How to speed up your internet connection on Linux

The speed of your internet connection is something that is affected by a lot of different elements, most of which are out of your reach and/or jurisdiction. That said, there isn't a way to transform a slow internet connection into a lighting-speed one if your provider is just not giving you enough bandwidth, no matter what you do. This post is only aiming to provide generic advice on how to make things a little bit better if possible, and if applicable to each case.

DNS

Sometimes browsing websites seems to be somewhat “clunky” with images not loading correctly, large latency values between your computer and the DNS resolving server, and online cache issues. This may be a sign that your internet provider's DNS are not up to the task, so you may have to change to an alternative option. The two most popular DNS server alternatives are the Google Public DNS and the OpenDNS, but there are a lot more free to use alternatives as well.

Here's how to change to the Google Public DNS on Ubuntu-based distributions. Open your network settings and hop onto the “Advanced Settings”. This will open up a new window where you will find the “IPv4 and IPv6 Settings” tabs. Navigate to both and change the “Method” from Automatic (DHCP) to Automatic (DHCP) Addresses only. Then insert “8.8.8.8” on the DNS servers box of the IPv4 tab, and “2001:4860:4860::8888” on the IPv6 tab. Now, click the “Save” button and you're done.

To test whether your new DNS settings are working properly or not, insert any fixed IP address that points to a website and see if it gets correctly resolved. Insert “91.189.94.40” on your browser address bar and if it gets resolved to ubuntu.com, then you have done things right. You may always revert to your default DNS by leaving the DNS servers box blank and setting the method back to “Automatic (DHCP)”. You can also benchmark your new DNS by using the namebench open source DNS benchmarking utility, and see how much faster your internet browsing really got. It is worth noting that changing your DNS also improves your privacy, security, and may potentially open up access to geoblocked content.

Firewall and Security

It is often the case that aggressive firewalls cause bottlenecks to your regular browsing and downloading. If you don't really need them, change their settings to allow more traffic to pass back and forth without proactive checking, or completely disable them. You can open a terminal and give “sudo iptables -L” to determine what is you Linux kernel-level firewall settings. For higher-level firewalls, you will need to check your router settings and the specific software tools you are using for this purpose.

If you're using Fedora or CentOS, chances are SELinux will be enabled by default. This otherwise magnificent piece of software could possibly cause increased latencies so you may want to disable it. To do so, open the /etc/sysconfig/selinux configuration file as root and find the line that contains “SELINUX=enforcing” and change it to “SELINUX=disabled” and save the file. Hopefully, things will get somewhat faster by doing this, but you should consider the required security level in your system before disabling SELINUX. A median solution would be the “SELINUX=permissive” option that keeps the security module active, but limited to the printing of warning messages.

MTU Setting

MTU stands for Maximum Transmission Unit and it is basically a parameter that determines the maximum size of data packets that are allowed to be transferred from the network to your system. If the MTU value is too small, then you are crippling your speed by dealing with large number of packages, and if it is too large, you are letting the data transmission occupy significant portions of your bandwidth for larger periods of time, essentially causing lag. So, there is a golden ratio as in everything really and if you want to squeeze the maximum performance out of your internet connection, you can determine and set your MTU to an optimal value.

Open a new terminal session and start ping tests to see what the optimal MTU value is. Use the following command:

ping -M do -s 1472 howtoforge.com

Start with 1472 and drop 10 by 10 until you find the highest value that is indicating 0% packet loss, using “Ctrl+C” to cancel each ping.

After you have determined the optimal MTU value, go to /etc/network/interfaces:

nano /etc/network/interfaces

And add a line “mtu 1462” (or whatever value you found as the best) and save the file. Note that you need to open the configuration file as the system administrator or else you won't be able to save your changes. Hopefully, this will speed things up a bit without causing network data package errors.

Browser

If all of the above has failed to deliver anything truly noteworthy, you may want to resort to the browser settings as a final attempt to give your internet browsing a small boost to the better. Firefox and Chrome/Chromium have started to tentatively use a simpler and faster caching method that may speed up your regular browsing a little bit. To enable them do the following:

On Chrome, insert the following on the address bar and press enter:

chrome://flags/#enable-simple-cache-backend

Then locate the “Simple Cache for HTTP” and choose the enable option.

