Paolo Asperti
f34ea92952
All checks were successful
continuous-integration/drone/tag Build is passing
|
||
---|---|---|
.drone.yml | ||
custom.conf | ||
Dockerfile | ||
LICENSE | ||
README.md | ||
run.sh |
docker-ftps
Simple container for FTP+TLS+authentication
build
docker build . -t docker.asperti.com/paspo/ftps
run
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "$PWD/certs:/certs" \
docker.asperti.com/paspo/ftps
The MASQUERADE parameter is the only required one. You can use an IP address (which is discouraged) or a DNS name. You must provide valid certificates for TLS; if you use Lets'Encrypt, you can mofify like this:
docker run -d --name my-ftps \
-p 21:21 -p 20:20 -p 50000-50500:50000-50500 \
-e "MASQUERADE=ftp.mydomain.com" \
-v "$PWD/auth:/auth" -v "$PWD/ftpdata:/home" \
-v "/etc/letsencrypt/live/ftp.mydomain.com:/certs" \
docker.asperti.com/paspo/ftps
docker-compose
version: "3"
services:
ftps-server:
image: docker.asperti.com/paspo/ftps
restart: always
ports:
- "21:21"
- "20:20"
- "50000-50500:50000-50500"
volumes:
- "/srv/ftps/auth:/auth"
- "/srv/ftps/conf:/etc/proftpd/custom.conf.d:ro"
- "/srv/ftps/data:/home"
- "/etc/letsencrypt:/certs:ro"
environment:
- MASQUERADE=ftp.mydomain.com
- TLS_CERT=/certs/live/ftp.mydomain.com/cert.pem
- TLS_KEY=/certs/live/ftp.mydomain.com/privkey.pem
- TLS_CHAIN=/certs/live/ftp.mydomain.com/chain.pem
notes
Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed. We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files. Also FTP active mode doesn't work until you configure networking as "host".
users management
To change/set a password, do like this (replace "paolo" with the correct username):
docker exec -ti my-ftps ftpasswd --passwd --name=paolo --uid=1000 --home=/home/paolo --sha512 --shell=/bin/false --file=/auth/passwd
You also have to create and chown the user's home folder.