docker-ftps/run.sh

#!/bin/sh

############ MASQUERADE

MASQUERADE=${MASQUERADE:-127.0.0.1}
echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf

############ AUTH

[ ! -f /auth/passwd ] && touch /auth/passwd

chmod 0600 /auth/passwd
chmod 0700 /auth

############ TLS

TLS_CERT=${TLS_CERT:-/certs/cert.pem}
TLS_KEY=${TLS_KEY:-/certs/privkey.pem}
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}

cat $TLS_CERT > /etc/proftpd/cert.pem
cat $TLS_KEY > /etc/proftpd/privkey.pem
cat $TLS_CHAIN > /etc/proftpd/chain.pem

############ CHECK CERT KEY ALGO

ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text | sed -n 's/\ *Public Key Algorithm: //p' | tr '\n')

if [ "$ALGO" = "id-ecPublicKey" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
<IfModule mod_tls.c>
  TLSECCertificateFile                    /etc/proftpd/cert.pem
  TLSECCertificateKeyFile                 /etc/proftpd/privkey.pem
  TLSCertificateChainFile                 /etc/proftpd/chain.pem
</IfModule>
EOF
fi

if [ "$ALGO" = "rsaEncryption" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
<IfModule mod_tls.c>
  TLSRSACertificateFile                    /etc/proftpd/cert.pem
  TLSRSACertificateKeyFile                 /etc/proftpd/privkey.pem
  TLSCertificateChainFile                  /etc/proftpd/chain.pem
</IfModule>
EOF
fi

md5sum "$TLS_CERT" > /sums

############ PASSIVE PORTS

PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}
PASSIVEPORTS_END=${PASSIVEPORTS_END:-50050}

echo "PassivePorts ${PASSIVEPORTS_START} ${PASSIVEPORTS_END}" > /etc/proftpd/conf.d/passive_ports.conf

############ START CRON

crond -b

############ START

proftpd -n
Initial release 2019-05-17 22:41:50 +00:00			`#!/bin/sh`

			`############ MASQUERADE`

			`MASQUERADE=${MASQUERADE:-127.0.0.1}`
			`echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf`

			`############ AUTH`

			`[ ! -f /auth/passwd ] && touch /auth/passwd`

			`chmod 0600 /auth/passwd`
			`chmod 0700 /auth`

			`############ TLS`

			`TLS_CERT=${TLS_CERT:-/certs/cert.pem}`
			`TLS_KEY=${TLS_KEY:-/certs/privkey.pem}`
			`TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}`

more docs and fixed tls 2019-05-17 23:20:52 +00:00			`cat $TLS_CERT > /etc/proftpd/cert.pem`
			`cat $TLS_KEY > /etc/proftpd/privkey.pem`
			`cat $TLS_CHAIN > /etc/proftpd/chain.pem`
Initial release 2019-05-17 22:41:50 +00:00
support for EC certs 2021-11-03 08:25:54 +00:00			`############ CHECK CERT KEY ALGO`

Automatic cert reload via cron 2022-01-13 07:48:57 +00:00			`ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text \| sed -n 's/\ *Public Key Algorithm: //p' \| tr '\n')`
support for EC certs 2021-11-03 08:25:54 +00:00
			`if [ "$ALGO" = "id-ecPublicKey" ] ; then`
			`cat > /etc/proftpd/conf.d/certificate.conf <<EOF`
			`<IfModule mod_tls.c>`
			`TLSECCertificateFile /etc/proftpd/cert.pem`
			`TLSECCertificateKeyFile /etc/proftpd/privkey.pem`
			`TLSCertificateChainFile /etc/proftpd/chain.pem`
			`</IfModule>`
			`EOF`
			`fi`

			`if [ "$ALGO" = "rsaEncryption" ] ; then`
			`cat > /etc/proftpd/conf.d/certificate.conf <<EOF`
			`<IfModule mod_tls.c>`
			`TLSRSACertificateFile /etc/proftpd/cert.pem`
			`TLSRSACertificateKeyFile /etc/proftpd/privkey.pem`
			`TLSCertificateChainFile /etc/proftpd/chain.pem`
			`</IfModule>`
			`EOF`
			`fi`

Automatic cert reload via cron 2022-01-13 07:48:57 +00:00			`md5sum "$TLS_CERT" > /sums`

custom passive ports 2019-05-19 08:58:07 +00:00			`############ PASSIVE PORTS`

			`PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}`
			`PASSIVEPORTS_END=${PASSIVEPORTS_END:-50050}`

			`echo "PassivePorts ${PASSIVEPORTS_START} ${PASSIVEPORTS_END}" > /etc/proftpd/conf.d/passive_ports.conf`

Automatic cert reload via cron 2022-01-13 07:48:57 +00:00			`############ START CRON`

			`crond -b`

Initial release 2019-05-17 22:41:50 +00:00			`############ START`

			`proftpd -n`