Docker Pure-ftpd Server

   参考来源:https://hub.docker.com/r/stilliard/pure-ftpd/ 

   pure-ftpd源码:https://github.com/jedisct1/pure-ftpd

   docker-pure-ftpd源码:https://github.com/stilliard/docker-pure-ftpd

快速开始

version: '2'
services:ftpd_server:image: stilliard/pure-ftpd:hardenedcontainer_name: pure-ftpdports:- "21:21"- "30000-30009:30000-30009"volumes: # remember to replace /folder_on_disk/ with the path to where you want to store the files on the host machine- "./data:/home/yunwisdom/"- "./passwd:/etc/pure-ftpd/passwd"environment:PUBLICHOST: "localhost"FTP_USER_NAME: yunwisdomFTP_USER_PASS: mypassFTP_USER_HOME: /home/yunwisdomrestart: always

PS:请先确保您已经安装了docker和docker-compose 。然后,在特定目录,如:~/pure-ftpd,并在创建目录 ~/pure-ftpd/data,~/pure-ftpd/passwd ,保存上面yml文件为docker-compose.yml,然后执行docker-compose up 即可。

启动成功

登录FTP服务器(Ftp)

PS:FTP客户端 FileZilla_3.39.0_macosx-x86_setup_bundled.dmg

操作过程

正文

用docker下拉最新版本:

docker pull stilliard/pure-ftpd:hardened

通常需要运行sudo,例如sudo docker pull stilliard/pure-ftpd

如果你想进行更改,我的建议是在运行时更改运行命令,或者扩展此图像以进行任何更改而不是分支项目。
这是因为从源代码重建整个pure-ftpd包时,通过fork重建整个docker镜像可能会非常慢。

要更改启动时运行的命令,您可以使用该command:选项,如果使用docker-compose,或docker run直接使用:

docker run --rm -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 stilliard/pure-ftpd:hardened bash /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost -p 30000:30059

要扩展它,您可以创建一个DOCKERFILE类似的新项目:

FROM stilliard/pure-ftpd# e.g. you could change the defult command run:
CMD /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30059

然后你可以构建自己的图像,docker build --rm -t my-pure-ftp .其中my-pure-ftp是你想要构建的名称

开始

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd:hardened

或者对于您自己的图像,将stilliard / pure-ftpd替换为您使用它构建的名称,例如my-pure-ftp

您还可以将ADDED_FLAGS作为env变量传递,以将其他选项(如--tls)添加到pure-ftpd命令。
例如-e "ADDED_FLAGS=--tls=2"

运行

docker exec -it ftpd_server /bin/bash

设置运行时FTP用户

要创建FTP容器上的用户,请使用以下环境变量:FTP_USER_NAMEFTP_USER_PASSFTP_USER_HOME

FTP_USER_HOME 是新用户的根目录。

用法示例:

docker run -e FTP_USER_NAME=bob -e FTP_USER_PASS=12345 -e FTP_USER_HOME=/home/bob stilliard/pure-ftpd

如果你想设置UIDGIDFTP用户,使用FTP_USER_UIDFTP_USER_GID环境变量。

使用不同的被动端口

要在不同范围内使用被动端口(例如10000-10009),使用下面的设置:

docker run -e FTP_PASSIVE_PORTS=10000:10009 --expose=10000-10009 -p 21:21 -p 10000-10009:10000-10009

您可能需要的--expose=选项,因为暴露默认端口被动是3000030009

内部使用示例

创建一个ftp用户: e.g. bob with chroot access only to /home/ftpusers/bob

pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob

不需要重启。

如果由于创建的用户的uidgid而导致卷权限有任何问题,您可以更改您要使用的uid 的-u标志和/或指定-g以及组ID。有关更多信息,请参阅问题#35。

有关使用的更多信息,请访问:https://download.pureftpd.org/pure-ftpd/doc/README.Virtual-Users

测试你的连接

从主机:

ftp -p localhost 21

Docker撰写

Docker撰写可以帮助您简化容器的编排。
我们有一个简单的docker compose示例。
这是使用此图像使用wordpress和ftp 的更详细示例。

最大客户

默认情况下,我们一次设置5个最大客户端,但您可以通过使用以下环境变量来增加此值FTP_MAX_CLIENTS,例如FTP_MAX_CLIENTS=50,然后还可以增加打开的公共端口数FTP_PASSIVE_PORTS=30000:30009FTP_PASSIVE_PORTS=30000:30099。您还希望在运行docker run时打开这些端口。此外,您可以通过设置环境变量来指定每个ip的最大连接数FTP_MAX_CONNECTIONS。默认情况下,该值为5。

