参考来源:https://hub.docker.com/r/stilliard/pure-ftpd/
pure-ftpd源码:https://github.com/jedisct1/pure-ftpd
docker-pure-ftpd源码:https://github.com/stilliard/docker-pure-ftpd
version: '2'
services:
ftpd_server:
image: stilliard/pure-ftpd:hardened
container_name: pure-ftpd
ports:
- "21:21"
- "30000-30009:30000-30009"
volumes: # remember to replace /folder_on_disk/ with the path to where you want to store the files on the host machine
- "./data:/home/yunwisdom/"
- "./passwd:/etc/pure-ftpd/passwd"
environment:
PUBLICHOST: "localhost"
FTP_USER_NAME: yunwisdom
FTP_USER_PASS: mypass
FTP_USER_HOME: /home/yunwisdom
restart: always
PS:请先确保您已经安装了docker和docker-compose 。然后,在特定目录,如:~/pure-ftpd,并在创建目录 ~/pure-ftpd/data,~/pure-ftpd/passwd ,保存上面yml文件为docker-compose.yml,然后执行docker-compose up 即可。
启动成功
登录FTP服务器(Ftp)
PS:FTP客户端 FileZilla_3.39.0_macosx-x86_setup_bundled.dmg
操作过程
用docker下拉最新版本:
docker pull stilliard/pure-ftpd:hardened
通常需要运行sudo
,例如sudo docker pull stilliard/pure-ftpd
如果你想进行更改,我的建议是在运行时更改运行命令,或者扩展此图像以进行任何更改而不是分支项目。
这是因为从源代码重建整个pure-ftpd包时,通过fork重建整个docker镜像可能会非常慢。
要更改启动时运行的命令,您可以使用该command:
选项,如果使用docker-compose
,或docker run
直接使用:
docker run --rm -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 stilliard/pure-ftpd:hardened bash /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost -p 30000:30059
要扩展它,您可以创建一个DOCKERFILE
类似的新项目:
FROM stilliard/pure-ftpd
# e.g. you could change the defult command run:
CMD /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30059
然后你可以构建自己的图像,docker build --rm -t my-pure-ftp .
其中my-pure-ftp是你想要构建的名称
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd:hardened
或者对于您自己的图像,将stilliard / pure-ftpd替换为您使用它构建的名称,例如my-pure-ftp
您还可以将ADDED_FLAGS作为env变量传递,以将其他选项(如--tls)添加到pure-ftpd命令。
例如-e "ADDED_FLAGS=--tls=2"
docker exec -it ftpd_server /bin/bash
要创建FTP容器上的用户,请使用以下环境变量:FTP_USER_NAME
,FTP_USER_PASS
和FTP_USER_HOME
。
FTP_USER_HOME
是新用户的根目录。
用法示例:
docker run -e FTP_USER_NAME=bob -e FTP_USER_PASS=12345 -e FTP_USER_HOME=/home/bob stilliard/pure-ftpd
如果你想设置UID
与GID
FTP用户,使用FTP_USER_UID
和FTP_USER_GID
环境变量。
要在不同范围内使用被动端口(例如:10000-10009
),使用下面的设置:
docker run -e FTP_PASSIVE_PORTS=10000:10009 --expose=10000-10009 -p 21:21 -p 10000-10009:10000-10009
您可能需要的--expose=
选项,因为暴露默认端口被动是30000
来30009
。
创建一个ftp用户: e.g. bob with chroot access only to /home/ftpusers/bob
pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob
不需要重启。
如果由于创建的用户的uid或gid而导致卷权限有任何问题,您可以更改您要使用的uid 的-u标志和/或指定-g以及组ID。有关更多信息,请参阅问题#35。
有关使用的更多信息,请访问:https://download.pureftpd.org/pure-ftpd/doc/README.Virtual-Users
从主机:
ftp -p localhost 21
Docker撰写可以帮助您简化容器的编排。
我们有一个简单的docker compose示例。
这是使用此图像使用wordpress和ftp 的更详细示例。
默认情况下,我们一次设置5个最大客户端,但您可以通过使用以下环境变量来增加此值FTP_MAX_CLIENTS
,例如FTP_MAX_CLIENTS=50
,然后还可以增加打开的公共端口数FTP_PASSIVE_PORTS=30000:30009
FTP_PASSIVE_PORTS=30000:30099
。您还希望在运行docker run时打开这些端口。此外,您可以通过设置环境变量来指定每个ip的最大连接数FTP_MAX_CONNECTIONS
。默认情况下,该值为5。
https://linux.die.net/man/8/pure-ftpd
要获取详细日志,请在docker run
命令中添加以下内容:
-e "ADDED_FLAGS=-d -d"
然后,如果您执行容器,您可以查看日志 tail -f /var/log/messages
想要一个转移日志文件?将以下内容添加到您的docker run
