From 1345bbd50ec921680cee264c652a5f25e8714fcf Mon Sep 17 00:00:00 2001
From: dede <luca@g-laber.de>
Date: Tue, 6 May 2025 22:15:57 +0200
Subject: [PATCH] update base image; add compose file

---
 .gitignore          |  5 ++++-
 Dockerfile          | 14 +++++++++-----
 Makefile            |  8 ++++----
 README.md           |  9 +++++++++
 add-virtual-user.sh |  2 +-
 compose.yml         | 16 ++++++++++++++++
 entry.sh            | 19 ++++++++++++++-----
 env.sample          |  9 +++++++++
 vsftpd.conf         |  5 +++--
 vsftpd_ssl.conf     |  5 +++--
 10 files changed, 72 insertions(+), 20 deletions(-)
 create mode 100644 compose.yml
 create mode 100644 env.sample

diff --git a/.gitignore b/.gitignore
index 191bb34..5abe7d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,7 @@
 *.swp
 srv/
-env
+config/
+logs/
+data/
+.env
 vsftpd.pem
diff --git a/Dockerfile b/Dockerfile
index d66596f..a7d3c37 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,7 @@
-FROM debian:stretch
+FROM debian:stable
+
+LABEL maintainer="Luca Derderian <luca@wululu.de>"
+LABEL version="${VERSION:-2.0}"
 
 ARG FTP_UID=48
 ARG FTP_GID=48
@@ -9,24 +12,25 @@ RUN set -x \
 
 RUN set -x \
   && apt-get update \
-  && apt-get install -y --no-install-recommends vsftpd db5.3-util whois \
+  && apt-get -y full-upgrade \
+  && apt-get install -y --no-install-recommends vsftpd db-util whois gettext-base \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* \
   ;
 
 RUN set -x \
-  && mkdir -p /var/run/vsftpd/empty /etc/vsftpd/user_conf /var/ftp /srv \
+  && mkdir -p /var/run/vsftpd/empty /etc/vsftpd/user_conf /var/ftp /srv /templates \
   && touch /var/log/vsftpd.log \
   && rm -rf /srv/ftp \
   ;
 
-COPY vsftpd*.conf /etc/
+COPY vsftpd*.conf /templates/
 COPY vsftpd_virtual /etc/pam.d/
 COPY *.sh /
 
 VOLUME ["/etc/vsftpd", "/srv"]
 
-EXPOSE 21 4559 4560 4561 4562 4563 4564
+EXPOSE 21
 
 ENTRYPOINT ["/entry.sh"]
 CMD ["vsftpd"]
diff --git a/Makefile b/Makefile
index 52f44b9..d13c7b8 100644
--- a/Makefile
+++ b/Makefile
@@ -16,21 +16,21 @@ bash:
 	docker run --rm -it $(IMAGE_NAME):$(TAG) bash
 
 env:
-	@echo "FTP_USER=ftp" >> env
-	@echo "FTP_PASSWORD=ftp" >> env
+	@echo "FTP_USER=ftp" >> .env
+	@echo "FTP_PASSWORD=ftp" >> .env
 
 vsftpd.pem:
 	openssl req -new -newkey rsa:2048 -days 365 -nodes -sha256 -x509 -keyout vsftpd.pem -out vsftpd.pem -subj '/CN=self_signed'
 
 run: env
-	$(eval ID := $(shell docker run -d --env-file env -v $(shell pwd)/srv:/srv ${IMAGE_NAME}:${TAG}))
+	$(eval ID := $(shell docker run -d --env-file .env -v $(shell pwd)/srv:/srv ${IMAGE_NAME}:${TAG}))
 	$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
 	@echo "Running ${ID} @ ftp://${IP}"
 	@docker attach ${ID}
 	@docker kill ${ID}
 
 run-ssl: env vsftpd.pem
-	$(eval ID := $(shell docker run -d --env-file env -v $(shell pwd)/srv:/srv -v $(PWD)/vsftpd.pem:/etc/ssl/certs/vsftpd.crt -v $(PWD)/vsftpd.pem:/etc/ssl/private/vsftpd.key ${IMAGE_NAME}:${TAG} vsftpd /etc/vsftpd_ssl.conf))
+	$(eval ID := $(shell docker run -d --env-file .env -v $(shell pwd)/srv:/srv -v $(PWD)/vsftpd.pem:/etc/ssl/certs/vsftpd.crt -v $(PWD)/vsftpd.pem:/etc/ssl/private/vsftpd.key ${IMAGE_NAME}:${TAG} vsftpd /etc/vsftpd_ssl.conf))
 	$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
 	@echo "Running ${ID} @ ftp://${IP}"
 	@docker attach ${ID}
diff --git a/README.md b/README.md
index 58a7f7a..db7adf9 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,11 @@
 
 This is a micro-service image for VSFTPD.
 
