Example vsftpd.conf configuration file with or without TLS support

Below are two sample configs files for vsftpd with all comments removed for legibility.

1. Config File for Non-TLS support

Before editing the config file, create a backup.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Now delete vsftpd.conf as we will create our own one.

sudo rm /etc/vsftpd.conf

Now, create a new config file.

sudo nano /etc/vsftpd.conf

Paste this into nano editor using the right mouse button.

/etc/vsftpd.conf

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
ssl_enable=NO
force_dot_files=YES

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

Restart vsftpd.

sudo systemctl restart vsftpd

2. Config File for TLS support

It’s important to keep a few things in mind when using FTP – it is not encrypted by default meaning your credentials and content that you send are sent in the clear so are vulnerable to interception. To address this you should connect using FTPS (FTP over SSL/TLS).

Below is a sample vsftpd.conf with TLS support. Please ensure you have your private key generated in /etc/ssl/private/vsftpd.pem. For more details, please see Step 7 in this guide: Installing an FTP server (vsftpd) on Ubuntu 16.04 / 17.10.