cache
yum update
Install openssl and Pure-FTPD
yum install openssl pure-ftpd
Add a new user for which we want to use to log in, set their home directory that they’ll see when they log in and set their primary group as the owner of the files in that directory
adduser staging -d /var/www/wordpress -g nginx
Set a password for the new user, remember this as we’ll need to set it later to
passwd staging
The next two commands are important as they’ll display the users UID, which we need later on; make a note of both users’ UID
id staging
id nginx
Create the Pure-FTPD user database and set the details to the same as the adduser stage above, use the same password as the previous user creation also
pure-pw useradd staging -d /var/www/wordpress -u nginx
pure-pw mkdb
Make a new directory and create an SSL certificate, enter details as you wish when creating the SSL certificate, set Common Name to your servers hostname
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Make the certificate readable be root only
chmod 600 /etc/ssl/private/pure-ftpd.pem
Edit the Pure-FTPD config
vi /etc/pure-ftpd/pure-ftpd.conf
Uncomment and change TLS to 2 to allow only TLS connections
TLS 2
Uncomment the PureDB line to allow it to use our user
PureDB /etc/pure-ftpd/pureftpd.pdb
Change and set MinUID to the lowest UID from the “id staging and id nginx” command above, nginx will usually have the lower UID, but it depends on the users you’re going to use
MinUID 48
Restart PureFTPd
/etc/init.d/pure-ftpd restart
Connect using FTPS using SSL dependant on your client on port 21 as usual