[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-ftps/status.svg)](https://drone.asperti.com/paspo/docker-ftps)

# docker-ftps

Simple container for FTP+TLS+authentication

## build

```bash
docker build . -t docker.asperti.com/paspo/ftps
```

## run

```bash
docker run -d --name my-ftps \
  -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
  -e "MASQUERADE=ftp.mydomain.com" \
  -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
  -v "$PWD/certs:/certs" \
  docker.asperti.com/paspo/ftps
```

The *MASQUERADE* parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name.
You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:

```bash
docker run -d --name my-ftps \
  -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
  -e "MASQUERADE=ftp.mydomain.com" \
  -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
  -v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
  docker.asperti.com/paspo/ftps
```

## docker-compose

```yaml
version: "3"
services:

  ftps-server:
    image: docker.asperti.com/paspo/ftps
    restart: always
    ports:
      - "21:21"
      - "20:20"
      - "50000-50500:50000-50500"
    volumes:
      - "/srv/ftps/auth:/auth"
      - "/srv/ftps/data:/home"
      - "/etc/letsencrypt:/certs"
    environment:
      - MASQUERADE=ftp.mydomain.com
      - TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
      - TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
      - TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem
```

## notes

Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed.
We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files.
Also FTP active mode doesn't work until you configure networking as "host".

## users management

To change/set a password, do like this (replace "paolo" with the correct username):

```bash
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd
```

You also have to create and chown the user's home folder.