diff --git a/README.md b/README.md
index 860c29a..22c4cde 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Simple container for FTP+TLS+authentication
## build
```bash
-docker build . -t my-ftps
+docker build . -t docker.asperti.com/paspo/ftps
```
## run
@@ -16,7 +16,7 @@ docker run -d --name my-ftps \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "$PWD/certs:/certs" \
- my-ftps
+ docker.asperti.com/paspo/ftps
```
The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name.
@@ -28,9 +28,34 @@ docker run -d --name my-ftps \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
- my-ftps
+ docker.asperti.com/paspo/ftps
```
+## docker-compose
+
+```yaml
+version: "3"
+services:
+
+ ftps-server:
+ image: docker.asperti.com/paspo/ftps
+ restart: always
+ ports:
+ - "21:21"
+ - "20:20"
+ - "50000-50500:50000-50500"
+ volumes:
+ - "/srv/ftps/auth:/auth"
+ - "/srv/ftps/data:/home"
+ - "/etc/letsencrypt/live/ftp.mydomain.com:/certs"
+ environment:
+ - MASQUERADE=ftp.mydomain.com
+```
+
+## notes
+
+Please note that you have to restart the container whenever the certificate is renewed.
+
## users management
To change/set a password, do like this (replace "paolo" with the correct username):
diff --git a/custom.conf b/custom.conf
index a2a91ab..4c37144 100644
--- a/custom.conf
+++ b/custom.conf
@@ -10,3 +10,15 @@ DefaultRoot ~
Maxclients 30
MaxClientsPerHost 5
+
+ TLSEngine on
+ TLSVerifyClient off
+ TLSRenegotiate none
+ TLSProtocol TLSv1.2
+ TLSRSACertificateFile /etc/proftpd/cert.pem
+ TLSRSACertificateKeyFile /etc/proftpd/privkey.pem
+ TLSCertificateChainFile /etc/proftpd/chain.pem
+ TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
+ TLSOptions NoSessionReuseRequired AllowClientRenegotiations
+ TLSRequired on
+
diff --git a/run.sh b/run.sh
index d21d352..ca6ecd7 100644
--- a/run.sh
+++ b/run.sh
@@ -18,21 +18,9 @@ TLS_CERT=${TLS_CERT:-/certs/cert.pem}
TLS_KEY=${TLS_KEY:-/certs/privkey.pem}
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}
-cat </etc/proftpd/conf.d/tls.conf
-
- TLSEngine on
- TLSVerifyClient off
- TLSRenegotiate none
- TLSProtocol TLSv1.2
- TLSRSACertificateFile $TLS_CERT
- TLSRSACertificateKeyFile $TLS_KEY
- TLSCertificateChainFile $TLS_CHAIN
- TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
- TLSOptions NoSessionReuseRequired AllowClientRenegotiations
- TLSRequired on
-
-EOF
-
+cat $TLS_CERT > /etc/proftpd/cert.pem
+cat $TLS_KEY > /etc/proftpd/privkey.pem
+cat $TLS_CHAIN > /etc/proftpd/chain.pem
############ START