|
6 months ago | |
---|---|---|
.drone.yml | 6 months ago | |
Dockerfile | 6 months ago | |
LICENSE | 1 year ago | |
README.md | 6 months ago | |
custom.conf | 6 months ago | |
run.sh | 1 year ago |
Simple container for FTP+TLS+authentication
docker build . -t docker.asperti.com/paspo/ftps
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "$PWD/certs:/certs" \
docker.asperti.com/paspo/ftps
The MASQUERADE parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name. You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
docker.asperti.com/paspo/ftps
version: "3"
services:
ftps-server:
image: docker.asperti.com/paspo/ftps
restart: always
ports:
- "21:21"
- "20:20"
- "50000-50500:50000-50500"
volumes:
- "/srv/ftps/auth:/auth"
- "/srv/ftps/conf:/etc/proftpd/custom.conf.d:ro"
- "/srv/ftps/data:/home"
- "/etc/letsencrypt:/certs:ro"
environment:
- MASQUERADE=ftp.mydomain.com
- TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
- TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
- TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem
Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed. We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files. Also FTP active mode doesn't work until you configure networking as "host".
To change/set a password, do like this (replace "paolo" with the correct username):
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd
You also have to create and chown the user's home folder.