所有Pure-ftpd标志可用:

https://linux.die.net/man/8/pure-ftpd

日志

要获取详细日志,请在docker run命令中添加以下内容:

-e "ADDED_FLAGS=-d -d"

然后,如果您执行容器,您可以查看日志 tail -f /var/log/messages

想要一个转移日志文件?将以下内容添加到您的docker run命令:

-e "ADDED_FLAGS=-O w3c:/var/log/pure-ftpd/transfer.log"

标签可用于不同版本

最新版本

  • latest - 最新工作版本
  • jessie-latest - 最新但将永远留在debian jessie
  • hardened- 最新+ 更安全/更强硬的默认值

引入标签之前的早期版本

  • wheezy-1.0.36 - 在我们开始使用debian jessie之前你想要回滚

特定的纯ftpd版本

  • jessie-1.x.x - jessie +特定版本,例如jessie-1.0.36
  • hardened-1.x.x - 硬化+特定版本

检查github上的标签是否有可用版本,随时提交问题和/或提取新版本的请求

使用特定标签: sudo docker pull stilliard/pure-ftpd:hardened-1.0.36

我们的默认纯ftpd选项解释

/usr/sbin/pure-ftpd # path to pure-ftpd executable
-c 5 # --maxclientsnumber (no more than 5 people at once)
-C 5 # --maxclientsperip (no more than 5 requests from the same ip)
-l puredb:/etc/pure-ftpd/pureftpd.pdb # --login (login file for virtual users)
-E # --noanonymous (only real users)
-j # --createhomedir (auto create home directory if it doesnt already exist)
-R # --nochmod (prevent usage of the CHMOD command)
-P $PUBLICHOST # IP/Host setting for PASV support, passed in your the PUBLICHOST env var
-p 30000:30009 # PASV port range (10 ports for 5 max clients)
-tls 1 # Enables optional TLS support

有关详细信息,请参阅man pure-ftpd或访问:https://www.pureftpd.org/

Docker卷

有几个点可以安装docker卷来配置服务器并保留上传的数据。建议在生产中使用它们。

  • /home/ftpusers/ ftp的数据量(按照惯例)。
  • /etc/pure-ftpd/passwd包含单个pureftps.passwd 文件的目录,其中包含用户数据库(即所有虚拟用户,其密码和主目录)。这在容器启动时读取,并由pure-pw useradd -f /etc/pure- ftpd/passwd/pureftpd.passwd ...命令更新。
  • /etc/ssl/private/包含单个pure-ftpd.pem文件的目录,其中包含服务器的SSL证书以支持TLS。当容器在启动时找到此文件时,将自动启用可选TLS。

将用户数据库保留在卷中

您可能希望通过连续的图像构建来保留用户数据库。Docker卷可以实现。

创建命名卷:

docker volume create --name my-db-volume

运行容器时指定它:

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" -v my-db-volume:/etc/pure-ftpd/passwd stilliard/pure-ftpd:hardened

添加用户后,您需要使用卷中的密码文件:

pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob

(由于-m选项,您不需要使用此语法调用pure-pw mkdb)。

更改密码

例如,更改用户“bob”的密码:

pure-pw passwd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m

开发&编译(通过git clone)

# Clone the repo
git clone https://github.com/stilliard/docker-pure-ftpd.git
cd docker-pure-ftpd
# Build the image
make build
# Run container in background:
make run
# enter a bash shell inside the container:
make enter
# test that it's all working with
make test

TLS

如果要启用tls(对于ftps连接),则需要具有有效证书。您可以从Google搜索此主题时找到的证书颁发机构中找到一个。证书(包含私钥和证书)需要位于:

/etc/ssl/private/pure-ftpd.pem

使用docker卷在运行时获取证书。当容器在此位置检测到文件时,它将自动启用可选TLS。

您也可以自我签署证书,这当然是最简单的开始方式。自签名证书具有某些缺点,但是自签名证书可能比没有签名证书更好。

以下是如何从容器中创建自签名证书:

mkdir -p /etc/ssl/private
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \/etc/ssl/private/pure-ftpd.pem \-out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem

