sftp access
This commit is contained in:
parent
a1a52d3f89
commit
435f2ca6a2
GPG Key ID:
06D46905D19D5182
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
/www
|
||||||
|
/ssh
|
||||||
|
docker-compose.yaml
|
||||||
@ -6,7 +6,7 @@ RUN \
|
|||||||
|
|
||||||
COPY rootfs /
|
COPY rootfs /
|
||||||
|
|
||||||
VOLUME [ "/www", "/ssh" ]
|
VOLUME [ "/data/www", "/ssh" ]
|
||||||
|
|
||||||
ENV \
|
ENV \
|
||||||
USERNAME=theuser \
|
USERNAME=theuser \
|
||||||
|
|||||||
@ -1,10 +1,12 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
WEBROOT=/www
|
WEBROOT=/data/www
|
||||||
PHP=${PHP:-none}
|
PHP=${PHP:-none}
|
||||||
USERNAME=${USERNAME:-theuser}
|
USERNAME=${USERNAME:-theuser}
|
||||||
RANDOMPWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13)
|
RANDOMPWD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13)
|
||||||
printf '%s\n%s' "${RANDOMPWD}" "${RANDOMPWD}" | adduser -DH -h "${WEBROOT}" -G "nginx" -u "1000" "${USERNAME}"
|
adduser -DH -h "${WEBROOT}" -G "nginx" -u "1000" "${USERNAME}"
|
||||||
|
printf '%s\n%s' "${RANDOMPWD}" "${RANDOMPWD}" | passwd "${USERNAME}"
|
||||||
|
echo "password for the user \"${USERNAME}\" is: ${RANDOMPWD}"
|
||||||
|
|
||||||
chown "${USERNAME}:nginx" "${WEBROOT}" -R
|
chown "${USERNAME}:nginx" "${WEBROOT}" -R
|
||||||
find "${WEBROOT}" -type d -exec chmod 0755 {} \;
|
find "${WEBROOT}" -type d -exec chmod 0755 {} \;
|
||||||
@ -12,6 +14,7 @@ find "${WEBROOT}" -type f -exec chmod 0644 {} \;
|
|||||||
|
|
||||||
envsubst < /app/nginx.conf.tpl > /etc/nginx/http.d/default.conf
|
envsubst < /app/nginx.conf.tpl > /etc/nginx/http.d/default.conf
|
||||||
|
|
||||||
|
# start php
|
||||||
case "${PHP}" in
|
case "${PHP}" in
|
||||||
"php84") /usr/sbin/php-fpm84 -D ;;
|
"php84") /usr/sbin/php-fpm84 -D ;;
|
||||||
"php83") /usr/sbin/php-fpm83 -D ;;
|
"php83") /usr/sbin/php-fpm83 -D ;;
|
||||||
@ -19,4 +22,16 @@ case "${PHP}" in
|
|||||||
*) ;;
|
*) ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# start ssh
|
||||||
|
for keytype in ecdsa rsa ed25519 ; do
|
||||||
|
if [ ! -r "/ssh/ssh_host_${keytype}_key" ] ; then
|
||||||
|
/usr/bin/ssh-keygen -t "${keytype}" -f "/ssh/ssh_host_${keytype}_key" -N ""
|
||||||
|
fi
|
||||||
|
chmod 0600 "/ssh/ssh_host_${keytype}_key"
|
||||||
|
chmod 0644 "/ssh/ssh_host_${keytype}_key.pub"
|
||||||
|
done
|
||||||
|
chmod 0700 "${WEBROOT}/.ssh"
|
||||||
|
/usr/sbin/sshd -e
|
||||||
|
|
||||||
|
# start nginx
|
||||||
nginx
|
nginx
|
||||||
|
|||||||
@ -4,7 +4,7 @@ access_log /dev/stdout;
|
|||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
root /www;
|
root /data/www;
|
||||||
# server_name localhost;
|
# server_name localhost;
|
||||||
|
|
||||||
#access_log /var/log/nginx/host.access.log main;
|
#access_log /var/log/nginx/host.access.log main;
|
||||||
|
|||||||
1
rootfs/etc/ssh/sshd_config.d/port.conf
Normal file
1
rootfs/etc/ssh/sshd_config.d/port.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
Port 22
|
||||||
24
rootfs/etc/ssh/sshd_config.d/sshd.conf
Normal file
24
rootfs/etc/ssh/sshd_config.d/sshd.conf
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
HostKey /ssh/ssh_host_rsa_key
|
||||||
|
HostKey /ssh/ssh_host_ecdsa_key
|
||||||
|
HostKey /ssh/ssh_host_ed25519_key
|
||||||
|
|
||||||
|
#SyslogFacility AUTH
|
||||||
|
LogLevel INFO
|
||||||
|
LoginGraceTime 1m
|
||||||
|
PermitRootLogin no
|
||||||
|
PubkeyAuthentication yes
|
||||||
|
MaxAuthTries 3
|
||||||
|
PrintMotd no
|
||||||
|
|
||||||
|
AuthorizedKeysFile /ssh/authorized_keys
|
||||||
|
PasswordAuthentication no
|
||||||
|
|
||||||
|
AllowAgentForwarding no
|
||||||
|
AllowTcpForwarding no
|
||||||
|
GatewayPorts no
|
||||||
|
X11Forwarding no
|
||||||
|
|
||||||
|
Subsystem sftp internal-sftp
|
||||||
|
|
||||||
|
ChrootDirectory /data
|
||||||
|
ForceCommand internal-sftp -d /data/www
|
||||||
Loading…
Reference in New Issue
Block a user