+It is a fork from [panubo's docker-vsftpd](https://github.com/panubo/docker-vsftpd) (thanks!) and slightly modified to suit my needs:
+* Update base image to `debian:latest`
+* Support for configurable min and max port in passive mode
+  by templating the config files (via envsubst)
+
 There are a few limitations but it will work if you are using host networking
 `--net host` or have a direct/routed network between the Docker container and
 the client.
@@ -33,6 +38,10 @@ which is in the _whois_ debian package.
 - `FTP_PASV_ADDRESS`: override the IP address that vsftpd will advertise in
   response to the PASV command
 
+- `FTP_PASV_MIN_PORT`: Minimum port for passive mode (remember to bind the ports if not used with compose file)
+
+- `FTP_PASV_MAX_PORT`: Maximum port for passive mode (remember to bind the ports if not used with compose file)
+
 ## Usage Example
 
 ```
diff --git a/add-virtual-user.sh b/add-virtual-user.sh
index af0c4e8..dae69cd 100755
--- a/add-virtual-user.sh
+++ b/add-virtual-user.sh
@@ -21,4 +21,4 @@ if [[ "${1}" == "-d" ]]; then
   shift
 fi
 
-printf '%s\n%s\n' "${1}" "${2}" | db5.3_load -T -t hash "${DB}"
+printf '%s\n%s\n' "${1}" "${2}" | db_load -T -t hash "${DB}"
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..c47396a
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,16 @@
+services:
+  vsftpd:
+    container_name: vsftpd
+    image: wululu/vsftpd:${VERSION:-2.0}
+    build:
+      context: .
+      args:
+        VERSION: ${VERSION:-2.0}
+    volumes:
+      - ./data:/srv
+      - ./config:/etc/vsftpd
+      - ./logs:/var/log
+    ports:
+      - "${FTP_PORT:-21}:21"
+      - "${FTP_PASV_MIN_PORT:-4559}-${FTP_PASV_MAX_PORT:-4564}:${FTP_PASV_MIN_PORT:-4559}-${FTP_PASV_MAX_PORT:-4564}"
+    env_file: .env
diff --git a/entry.sh b/entry.sh
index fad9a63..9f11726 100755
--- a/entry.sh
+++ b/entry.sh
@@ -5,12 +5,21 @@ set -e
 
 [[ "${DEBUG}" == "true" ]] && set -x
 
+# Replace variables in config files
+for file in /templates/*; do
+  if [[ -f "$file" ]]; then
+    filename=$(basename "$file")
+    envsubst < "$file" > "/etc/$filename"
+    echo "Created /etc/${filename}"
+  fi
+done
+
 # Generate password if hash not set
-if [[ ! -z "${FTP_PASSWORD}" ]] && [[ -z "${FTP_PASSWORD_HASH}" ]]; then
+if [[ -n "${FTP_PASSWORD}" ]] && [[ -z "${FTP_PASSWORD_HASH}" ]]; then
   FTP_PASSWORD_HASH="$(echo "${FTP_PASSWORD}" | mkpasswd -s -m sha-512)"
 fi
 
-if [[ ! -z "${FTP_USER}" ]] || [[ ! -z "${FTP_PASSWORD_HASH}" ]]; then
+if [[ -n "${FTP_USER}" ]] || [[ -n "${FTP_PASSWORD_HASH}" ]]; then
   /add-virtual-user.sh -d "${FTP_USER}" "${FTP_PASSWORD_HASH}"
 fi
 
@@ -22,20 +31,20 @@ while read -r user; do
 done < <(env | grep "FTP_USER_" | sed 's/^\(FTP_USER_[a-zA-Z0-9]*\)=.*/\1/')
 
 # Support user directories
-if [[ ! -z "${FTP_USERS_ROOT}" ]]; then
+if [[ -n "${FTP_USERS_ROOT}" ]]; then
   # shellcheck disable=SC2016
   sed -i 's/local_root=.*/local_root=\/srv\/$USER/' /etc/vsftpd*.conf
 fi
 
 # Support setting the passive address
-if [[ ! -z "$FTP_PASV_ADDRESS" ]]; then
+if [[ -n "$FTP_PASV_ADDRESS" ]]; then
   for f in /etc/vsftpd*.conf; do
     echo "pasv_address=${FTP_PASV_ADDRESS}" >> "$f"
   done
 fi
 
 # Manage /srv permissions
-if [[ ! -z "${FTP_CHOWN_ROOT}" ]]; then
+if [[ -n "${FTP_CHOWN_ROOT}" ]]; then
   chown ftp:ftp /srv
 fi
 
diff --git a/env.sample b/env.sample
new file mode 100644
index 0000000..aa3bedc
--- /dev/null
+++ b/env.sample
@@ -0,0 +1,9 @@
+VERSION=2.0
+
+FTP_USER=
+FTP_PASSWORD=
+FTP_PORT=
+
+FTP_PASV_ADDRESS=
+FTP_PASV_MIN_PORT=
+FTP_PASV_MAX_PORT=
diff --git a/vsftpd.conf b/vsftpd.conf
index 7670f9c..1421cf2 100644
--- a/vsftpd.conf
+++ b/vsftpd.conf
@@ -34,5 +34,6 @@ hide_ids=YES
 connect_from_port_20=YES
 listen=YES
 tcp_wrappers=YES
-pasv_min_port=4559
-pasv_max_port=4564
+pasv_address=${FTP_PASV_ADDRESS}
+pasv_min_port=${FTP_PASV_MIN_PORT:-4559}
+pasv_max_port=${FTP_PASV_MAX_PORT:-4564}
diff --git a/vsftpd_ssl.conf b/vsftpd_ssl.conf
index 14578e6..284a31f 100644
--- a/vsftpd_ssl.conf
+++ b/vsftpd_ssl.conf
@@ -34,8 +34,9 @@ hide_ids=YES
 connect_from_port_20=YES
 listen=YES
 tcp_wrappers=YES
-pasv_min_port=4559
-pasv_max_port=4564
+pasv_address=${FTP_PASV_ADDRESS}
+pasv_min_port=${FTP_PASV_MIN_PORT:-4559}
+pasv_max_port=${FTP_PASV_MAX_PORT:-4564}
 
 # SSL
 ssl_enable=Yes