命令:
-e "ADDED_FLAGS=-O w3c:/var/log/pure-ftpd/transfer.log"
最新版本
latest
- 最新工作版本jessie-latest
- 最新但将永远留在debian jessiehardened
- 最新+ 更安全/更强硬的默认值引入标签之前的早期版本
wheezy-1.0.36
- 在我们开始使用debian jessie之前你想要回滚特定的纯ftpd版本
jessie-1.x.x
- jessie +特定版本,例如jessie-1.0.36hardened-1.x.x
- 硬化+特定版本检查github上的标签是否有可用版本,随时提交问题和/或提取新版本的请求
使用特定标签: sudo docker pull stilliard/pure-ftpd:hardened-1.0.36
/usr/sbin/pure-ftpd # path to pure-ftpd executable
-c 5 # --maxclientsnumber (no more than 5 people at once)
-C 5 # --maxclientsperip (no more than 5 requests from the same ip)
-l puredb:/etc/pure-ftpd/pureftpd.pdb # --login (login file for virtual users)
-E # --noanonymous (only real users)
-j # --createhomedir (auto create home directory if it doesnt already exist)
-R # --nochmod (prevent usage of the CHMOD command)
-P $PUBLICHOST # IP/Host setting for PASV support, passed in your the PUBLICHOST env var
-p 30000:30009 # PASV port range (10 ports for 5 max clients)
-tls 1 # Enables optional TLS support
有关详细信息,请参阅man pure-ftpd
或访问:https://www.pureftpd.org/
有几个点可以安装docker卷来配置服务器并保留上传的数据。建议在生产中使用它们。
/home/ftpusers/
ftp的数据量(按照惯例)。/etc/pure-ftpd/passwd
包含单个pureftps.passwd
文件的目录,其中包含用户数据库(即所有虚拟用户,其密码和主目录)。这在容器启动时读取,并由pure-pw useradd -f /etc/pure- ftpd/passwd/pureftpd.passwd ...
命令更新。/etc/ssl/private/
包含单个pure-ftpd.pem
文件的目录,其中包含服务器的SSL证书以支持TLS。当容器在启动时找到此文件时,将自动启用可选TLS。
您可能希望通过连续的图像构建来保留用户数据库。Docker卷可以实现。
创建命名卷:
docker volume create --name my-db-volume
运行容器时指定它:
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" -v my-db-volume:/etc/pure-ftpd/passwd stilliard/pure-ftpd:hardened
添加用户后,您需要使用卷中的密码文件:
pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob
(由于-m选项,您不需要使用此语法调用pure-pw mkdb)。
例如,更改用户“bob”的密码:
pure-pw passwd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m
# Clone the repo
git clone https://github.com/stilliard/docker-pure-ftpd.git
cd docker-pure-ftpd
# Build the image
make build
# Run container in background:
make run
# enter a bash shell inside the container:
make enter
# test that it's all working with
make test
如果要启用tls(对于ftps连接),则需要具有有效证书。您可以从Google搜索此主题时找到的证书颁发机构中找到一个。证书(包含私钥和证书)需要位于:
/etc/ssl/private/pure-ftpd.pem
使用docker卷在运行时获取证书。当容器在此位置检测到文件时,它将自动启用可选TLS。
您也可以自我签署证书,这当然是最简单的开始方式。自签名证书具有某些缺点,但是自签名证书可能比没有签名证书更好。
以下是如何从容器中创建自签名证书:
mkdir -p /etc/ssl/private
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
/etc/ssl/private/pure-ftpd.pem \
-out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem
如果ADDED_FLAGS
包含--tls
和文件/etc/ssl/private/pure-ftpd.pem
不存在,它可能产生,如果自签名的证书TLS_CN
,TLS_ORG
并TLS_C
设置。
请记住,如果没有为/etc/ssl/private/
目录生成的证书设置,则不会保留证书,并且每次启动时都会生成新的证书。
您也可以传递-e "TLS_USE_DSAPRAM=true"
更快的生成证书,但不建议将此选项用于生产。
感谢stackoverflow的帮助: https://stackoverflow.com/questions/23930167/installing-pure-ftpd-in-docker-debian-wheezy-error-421
还要感谢所有令这个项目惊人的令人敬畏的贡献者: https://github.com/stilliard/docker-pure-ftpd/graphs/contributors
拉取最新PURE-FTPD镜像:
docker pull stilliard/pure-ftpd:hardened
Often needing to run as sudo
, e.g. sudo docker pull stilliard/pure-ftpd
