项目作者: crazy-max

项目描述 :
Pure-FTPd Docker image based on Alpine Linux with MySQL, PostgreSQL and LDAP support
高级语言: Dockerfile
项目地址: git://github.com/crazy-max/docker-pure-ftpd.git
创建时间: 2019-10-30T01:17:17Z
项目社区:https://github.com/crazy-max/docker-pure-ftpd

开源协议:MIT License

下载



Latest Version
Build Status
Docker Stars
Docker Pulls

Become a sponsor
Donate Paypal

About

Pure-FTPd Docker image based with MySQL,
PostgreSQL and LDAP support.

[!TIP]
Want to be notified of new releases? Check out 🔔 Diun (Docker Image Update Notifier)
project!


Features

  • Multi-platform image
  • s6-overlay as process supervisor
  • PureDB, MySQL, PostgreSQL and LDAP support
  • Latest Pure-FTPd release compiled from source
  • Support of argon2 and scrypt hashing method through Libsodium
  • Logs processed to stdout through socklog-overlay
  • Support of pure-uploadscript
  • PASSIVE_IP for PASV support automatically resolved

Build locally

  1. git clone https://github.com/crazy-max/docker-pure-ftpd.git
  2. cd docker-pure-ftpd
  3. # Build image and output to docker (default)
  4. docker buildx bake
  5. # Build multi-platform image
  6. docker buildx bake image-all

Image

Registry Image
Docker Hub crazymax/pure-ftpd
GitHub Container Registry ghcr.io/crazy-max/pure-ftpd

Following platforms for this image are available:

  1. $ docker buildx imagetools inspect crazymax/pure-ftpd --format "{{json .Manifest}}" | \
  2. jq -r '.manifests[] | select(.platform.os != null and .platform.os != "unknown") | .platform | "\(.os)/\(.architecture)\(if .variant then "/" + .variant else "" end)"'
  3. linux/386
  4. linux/amd64
  5. linux/arm/v6
  6. linux/arm/v7
  7. linux/arm64
  8. linux/ppc64le

Environment variables

  • TZ: Timezone assigned to the container (default UTC)
  • AUTH_METHOD: Authentication method to use. Can be puredb, mysql, pgsql or ldap (default puredb)
  • SECURE_MODE: Enable secure mode (default true)
  • PASSIVE_IP: IP/Host for PASV support (default auto resolved with dig +short myip.opendns.com @resolver1.opendns.com)
  • PASSIVE_PORT_RANGE: Port range for passive connections (default 30000:30009)
  • DB_TIMEOUT: Time in seconds after which we stop trying to reach the database server. Only used for mysql and pgsql auth method (default 45)
  • UPLOADSCRIPT: What program/script to run after an upload. It has to be an absolute filename. (for example /data/uploadscript.sh)

:warning: Do not set --uploadscript flag. It will be added if UPLOADSCRIPT is defined.

Volumes

  • /data: Contains config files and PureDB file

Ports

  • 2100: FTP port
  • 30000-30009: PASV port range

Usage

Docker Compose

Docker compose is the recommended way to run this image. You can use the following
compose template, then run the container:

  1. docker compose up -d
  2. docker compose logs -f

Command line

You can also use the following minimal command:

  1. $ docker run -d --name pure-ftpd \
  2. -p 2100:2100 \
  3. -p 30000-30009:30000-30009 \
  4. -e "TZ=Europe/Paris" \
  5. -v $(pwd)/data:/data \
  6. crazymax/pure-ftpd

Upgrade

Recreate the container whenever I push an update:

  1. docker compose pull
  2. docker compose up -d

Notes

Flags

This image uses flags instead of the configuration file to set Pure-FTPd. Some
flags are forced
but you can pass additional flags in /data/pureftpd.flags file:

  1. -d
  2. -d
  3. --maxclientsperip 5
  4. --minuid 100
  5. --limitrecursion 10000:3

Secure mode

SECURE_MODE enables
specially crafted flags
to enforced security of Pure-FTPd.

PureDB authentication method

Using PureDB authentication method, the container will create a blank password file in
/data/pureftpd.passwd and a initialize a PureDB database in /data/pureftpd.pdb. If a password file is
already available, it will be read on startup and the PureDB database will be updated.

At first execution of the container no user will be available and you will have to create one:

  1. $ docker compose exec pureftpd pure-pw useradd foo -u 1003 -g 1005 -d /home/foo -m
  2. Password:
  3. Enter it again:
  4. $ docker compose exec pureftpd pure-pw list
  5. foo /home/foo/./
  6. $ cat ./data/pureftpd.passwd
  7. foo:$2a$10$Oqn7I2P7YaGxQrtuydcDKuxmCJqPR7a79EeDy2gChyOGEnYA4UIPK:1003:1005::/home/foo/./::::::::::::

User foo will be created with uid 1003, gid 1005 with his home directory located at /home/foo.
The password will be asked after. More info about local users database:
https://github.com/jedisct1/pure-ftpd/blob/master/README.Virtual-Users

Persist FTP user home

Looking at the previous example, don’t forget to persist the home directory through a
named or bind mounted volume like:

  1. version: "3.2"
  2. services:
  3. pureftpd:
  4. image: crazymax/pure-ftpd
  5. container_name: pureftpd
  6. ports:
  7. - "2100:2100"
  8. - "30000-30009:30000-30009"
  9. volumes:
  10. - "./data:/data"
  11. - "./foo:/home/foo"
  12. environment:
  13. - "TZ=Europe/Paris"
  14. - "AUTH_METHOD=puredb"
  15. restart: always

MySQL authentication method

A quick example to use MySQL authentication method is also available using a MariaDB container.
Before using starting the container, a MySQL configuration file must
be available in /data/pureftpd-mysql.conf.

