Compare commits
2 Commits
f837bda293
...
1769ab4503
Author | SHA1 | Date |
---|---|---|
Paolo Asperti | 1769ab4503 | |
Paolo Asperti | 89eab906e4 |
18
.drone.yml
18
.drone.yml
|
@ -1,17 +1,27 @@
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
name: default
|
name: default
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: build_and_publish
|
- name: build_and_publish
|
||||||
image: plugins/docker:linux-amd64
|
image: plugins/docker:linux-amd64
|
||||||
pull: always
|
|
||||||
settings:
|
settings:
|
||||||
auto_tag: true
|
dockerfile: docker/Dockerfile
|
||||||
daemon_off: false
|
|
||||||
force_tag: true
|
force_tag: true
|
||||||
password:
|
password:
|
||||||
from_secret: docker_password
|
from_secret: docker_password
|
||||||
registry: docker.asperti.com
|
registry: docker.asperti.com
|
||||||
repo: docker.asperti.com/paspo/ftps
|
repo: docker.asperti.com/paspo/ftps
|
||||||
username:
|
username:
|
||||||
from_secret: docker_username
|
from_secret: docker_username
|
||||||
|
tags:
|
||||||
|
- latest
|
||||||
|
- ${DRONE_TAG}
|
||||||
|
- ${DRONE_SEMVER_MAJOR}.${DRONE_SEMVER_MINOR}
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- tag
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- tag
|
||||||
|
|
|
@ -15,11 +15,7 @@ MaxClientsPerHost 5
|
||||||
TLSEngine on
|
TLSEngine on
|
||||||
TLSVerifyClient off
|
TLSVerifyClient off
|
||||||
TLSRenegotiate none
|
TLSRenegotiate none
|
||||||
TLSProtocol TLSv1.2
|
TLSProtocol TLSv1.2 TLSv1.3
|
||||||
TLSRSACertificateFile /etc/proftpd/cert.pem
|
|
||||||
TLSRSACertificateKeyFile /etc/proftpd/privkey.pem
|
|
||||||
TLSCertificateChainFile /etc/proftpd/chain.pem
|
|
||||||
TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
|
|
||||||
TLSOptions NoSessionReuseRequired AllowClientRenegotiations
|
TLSOptions NoSessionReuseRequired AllowClientRenegotiations
|
||||||
TLSRequired on
|
TLSRequired on
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
24
run.sh
24
run.sh
|
@ -22,6 +22,30 @@ cat $TLS_CERT > /etc/proftpd/cert.pem
|
||||||
cat $TLS_KEY > /etc/proftpd/privkey.pem
|
cat $TLS_KEY > /etc/proftpd/privkey.pem
|
||||||
cat $TLS_CHAIN > /etc/proftpd/chain.pem
|
cat $TLS_CHAIN > /etc/proftpd/chain.pem
|
||||||
|
|
||||||
|
############ CHECK CERT KEY ALGO
|
||||||
|
|
||||||
|
ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text | sed -n 's/\ *Public Key Algorithm: //p')
|
||||||
|
|
||||||
|
if [ "$ALGO" = "id-ecPublicKey" ] ; then
|
||||||
|
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
|
||||||
|
<IfModule mod_tls.c>
|
||||||
|
TLSECCertificateFile /etc/proftpd/cert.pem
|
||||||
|
TLSECCertificateKeyFile /etc/proftpd/privkey.pem
|
||||||
|
TLSCertificateChainFile /etc/proftpd/chain.pem
|
||||||
|
</IfModule>
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$ALGO" = "rsaEncryption" ] ; then
|
||||||
|
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
|
||||||
|
<IfModule mod_tls.c>
|
||||||
|
TLSRSACertificateFile /etc/proftpd/cert.pem
|
||||||
|
TLSRSACertificateKeyFile /etc/proftpd/privkey.pem
|
||||||
|
TLSCertificateChainFile /etc/proftpd/chain.pem
|
||||||
|
</IfModule>
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
############ PASSIVE PORTS
|
############ PASSIVE PORTS
|
||||||
|
|
||||||
PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}
|
PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}
|
||||||
|
|
Loading…
Reference in New Issue