mirror of
https://github.com/vimagick/dockerfiles.git
synced 2025-01-10 04:19:24 +02:00
update vsftpd
This commit is contained in:
parent
5b4732c901
commit
76c49047f5
vsftpd
@ -7,23 +7,30 @@ MAINTAINER kev <noreply@datageek.info>
|
||||
|
||||
RUN set -xe \
|
||||
&& apk add -U vsftpd \
|
||||
&& passwd -l root \
|
||||
&& adduser -D virtual \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
RUN { \
|
||||
echo "allow_writeable_chroot=YES"; \
|
||||
echo "chroot_local_user=YES"; \
|
||||
echo "ftpd_banner=Welcome to VSFTPD service."; \
|
||||
echo "local_enable=YES"; \
|
||||
echo "no_anon_password=YES"; \
|
||||
echo "pasv_addr_resolve=YES"; \
|
||||
echo "pasv_address=my-ftp-server"; \
|
||||
echo "pasv_enable=YES"; \
|
||||
echo "pasv_max_port=30100"; \
|
||||
echo "pasv_min_port=30000"; \
|
||||
echo "port_enable=YES"; \
|
||||
echo "seccomp_sandbox=NO"; \
|
||||
echo "write_enable=YES"; \
|
||||
} >> /etc/vsftpd/vsftpd.conf
|
||||
echo 'allow_writeable_chroot=YES'; \
|
||||
echo 'anonymous_enable=YES'; \
|
||||
echo 'chroot_local_user=YES'; \
|
||||
echo 'connect_from_port_20=YES'; \
|
||||
echo 'dirmessage_enable=YES'; \
|
||||
echo 'ftpd_banner=Welcome to VSFTPD service.'; \
|
||||
echo 'listen=YES'; \
|
||||
echo 'local_enable=YES'; \
|
||||
echo 'no_anon_password=YES'; \
|
||||
echo 'pasv_addr_resolve=YES'; \
|
||||
echo 'pasv_address=datageek.info'; \
|
||||
echo 'pasv_enable=YES'; \
|
||||
echo 'pasv_max_port=30010'; \
|
||||
echo 'pasv_min_port=30000'; \
|
||||
echo 'port_enable=YES'; \
|
||||
echo 'seccomp_sandbox=NO'; \
|
||||
echo 'write_enable=YES'; \
|
||||
echo 'xferlog_enable=YES'; \
|
||||
} > /etc/vsftpd/vsftpd.conf
|
||||
|
||||
VOLUME /var/lib/ftp
|
||||
WORKDIR /var/lib/ftp
|
||||
|
@ -11,62 +11,75 @@ It is secure and extremely fast. It is stable. Don't take my word for it, though
|
||||
├── docker-compose.yml
|
||||
├── ftp/
|
||||
│ └── README.md
|
||||
├── pam.d/
|
||||
│ └── vsftpd => For Virutal User
|
||||
└── vsftpd/
|
||||
├── ftpusers => For Virtual User
|
||||
├── vsftpd.conf
|
||||
└── vsftpd.pem
|
||||
└── vsftpd.pem => For SSL
|
||||
```
|
||||
|
||||
## vsftpd.conf
|
||||
|
||||
```bash
|
||||
# DEFAULT SETTINGS
|
||||
allow_writeable_chroot=YES
|
||||
anonymous_enable=YES
|
||||
chroot_local_user=YES
|
||||
connect_from_port_20=YES
|
||||
dirmessage_enable=YES
|
||||
force_local_data_ssl=YES
|
||||
force_local_logins_ssl=YES
|
||||
ftpd_banner=Welcome to VSFTPD service.
|
||||
listen=YES
|
||||
local_enable=YES
|
||||
no_anon_password=YES
|
||||
pasv_addr_resolve=YES
|
||||
pasv_address=my-ftp-server
|
||||
pasv_address=datageek.info
|
||||
pasv_enable=YES
|
||||
pasv_max_port=30010
|
||||
pasv_min_port=30000
|
||||
port_enable=YES
|
||||
rsa_cert_file=/etc/vsftpd/vsftpd.pem
|
||||
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
|
||||
seccomp_sandbox=NO
|
||||
ssl_enable=YES
|
||||
ssl_sslv2=NO
|
||||
ssl_sslv3=NO
|
||||
ssl_tlsv1=YES
|
||||
write_enable=YES
|
||||
xferlog_enable=YES
|
||||
|
||||
# VIRTUAL USER SETTINGS
|
||||
#guest_enable=YES
|
||||
#guest_username=virtual
|
||||
#local_root=/home/virtual/$USER
|
||||
#pam_service_name=vsftpd
|
||||
#user_sub_token=$USER
|
||||
#virtual_use_local_privs=YES
|
||||
|
||||
# SSL SETTINGS
|
||||
#force_local_data_ssl=YES
|
||||
#force_local_logins_ssl=YES
|
||||
#rsa_cert_file=/etc/vsftpd/vsftpd.pem
|
||||
#rsa_private_key_file=/etc/vsftpd/vsftpd.pem
|
||||
#ssl_enable=YES
|
||||
```
|
||||
|
||||
> Please point `pasv_address` to your ftp server.