In the docker compose example available, the database and the
users table will be created at first launch.

To create your first user you can use this one line command:

  1. $ docker compose exec db mysql -u pureftpd -p'asupersecretpassword' -e "INSERT INTO users (User,Password,Uid,Gid,Dir) VALUES ('foo',ENCRYPT('test'),'1003','1005','/home/foo');" pureftpd
  2. $ docker compose exec db mysql -u pureftpd -p'asupersecretpassword' -e "SELECT * FROM users;" pureftpd
  3. +------+---------------+------+------+-----------+
  4. | User | Password | Uid | Gid | Dir |
  5. +------+---------------+------+------+-----------+
  6. | foo | Oo4cJdd1HNVA6 | 1003 | 1005 | /home/foo |
  7. +------+---------------+------+------+-----------+

User foo will be created with uid 1003, gid 1005 with his home directory located at /home/foo. Here we assume
crypt is the MySQLCrypt method and the password test is hashed using crypt.
More info about MySQL authentication method: https://github.com/jedisct1/pure-ftpd/blob/master/README.MySQL

PostgreSQL authentication method

Like MySQL, there is also a quick example to use PostgreSQL authentication method using a
PostgreSQL container. And also before starting the container, a
PostgreSQL configuration file must be available
in /data/pureftpd-pgsql.conf.

In the docker compose example available, the database and the
users table will be also created at first launch.

How add new user with encrypted password?

  1. CREATE EXTENSION pgcrypto;
  2. INSERT INTO "users" ("User", "Password", "Dir") VALUES ('foo', crypt('mypassword', gen_salt('bf')), '/home/foo');

More info about PostgreSQL authentication method: https://github.com/jedisct1/pure-ftpd/blob/master/README.PGSQL

TLS connection

TLS connections require certificates, as well as their
key. Both can be bundled into a single file. If you have both a .pem file and a .key file, just concatenate the
content of the .key file to the .pem file.

The certificate needs to be located in /data/pureftpd.pem and --tls <opt> added to enable TLS connection.

To get started, you can create a self-signed certificate with the following command:

  1. docker run --rm -it --entrypoint '' -v $(pwd)/data:/data crazymax/pure-ftpd \
  2. openssl dhparam -out /data/pureftpd-dhparams.pem 2048
  3. docker run --rm -it --entrypoint '' -v $(pwd)/data:/data crazymax/pure-ftpd \
  4. openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout /data/pureftpd.pem -out /data/pureftpd.pem

Logs

Logs are displayed through stdout using socklog-overlay. You can increase verbosity with -d -d flags.

  1. $ docker compose logs -f pureftpd
  2. Attaching to pureftpd
  3. pureftpd | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
  4. pureftpd | [s6-init] ensuring user provided files have correct perms...exited 0.
  5. pureftpd | [fix-attrs.d] applying ownership & permissions fixes...
  6. pureftpd | [fix-attrs.d] done.
  7. pureftpd | [cont-init.d] executing container initialization scripts...
  8. pureftpd | [cont-init.d] 01-config.sh: executing...
  9. pureftpd | Setting timezone to America/Edmonton...
  10. pureftpd | Use PureDB authentication method
  11. pureftpd | Flags
  12. pureftpd | Secure:
  13. pureftpd | Additional:
  14. pureftpd | All: --bind 0.0.0.0,2100 --ipv4only --passiveportrange 30000:30009 --noanonymous --createhomedir --nochmod --syslogfacility ftp --forcepassiveip 90.101.64.158 --login puredb:/data/pureftpd.pdb
  15. pureftpd | [cont-init.d] 01-config.sh: exited 0.
  16. pureftpd | [cont-init.d] 02-service.sh: executing...
  17. pureftpd | [cont-init.d] 02-service.sh: exited 0.
  18. pureftpd | [cont-init.d] 03-uploadscript.sh: executing...
  19. pureftpd | [cont-init.d] 03-uploadscript.sh: exited 0.
  20. pureftpd | [cont-init.d] ~-socklog: executing...
  21. pureftpd | [cont-init.d] ~-socklog: exited 0.
  22. pureftpd | [cont-init.d] done.
  23. pureftpd | [services.d] starting services
  24. pureftpd | [services.d] done.
  25. pureftpd | ftp.info: May 21 18:09:56 pure-ftpd: (?@192.168.0.1) [INFO] New connection from 192.168.0.1
  26. pureftpd | ftp.info: May 21 18:09:56 pure-ftpd: (?@192.168.0.1) [INFO] foo is now logged in
  27. pureftpd | ftp.notice: May 21 18:10:17 pure-ftpd: (foo@192.168.0.1) [NOTICE] /home/foo//unlock.bin uploaded (1024 bytes, 448.83KB/sec)
  28. ...

Contributing

Want to contribute? Awesome! The most basic way to show your support is to star
the project, or to raise issues. You can also support this project by becoming a sponsor on GitHub
or by making a PayPal donation to ensure this
journey continues indefinitely!

Thanks again for your support, it is much appreciated! :pray:

License

MIT. See LICENSE for more details.