[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-ftps/status.svg)](https://drone.asperti.com/paspo/docker-ftps) # docker-ftps Simple container for FTP+TLS+authentication ## build ```bash docker build . -t docker.asperti.com/paspo/ftps ``` ## run ```bash docker run -d --name my-ftps \ -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \ -e "MASQUERADE=ftp.mydomain.com" \ -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \ -v "$PWD/certs:/certs" \ docker.asperti.com/paspo/ftps ``` The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name. You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this: ```bash docker run -d --name my-ftps \ -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \ -e "MASQUERADE=ftp.mydomain.com" \ -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \ -v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \ docker.asperti.com/paspo/ftps ``` ## docker-compose ```yaml version: "3" services: ftps-server: image: docker.asperti.com/paspo/ftps restart: always ports: - "21:21" - "20:20" - "50000-50500:50000-50500" volumes: - "/srv/ftps/auth:/auth" - "/srv/ftps/data:/home" - "/etc/letsencrypt:/certs" environment: - MASQUERADE=ftp.mydomain.com - TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem - TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem - TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem ``` ## notes Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed. We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files. Also FTP active mode doesn't work until you configure networking as "host". ## users management To change/set a password, do like this (replace "paolo" with the correct username): ```bash docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd ``` You also have to create and chown the user's home folder.