/etc/proftpd/proftpd.conf:

UseIPv6				off
IdentLookups			off
UseReverseDNS 			off
AllowRetrieveRestart 		on
AllowOverwrite 			on
AllowStoreRestart 		on
RequireValidShell 		off
ServerType			standalone
DeferWelcome			off
DefaultServer			on
ShowSymlinks			off
ListOptions                	"-l"
DenyFilter			\*.*/
Port				21
PassivePorts                  	50000 50200
User				proftpd
Group				nogroup
Umask				022  022
TransferLog                     /var/log/proftpd/xferlog
SystemLog                       /var/log/proftpd/proftpd.log
<Anonymous /data/ftp>
  User       ftp
  Group      nogroup
  UserAlias  anonymous ftp
</Anonymous>

Генерируем самоподписнный сертификат (пример на 10 лет):

sudo openssl req -new -x509 -days 3650 -nodes -out /etc/proftpd/ssl/proftpd.crt -keyout /etc/proftpd/ssl/proftpd.key
sudo chown proftpd /etc/proftpd/ssl/proftpd.key
sudo chmod 640 /etc/proftpd/ssl/proftpd.key

Добавляем в /etc/proftpd/proftpd.conf:

Include /etc/proftpd/tls.conf

/etc/proftpd/tls.conf:

LoadModule mod_tls.c
<IfModule mod_tls.c>
TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv23
TLSRSACertificateFile                   /etc/proftpd/ssl/proftpd.crt
TLSRSACertificateKeyFile                /etc/proftpd/ssl/proftpd.key
TLSVerifyClient                         off
TLSRequired                             no
</IfModule>

Добавляем в /etc/proftpd/proftpd.conf ip который будет слушать ftp (на примере: 10.80.13.189):

DefaultAddress			10.80.13.189
SocketBindTight                 on

http://www.proftpd.org/docs/howto/ConfigFile.html - Configuring ProFTPD
http://www.proftpd.org/docs/directives/linked/by-name.html - Configuration Directive List
http://www.proftpd.org/docs/example-conf.html - Example Configurations