update base image; add compose file
This commit is contained in:
5
.gitignore
vendored
5
.gitignore
vendored
@@ -1,4 +1,7 @@
|
|||||||
*.swp
|
*.swp
|
||||||
srv/
|
srv/
|
||||||
env
|
config/
|
||||||
|
logs/
|
||||||
|
data/
|
||||||
|
.env
|
||||||
vsftpd.pem
|
vsftpd.pem
|
||||||
|
|||||||
14
Dockerfile
14
Dockerfile
@@ -1,4 +1,7 @@
|
|||||||
FROM debian:stretch
|
FROM debian:stable
|
||||||
|
|
||||||
|
LABEL maintainer="Luca Derderian <luca@wululu.de>"
|
||||||
|
LABEL version="${VERSION:-2.0}"
|
||||||
|
|
||||||
ARG FTP_UID=48
|
ARG FTP_UID=48
|
||||||
ARG FTP_GID=48
|
ARG FTP_GID=48
|
||||||
@@ -9,24 +12,25 @@ RUN set -x \
|
|||||||
|
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
&& apt-get update \
|
&& apt-get update \
|
||||||
&& apt-get install -y --no-install-recommends vsftpd db5.3-util whois \
|
&& apt-get -y full-upgrade \
|
||||||
|
&& apt-get install -y --no-install-recommends vsftpd db-util whois gettext-base \
|
||||||
&& apt-get clean \
|
&& apt-get clean \
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
;
|
;
|
||||||
|
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
&& mkdir -p /var/run/vsftpd/empty /etc/vsftpd/user_conf /var/ftp /srv \
|
&& mkdir -p /var/run/vsftpd/empty /etc/vsftpd/user_conf /var/ftp /srv /templates \
|
||||||
&& touch /var/log/vsftpd.log \
|
&& touch /var/log/vsftpd.log \
|
||||||
&& rm -rf /srv/ftp \
|
&& rm -rf /srv/ftp \
|
||||||
;
|
;
|
||||||
|
|
||||||
COPY vsftpd*.conf /etc/
|
COPY vsftpd*.conf /templates/
|
||||||
COPY vsftpd_virtual /etc/pam.d/
|
COPY vsftpd_virtual /etc/pam.d/
|
||||||
COPY *.sh /
|
COPY *.sh /
|
||||||
|
|
||||||
VOLUME ["/etc/vsftpd", "/srv"]
|
VOLUME ["/etc/vsftpd", "/srv"]
|
||||||
|
|
||||||
EXPOSE 21 4559 4560 4561 4562 4563 4564
|
EXPOSE 21
|
||||||
|
|
||||||
ENTRYPOINT ["/entry.sh"]
|
ENTRYPOINT ["/entry.sh"]
|
||||||
CMD ["vsftpd"]
|
CMD ["vsftpd"]
|
||||||
|
|||||||
8
Makefile
8
Makefile
@@ -16,21 +16,21 @@ bash:
|
|||||||
docker run --rm -it $(IMAGE_NAME):$(TAG) bash
|
docker run --rm -it $(IMAGE_NAME):$(TAG) bash
|
||||||
|
|
||||||
env:
|
env:
|
||||||
@echo "FTP_USER=ftp" >> env
|
@echo "FTP_USER=ftp" >> .env
|
||||||
@echo "FTP_PASSWORD=ftp" >> env
|
@echo "FTP_PASSWORD=ftp" >> .env
|
||||||
|
|
||||||
vsftpd.pem:
|
vsftpd.pem:
|
||||||
openssl req -new -newkey rsa:2048 -days 365 -nodes -sha256 -x509 -keyout vsftpd.pem -out vsftpd.pem -subj '/CN=self_signed'
|
openssl req -new -newkey rsa:2048 -days 365 -nodes -sha256 -x509 -keyout vsftpd.pem -out vsftpd.pem -subj '/CN=self_signed'
|
||||||
|
|
||||||
run: env
|
run: env
|
||||||
$(eval ID := $(shell docker run -d --env-file env -v $(shell pwd)/srv:/srv ${IMAGE_NAME}:${TAG}))
|
$(eval ID := $(shell docker run -d --env-file .env -v $(shell pwd)/srv:/srv ${IMAGE_NAME}:${TAG}))
|
||||||
$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
|
$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
|
||||||
@echo "Running ${ID} @ ftp://${IP}"
|
@echo "Running ${ID} @ ftp://${IP}"
|
||||||
@docker attach ${ID}
|
@docker attach ${ID}
|
||||||
@docker kill ${ID}
|
@docker kill ${ID}
|
||||||
|
|
||||||
run-ssl: env vsftpd.pem
|
run-ssl: env vsftpd.pem
|
||||||
$(eval ID := $(shell docker run -d --env-file env -v $(shell pwd)/srv:/srv -v $(PWD)/vsftpd.pem:/etc/ssl/certs/vsftpd.crt -v $(PWD)/vsftpd.pem:/etc/ssl/private/vsftpd.key ${IMAGE_NAME}:${TAG} vsftpd /etc/vsftpd_ssl.conf))
|
$(eval ID := $(shell docker run -d --env-file .env -v $(shell pwd)/srv:/srv -v $(PWD)/vsftpd.pem:/etc/ssl/certs/vsftpd.crt -v $(PWD)/vsftpd.pem:/etc/ssl/private/vsftpd.key ${IMAGE_NAME}:${TAG} vsftpd /etc/vsftpd_ssl.conf))
|
||||||
$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
|
$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
|
||||||
@echo "Running ${ID} @ ftp://${IP}"
|
@echo "Running ${ID} @ ftp://${IP}"
|
||||||
@docker attach ${ID}
|
@docker attach ${ID}
|
||||||
|
|||||||
@@ -2,6 +2,11 @@
|
|||||||
|
|
||||||
This is a micro-service image for VSFTPD.
