sftpgo: reduce the passive port range
hopefully this eases the load on the upstream firewall's UPNP service
This commit is contained in:
parent
12f2798140
commit
d0de6a9254
|
@ -13,13 +13,15 @@ let
|
|||
pname = "external_auth_hook";
|
||||
srcRoot = ./.;
|
||||
};
|
||||
in
|
||||
{
|
||||
# Client initiates a FTP "control connection" on port 21.
|
||||
# - this handles the client -> server commands, and the server -> client status, but not the actual data
|
||||
# - file data, directory listings, etc need to be transferred on an ephemeral "data port".
|
||||
# - 50000-50100 is a common port range for this.
|
||||
# 50000 is used by soulseek.
|
||||
passiveStart = 50050;
|
||||
passiveEnd = 50070;
|
||||
in
|
||||
{
|
||||
sane.ports.ports = {
|
||||
"21" = {
|
||||
protocol = [ "tcp" ];
|
||||
|
@ -43,7 +45,7 @@ in
|
|||
description = "colin-FTP server data port range";
|
||||
};
|
||||
})
|
||||
(lib.range 50050 50100)
|
||||
(lib.range passiveStart passiveEnd)
|
||||
);
|
||||
|
||||
# use nginx/acme to produce a cert for FTPS
|
||||
|
@ -114,8 +116,8 @@ in
|
|||
disable_active_mode = true;
|
||||
hash_support = true;
|
||||
passive_port_range = {
|
||||
start = 50050;
|
||||
end = 50100;
|
||||
start = passiveStart;
|
||||
end = passiveEnd;
|
||||
};
|
||||
|
||||
certificate_file = "/var/lib/acme/ftp.uninsane.org/full.pem";
|
||||
|
|
Loading…
Reference in New Issue
Block a user