On Firefox, insert the following on the address bar and press enter:

about:config

Then search for browser.cache.use_new_backend and double click it to open a new config window. Change the “0” value to “1” and press “OK” and you're done.

Finally, you can use the Opera browser that offers an up to date Linux version. Opera features a “Turbo mode” that when enabled activates a server-side compression of images on a rate to up to 80%, essentially letting you browse more comfortably on slower internet connections.

Setting up Master-Master Replication with MySQL on Debian

This tutorial describes a replicated MySQL setup (Mater/Master replication) with 2 nodes where data can be read and written to both nodes at the same time. MySQL takes care to replicate the data to the other node and ensures that primary auto increment keys don't collide.

Since version 5, MySQL comes with built-in support for master-master replication, solving the problem that can happen with self-generated keys. In former MySQL versions, the problem with master-master replication was that conflicts arose immediately if node A and node B both inserted an auto-incrementing key on the same table. The advantages of master-master replication over the traditional master-slave replication are that you don't have to modify your applications to make write accesses only to the master, and that it is easier to provide high-availability because if the master fails, you still have the other master.

1 Preliminary Note

In this tutorial I will show how to replicate the database exampledb from the server server1.example.com with the IP address 192.168.1.101 to the server server2.example.com with the IP address 192.168.1.102 and vice versa. Each system is the slave of the other master and the master of the other slave at the same time. Both systems are running Debian 8; however, the configuration should apply to almost all distributions with little or no modifications.

2 Installing MySQL 5.5

If MySQL isn't already installed on server1 and server2, install it now:

server1/server2:

apt-get -y install mysql-server-5.5 mysql-client-5.5

To make sure that the replication can work, we must make MySQL listen on all interfaces, therefore we comment out the line bind-address = 127.0.0.1 in /etc/mysql/my.cnf:

server1/server2:

nano /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Restart MySQL afterwards:

server1/server2:

service mysql restart

Then check with

server1/server2:

netstat -tap | grep mysql

that MySQL is really listening on all interfaces:

netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 15437/mysqld
server1:~#

Now we set up a replication user slave2_user that can be used by server2 to access the MySQL database on server1.

server1:

Login to the MySQL shell:

mysql --defaults-file=/etc/mysql/debian.cnf

On the MySQL shell, run the following commands:

server1:

GRANT REPLICATION SLAVE ON *.* TO repl@'%' IDENTIFIED BY 'secretpassword';
FLUSH PRIVILEGES;
quit;

Replace the word "secretpassword" with a secure password of your choice. Now we do the last two steps again on server2:

server2:

mysql --defaults-file=/etc/mysql/debian.cnf

GRANT REPLICATION SLAVE ON *.* TO repl@'%' IDENTIFIED BY 'secretpassword';
FLUSH PRIVILEGES;
quit;

Replace the word "secretpassword" with a secure password here as well. Note down the passwords as we need them later. 

3 Some Notes

In the following I will assume that both MySQL servers are empty (don't contain any database yet except of the 'mysql' database).

If that's not the case on your server, then you have to lock and dump the databases on the first server and import them on the second one before you continue. Don't unlock the databases before the replication is setup. Below a few commands that show how to copy over all databases to a new server in case you don't start with a "clean" MySQL setup.

Example on how to lock all database tables in a MySQL database.

FLUSH TABLES WITH READ LOCK;
SET GLOBAL read_only = ON;

 Example on how to dump all databases into a file all_databases.sql.

mysqldump --defaults-file=/etc/mysql/debian.cnf -cCeQ --hex-blob --quote-names --routines --events --triggers --all-databases -r all_databases.sql

Example on how to import all tables on the second server from file all_databses.sql.

mysql --defaults-file=/etc/mysql/debian.cnf < all_databases.sql

4 Setting Up Replication

Now we set up master-master replication in /etc/mysql/my.cnf. The crucial configuration options for master-master replication areauto_increment_increment and auto_increment_offset:

• auto_increment_increment controls the increment between successive AUTO_INCREMENT values.
• auto_increment_offset determines the starting point for AUTO_INCREMENT column values.