If you want to make changes, my advice is to either change the run command when running it or extend this image to make any changes rather than forking the project.
This is because rebuilding the entire docker image via a fork can be very slow as it rebuilds the entire pure-ftpd package from source.
To change the command run on start you could use the command:
option if using docker-composer, or with docker run
directly you could use:
docker run --rm -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 stilliard/pure-ftpd:hardened bash /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost -p 30000:30059
To extend it you can create a new project with a DOCKERFILE
like so:
FROM stilliard/pure-ftpd
# e.g. you could change the defult command run:
CMD /run.sh -c 30 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30059
Then you can build your own image, docker build --rm -t my-pure-ftp .
, where my-pure-ftp is the name you want to build as
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd:hardened
Or for your own image, replace stilliard/pure-ftpd with the name you built it with, e.g. my-pure-ftp
You can also pass ADDED_FLAGS as an env variable to add additional options such as --tls to the pure-ftpd command.
e.g. -e "ADDED_FLAGS=--tls=2"
docker exec -it ftpd_server /bin/bash
To create a user on the ftp container, use the following environment variables: FTP_USER_NAME
, FTP_USER_PASS
and FTP_USER_HOME
.
FTP_USER_HOME
is the root directory of the new user.
Example usage:
docker run -e FTP_USER_NAME=bob -e FTP_USER_PASS=12345 -e FTP_USER_HOME=/home/bob stilliard/pure-ftpd
If you wish to set the UID
& GID
of the FTP user, use the FTP_USER_UID
& FTP_USER_GID
environment variables.
To use passive ports in a different range (eg: 10000-10009
), use the following setup:
docker run -e FTP_PASSIVE_PORTS=10000:10009 --expose=10000-10009 -p 21:21 -p 10000-10009:10000-10009
You may need the --expose=
option, because default passive ports exposed are 30000
to 30009
.
Create an ftp user: e.g. bob with chroot access only to /home/ftpusers/bob
pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob
No restart should be needed.
If you have any trouble with volume permissions due to the uid or gid of the created user you can change the -u flag for the uid you would like to use and/or specify -g with the group id as well. For more information see issue #35.
More info on usage here: https://download.pureftpd.org/pure-ftpd/doc/README.Virtual-Users
From the host machine:
ftp -p localhost 21
Docker compose can help you simplify the orchestration of your containers.
We have a simple example of the docker compose.
& here's a more detailed example using wordpress with ftp using this image.
By default we set 5 max clients at once, but you can increase this by using the following environment variable FTP_MAX_CLIENTS
, e.g. to FTP_MAX_CLIENTS=50
and then also increasing the number of public ports opened from FTP_PASSIVE_PORTS=30000:30009
FTP_PASSIVE_PORTS=30000:30099
. You'll also want to open those ports when running docker run.
