Forge Home


Puppet module to manage ProFTPD


2,675 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.1.0 (latest)
  • 2.0.0
  • 1.4.9
  • 1.4.8
  • 1.4.7
  • 1.4.6
  • 1.4.5
  • 1.4.4
  • 1.4.3
  • 1.4.2
  • 1.4.1
  • 1.4.0
  • 1.3.0
  • 1.2.0
  • 1.1.2
  • 1.1.1 (deleted)
  • 1.1.0
  • 1.0.0
released Aug 3rd 2022
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
  • Puppet >= 6.0.0 < 8.0.0
  • , , , , FreeBSD
This module has been deprecated by its author since Jul 11th 2023.

The reason given was: new maintainer

The author has suggested markt-proftpd as its replacement.

Start using this module


fraenki/proftpd — version 2.1.0 Aug 3rd 2022


Build Status Puppet Forge Puppet Forge - downloads

Table of Contents

  1. Overview
  2. Requirements
  3. Usage
  4. Reference
  5. Limitations
  6. Development
  7. Contributors


A Puppet module for ProFTPD, hiera-friendly, highly configurable and well-tested.



Beginning with proftpd

This example will install packages, setup a minimal configuration and activate the service for you:

class { 'proftpd': }

Loading additional modules is easy too:

class { 'proftpd':
  load_modules => {
    ban => {},
    tls => {},
    sql => {},

It is simple to add new options or overwrite the defaults in the configuration root or any (sub) section:

class { 'proftpd':
  options => {
    'ROOT'  => {
      'ServerName'   => 'FTP server',
      'MaxInstances' => '10',
    'IfModule mod_vroot.c' => {
      'VRootEngine' => 'on',

NOTE: You don't need to take care for section brackets or closing tags. The module will add this automatically.

Enabling anonymous login and customizing it's default options works the same way:

class { 'proftpd':
  anonymous_enable => true,
  options          => {
    'Anonymous ~ftp'        => {
      'Directory uploads/*' => {
        'Limit STOR'        => {
          'AllowAll'        => true,
          'DenyAll'         => false,

You may opt to disable the default configuration and do everything from scratch:

class { 'proftpd':
  default_config => false,
  options => {...}

(Here the options hash must contain all options required to run ProFTPD.)

Using Hiera

You're encouraged to define your configuration using Hiera, especially if you plan to disable the default configuration:

proftpd::default_config: false
# load modules in a specific order if necessary
    order: 1
    order: 2
    order: 3
    order: 4
    order: 5
  ban: {}
  tls: {}