Let's assume we have N MySQL nodes (N=2 in this example), then auto_increment_increment has the value N on all nodes, and each node must have a different value for auto_increment_offset (1, 2, ..., N).

Now let's configure our two MySQL nodes:

server1:

nano /etc/mysql/my.cnf

Search for the section that starts with [mysqld], and put the following options into it (commenting out all existing conflicting options):

[...]
[mysqld]

# Unique Server ID
server-id = 1

# Do not replicate the following databases
binlog-ignore-db = mysql
replicate-ignore-db = mysql

# Auto increment offset
auto-increment-increment = 2

# Do not replicate sql queries for the local server ID
replicate-same-server-id = 0

# Beginne automatisch inkrementelle Werte mit 1
auto-increment-offset = 1

# Delete binlog data after 10 days
expire_logs_days = 10

# Max binlog size
max_binlog_size = 500M

# Binlog file path
log_bin = /var/log/mysql/mysql-bin.log

[...]

Then restart MySQL:

server1:

service mysql restart

Now do the same on server2:

server2:

nano /etc/mysql/my.cnf

[...]

# Unique Server ID
server-id = 2

# Do not replicate the following databases
binlog-ignore-db = mysql
replicate-ignore-db = mysql

# Auto increment offset
auto-increment-increment = 2

# Do not replicate sql queries for the local server ID
replicate-same-server-id = 0

# Beginne automatisch inkrementelle Werte mit 1
auto-increment-offset = 2

# Delete binlog data after 10 days
expire_logs_days = 10

# Max binlog size
max_binlog_size = 500M

# Binlog file path
log_bin = /var/log/mysql/mysql-bin.log

[...]

server2:

service mysql restart

Next we lock the exampledb database on server1, find out about the master status of server1, create an SQL dump of exampledb (that we will import into exampledb on server2 so that both databases contain the same data), and unlock the database so that it can be used again:

server2:

Now we start the replication on Server 2. Open the MySQL shell:

mysql --defaults-file=/etc/mysql/debian.cnf

And execute the following SQL command to activate the replication from server1 to server2:

CHANGE MASTER TO MASTER_HOST='192.168.1.101', MASTER_USER='repl', MASTER_PASSWORD='secretpassword';

Replace secretpassword with the password for the repl MySQL user that you have set in chapter 2.

Now check the slave status by executing the command "show slave status\G" in the MySQL shell.

show slave status\G

The output will be similar to this:

mysql> show slave status\G
*************************** 1. row ***************************
 Slave_IO_State:
 Master_Host: 192.168.1.101
 Master_User: repl
 Master_Port: 3306
 Connect_Retry: 60
 Master_Log_File: mysql-bin.000001
 Read_Master_Log_Pos: 107
 Relay_Log_File: mysqld-relay-bin.000003
 Relay_Log_Pos: 253
 Relay_Master_Log_File: mysql-bin.000001
 Slave_IO_Running: No
 Slave_SQL_Running: No
 Replicate_Do_DB:
 Replicate_Ignore_DB: mysql
 Replicate_Do_Table:
 Replicate_Ignore_Table:
 Replicate_Wild_Do_Table:
 Replicate_Wild_Ignore_Table:
 Last_Errno: 0
 Last_Error:
 Skip_Counter: 0
 Exec_Master_Log_Pos: 107
 Relay_Log_Space: 410
 Until_Condition: None
 Until_Log_File:
 Until_Log_Pos: 0
 Master_SSL_Allowed: No
 Master_SSL_CA_File:
 Master_SSL_CA_Path:
 Master_SSL_Cert:
 Master_SSL_Cipher:
 Master_SSL_Key:
 Seconds_Behind_Master: NULL
Master_SSL_Verify_Server_Cert: No
 Last_IO_Errno: 0
 Last_IO_Error:
 Last_SQL_Errno: 0
 Last_SQL_Error:
 Replicate_Ignore_Server_Ids:
 Master_Server_Id: 1
1 row in set (0.00 sec)

The Lines that you should check are these:

Master_Host: 192.168.1.101
Master_User: repl
Master_Port: 3306
Master_Log_File: mysql-bin.000001
Relay_Log_File: mysqld-relay-bin.000003
Slave_IO_Running: No
Slave_SQL_Running: No

Now start the replication with this command on the MySQL shell:

start slave;

and then check the slave status again:

show slave status\G

The following two lines should show "yes" now:

Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Seconds_Behind_Master: 0

If "Seconds_Behind_Master" is not 0, then wait a few seconds and check the status again. This field shows if master and slave are in sync.

