Simple container for FTP+TLS+authentication
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

76 lines
2.2 KiB

3 years ago
# docker-ftps
[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-ftps/status.svg)](https://drone.asperti.com/paspo/docker-ftps)
3 years ago
Simple container for FTP+TLS+authentication
## build
```bash
docker build . -t docker.asperti.com/paspo/ftps
3 years ago
```
## run
```bash
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "$PWD/certs:/certs" \
docker.asperti.com/paspo/ftps
3 years ago
```
The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name.
You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:
```bash
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
docker.asperti.com/paspo/ftps
3 years ago
```
## docker-compose
```yaml
version: "3"
services:
ftps-server:
image: docker.asperti.com/paspo/ftps
restart: always
ports:
- "21:21"
- "20:20"
- "50000-50500:50000-50500"
volumes:
- "/srv/ftps/auth:/auth"
- "/srv/ftps/conf:/etc/proftpd/custom.conf.d:ro"
- "/srv/ftps/data:/home"
- "/etc/letsencrypt:/certs:ro"
environment:
- MASQUERADE=ftp.mydomain.com
3 years ago
- TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
- TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
- TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem
```
## notes
3 years ago
Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed.
We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files.
Also FTP active mode doesn't work until you configure networking as "host".
3 years ago
## users management
To change/set a password, do like this (replace "paolo" with the correct username):
```bash
3 years ago
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd
3 years ago
```
You also have to create and chown the user's home folder.