From 04ca39d2be52cd558dbadd2e0de28a3dd3503cc9 Mon Sep 17 00:00:00 2001
From: Nick Roodenrijs <nick@Nicks-Mac-Studio.local>
Date: Sun, 8 Mar 2026 19:05:26 +0100
Subject: [PATCH] Switch from FTP to FTPS (FTP over TLS)

X-H2 supports FTPS natively with root certificate loading.
Synology DSM supports FTP SSL/TLS encryption.
Updated README and TODO with FTPS configuration steps.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md | 20 ++++++++++++--------
 TODO.md   |  9 ++++++---
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index ba374ed..4afe804 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
 # Fuji Photo Processor
 
-Automatic photo processing pipeline for Fuji X-H2 photos: camera uploads via FTP to Synology NAS, files are automatically resized and organized, then picked up by Immich for library management.
+Automatic photo processing pipeline for Fuji X-H2 photos: camera uploads via FTPS (FTP over TLS) to Synology NAS, files are automatically resized and organized, then picked up by Immich for library management.
 
 ## Architecture
 
 ```
-┌─────────────┐     FTP      ┌──────────────────┐    watchdog    ┌─────────────┐
+┌─────────────┐    FTPS      ┌──────────────────┐    watchdog    ┌─────────────┐
 │  Fuji X-H2  │ ──────────→  │  Synology NAS    │ ────────────→  │  Processor   │
-│  (camera)   │   port 21    │  /volume2/photos/ │   polling      │  container   │
-└─────────────┘              │  incoming/        │                └──────┬──────┘
+│  (camera)   │  port 21     │  /volume2/photos/ │   polling      │  container   │
+└─────────────┘  (TLS)       │  incoming/        │                └──────┬──────┘
                              └──────────────────┘                       │
                                                                         │ resize + move
                                                           ┌─────────────┴─────────────┐
@@ -28,17 +28,18 @@ Automatic photo processing pipeline for Fuji X-H2 photos: camera uploads via FTP
 ## Prerequisites
 
 - Synology NAS with Docker (Container Manager) installed
-- FTP server enabled on DSM
+- FTPS (FTP over TLS) enabled on DSM
 - Immich running (for photo management)
 
 ## Setup
 
-### 1. FTP Server (DSM)
+### 1. FTPS Server (DSM)
 
 1. Open **Control Panel → File Services → FTP**
 2. Enable FTP service on port **21**
-3. Set passive port range: **50000-50100**
-4. Create a dedicated user `fujiftp` with write access to `/volume2/photos/incoming`
+3. Enable **FTP SSL/TLS encryption** (FTPS)
+4. Set passive port range: **50000-50100**
+5. Create a dedicated user `fujiftp` with write access to `/volume2/photos/incoming`
 
 ### 2. Camera Configuration (Fuji X-H2)
 
@@ -46,6 +47,7 @@ Configure an FTP profile on the camera:
 
 | Setting         | Value                    |
 |-----------------|--------------------------|
+| FTP Server Type | **FTPS**                 |
 | Server IP       | `192.168.175.141`        |
 | Port            | `21`                     |
 | Passive Mode    | **ON**                   |
@@ -54,6 +56,8 @@ Configure an FTP profile on the camera:
 | Upload Dir      | `/incoming`              |
 | Auto Transfer   | ON (or manual trigger)   |
 
+> **Note**: Bij FTPS kun je via **FTP OPTIONAL SETTING → ROOT CERTIFICATE** een self-signed root certificaat laden als je NAS er een gebruikt.
+
 ### 3. Deploy
 
 ```bash
diff --git a/TODO.md b/TODO.md
index 7678029..9dc5b41 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,9 +1,10 @@
 # Fuji Photo Processor - Handmatige Setup Stappen
 
-## 1. Synology FTP Server inschakelen
+## 1. Synology FTPS Server inschakelen
 - [ ] DSM → Control Panel → File Services → FTP tab
 - [ ] Enable FTP service aanvinken
 - [ ] Poort: 21 (standaard)
+- [ ] **Enable FTP SSL/TLS encryption (FTPS)** aanvinken
 - [ ] Passive mode port range: 50000-50100
 - [ ] Character encoding: UTF-8
 
@@ -45,17 +46,19 @@
 - [ ] Kies FTP Transfer → Wireless LAN
 - [ ] WiFi netwerk selecteren + wachtwoord invoeren
 - [ ] FTP Server instellingen:
+  - [ ] **FTP Server Type: FTPS**
   - [ ] Server: `192.168.175.141`
   - [ ] Port: `21`
   - [ ] Passive mode: ON
   - [ ] Username: `fujiftp`
   - [ ] Password: (het ingestelde wachtwoord)
   - [ ] Upload directory: `/incoming`
-- [ ] Profiel naam: "NAS-FTP"
+- [ ] Optioneel: FTP OPTIONAL SETTING → ROOT CERTIFICATE (als NAS self-signed cert gebruikt)
+- [ ] Profiel naam: "NAS-FTPS"
 - [ ] Opslaan
 
 ## 7. Testen
-- [ ] FTP verbinding testen: `ftp 192.168.175.141` met fujiftp credentials
+- [ ] FTPS verbinding testen: `curl --ftp-ssl ftp://fujiftp@192.168.175.141/incoming/ -k`
 - [ ] Upload een test JPEG via FTP
 - [ ] Check processor logs → moet verwerking tonen
 - [ ] Check `/volume2/photos/originals/` → origineel verplaatst