sql auth and healthcheck

README.md

@@ -144,3 +144,55 @@ docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/p
 ```
 
 You also have to create and chown the user's home folder.
+
+## sql db for user authentication
+
+It is possible to use a sqlite db for user authentication, just add `SQLITE_AUTH=1` to the environment:
+
+```yaml
+version: "3"
+services:
+  ftps-server:
+    image: docker.asperti.com/paspo/ftps
+    restart: always
+    ports:
+      - "21:21"
+      - "20:20"
+      - "21210-21220:21210-21220"
+    volumes:
+      - "/srv/ftps/auth:/auth"
+      - "/srv/ftps/conf:/etc/proftpd/custom.conf.d:ro"
+      - "/srv/ftps/data:/home"
+      - "/etc/letsencrypt:/certs:ro"
+    environment:
+      - SQLITE_AUTH=1
+      - MASQUERADE=ftp.mydomain.com
+      - PASSIVEPORTS_START=21210
+      - PASSIVEPORTS_END=21220
+      - MAXCLIENTS=500
+      - MAXCLIENTSPERHOST=100
+      - TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
+      - TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
+      - TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem
+```
+
+Now, instead of using `/auth/passwd`, proftpd is using `/auth/ftpd.db`.
+To create a new user, you must now update this db.
+
+To create a new user:
+
+```bash
+docker exec -ti my-ftps sqlite3 sqlite3 /auth/ftpd.db <<EOF
+INSERT OR IGNORE INTO users (userid,passwd,uid,gid,homedir,shell) VALUES ('new_user','',1000,1000,'/home/new_user','/bin/false');
+INSERT OR IGNORE INTO groups (groupname,gid,members) VALUES ('new_user',1000,'new_user');
+EOF
+```
+
+To update a password:
+
+```bash
+PASSWD_SHA=$(echo -n ChangeThisPass | mkpasswd -m sha512)
+docker exec -ti my-ftps sqlite3 sqlite3 /auth/ftpd.db <<EOF
+UPDATE users SET passwd='$PASSWD_SHA' WHERE userid='new_user';
+EOF
+```