Edit and validate the live Pure-FTPd configuration. This page is available only when the file-transfer service (FTP) is installed and enabled. Access: root.

What you’re editing

• /etc/pure-ftpd/pure-ftpd.conf — global server behavior: auth backends, TLS, passive ports, limits, and logging.

Editor and apply flow

• Click Validate & Apply Changes to save and test the config.
• A backup is written to /etc/pure-ftpd/pure-ftpd.conf.bak before saving.
• The configuration is validated; on error, the backup is restored and the error is shown.
• On success, the service is restarted and its active state is verified.
• Safety limit: files over 1 MB are refused by the editor.

How Synconix wires FTP

• TLS & SNI certificates: Pure-FTPd uses the pure-certd helper for per-hostname TLS via ExtCert /run/pure-certd.sock; TLS is enforced (TLS 1).
• External authentication: Logins go through the Synconix pure-auth plugin via ExtAuth /run/pureftpd-auth.sock. PAM/Unix auth can also be enabled.
• Passive ports: PassivePortRange 49152 65534 — open this range in your firewall.
• Anonymous access: disabled by default (NoAnonymous yes).
• Logging: rsyslog routes logs per domain and per user under /var/log/domains/<domain>/ and /var/log/accounts/<login>/.
• Systemd units: managed services: pure-authd, pure-certd, pure-ftpd.

Common directives to review

• TLS on; verify certs via pure-certd.
• ExtAuth / ExtCert sockets.
• PassivePortRange aligned with firewall/NAT.
• MaxIdleTime for idle disconnects.
• BrokenClientsCompatibility for legacy clients.

Operational tips

• Open TCP 21 and the passive range on your firewall/LB.
• Verify pure-auth mapping for virtual users before tightening policy.
• Use SNI-aware clients for hostname-specific certificates.

Troubleshooting

• Validation failed: fix the reported lines; previous config is restored automatically.
• Service not active: check detailed systemd status and retry.
• TLS/login issues: confirm pure-certd/pure-authd are running and socket paths match.