Simple container for FTP+TLS+authentication
Go to file
Paolo Asperti 750799ccdc
All checks were successful
continuous-integration/drone/push Build is passing
added extra proftod example config to readme
2020-08-12 15:22:16 +02:00
.drone.yml fixed docker publishing 2020-08-12 15:17:46 +02:00
custom.conf added missing config options 2020-08-12 13:52:28 +02:00
Dockerfile added missing perl dependancy 2020-08-12 14:20:41 +02:00
LICENSE Initial commit 2019-05-17 22:22:28 +00:00
README.md added extra proftod example config to readme 2020-08-12 15:22:16 +02:00
run.sh custom passive ports 2019-05-19 10:58:07 +02:00

docker-ftps

Build Status

Simple container for FTP+TLS+authentication

build

docker build . -t docker.asperti.com/paspo/ftps

run

docker run -d --name my-ftps \
  -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
  -e "MASQUERADE=ftp.mydomain.com" \
  -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
  -v "$PWD/certs:/certs" \
  docker.asperti.com/paspo/ftps

The MASQUERADE parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name. You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:

docker run -d --name my-ftps \
  -p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
  -e "MASQUERADE=ftp.mydomain.com" \
  -v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
  -v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
  docker.asperti.com/paspo/ftps

docker-compose

version: "3"
services:

  ftps-server:
    image: docker.asperti.com/paspo/ftps
    restart: always
    ports:
      - "21:21"
      - "20:20"
      - "50000-50500:50000-50500"
    volumes:
      - "/srv/ftps/auth:/auth"
      - "/srv/fpts/extra.conf:/etc/proftpd/conf.d/extra.conf:ro"
      - "/srv/ftps/data:/home"
      - "/etc/letsencrypt:/certs"
    environment:
      - MASQUERADE=ftp.mydomain.com
      - TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
      - TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
      - TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem

notes

Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed. We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files. Also FTP active mode doesn't work until you configure networking as "host".

users management

To change/set a password, do like this (replace "paolo" with the correct username):

docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd

You also have to create and chown the user's home folder.