    ServerType: 'standalone'
    DefaultServer: 'on'
    ScoreboardFile: '/var/run/proftpd.scoreboard'
    DelayTable: '/var/run/proftpd.delay'
    ControlsSocket: '/var/run/proftpd.socket'
    User: 'www'
    Group: 'www'
    Umask: '006'
    UseReverseDNS: 'off'
    DefaultRoot: '~ !'
    DefaultChdir: '/var/ftp'
    ServerName: '%{::fqdn}'
    Port: '21'
    PassivePorts: '49152 65534'
    TransferLog: 'NONE'
      - 'default "%h %l %u %t \"%r\" %s %b"'
      - 'auth "%t %v [%P] %h \"%r\" %s"'
      - 'access "%h %l %u %t \"%r\" %s %b"'
      - '/var/log/proftpd/access.log INFO,DIRS,MISC,READ,WRITE access'
      - '/var/log/proftpd/auth.log AUTH auth'
    MaxClients: '20 "Connection limit reached (%m)."'
    MaxInstances: '20'
    MaxClientsPerHost: '15 "Connection limit reached (%m)."'
    MaxClientsPerUser: '10 "Connection limit reached (%m)."'
    TLSEngine: 'on'
    TLSProtocol: 'SSLv23'
    TLSRequired: 'off'
    TLSOptions: 'NoCertRequest'
    TLSVerifyClient: 'off'
    TLSRSACertificateFile: '/etc/ssl/%{::fqdn}.crt'
    TLSRSACertificateKeyFile: '/etc/ssl/%{::fqdn}.key'
    TLSLog: '/var/log/proftpd/tls.log'
    RequireValidShell: 'off'
    UseFtpUsers: 'on'
    AllowRetrieveRestart: 'on'
    AllowStoreRestart: 'on'
    AllowOverwrite: 'yes'
    AccessGrantMsg: '"Login OK"'
    IdentLookups: 'off'
    ServerIdent: 'on "FTP Service"'
    AllowForeignAddress: 'on'
    DirFakeUser: 'on www'
    DirFakeGroup: 'on www'
    PathDenyFilter: '"(\.ftpaccess)$"'
    ListOptions: '"-a"'
    MaxLoginAttempts: '2'
    AuthUserFile: '/etc/proftpd/proftpd.passwd'
    AuthGroupFile: '/etc/proftpd/'
    TimeoutLogin: '1800'
    TimeoutIdle: '1800'
    TimeoutStalled: '1800'
    TimeoutNoTransfer: '1800'
  'Directory /':
    AllowOverwrite: 'on'
    ServerName: '"FTP Server 1"'
    PassivePorts: '60000 65534'
  'IfModule mod_rewrite.c':
    RewriteEngine: 'on'
    RewriteLog: '/var/log/proftpd/rewrite.log'
      - |
        replace int:replaceall
            RewriteCondition        %m ^(STOR)$
            RewriteRule             ^(.*)$  "${replace:/$1/ /_}"
      - |
        replace int:replaceall
            RewriteCondition        %m ^(STOR)$
            RewriteRule             ^(.*)$  "${replace:/$1/\?/_}"
      - |
        replace int:replaceall
            RewriteCondition        %m ^(STOR)$
            RewriteRule             ^(.*)$  "${replace:/$1/Ü/UE}"
  'Directory /mnt/exchange/user1/*':
      - |-
        '%f "^[[:cntrl:] ]+"
            RewriteRule "^[[:cntrl:] ]+([^[:cntrl:]]+)" $1'
      - |-
        '%f "[[:cntrl:] ]+$"
            RewriteRule "([^[:cntrl:]]+)[[:cntrl:] ]+$" $1'
      - |-
        '%f "[[:cntrl:]]"
            RewriteRule "([^[:cntrl:]]+)[[:cntrl:]]*([^[:cntrl:]]*)[[:cntrl:]]*([^[:cntrl:]]*)" $1$2$3'  



You may want to use the $options parameter to overwrite default configuration options or build a ProFTPD configuration from scratch. There are few things you need to know:

  • sections: ProFTPD's configuration uses a number of <sections>. You create a new section by specifying a hash, the module's erb template will do the rest for you. This works for special cases like <IfDefine X> too.
  • ROOT: To add items to the root of the ProFTPD configuration, use this namespace.
  • false: Setting a value to 'false' will remove the item from the configuration.
  • multiple values: If you want to specify multiple values for the same configuration item (i.e. LogFormat or ExtendedLog), you need to specify these values as an array.

Classes and Parameters

Classes and parameters are documented in


No Ruby 1.8 support

Some users reported issues when running this module on Ruby 1.8. The config file may change on every puppet run. Please upgrade to Ruby 1.9 to fix this issue. (See PUP-1755 for more details and a description of the root cause.)

OS Compatibility

This module was tested on FreeBSD, CentOS and Debian. Please open a new issue if your operating system is not supported yet, and provide information about problems or missing features.

Template Issues

The proftpd.conf.erb template... sucks. It suffers from code repetition. Furthermore it is limited to only four nested configuration sections (which should still be enough, even for rather complex configurations). If you come up with a better idea please let me know.


Please use the github issues functionality to report any bugs or requests for new features. Feel free to fork and submit pull requests for potential contributions.


This module is heavily inspired by and in part based on the following modules:

See the LICENSE file for further information.