How to set-up ProFTP with MySQL Virtual Users and SSL

Install packages:

aptitude install proftpd proftpd-mysql

Generate SSL certificates:

openssl req -new -x509 -days 3650 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem

Create configuration file, adjusting to suit your needs:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

DefaultAddress                  192.168.1.1
DefaultServer                   on
ServerName                      "hostname.example.com"
ServerType                      standalone
Port                            21
UseIPv6                         off
User                            proftpd
Group                           nogroup
MaxInstances                    30
TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200
DeferWelcome                    off
MultilineRFC2228                on
ShowSymlinks                    on
DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"
UseReverseDNS                   off
IdentLookups                    off
TransferLog                     /var/log/proftpd/xferlog
SystemLog                       /var/log/proftpd/proftpd.log
DenyFilter                      \*.*/
DefaultRoot                     ~
RequireValidShell               off
Umask                           177 077
AllowOverwrite                  on

SQLAuthTypes                    OpenSSL Crypt Plaintext
SQLAuthenticate                 users*
SQLConnectInfo                  user@localhost username password
SQLDefaultGID                   65534
SQLDefaultUID                   65534
SQLMinUserGID                   1000
SQLMinUserUID                   1000
SQLUserInfo                     domains domain password Uid Gid Dir NULL

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                    49152 65534

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd              off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile                   off

<IfModule mod_tls.c>
   TLSEngine on
   TLSLog /var/log/proftpd/proftpd-tls.log
   TLSProtocol TLSv1
   TLSRequired off
   TLSRSACertificateFile    /etc/proftpd/ftpd-rsa.pem
   TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem
   TLSVerifyClient off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

To add or update a user:

ftpasswd --passwd --file=/etc/proftpd/users --name=example.com --uid=2001 --gid 2000 --home=/var/www/example.com --shell=/bin/false