# Run in the foreground to keep the container running:
background=NO

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

## Enable virtual users
guest_enable=YES

## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

## PAM file name
pam_service_name=vsftpd_virtual

## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/vsftpd/$USER

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES

# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# and http://serverfault.com/questions/362619/why-is-the-chroot-local-user-of-vsftpd-insecure
allow_writeable_chroot=YES

## Hide ids from user
hide_ids=YES

## Enable logging
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log

log_ftp_protocol=YES
xferlog_std_format=YES
vsftpd_log_file=/var/log/vsftpd.log



## Enable active mode
port_enable=YES
connect_from_port_20=YES
ftp_data_port=20

## Disable seccomp filter sanboxing
seccomp_sandbox=NO

#
# pasv_address=64.227.1.182
# pasv_max_port=21110
# pasv_min_port=21100
# pasv_addr_resolve=NO
pasv_enable=YES
# file_open_mode=0666
# local_umask=077
# reverse_lookup_enable=YES
# pasv_promiscuous=NO
# port_promiscuous=NO

## additional settinhg
# listen=YES
# dirmessage_enable=YES
# listen_ipv6=NO
# userlist_enable=YES
# tcp_wrappers=YES

## SSL Configuration
# rsa_cert_file=/etc/ssl/private/vsftpd.crt
# rsa_private_key_file=/etc/ssl/private/vsftpd.key
# ssl_enable=YES   
# allow_anon_ssl=NO
# force_local_data_ssl=YES
# force_local_logins_ssl=YES
# ssl_tlsv1=YES
# ssl_sslv2=NO
# ssl_sslv3=NO
# require_ssl_reuse=NO
# ssl_ciphers=HIGH

## Variables set at container runtime