In addition you can specify the maximum connections per ip by setting the environment variable FTP_MAX_CONNECTIONS
. By default the value is 5.
https://linux.die.net/man/8/pure-ftpd
To get verbose logs add the following to your docker run
command:
-e "ADDED_FLAGS=-d -d"
Then if you exec into the container you could watch over the log with tail -f /var/log/messages
Want a transfer log file? add the following to your docker run
command:
-e "ADDED_FLAGS=-O w3c:/var/log/pure-ftpd/transfer.log"
Latest versions
latest
- latest working versionjessie-latest
- latest but will always remain on debian jessiehardened
- latest + more secure/hardened defaultsPrevious version before tags were introduced
wheezy-1.0.36
- incase you want to roll back to before we started using debian jessieSpecific pure-ftpd versions
jessie-1.x.x
- jessie + specific versions, e.g. jessie-1.0.36hardened-1.x.x
- hardened + specific versionsCheck the tags on github for available versions, feel free to submit issues and/or pull requests for newer versions
Usage of specific tags:
sudo docker pull stilliard/pure-ftpd:hardened-1.0.36
/usr/sbin/pure-ftpd # path to pure-ftpd executable
-c 5 # --maxclientsnumber (no more than 5 people at once)
-C 5 # --maxclientsperip (no more than 5 requests from the same ip)
-l puredb:/etc/pure-ftpd/pureftpd.pdb # --login (login file for virtual users)
-E # --noanonymous (only real users)
-j # --createhomedir (auto create home directory if it doesnt already exist)
-R # --nochmod (prevent usage of the CHMOD command)
-P $PUBLICHOST # IP/Host setting for PASV support, passed in your the PUBLICHOST env var
-p 30000:30009 # PASV port range (10 ports for 5 max clients)
-tls 1 # Enables optional TLS support
For more information please see man pure-ftpd
, or visit: https://www.pureftpd.org/
This is for PASV support, please see: #5 PASV not fun :)
There are a few spots onto which you can mount a docker volume to configure the
server and persist uploaded data. It's recommended to use them in production.
/home/ftpusers/
The ftp's data volume (by convention). /etc/pure-ftpd/passwd
A directory containing the single pureftps.passwd
pure-pw useradd -f /etc/pure- ftpd/passwd/pureftpd.passwd ...
command./etc/ssl/private/
A directory containing a single pure-ftpd.pem
fileYou may want to keep your user database through the successive image builds. It is possible with Docker volumes.
Create a named volume:
docker volume create --name my-db-volume
Specify it when running the container:
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" -v my-db-volume:/etc/pure-ftpd/passwd stilliard/pure-ftpd:hardened
When an user is added, you need to use the password file which is in the volume:
pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob
(Thanks to the -m option, you don't need to call pure-pw mkdb with this syntax).
e.g. to change the password for user "bob":
pure-pw passwd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m
Development (via git clone)
# Clone the repo
git clone https://github.com/stilliard/docker-pure-ftpd.git
cd docker-pure-ftpd
# Build the image
make build
# Run container in background:
make run
# enter a bash shell inside the container:
make enter
# test that it's all working with
make test
If you want to enable tls (for ftps connections), you need to have a valid
certificate. You can get one from one of the certificate authorities that you'll
find when googling this topic. The certificate (containing private key and
certificate) needs to be at:
/etc/ssl/private/pure-ftpd.pem
Use docker volumes to get the certificate there at runtime. The container will
automatically enable optional TLS when it detect the file at this location.
You can also self-sign a certificate, which is certainly the easiest way to
start out. Self signed certificates come with certain drawbacks, but it might
be better to have a self signed one than none at all.
Here's how to create a self-signed certificate from within the container:
mkdir -p /etc/ssl/private
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
/etc/ssl/private/pure-ftpd.pem \
-out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem
Thanks for the help on stackoverflow with this!
https://stackoverflow.com/questions/23930167/installing-pure-ftpd-in-docker-debian-wheezy-error-421