Here’s a concise walkthrough for setting up the ProFTPD FTP server on CentOS 8 or Rocky 8, starting with enabling EPEL and AppStream repositories before installing the package via dnf. The guide then shows how to enable and start the systemd service, open firewalld for port 21, edit /etc/proftpd.conf for anonymous access, passive ports, and logging, and reload the daemon afterward. A section demonstrates creating a dedicated FTP user with proper directory permissions and checking SELinux contexts if needed, followed by instructions for testing connectivity from another machine. Finally, it offers optional TLS configuration steps, including installing mod_tls and configuring certificates so that secure file transfers can be established.

Install Proftpd on CentOS and Rocky Linux 8

If you’re looking to spin up a quick, lightweight FTP server on a fresh RHEL‑8 derivative, this guide will get ProFTPD up and running in minutes—no fluff, just the steps that matter.

Before You Start

You’ll need root or sudo privileges on a machine that’s already booted into CentOS 8 (or its fork Rocky Linux 8). I’ve been in the same spot many times: you install the OS, forget about firewall tweaks, and then “proftpd” refuses to listen on 21. This walkthrough closes those gaps.

Prerequisites

• A clean installation of CentOS 8 or Rocky 8 (not the old CentOS 7).
• Internet connectivity for package downloads.
• Basic knowledge of the command line—if you can navigate /etc and run sudo, you’re good to go.

1. Enable EPEL and AppStream

ProFTPD lives in the AppStream repository, but the latest build sometimes requires a few extras from EPEL. Run:

sudo dnf install epel-release -y

Without EPEL, you’ll hit “No package proftpd available” even if AppStream is enabled. It also pulls in newer libcrypto versions that ProFTPD likes.

Next, make sure the AppStream repo is active:

sudo dnf config-manager --set-enabled appstream

If you’re on Rocky, the same commands work; just remember that Rocky is a downstream rebuild of CentOS 8.

2. Install ProFTPD

Now that repositories are sorted, install the package:

sudo dnf install proftpd -y

A quick note: the -y flag saves you from having to confirm each dependency prompt—useful when you’re already in a hurry.

3. Verify the Service Unit

ProFTPD installs as a systemd service called proftpd. Check its status:

sudo systemctl status proftpd

If it’s inactive, start and enable it so it runs at boot:

sudo systemctl start proftpd
sudo systemctl enable proftpd

4. Open the Firewall

FTP uses port 21 for control traffic, plus a range of passive ports if you enable that mode (the default is active FTP). Tell firewalld to allow it:

sudo firewall-cmd --permanent --add-service=ftp
sudo firewall-cmd --reload

You can confirm with sudo firewall-cmd --list-all | grep ftp.

5. Basic Configuration

The main config file lives at /etc/proftpd.conf. Back it up first:

sudo cp /etc/proftpd.conf /etc/proftpd.conf.bak

Now, open it in your favorite editor:

sudo nano /etc/proftpd.conf

A few tweaks that usually help:

1. Anonymous access – If you don’t need public downloads, comment out the DefaultRoot line or set a specific directory.

2. Passive mode ports – Add a range if you plan to support passive clients:

   <IfModule mod_tls.c>
     Port 21
   </IfModule>

   PassivePorts 10000-10100

3. Logging level – For troubleshooting, set LogFormat to something more verbose:

   LogFormat "%h %l %u %t \"%r\" %s %b"

After editing, reload ProFTPD:

sudo systemctl reload proftpd

6. Create a Test User

If you’re just testing, create a dedicated FTP user:

sudo adduser ftpuser
sudo passwd ftpuser

Give them a home directory and make sure it’s readable/writable for FTP:

mkdir -p /home/ftpuser/uploads
chmod 755 /home/ftpuser/uploads
chown ftpuser:ftpuser /home/ftpuser/uploads

Add an entry in /etc/proftpd.d/ to restrict them to their home directory (optional but recommended).

7. Test the Setup

From another machine, run:

ftp <your-server-ip>

Login with ftpuser and try uploading/downloading a file. If you hit “Connection refused,” double‑check that firewalld is open on port 21 or that SELinux isn’t blocking it.

Real‑world tip: I’ve seen this happen when SELinux was in enforcing mode but the context for /home/ftpuser wasn’t labeled public_content_t. Running:

sudo semanage fcontext -a -t public_content_rw_t "/home/ftpuser(/.*)?"
sudo restorecon -Rv /home/ftpuser

solved it.

8. Optional: Secure the Connection

If you’re dealing with sensitive files, consider TLS. Install mod_tls:

sudo dnf install proftpd-mod-crypto

Then enable TLS in /etc/proftpd.conf:

<IfModule mod_tls.c>
  TLSEngine on
  TLSLog /var/log/proftpd/tls.log
  TLSProtocol SSLv23
  TLSCipherSuite ALL:!ADH:!DES:!EXPORT:!SSLv2
  TLSRSACertificateFile /etc/pki/tls/certs/server.crt
  TLSRSACertificateKeyFile /etc/pki/tls/private/server.key
</IfModule>

You’ll need a certificate and key—either self‑signed or from Let’s Encrypt. After editing, reload the service.

Final Thoughts

ProFTPD is a solid choice if you want something that sticks to the FTP spec without too many bells. It’s not the flashiest server out there, but for everyday file exchange on CentOS 8 or Rocky 8 it does the job well.

Give those steps a whirl and let me know how your server performs.