Initial release
This commit is contained in:
parent
f8cfba8b9c
commit
6b93aae155
13
Dockerfile
Normal file
13
Dockerfile
Normal file
@ -0,0 +1,13 @@
|
||||
FROM alpine:edge
|
||||
|
||||
RUN \
|
||||
echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
||||
apk -U add proftpd proftpd-mod_tls proftpd-mod_auth_file proftpd-utils openssl && \
|
||||
mkdir -p /var/run/proftpd
|
||||
|
||||
COPY custom.conf /etc/proftpd/conf.d/custom.conf
|
||||
COPY run.sh /run.sh
|
||||
|
||||
RUN chmod +x /run.sh
|
||||
|
||||
ENTRYPOINT ["/run.sh"]
|
39
README.md
39
README.md
@ -1,3 +1,42 @@
|
||||
# docker-ftps
|
||||
|
||||
Simple container for FTP+TLS+authentication
|
||||
|
||||
## build
|
||||
|
||||
```bash
|
||||
docker build . -t my-ftps
|
||||
```
|
||||
|
||||
## run
|
||||
|
||||
```bash
|
||||
docker run -d --name my-ftps \
|
||||
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
|
||||
-e "MASQUERADE=ftp.mydomain.com" \
|
||||
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
|
||||
-v "$PWD/certs:/certs" \
|
||||
my-ftps
|
||||
```
|
||||
|
||||
The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name.
|
||||
You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:
|
||||
|
||||
```bash
|
||||
docker run -d --name my-ftps \
|
||||
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
|
||||
-e "MASQUERADE=ftp.mydomain.com" \
|
||||
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
|
||||
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
|
||||
my-ftps
|
||||
```
|
||||
|
||||
## users management
|
||||
|
||||
To change/set a password, do like this (replace "paolo" with the correct username):
|
||||
|
||||
```bash
|
||||
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --shell=/bin/false --file=/auth/passwd
|
||||
```
|
||||
|
||||
You also have to create and chown the user's home folder.
|
||||
|
12
custom.conf
Normal file
12
custom.conf
Normal file
@ -0,0 +1,12 @@
|
||||
AuthOrder mod_auth_file.c
|
||||
AuthUserFile /auth/passwd
|
||||
RequireValidShell off
|
||||
ScoreBoardFile /run/proftpd/scoreboard
|
||||
PassivePorts 50000 50500
|
||||
AllowOverwrite on
|
||||
WtmpLog off
|
||||
UseReverseDNS off
|
||||
DefaultRoot ~
|
||||
Maxclients 30
|
||||
MaxClientsPerHost 5
|
||||
|
39
run.sh
Normal file
39
run.sh
Normal file
@ -0,0 +1,39 @@
|
||||
#!/bin/sh
|
||||
|
||||
############ MASQUERADE
|
||||
|
||||
MASQUERADE=${MASQUERADE:-127.0.0.1}
|
||||
echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf
|
||||
|
||||
############ AUTH
|
||||
|
||||
[ ! -f /auth/passwd ] && touch /auth/passwd
|
||||
|
||||
chmod 0600 /auth/passwd
|
||||
chmod 0700 /auth
|
||||
|
||||
############ TLS
|
||||
|
||||
TLS_CERT=${TLS_CERT:-/certs/cert.pem}
|
||||
TLS_KEY=${TLS_KEY:-/certs/privkey.pem}
|
||||
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}
|
||||
|
||||
cat <<EOF >/etc/proftpd/conf.d/tls.conf
|
||||
<IfModule mod_tls.c>
|
||||
TLSEngine on
|
||||
TLSVerifyClient off
|
||||
TLSRenegotiate none
|
||||
TLSProtocol TLSv1.2
|
||||
TLSRSACertificateFile $TLS_CERT
|
||||
TLSRSACertificateKeyFile $TLS_KEY
|
||||
TLSCertificateChainFile $TLS_CHAIN
|
||||
TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
|
||||
TLSOptions NoSessionReuseRequired AllowClientRenegotiations
|
||||
TLSRequired on
|
||||
</IfModule>
|
||||
EOF
|
||||
|
||||
|
||||
############ START
|
||||
|
||||
proftpd -n
|
Loading…
Reference in New Issue
Block a user