自动生成TLS证书

如果ADDED_FLAGS包含--tls和文件/etc/ssl/private/pure-ftpd.pem不存在,它可能产生,如果自签名的证书TLS_CNTLS_ORGTLS_C设置。

请记住,如果没有为/etc/ssl/private/目录生成的证书设置,则不会保留证书,并且每次启动时都会生成新的证书。

您也可以传递-e "TLS_USE_DSAPRAM=true"更快的生成证书,但不建议将此选项用于生产。

积分

感谢stackoverflow的帮助: https://stackoverflow.com/questions/23930167/installing-pure-ftpd-in-docker-debian-wheezy-error-421

还要感谢所有令这个项目惊人的令人敬畏的贡献者: https://github.com/stilliard/docker-pure-ftpd/graphs/contributors

原文

拉取最新PURE-FTPD镜像:

docker pull stilliard/pure-ftpd:hardened

Often needing to run as sudo, e.g. sudo docker pull stilliard/pure-ftpd

If you want to make changes, my advice is to either change the run command when running it or extend this image to make any changes rather than forking the project.
This is because rebuilding the entire docker image via a fork can be very slow as it rebuilds the entire pure-ftpd package from source.

To change the command run on start you could use the command: option if using docker-composer, or with docker run directly you could use:

docker run --rm -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 stilliard/pure-ftpd:hardened bash /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost -p 30000:30059

To extend it you can create a new project with a DOCKERFILE like so:

FROM stilliard/pure-ftpd# e.g. you could change the defult command run:
CMD /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30059

Then you can build your own image, docker build --rm -t my-pure-ftp ., where my-pure-ftp is the name you want to build as

Starting it

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd:hardened

Or for your own image, replace stilliard/pure-ftpd with the name you built it with, e.g. my-pure-ftp

You can also pass ADDED_FLAGS as an env variable to add additional options such as --tls to the pure-ftpd command.
e.g. -e "ADDED_FLAGS=--tls=2"

Operating it

docker exec -it ftpd_server /bin/bash

Setting runtime FTP user

To create a user on the ftp container, use the following environment variables: FTP_USER_NAMEFTP_USER_PASS and FTP_USER_HOME.

FTP_USER_HOME is the root directory of the new user.

Example usage:

docker run -e FTP_USER_NAME=bob -e FTP_USER_PASS=12345 -e FTP_USER_HOME=/home/bob stilliard/pure-ftpd

If you wish to set the UID & GID of the FTP user, use the FTP_USER_UID & FTP_USER_GIDenvironment variables.

Using different passive ports

To use passive ports in a different range (eg10000-10009), use the following setup:

docker run -e FTP_PASSIVE_PORTS=10000:10009 --expose=10000-10009 -p 21:21 -p 10000-10009:10000-10009

You may need the --expose= option, because default passive ports exposed are 30000 to 30009.

Example usage once inside

Create an ftp user: e.g. bob with chroot access only to /home/ftpusers/bob

pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob

No restart should be needed.

If you have any trouble with volume permissions due to the uid or gid of the created user you can change the -u flag for the uid you would like to use and/or specify -g with the group id as well. For more information see issue #35.

More info on usage here: https://download.pureftpd.org/pure-ftpd/doc/README.Virtual-Users

Test your connection

From the host machine:

ftp -p localhost 21

Docker compose

Docker compose can help you simplify the orchestration of your containers.
We have a simple example of the docker compose.
& here's a more detailed example using wordpress with ftp using this image.

Max clients

By default we set 5 max clients at once, but you can increase this by using the following environment variable FTP_MAX_CLIENTS, e.g. to FTP_MAX_CLIENTS=50 and then also increasing the number of public ports opened from FTP_PASSIVE_PORTS=30000:30009FTP_PASSIVE_PORTS=30000:30099. You'll also want to open those ports when running docker run.
In addition you can specify the maximum connections per ip by setting the environment variable FTP_MAX_CONNECTIONS. By default the value is 5.

