apt-get install proftpd

UseIPv6 off
# limit user to their home dir (/var/www in this case)
DefaultRoot ~ ftpgrp
RequireValidShell off
PassivePorts 65504 65534
  
<Limit LOGIN>
    DenyGroup !ftpgroup
</Limit>

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 65504:65534 -j ACCEPT

addgroup ftpgrp

useradd --home-dir /var/www --groups ftpgrp,www-data --shell /bin/false ftpuser
passwd ftpuser

adduser ftpuser ftpgroup

For document root:

chown -R www-data:www-data /var/www/ OR chgrp -R www-data /var/www/
chmod -R g+w /var/www/
chmod g+s /var/www/ OR find . -type d | xargs chmod g+s

mkdir /etc/proftpd/ssl
openssl req -new -x509 -days 3650 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

Uncomment the Include /etc/proftpd/tls.conf line in /etc/proftpd/proftpd.conf

[...]
#
# This is used for FTPS connections
#
Include /etc/proftpd/tls.conf
[...]

Then open /etc/proftpd/tls.conf and make it look as follows:

<IfModule mod_tls.c>
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
TLSProtocol TLSv1.2
TLSCipherSuite AES128+EECDH:AES128+EDH
TLSOptions                 NoCertRequest AllowClientRenegotiations
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                on
RequireValidShell          no
</IfModule>

 service proftpd restart

If no TLS disable module in /etc/proftpd/modules.conf

#LoadModule mod_tls_memcache.c

Some clients (like php ftp function) doesn't handle hosts behind NAT well. You get this error:

PHP Warning:  ftp_put(): Entering Passive Mode (10,10,6,169,255,243). in php-ftp-client/FtpClient/FtpWrapper.php on line 85

In /etc/proftpd/proftpd.conf just set the MasqueradeAddress to public IP of proftpd host.

• Debian 8

• https://www.howtoforge.com/tutorial/install-proftpd-with-tls-on-ubuntu-16-04/
• http://www.rackspace.com/knowledge_center/article/how-to-add-linux-user-with-document-root-permissions
• http://wiki.linuxquestions.org/wiki/Set_up_FTP_server
• https://www.thomas-krenn.com/de/wiki/FTP-Server_unter_Debian_einrichten
• https://www.thomas-krenn.com/en/wiki/Setup_FTP_Server_under_Debian
• https://www.howtoforge.com/tutorial/proftpd-installation-on-debian-and-ubuntu/