For the next step, we need to know the values of "Master_Log_File" and "Read_Master_Log_Pos" the "show slave status\G" command. In my case these are:

Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 107

Write down the values that you get on your server, we need it for the next step on server 1.

Afterward you can leave the MySQL shell:

quit

server1:

We continue on the first server, open the MySQL shell on server1:

mysql --defaults-file=/etc/mysql/debian.cnf

And execute the following MySQL command:

CHANGE MASTER TO MASTER_HOST='192.168.1.102', MASTER_USER='repl', MASTER_PASSWORD='secretpassword', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=107;

You have to replace a few things in the above command:

1. The IP address has to be the IP of your second MySQL server.
2. The password "secretpassword" has to be the one that you have choosen in chapter 2 for the user repl.
3. The MASTER_LOG_FILE and MASTER_LOG_POS have to be the values that we have written down in the last step.

Now check with:

show slave status\G

on the MySQL shell if there are no errors.

mysql> show slave status\G
*************************** 1. row ***************************
 Slave_IO_State:
 Master_Host: 192.168.1.102
 Master_User: repl
 Master_Port: 3306
 Connect_Retry: 60
 Master_Log_File: mysql-bin.000001
 Read_Master_Log_Pos: 107
 Relay_Log_File: mysqld-relay-bin.000001
 Relay_Log_Pos: 4
 Relay_Master_Log_File: mysql-bin.000001
 Slave_IO_Running: No
 Slave_SQL_Running: No
 Replicate_Do_DB:
 Replicate_Ignore_DB: mysql
 Replicate_Do_Table:
 Replicate_Ignore_Table:
 Replicate_Wild_Do_Table:
 Replicate_Wild_Ignore_Table:
 Last_Errno: 0
 Last_Error:
 Skip_Counter: 0
 Exec_Master_Log_Pos: 107
 Relay_Log_Space: 107
 Until_Condition: None
 Until_Log_File:
 Until_Log_Pos: 0
 Master_SSL_Allowed: No
 Master_SSL_CA_File:
 Master_SSL_CA_Path:
 Master_SSL_Cert:
 Master_SSL_Cipher:
 Master_SSL_Key:
 Seconds_Behind_Master: NULL
Master_SSL_Verify_Server_Cert: No
 Last_IO_Errno: 0
 Last_IO_Error:
 Last_SQL_Errno: 0
 Last_SQL_Error:
 Replicate_Ignore_Server_Ids:
 Master_Server_Id: 0
1 row in set (0.00 sec)

And start the slave.

start slave;

Check the slave status again:

show slave status\G

The following two lines should show "yes" now:

Slave_IO_Running: Yes
Slave_SQL_Running: Yes

Afterward you can leave the MySQL shell:

quit

If nothing went wrong, MySQL master-master replication should now be working. If it isn't, please check /var/log/syslog for MySQL errors onserver1 and server2.

5 Test the Replication

 Now it's time to test our replication setup. I will create a database exampledb1 on server1 and then check on server2 if the database has been replicated to the second server:

server1:

Login to the MySQL console on server1 and create the database:

mysql --defaults-file=/etc/mysql/debian.cnf

CREATE DATABASE exampledb1;

server2

Now login to the MySQL console on server2 and check if exampledb1 exists there now:

mysql --defaults-file=/etc/mysql/debian.cnf

show databases;

As we can see, the new database shows up on server2 as well.

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| exampledb1 |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)

Next I'll test if the replication works in the other direction as well. We are still logged in on server2 and create there a database exampledb2:

CREATE DATABASE exampledb2;

Now go back to server1 and run "show databases" in the MySQL console:

server1

show databases;

The result shows our new database exampledb2, so the replication is working in both directions.

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| exampledb1 |
| exampledb2 |
| mysql |
| performance_schema |
+--------------------+
5 rows in set (0.01 sec)

OpenSSH Security

These are the six most important tasks to secure your SSH server setup:

1. Use a strong password.
2. Change the SSH default port.
3. Always use protocol version 2.
4. Disable the root login.
5. Limit user access.
6. Use key-based for authentication.