All Pure-ftpd flags available:

https://linux.die.net/man/8/pure-ftpd

Logs

To get verbose logs add the following to your docker run command:

-e "ADDED_FLAGS=-d -d"

Then if you exec into the container you could watch over the log with tail -f /var/log/messages

Want a transfer log file? add the following to your docker run command:

-e "ADDED_FLAGS=-O w3c:/var/log/pure-ftpd/transfer.log"

Tags available for different versions

Latest versions

  • latest - latest working version
  • jessie-latest - latest but will always remain on debian jessie
  • hardened - latest + more secure/hardened defaults

Previous version before tags were introduced

  • wheezy-1.0.36 - incase you want to roll back to before we started using debian jessie

Specific pure-ftpd versions

  • jessie-1.x.x - jessie + specific versions, e.g. jessie-1.0.36
  • hardened-1.x.x - hardened + specific versions

Check the tags on github for available versions, feel free to submit issues and/or pull requests for newer versions

Usage of specific tags:

sudo docker pull stilliard/pure-ftpd:hardened-1.0.36

Our default pure-ftpd options explained

/usr/sbin/pure-ftpd # path to pure-ftpd executable
-c 5 # --maxclientsnumber (no more than 5 people at once)
-C 5 # --maxclientsperip (no more than 5 requests from the same ip)
-l puredb:/etc/pure-ftpd/pureftpd.pdb # --login (login file for virtual users)
-E # --noanonymous (only real users)
-j # --createhomedir (auto create home directory if it doesnt already exist)
-R # --nochmod (prevent usage of the CHMOD command)
-P $PUBLICHOST # IP/Host setting for PASV support, passed in your the PUBLICHOST env var
-p 30000:30009 # PASV port range (10 ports for 5 max clients)
-tls 1 # Enables optional TLS support

For more information please see man pure-ftpd, or visit: https://www.pureftpd.org/

Why so many ports opened?

This is for PASV support, please see: #5 PASV not fun :)

Docker Volumes

There are a few spots onto which you can mount a docker volume to configure the
server and persist uploaded data. It's recommended to use them in production.

  • /home/ftpusers/ The ftp's data volume (by convention).
  • /etc/pure-ftpd/passwd A directory containing the single pureftps.passwd
    file which contains the user database (i.e., all virtual users, their
    passwords and their home directories). This is read on startup of the
    container and updated by the pure-pw useradd -f /etc/pure- ftpd/passwd/pureftpd.passwd ... command.
  • /etc/ssl/private/ A directory containing a single pure-ftpd.pem file
    with the server's SSL certificates for TLS support. Optional TLS is
    automatically enabled when the container finds this file on startup.

Keep user database in a volume

You may want to keep your user database through the successive image builds. It is possible with Docker volumes.

Create a named volume:

docker volume create --name my-db-volume

Specify it when running the container:

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" -v my-db-volume:/etc/pure-ftpd/passwd stilliard/pure-ftpd:hardened

When an user is added, you need to use the password file which is in the volume:

pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob

(Thanks to the -m option, you don't need to call pure-pw mkdb with this syntax).

Changing a password

e.g. to change the password for user "bob":

pure-pw passwd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m

Development (via git clone)

# Clone the repo
git clone https://github.com/stilliard/docker-pure-ftpd.git
cd docker-pure-ftpd
# Build the image
make build
# Run container in background:
make run
# enter a bash shell inside the container:
make enter
# test that it's all working with
make test

TLS

If you want to enable tls (for ftps connections), you need to have a valid
certificate. You can get one from one of the certificate authorities that you'll
find when googling this topic. The certificate (containing private key and
certificate) needs to be at:

/etc/ssl/private/pure-ftpd.pem

Use docker volumes to get the certificate there at runtime. The container will
automatically enable optional TLS when it detect the file at this location.

You can also self-sign a certificate, which is certainly the easiest way to
start out. Self signed certificates come with certain drawbacks, but it might
be better to have a self signed one than none at all.

Here's how to create a self-signed certificate from within the container:

mkdir -p /etc/ssl/private
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \/etc/ssl/private/pure-ftpd.pem \-out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem

Credits

Thanks for the help on stackoverflow with this!
https://stackoverflow.com/questions/23930167/installing-pure-ftpd-in-docker-debian-wheezy-error-421

Docker上部署FTP服务器(基于stilliard/pure-ftpd)相关推荐

  1. Docker上部署GitLab服务器

    # 安装docker的前提下 运行此段代码即可 请确保 /srv/gitlab/ 目录下创建好config logs data 目录 sudo docker run --detach \ --host ...

  2. 模拟部署FTP服务器并提供文件的上传及下载

    FTP(File Transfer Protocol:文件传输协议)是TCP/IP协议组中的协议之一,主要是提供文件共享服务. 数据端口20:用于传输数据: 控制端口21:用于传输指令: 操作环境:V ...