|
This is a micro-service image for VSFTPD.
|
||||||
|
|
||||||
|
It is a fork from [panubo's docker-vsftpd](https://github.com/panubo/docker-vsftpd) (thanks!) and slightly modified to suit my needs:
|
||||||
|
* Update base image to `debian:latest`
|
||||||
|
* Support for configurable min and max port in passive mode
|
||||||
|
by templating the config files (via envsubst)
|
||||||
|
|
||||||
There are a few limitations but it will work if you are using host networking
|
There are a few limitations but it will work if you are using host networking
|
||||||
`--net host` or have a direct/routed network between the Docker container and
|
`--net host` or have a direct/routed network between the Docker container and
|
||||||
the client.
|
the client.
|
||||||
@@ -33,6 +38,10 @@ which is in the _whois_ debian package.
|
|||||||
- `FTP_PASV_ADDRESS`: override the IP address that vsftpd will advertise in
|
- `FTP_PASV_ADDRESS`: override the IP address that vsftpd will advertise in
|
||||||
response to the PASV command
|
response to the PASV command
|
||||||
|
|
||||||
|
- `FTP_PASV_MIN_PORT`: Minimum port for passive mode (remember to bind the ports if not used with compose file)
|
||||||
|
|
||||||
|
- `FTP_PASV_MAX_PORT`: Maximum port for passive mode (remember to bind the ports if not used with compose file)
|
||||||
|
|
||||||
## Usage Example
|
## Usage Example
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -21,4 +21,4 @@ if [[ "${1}" == "-d" ]]; then
|
|||||||
shift
|
shift
|
||||||
fi
|
fi
|
||||||
|
|
||||||
printf '%s\n%s\n' "${1}" "${2}" | db5.3_load -T -t hash "${DB}"
|
printf '%s\n%s\n' "${1}" "${2}" | db_load -T -t hash "${DB}"
|
||||||
|
|||||||
16
compose.yml
Normal file
16
compose.yml
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
services:
|
||||||
|
vsftpd:
|
||||||
|
container_name: vsftpd
|
||||||
|
image: wululu/vsftpd:${VERSION:-2.0}
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
args:
|
||||||
|
VERSION: ${VERSION:-2.0}
|
||||||
|
volumes:
|
||||||
|
- ./data:/srv
|
||||||
|
- ./config:/etc/vsftpd
|
||||||
|
- ./logs:/var/log
|
||||||
|
ports:
|
||||||
|
- "${FTP_PORT:-21}:21"
|
||||||
|
- "${FTP_PASV_MIN_PORT:-4559}-${FTP_PASV_MAX_PORT:-4564}:${FTP_PASV_MIN_PORT:-4559}-${FTP_PASV_MAX_PORT:-4564}"
|
||||||
|
env_file: .env
|
||||||
19
entry.sh
19
entry.sh
@@ -5,12 +5,21 @@ set -e
|
|||||||
|
|
||||||
[[ "${DEBUG}" == "true" ]] && set -x
|
[[ "${DEBUG}" == "true" ]] && set -x
|
||||||
|
|
||||||
|
# Replace variables in config files
|
||||||
|
for file in /templates/*; do
|
||||||
|
if [[ -f "$file" ]]; then
|
||||||
|
filename=$(basename "$file")
|
||||||
|
envsubst < "$file" > "/etc/$filename"
|
||||||
|
echo "Created /etc/${filename}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
# Generate password if hash not set
|
# Generate password if hash not set
|
||||||
if [[ ! -z "${FTP_PASSWORD}" ]] && [[ -z "${FTP_PASSWORD_HASH}" ]]; then
|
