1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-10 04:19:24 +02:00

update vsftpd

This commit is contained in:
kev 2016-02-03 01:25:42 +08:00
parent 5b4732c901
commit 76c49047f5
5 changed files with 63 additions and 45 deletions

View File

@ -7,23 +7,30 @@ MAINTAINER kev <noreply@datageek.info>
RUN set -xe \
&& apk add -U vsftpd \
&& passwd -l root \
&& adduser -D virtual \
&& rm -rf /var/cache/apk/*
RUN { \
echo "allow_writeable_chroot=YES"; \
echo "chroot_local_user=YES"; \
echo "ftpd_banner=Welcome to VSFTPD service."; \
echo "local_enable=YES"; \
echo "no_anon_password=YES"; \
echo "pasv_addr_resolve=YES"; \
echo "pasv_address=my-ftp-server"; \
echo "pasv_enable=YES"; \
echo "pasv_max_port=30100"; \
echo "pasv_min_port=30000"; \
echo "port_enable=YES"; \
echo "seccomp_sandbox=NO"; \
echo "write_enable=YES"; \
} >> /etc/vsftpd/vsftpd.conf
echo 'allow_writeable_chroot=YES'; \
echo 'anonymous_enable=YES'; \
echo 'chroot_local_user=YES'; \
echo 'connect_from_port_20=YES'; \
echo 'dirmessage_enable=YES'; \
echo 'ftpd_banner=Welcome to VSFTPD service.'; \
echo 'listen=YES'; \
echo 'local_enable=YES'; \
echo 'no_anon_password=YES'; \
echo 'pasv_addr_resolve=YES'; \
echo 'pasv_address=datageek.info'; \
echo 'pasv_enable=YES'; \
echo 'pasv_max_port=30010'; \
echo 'pasv_min_port=30000'; \
echo 'port_enable=YES'; \
echo 'seccomp_sandbox=NO'; \
echo 'write_enable=YES'; \
echo 'xferlog_enable=YES'; \
} > /etc/vsftpd/vsftpd.conf
VOLUME /var/lib/ftp
WORKDIR /var/lib/ftp

View File

@ -11,62 +11,75 @@ It is secure and extremely fast. It is stable. Don't take my word for it, though
├── docker-compose.yml
├── ftp/
│ └── README.md
├── pam.d/
│ └── vsftpd => For Virutal User
└── vsftpd/
├── ftpusers => For Virtual User
├── vsftpd.conf
└── vsftpd.pem
└── vsftpd.pem => For SSL
```
## vsftpd.conf
```bash
# DEFAULT SETTINGS
allow_writeable_chroot=YES
anonymous_enable=YES
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ftpd_banner=Welcome to VSFTPD service.
listen=YES
local_enable=YES
no_anon_password=YES
pasv_addr_resolve=YES
pasv_address=my-ftp-server
pasv_address=datageek.info
pasv_enable=YES
pasv_max_port=30010
pasv_min_port=30000
port_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
seccomp_sandbox=NO
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
write_enable=YES
xferlog_enable=YES
# VIRTUAL USER SETTINGS
#guest_enable=YES
#guest_username=virtual
#local_root=/home/virtual/$USER
#pam_service_name=vsftpd
#user_sub_token=$USER
#virtual_use_local_privs=YES
# SSL SETTINGS
#force_local_data_ssl=YES
#force_local_logins_ssl=YES
#rsa_cert_file=/etc/vsftpd/vsftpd.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd.pem
#ssl_enable=YES
```
> Please point `pasv_address` to your ftp server.
> Please set `pasv_address` to your ftp server.
## docker-compose.yml
```yaml
vsftpd:
image: vimagick/vsftpd
# net: host
ports:
- "20:20"
- "21:21"
- "30000-30010:30000-30010"
net: host
# ports:
# - "20:20"
# - "21:21"
# - "30000-30010:30000-30010"
volumes:
- ./vsftpd:/etc/vsftpd
- ./ftp:/var/lib/ftp
# - ./pam.d/vsftpd:/etc/pam.d/vsftpd
# - ./virtual:/home/virtual
privileged: true
restart: always
```
> You can use `net: host` instead of `ports`.
> You can use `ports` instead of `net: host`.
> Make sure these ports are allowed by firewall.
## Server
@ -78,28 +91,26 @@ $ docker-compose up -d
$ touch ./ftp/README.md
$ docker exec -it vsftpd_vsftpd_1 sh
>>>
>>> passwd root
Changing password for root
New password: ******
Retype password: ******
Password for root changed by root
>>>
>>> adduser kev
Changing password for kev
New password: ******
Retype password: ******
Password for kev changed by root
>>>
>>> adduser -D virtual
>>> mkdir /home/virtual/tom
>>> echo "tom's home" > /home/virtual/tom/README.md
>>> chown -R virutal:virtual /home/virtual
>>>
>>> exit
```
> :warning: Default password for `root` is empty, please change it!
> I also added another local user called `kev` here.
> I added a local user called `kev`, a virtual user called `tom` here.
> You can edit [/etc/vsftpd/vsftpd.conf][2] to enable more [functions][3].
## Client
You can login as `root`/`kev`(local user) or `ftp`(anonymous user).
You can login as `kev`(local user), `tom`(virtual user) or `ftp`(anonymous user).
```bash
$ ftp my-ftp-server
@ -127,7 +138,7 @@ Permission denied.
ftp> bye
```
Only local users can upload files.
Only local user or virtual user can upload file.
```bash
$ lftp

View File

@ -1,9 +1,6 @@
vsftpd:
image: vimagick/vsftpd
ports:
- "20:20"
- "21:21"
- "30000-30010:30000-30010"
net: host
volumes:
- ./vsftpd:/etc/vsftpd
- ./ftp:/var/lib/ftp

2
vsftpd/pam.d/vsftpd Normal file
View File

@ -0,0 +1,2 @@
auth required pam_listfile.so onerr=fail item=user sense=allow file=/etc/vsftpd/ftpusers
account required pam_permit.so

1
vsftpd/vsftpd/ftpusers Normal file
View File

@ -0,0 +1 @@
tom