Use a strong password

A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource. Keep it secret from those that are not allowed to access the server. Use a complex and long password, it should be easy to remember and unique according to you but not easy to guess for others. Don't use `admin123` or `admin` etc. that are easy to guess and don't use birthdays, the name of your wife etc. A good password should also contain special chars like '.!;/' (not just the characters a-c and 0-9). Use upper- and lowercase characters in the password.

Change the SSH default port

The default Post of the SSH service is 22, you should change that to make it less obvious that your server is running an SSH service. The SSH configuration file is located in /etc/sshd/ directory, you have to edit the config file /etc/ssh/sshd_config .

nano /etc/ssh/sshd_config

Search for the "Port" line:

Port 22

and change it to your favorite port number, example: 1337

Port 1337

Please choose a port that is not in use on your server yet. You can get a list of ports that are currently in use with the command:

netstat -ntap

This command results in a quite long list that shows all open ports and connections. If you just like to check if your desired port is available, use this command instead:

netstat -ntap | grep 4422

In this example, I'll check if port 4422 is free. If the command does not return a result, then the port is available and can be used for SSH.

Always use protocol 2

SSH has two protocol versions, the old protocol 1 which is insecure and the new protocol 2. So Always use protocol 2 for your ssh server, it is more secure than protocol 1. More Info Here.

Disable root login

You should disable the direct login for the root user because there are many brute force attacks against the name of the root superuser. IMPORTANT: test the SSH login with your alternate non-root user that you plan to use for ssh logins before you disable the root account.

PermitRootLogin no

After you set "PermitRootLogin" to "no", you can not login with root account anymore, although you use the correct password for root user.

Limit user

You should add a new user for login to your server. Assume that you have created the users ruiko and mikoto to login to your server, then you can add the new line:

AllowUsers ruiko mikoto

in /etc/ssh/sshd_config to limit SSH access to these users.

Use Key Based Authentication

I recommended you to use this option because this is very easy to setup and more secure than password-based authentication. First you have to create a public-private key pair on your local (desktop) computer, I use Linux to create it.

You can create the public / private key pair with this command:

ssh-keygen -t rsa -b 4096

It will create 2 files located in ~/.ssh/ directory, id_rsa as private key and id_rsa.pub as the public key. If it prompts for a password, you can leave it blank or type to your password. Using a password to protect your key is recommended.

Now upload the public key id_rsa.pub to your server with ssh-copy-id command.

ssh-copy-id -i ~/.ssh/id_rsa.pub user@serverip

It will automatically write your public key to the file ~/.ssh/authorized_keys/ in your server.

Now go back to your server and edit your ssh file configuration again.

nano /etc/ssh/sshd_config

Uncomment this line:

AuthorizedKeysFile     %h/.ssh/authorized_keys

and finally restart your ssh server:

systemctl restart sshd

Now try connect to your server:

ssh -p '4422' 'user@serverIP'

Conclusion

OpenSSH is the standard for secure remote access to *Unix-like servers, replacing the unencrypted telnet protocol. SSH (and its file transfer sub-protocol SCP) ensures that the connection from your local computer to the server is encrypted and secure. The base installation of OpenSSH is already quite secure, but we can improve it by following the above guide.

How to install ProFTPD on CentOS

1 Preliminary Note

This tutorial is based on CentOS 7.0 server, so you should set up a basic CentOS 7.0 server installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname. 

2 Install ProFTPD

2.1 Installation:

For this enable EPEL as follows:

rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm

We will first  install the ProFTPD and OpenSSL as follows:

yum install -y proftpd openssl proftpd-utils

We need to start the services

systemctl start proftpd.service
systemctl enable proftpd.service

Addition in CentOS 7.0 we need to configure Firewall-cmd for ftp service as follows:

firewall-cmd --add-service=ftp --permanent
firewall-cmd --reload

We can check the ProFTPD version as follows:

proftpd -v

[root@server1 ~]# proftpd -v
ProFTPD Version 1.3.5
[root@server1 ~]#

2.2 Creating ProFTPD Users

For this I will create a group ftpgroup and user srijan for ProFTPD. I will restrict the user srijan with home directory as /ftpshare

groupadd ftpgroup

Next I will add the user srijan in ftpgroup:

useradd  -G ftpgroup srijan -s /sbin/nologin -d /ftpshare
passwd srijan

[root@server1 ~]# passwd srijan
Changing password for user srijan.
New password: <--ftppassword
Retype new password: <--ftppassword
passwd: all authentication tokens updated successfully.
[root@server1 ~]# 

