Proftpd on RHEL 9.1

OS type and version RHEL 9.1
Webmin version 2.001
Virtualmin version 7.3
Related packages ProFTP

Clean install of RHEL 9.1

System settings, Features and Plugins, enable ProFTPD

Create Virtual Server, ProFTPD is already selected, hit Create.

This happens…

Applying FTP server configuration …
… failed :

Job for proftpd.service failed because the control process exited with error code.
See “systemctl status proftpd.service” and “journalctl -xeu proftpd.service” for details.

systemctl status proftpd

× proftpd.service - ProFTPD FTP Server
Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2022-11-28 16:07:50 ACDT; 1min 59s ago
Duration: 1min 34.064s
Process: 3381 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=1/FAILURE)
CPU: 23ms

proftpd[3381] [4] /lib64/ [0x7f70c9a8beb0]
proftpd[3381] : [5] /lib64/ [0x7f70c9a8bf60]
proftpd[3381] : [6] /usr/sbin/proftpd(_start+0x25) [0x555b7a56b925]
proftpd[3381] : -----END STACK TRACE-----
proftpd[3381] : ProFTPD terminating (signal 11)
proftpd[3381] : ProFTPD terminating (signal 11)
proftpd[3381] : ProFTPD 1.3.8rc4 standalone mode SHUTDOWN
systemd[1]: proftpd.service: Control process exited, code=exited, status=1/FAILURE
systemd[1]: proftpd.service: Failed with result ‘exit-code’.
systemd[1]: Failed to start ProFTPD FTP Server.

journalctl -xeu proftpd.service

proftpd[3381]: Checking syntax of configuration file
proftpd[3381]: warning: “” address/port ( already in use by “ProFTPD”
proftpd[3381]: mod_dso/0.5: unable to load ‘mod_tls.c’; check to see if ‘/usr/libexec/proftpd/’ exists
proftpd[3381]: mod_dso/0.5: module ‘mod_tls.c’ already loaded
proftpd[3381]: fatal: TLSOptions: : unknown TLSOption ‘NoCertRequest’ on line 10 of ‘/etc/proftpd/conf.d/virtualmin.conf’
proftpd[3381]: error: unable to open parse file ‘/etc/proftpd/conf.d/virtualmin.conf’: Operation not permitted

Both edited for privacy and brevity.

I have tested this on a couple of fresh installs just to verify the problem, I also setup a new RHEL 8.7 server to test, and that worked fine.

What’s also odd is that I create a file after running the initial install Wizard, /etc/proftpd/conf.d/passive-ports.conf and Vmin tacks on a block of VirtualHost details. It’s also done this on an exiting server, but only does it once and more domains don’t get added there.

I have done some more testing.

If there is any file at all in /etc/proftpd/conf.d - I made an empty file called “azalea”, then when you Edit Virtual Server and tick “IP-based virtual FTP enabled” , it will write the details into that other file (azalea) instead of virtualmin.conf and show the error:

Applying FTP server configuration …
… failed :

Job for proftpd.service failed because the control process exited with error code.
See “systemctl status proftpd.service” and “journalctl -xeu proftpd.service” for details.

The same thing happens with RHEL 8.7 but without the error message, and FTP to a Virtual server works with and without the FTP being activated either globally or for the domain.

Does anybody care?

This option does not do what you expect. It does not enable FTP for the domain (FTP is always enabled for the domain, if the FTP server is running). It sets up IP-based virtual hosting…meaning, you must have one IP for every domain that will have an FTP site. This pretty much not a feature anyone needs or wants.

I don’t know about the other issue you’ve reported (I don’t use FTP and haven’t for nearly 3 decades…but I’ll look into it this weekend). Looks like we’re using old synax or something…

Thanks, also for the excellent explanation.

Put simply, FTP doesn’t work unless I move /etc/proftpd/conf.d/virtualmin.conf out of the way.

I tested FTP before running install - worked fine.

I then tested after doing the install, but before running the wizard and the problem was now there.

Also, if using the IP-based stuff, then Vmin adds it’s stuff about the enabled domain to any other file in that directory mentioned above and only adds it to virtualmin.conf if no other file exists.

Good luck.

Turns out this is already fixed in the next version of virtualmin-config. Fix to drop `NoCertRequest` deprecated and removed option for ProFTPd · virtualmin/Virtualmin-Config@ba0329a · GitHub

I’ll try to get that out this weekend.

Any luck over the weekend Joe?

No, but I should point out that virtualmin-config only runs during installation of Virtualmin. The update, when I roll it out, won’t fix an existing installation. The solution for now is just to remove that old directive from the ProFTPd config file.

1 Like

Thanks Joe,
I am holding off on a new PRO VirtualMin install to be my hosting server, so I am not needing to fix an existing installation. Is there an ETA for the fix to be released? I am keen as I need to get the sites off an old server ASAP due to potential reliability issues.

OK. worked out the edit and it’s now working, but is it possible to use the LetsEncrypt certificate for the domain being used rather than the original self signed certificate of the host from when the First time wizard was run?

Not a biggie as it’s mostly the web developers that use FTP rather then the end users.

It is only possible to use one certificate for ProFTPd, in currently supported versions. Whether it is a self-signed certificate is up to you (there is a button to choose which certificate to use as the default for services that only support one, like ProFTPd).

Very new versions of ProFTPd support SNI, so, at some point in the future, it’ll be possible to have name-based certificate selection…but we aren’t there yet.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.