VSFTPd...the rest of the story (How-to?)

I can find quite a few guides on how to set up VSFTPd, but that’s all they tell you. Some will even go so far as to tell you how to make a self signed certificate.

I can’t find one that tells you what to do after that. Do I just Port Forward from my gateway/router and hope for the best?

I need people to log in, how do I set that up? Is that part of VSFTPd or do I need a second program to do that?

When dose the cert come into play? I need encryption end-to-end, should I just set up a VPN tunnel?

I’m sort of a n00b here, I’ve played off and on with Linux for the last 25years, but I don’t really KNOW it.