|
||||
> Please set `pasv_address` to your ftp server.
|
||||
|
||||
## docker-compose.yml
|
||||
|
||||
```yaml
|
||||
vsftpd:
|
||||
image: vimagick/vsftpd
|
||||
# net: host
|
||||
ports:
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "30000-30010:30000-30010"
|
||||
net: host
|
||||
# ports:
|
||||
# - "20:20"
|
||||
# - "21:21"
|
||||
# - "30000-30010:30000-30010"
|
||||
volumes:
|
||||
- ./vsftpd:/etc/vsftpd
|
||||
- ./ftp:/var/lib/ftp
|
||||
# - ./pam.d/vsftpd:/etc/pam.d/vsftpd
|
||||
# - ./virtual:/home/virtual
|
||||
privileged: true
|
||||
restart: always
|
||||
```
|
||||
|
||||
> You can use `net: host` instead of `ports`.
|
||||
> You can use `ports` instead of `net: host`.
|
||||
> Make sure these ports are allowed by firewall.
|
||||
|
||||
## Server
|
||||
@ -78,28 +91,26 @@ $ docker-compose up -d
|
||||
$ touch ./ftp/README.md
|
||||
$ docker exec -it vsftpd_vsftpd_1 sh
|
||||
>>>
|
||||
>>> passwd root
|
||||
Changing password for root
|
||||
New password: ******
|
||||
Retype password: ******
|
||||
Password for root changed by root
|
||||
>>>
|
||||
>>> adduser kev
|
||||
Changing password for kev
|
||||
New password: ******
|
||||
Retype password: ******
|
||||
Password for kev changed by root
|
||||
>>>
|
||||
>>> adduser -D virtual
|
||||
>>> mkdir /home/virtual/tom
|
||||
>>> echo "tom's home" > /home/virtual/tom/README.md
|
||||
>>> chown -R virutal:virtual /home/virtual
|
||||
>>>
|
||||
>>> exit
|
||||
```
|
||||
|
||||
> :warning: Default password for `root` is empty, please change it!
|
||||
> I also added another local user called `kev` here.
|
||||
> I added a local user called `kev`, a virtual user called `tom` here.
|
||||
> You can edit [/etc/vsftpd/vsftpd.conf][2] to enable more [functions][3].
|
||||
|
||||
## Client
|
||||
|
||||
You can login as `root`/`kev`(local user) or `ftp`(anonymous user).
|
||||
You can login as `kev`(local user), `tom`(virtual user) or `ftp`(anonymous user).
|
||||
|
||||
```bash
|
||||
$ ftp my-ftp-server
|
||||
@ -127,7 +138,7 @@ Permission denied.
|
||||
ftp> bye
|
||||
```
|
||||
|
||||
Only local users can upload files.
|
||||
Only local user or virtual user can upload file.
|
||||
|
||||
```bash
|
||||
$ lftp
|
||||
|
@ -1,9 +1,6 @@
|
||||
vsftpd:
|
||||
image: vimagick/vsftpd
|
||||
ports:
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "30000-30010:30000-30010"
|
||||
net: host
|
||||
volumes:
|
||||
- ./vsftpd:/etc/vsftpd
|
||||
- ./ftp:/var/lib/ftp
|
||||
|
2
vsftpd/pam.d/vsftpd
Normal file
2
vsftpd/pam.d/vsftpd
Normal file
@ -0,0 +1,2 @@
|
||||
auth required pam_listfile.so onerr=fail item=user sense=allow file=/etc/vsftpd/ftpusers
|
||||
account required pam_permit.so
|
1
vsftpd/vsftpd/ftpusers
Normal file
1
vsftpd/vsftpd/ftpusers
Normal file
@ -0,0 +1 @@
|
||||
tom
|
Loading…
Reference in New Issue
Block a user