parent
f8cfba8b9c
commit
6b93aae155
4 changed files with 104 additions and 1 deletions
@ -0,0 +1,13 @@ |
||||
FROM alpine:edge |
||||
|
||||
RUN \ |
||||
echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ |
||||
apk -U add proftpd proftpd-mod_tls proftpd-mod_auth_file proftpd-utils openssl && \ |
||||
mkdir -p /var/run/proftpd |
||||
|
||||
COPY custom.conf /etc/proftpd/conf.d/custom.conf |
||||
COPY run.sh /run.sh |
||||
|
||||
RUN chmod +x /run.sh |
||||
|
||||
ENTRYPOINT ["/run.sh"] |
@ -1,3 +1,42 @@ |
||||
# docker-ftps |
||||
|
||||
Simple container for FTP+TLS+authentication |
||||
Simple container for FTP+TLS+authentication |
||||
|
||||
## build |
||||
|
||||
```bash |
||||
docker build . -t my-ftps |
||||
``` |
||||
|
||||
## run |
||||
|
||||
```bash |
||||
docker run -d --name my-ftps \ |
||||
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \ |
||||
-e "MASQUERADE=ftp.mydomain.com" \ |
||||
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \ |
||||
-v "$PWD/certs:/certs" \ |
||||
my-ftps |
||||
``` |
||||
|
||||
The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name. |
||||
You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this: |
||||
|
||||
```bash |
||||
docker run -d --name my-ftps \ |
||||
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \ |
||||
-e "MASQUERADE=ftp.mydomain.com" \ |
||||
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \ |
||||
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \ |
||||
my-ftps |
||||
``` |
||||
|
||||
## users management |
||||
|
||||
To change/set a password, do like this (replace "paolo" with the correct username): |
||||
|
||||
```bash |
||||
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --shell=/bin/false --file=/auth/passwd |
||||
``` |
||||
|
||||
You also have to create and chown the user's home folder. |
||||
|
@ -0,0 +1,12 @@ |
||||
AuthOrder mod_auth_file.c |
||||
AuthUserFile /auth/passwd |
||||
RequireValidShell off |
||||
ScoreBoardFile /run/proftpd/scoreboard |
||||
PassivePorts 50000 50500 |
||||
AllowOverwrite on |
||||
WtmpLog off |
||||
UseReverseDNS off |
||||
DefaultRoot ~ |
||||
Maxclients 30 |
||||
MaxClientsPerHost 5 |
||||
|
@ -0,0 +1,39 @@ |
||||
#!/bin/sh |
||||
|
||||
############ MASQUERADE |
||||
|
||||
MASQUERADE=${MASQUERADE:-127.0.0.1} |
||||
echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf |
||||
|
||||
############ AUTH |
||||
|
||||
[ ! -f /auth/passwd ] && touch /auth/passwd |
||||
|
||||
chmod 0600 /auth/passwd |
||||
chmod 0700 /auth |
||||
|
||||
############ TLS |
||||
|
||||
TLS_CERT=${TLS_CERT:-/certs/cert.pem} |
||||
TLS_KEY=${TLS_KEY:-/certs/privkey.pem} |
||||
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem} |
||||
|
||||
cat <<EOF >/etc/proftpd/conf.d/tls.conf |
||||
<IfModule mod_tls.c> |
||||
TLSEngine on |
||||
TLSVerifyClient off |
||||
TLSRenegotiate none |
||||
TLSProtocol TLSv1.2 |
||||
TLSRSACertificateFile $TLS_CERT |
||||
TLSRSACertificateKeyFile $TLS_KEY |
||||
TLSCertificateChainFile $TLS_CHAIN |
||||
TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" |
||||
TLSOptions NoSessionReuseRequired AllowClientRenegotiations |
||||
TLSRequired on |
||||
</IfModule> |
||||
EOF |
||||
|
||||
|
||||
############ START |
||||
|
||||
proftpd -n |
Loading…
Reference in new issue