Next we need to make the directory protected from removing and renaming its content by any user, so we will change the directory permissions as follows:

chmod -R 1777 /ftpshare/

Now we are ready for ProFTPD connection

Now we can do login with the user srijan and password at ftp://192.168.0.100

3 Enabling TLS In ProFTPD

In order to enable TLS in ProFTPD, open /etc/proftpd/proftpd.conf before editing the file its better to make the original file backup and then edit the file as shown below:

cp /etc/proftpd.conf /etc/proftpd.conf.bak
nano /etc/proftpd.conf

Give the entries as shown

[...]DefaultRoot                     ~ !adm
PassivePorts    6000    6100
[...] 
#<IfDefine TLS>
  TLSEngine                     on
  TLSRequired                   on
  TLSRSACertificateFile         /etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile      /etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite                ALL:!ADH:!DES
  TLSOptions                    NoCertRequest
  TLSVerifyClient               off
  TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
  TLSLog                        /var/log/proftpd/tls.log
#  <IfModule mod_tls_shmcache.c>
#    TLSSessionCache            shm:/file=/var/run/proftpd/sesscache
#  </IfModule>
#</IfDefine>
[...] 

I have added 6000 and 6100 ports for allowing passive mode of ftp, similarily I will allow the passive mode through the CentOS firewalld service as follows:

firewall-cmd --add-port=6000-6100/tcp --permanent
firewall-cmd --reload

We can check the ports status as follows:

firewall-cmd --list-ports

[root@server1 ~]# firewall-cmd --list-ports
6000-6100/tcp
[root@server1 ~]#

Additionally we need to tell SELINUX to allow the read/write of the files.

setsebool -P allow_ftpd_full_access=1

In order to use TLS, we must create an SSL certificate. I will create it in /etc/pki/tls/certs, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem

[root@server1 certs]# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem
Generating a 1024 bit RSA private key
...................................++++++
.........++++++
writing new private key to '/etc/pki/tls/certs/proftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:<--DE
State or Province Name (full name) []:<--Hamburg
Locality Name (eg, city) [Default City]:<--Luneberg
Organization Name (eg, company) [Default Company Ltd]:<--ISPConfig
Organizational Unit Name (eg, section) []:<--Development
Common Name (eg, your name or your server's hostname) []:<--server1.example.com
Email Address []:<--info@example.com
[root@server1 certs]#

Give the above values in red as per your choice, I have just given an example.

Now for security purpose I will make the certificates only readable as follows:

chmod  0440 /etc/pki/tls/certs/proftpd.pem

Finally restart the ProFTPD service as follows:

systemctl restart proftpd.service

We can connect to the ProFTPD server with Filezilla software, you must have Filezilla installed at client to connect to the server. Open Filezilla and give the details as follows:

Details will be

Host = 192.168.0.100
Protocol = FTP
User = srijan
Port = can be blank if you have not customized it another port than 21
Password = ftppassword (just created above)

It will ask for trusting the certificates press OK

It will be connected to the FTP shared directory with TLS connection.

4 Anonymous ftp access in ProFTPD

We can make anonymous ftp account in ProFTPD, just add these entries in ProFTPD configuration file:

nano /etc/proftpd.conf

And add these entries at the last of the file,

[...]
###Anonymous share#####
<Anonymous ~ftp>
  User ftp
  Group ftp

UserAlias anonymous ftp
DirFakeUser       on ftp 
DirFakeGroup on ftp
MaxClients 10

    <Directory *>    
<Limit WRITE>     
DenyAll   
</Limit> 
    </Directory>

</Anonymous>

Now we need to restart the services:

systemctl restart proftpd.service

We have successfully connected to the server with Anonymous user.

Congratulations! Now we have successfully configured ProFTPD server environment in CentOS