@eris already post the steps but to do it a bit user friendly and avoid problems with functions and variables, I’ve created a script (the script also enables rules for fail2ban).
Create a file like this in your hestiacp server:
touch /root/install-vsftpd-hestia
chmod 750 /root/install-vsftpd-hestia
Now edit the file /root/install-vsftpd-hestia, with vi, nano, or whatever editor you are used to use and paste below content:
#!/usr/bin/env bash
HESTIA="/usr/local/hestia"
BIN="${HESTIA}/bin"
# Install vsftpd
if ! apt -y install vsftpd; then
echo "Error installing vsftpd, I can't continue"
exit 100
fi
# Add conf and configure logs
cp -f "$HESTIA"/install/deb/vsftpd/vsftpd.conf /etc/
touch /var/log/vsftpd.log
chown root:adm /var/log/vsftpd.log
chmod 640 /var/log/vsftpd.log
touch /var/log/xferlog
chown root:adm /var/log/xferlog
chmod 640 /var/log/xferlog
update-rc.d vsftpd defaults &>/dev/null
echo "Conf and logs for vsftpd created"
# Start vsftpd service
if systemctl start vsftpd; then
echo "vsftpd start successfull"
else
echo "vsftpd start failed"
fi
# IF firewall rule doesn't exist, add it
if ! "$BIN"/v-list-firewall | grep -q '21,12000-12100'; then
"$BIN"/v-add-firewall-rule ACCEPT '0.0.0.0/0' '21,12000-12100' TCP FTP
echo "Firewall rule created for ports 21,12000-12100"
fi
# Change FTP_SYSTEM variable
sed -i "s/FTP_SYSTEM=.*/FTP_SYSTEM='vsftpd'/g" "$HESTIA"/conf/hestia.conf
echo "FTP_SYSTEM variable changed to vsftpd in hestia.conf"
# If fail2ban is installed, enable vsfptd-iptables rules
jail_local="/etc/fail2ban/jail.local"
if [[ -e "$jail_local" ]]; then
fline=$(grep -n vsftpd-iptables -A 2 "$jail_local")
fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
sed -i "${fline}s/false/true/" "$jail_local"
systemctl restart fail2ban
echo "Rule for vsftpd enabled in jail.local and fail2ban service restarted"
else
echo "Seems fail2ban is not installed"
fi
echo "Done!"
Save the file and execute it
/root/install-vsftpd-hestia
I hope this helps.
Cheers,
sahsanu