paspo
/
docker-ftps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Simple container for FTP+TLS+authentication
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 Commits
1 Branch
14 Tags
130 KiB
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Paolo Asperti 488acf16c1
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
gitea container repo 		2 months ago
.drone.yml gitea container repo 2 months ago
Dockerfile Automatic cert reload via cron 11 months ago
LICENSE Initial commit 4 years ago
README.md some docs update 8 months ago
cron.sh Automatic cert reload via cron 11 months ago
custom.conf MAXCLIENTS configuration 8 months ago
manifest.tmpl multiarch 6 months ago
manifest2.tmpl gitea container repo 2 months ago
run.sh MAXCLIENTS configuration 8 months ago

README.md

docker-ftps

Build Status

Simple container for FTP+TLS+authentication

build

docker build . -t docker.asperti.com/paspo/ftps

run

docker run -d --name my-ftps \
  -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
  -e "MASQUERADE=ftp.mydomain.com" \
  -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
  -v "$PWD/certs:/certs" \
  docker.asperti.com/paspo/ftps

The MASQUERADE parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name. You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:

docker run -d --name my-ftps \
  -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
  -e "MASQUERADE=ftp.mydomain.com" \
  -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
  -v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
  docker.asperti.com/paspo/ftps

docker-compose

version: "3"
services:

  ftps-server:
    image: docker.asperti.com/paspo/ftps
    restart: always
    ports:
      - "21:21"
      - "20:20"
      - "21210-21220:21210-21220"
    volumes:
      - "/srv/ftps/auth:/auth"
      - "/srv/ftps/conf:/etc/proftpd/custom.conf.d:ro"
      - "/srv/ftps/data:/home"
      - "/etc/letsencrypt:/certs:ro"
    environment:
      - MASQUERADE=ftp.mydomain.com
      - PASSIVEPORTS_START=21210
      - PASSIVEPORTS_END=21220
      - MAXCLIENTS=500
      - MAXCLIENTSPERHOST=100      
      - TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
      - TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
      - TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem

passive ports

If you want to change the passive ports range (which by default is 50000-50050), you can do so via environment variables (PASSIVEPORTS_START and PASSIVEPORTS_END). In any case, you also have to enable a matching range of exposed ports.

notes

Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed. We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files. Also FTP active mode doesn't work until you configure networking as "host".

users management

To change/set a password, do like this (replace "paolo" with the correct username):

docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd

You also have to create and chown the user's home folder.