  3. 第15节 单臂路由上部署DHCP服务器及DHCP中继——基于PacketTracer仿真实验

    1理论知识储备 1.1 VTP协议相关理论知识 概念:VTP(VLAN Trunking Protocol):是VLAN中继协议,也被称为虚拟局域网干道协议.它是思科私有协议. 作用:在企业网络中有多 ...

  4. 在Docker上部署NGINX和NGINX Plus

    在Docker上部署NGINX和NGINX Plus 高性能应用程序交付平台NGINX Plus,负载均衡器和Web服务器可通过Docker容器部署. 先决条件 在Docker容器中运行NGINX开源 ...

  5. Docker下部署ftp服务

    Docker下部署ftp服务 文章目录 Docker下部署ftp服务 前言 一. 查找vsftpd镜像 二.pull vsftpd最新版镜像到本地 二.配置vsftpd 1.创建vsftpd容器 2. ...

  6. 部署FTP服务器及其管理

    1.FTP简介 文件传输协议(英文:File Transfer Protocol,缩写:FTP)是用于在网络上进行文件传输的一套标准协议,也是网络上常用的最老的网络协议之一,它使用客户/服务器模式.它 ...

  7. Linux安装部署FTP服务器

    Linux安装部署FTP服务器 本文章会将安装FTP服务器的步骤以及一些遇到的问题来记录下 因为项目中要与第三方对接数据,需要用到FTP服务器以提供他们每天上传数据,因为之前在本地的VMware虚拟机 ...

  8. ubuntu ftp服务器_如何在Ubuntu上安装FTP服务器?

    ubuntu ftp服务器 In this tutorial, let's learn how to install FTP server on Ubuntu. FTP or File Transfe ...

  9. 怎样在linux上部署web服务器

    linux上部署web服务器 1.从Apache官网下载源码. 2.卸载原来已经存在的httpd. 3.挂载光盘准备部署httpd. 4.源码编译安装httpd, 解包 , 配置(--prefix:指 ...

最新文章

  1. Computational methods for analysis of single molecule sequencing data
  2. 微软的DeepSinger产生可以英语和中文唱歌的声音
  3. 解决 WordPress“正在执行例行维护,请一分钟后回来”
  4. 阿里百度12个iOS 技术面试题及答案总结,希望对你有帮助!
  5. Google-Analytics 学习与思考
  6. jquery源码解析:jQuery数据缓存机制详解2
  7. SqlServer数据类型
  8. Multi-Temporal SAR Data Large-Scale Crop Mapping Based on U-Net Model(利用U-net对多时相SAR影像获得作物图)...
  9. 如何垂直居中一个img
  10. 33.前端之css2
  11. 移远ec20 4g模块linux驱动移植,Hi3798移植4G模块(移远EC20)
  12. 数理统计 —— 总体、样本、统计量及其分布
  13. Element组件--Upload文件/图片上传
  14. 祝大家2022幸福安康
  15. ​抖音怎么养号容易热门,一机两卡养抖音号可以吗
  16. html 浮动脱离文档流,脱离文档流(正常流-文档流)
  17. 利用WCF的P2P共享剪贴板上的数据
  18. laradock一些坑(长期维护)
  19. 上海亚商投顾:三大指数集体调整 消费板块逆市活跃
  20. clion安装与配置(一 - WSL)

热门文章

  1. DataList:HTML5中的input输入框自动提示宝器
  2. iOS中XML解析 (二) libxml2(实例:打印xml内容及存储到数组)
  3. MySQL 数据备份与还原
  4. LeetCode 287. Find the Duplicate Number
  5. LeetCode 496. Next Greater Element I
  6. 《C和指针》——字符数组和字符串常量的区别
  7. 【CVPR2019】 教程 Tutorials List
  8. 【今日CS 视觉论文速览】Wed, 12 Dec 2018
  9. 对象流 ObjectOutputStream java
  10. linux-进程杀死的操作