if [[ -n "${FTP_PASSWORD}" ]] && [[ -z "${FTP_PASSWORD_HASH}" ]]; then
|
||||||
FTP_PASSWORD_HASH="$(echo "${FTP_PASSWORD}" | mkpasswd -s -m sha-512)"
|
FTP_PASSWORD_HASH="$(echo "${FTP_PASSWORD}" | mkpasswd -s -m sha-512)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! -z "${FTP_USER}" ]] || [[ ! -z "${FTP_PASSWORD_HASH}" ]]; then
|
if [[ -n "${FTP_USER}" ]] || [[ -n "${FTP_PASSWORD_HASH}" ]]; then
|
||||||
/add-virtual-user.sh -d "${FTP_USER}" "${FTP_PASSWORD_HASH}"
|
/add-virtual-user.sh -d "${FTP_USER}" "${FTP_PASSWORD_HASH}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -22,20 +31,20 @@ while read -r user; do
|
|||||||
done < <(env | grep "FTP_USER_" | sed 's/^\(FTP_USER_[a-zA-Z0-9]*\)=.*/\1/')
|
done < <(env | grep "FTP_USER_" | sed 's/^\(FTP_USER_[a-zA-Z0-9]*\)=.*/\1/')
|
||||||
|
|
||||||
# Support user directories
|
# Support user directories
|
||||||
if [[ ! -z "${FTP_USERS_ROOT}" ]]; then
|
if [[ -n "${FTP_USERS_ROOT}" ]]; then
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
sed -i 's/local_root=.*/local_root=\/srv\/$USER/' /etc/vsftpd*.conf
|
sed -i 's/local_root=.*/local_root=\/srv\/$USER/' /etc/vsftpd*.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Support setting the passive address
|
# Support setting the passive address
|
||||||
if [[ ! -z "$FTP_PASV_ADDRESS" ]]; then
|
if [[ -n "$FTP_PASV_ADDRESS" ]]; then
|
||||||
for f in /etc/vsftpd*.conf; do
|
for f in /etc/vsftpd*.conf; do
|
||||||
echo "pasv_address=${FTP_PASV_ADDRESS}" >> "$f"
|
echo "pasv_address=${FTP_PASV_ADDRESS}" >> "$f"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Manage /srv permissions
|
# Manage /srv permissions
|
||||||
if [[ ! -z "${FTP_CHOWN_ROOT}" ]]; then
|
if [[ -n "${FTP_CHOWN_ROOT}" ]]; then
|
||||||
chown ftp:ftp /srv
|
chown ftp:ftp /srv
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
9
env.sample
Normal file
9
env.sample
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
VERSION=2.0
|
||||||
|
|
||||||
|
FTP_USER=
|
||||||
|
FTP_PASSWORD=
|
||||||
|
FTP_PORT=
|
||||||
|
|
||||||
|
FTP_PASV_ADDRESS=
|
||||||
|
FTP_PASV_MIN_PORT=
|
||||||
|
FTP_PASV_MAX_PORT=
|
||||||
@@ -34,5 +34,6 @@ hide_ids=YES
|
|||||||
connect_from_port_20=YES
|
connect_from_port_20=YES
|
||||||
listen=YES
|
listen=YES
|
||||||
tcp_wrappers=YES
|
tcp_wrappers=YES
|
||||||
pasv_min_port=4559
|
pasv_address=${FTP_PASV_ADDRESS}
|
||||||
pasv_max_port=4564
|
pasv_min_port=${FTP_PASV_MIN_PORT:-4559}
|
||||||
|
pasv_max_port=${FTP_PASV_MAX_PORT:-4564}
|
||||||
|
|||||||
@@ -34,8 +34,9 @@ hide_ids=YES
|
|||||||
connect_from_port_20=YES
|
connect_from_port_20=YES
|
||||||
listen=YES
|
listen=YES
|
||||||
tcp_wrappers=YES
|
tcp_wrappers=YES
|
||||||
pasv_min_port=4559
|
pasv_address=${FTP_PASV_ADDRESS}
|
||||||
pasv_max_port=4564
|
pasv_min_port=${FTP_PASV_MIN_PORT:-4559}
|
||||||
|
pasv_max_port=${FTP_PASV_MAX_PORT:-4564}
|
||||||
|
|
||||||
# SSL
|
# SSL
|
||||||
ssl_enable=Yes
|
ssl_enable=Yes
|
||||||
|
|||||||
Reference in New Issue
Block a user