docker-ftps/README.md

73 lines
2.1 KiB
Markdown
Raw Normal View History

2019-05-17 22:22:28 +00:00
# docker-ftps
2019-05-17 22:41:50 +00:00
Simple container for FTP+TLS+authentication
## build
```bash
2019-05-17 23:20:52 +00:00
docker build . -t docker.asperti.com/paspo/ftps
2019-05-17 22:41:50 +00:00
```
## run
```bash
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "$PWD/certs:/certs" \
2019-05-17 23:20:52 +00:00
docker.asperti.com/paspo/ftps
2019-05-17 22:41:50 +00:00
```
The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name.
You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:
```bash
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
2019-05-17 23:20:52 +00:00
docker.asperti.com/paspo/ftps
2019-05-17 22:41:50 +00:00
```
2019-05-17 23:20:52 +00:00
## docker-compose
```yaml
version: "3"
services:
ftps-server:
image: docker.asperti.com/paspo/ftps
restart: always
ports:
- "21:21"
- "20:20"
- "50000-50500:50000-50500"
volumes:
- "/srv/ftps/auth:/auth"
- "/srv/ftps/data:/home"
2019-05-18 09:33:49 +00:00
- "/etc/letsencrypt:/certs"
2019-05-17 23:20:52 +00:00
environment:
- MASQUERADE=ftp.mydomain.com
2019-05-18 09:33:49 +00:00
- TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
- TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
- TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem
2019-05-17 23:20:52 +00:00
```
## notes
2019-05-18 09:33:49 +00:00
Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed.
We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files.
Also FTP active mode doesn't work until you configure networking as "host".
2019-05-17 23:20:52 +00:00
2019-05-17 22:41:50 +00:00
## users management
To change/set a password, do like this (replace "paolo" with the correct username):
```bash
2019-05-18 09:33:49 +00:00
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd
2019-05-17 22:41:50 +00:00
```
You also have to create and chown the user's home folder.