Based on fauria/vsftpd
This Docker container implements a vsftpd server, with the following features:
- Centos 7 base image.
- vsftpd 3.0
- Virtual users
- Passive mode
- SSL support
- Logging to a file or STDOUT.
Installation from Docker registry hub.
You can download the image with the following command:
docker pull akue/vsftpdThis image uses environment variables to allow the configuration of some parameteres at run time:
- Variable name:
FTP_USER - Default value: admin
- Accepted values: Any string. Avoid whitespaces and special chars.
- Description: Username for the default FTP account. If you don't specify it through the
FTP_USERenvironment variable at run time,adminwill be used by default.
- Variable name:
FTP_PASS - Default value: Random string.
- Accepted values: Any string.
- Description: If you don't specify a password for the default FTP account through
FTP_PASS, a 16 characters random string will be automatically generated. You can obtain this value through the container logs.
- Variable name:
PASV_ADDRESS_ENABLE - Default value: NO
- Accepted values: <NO|YES>
- Description: Enables / Disables Passive Mode
- Variable name:
PASV_ADDRESS_RESOLVE - Default value: YES
- Accepted values: <NO|YES>
- Description: Set to YES if you want to use a hostname (as opposed to IP address) in the
PASV_ADDRESSoption.
- Variable name:
PASV_ADDRESS - Default value: Docker host IP / Hostname.
- Accepted values: Any IPv4 address or Hostname (see PASV_ADDRESS_RESOLVE).
- Description: If you don't specify an IP address to be used in passive mode, the routed IP address of the Docker host will be used. Bear in mind that this could be a local address.
- Variable name:
PASV_ADDR_RESOLVE - Default value: NO.
- Accepted values: YES or NO.
- Description: Set to YES if you want to use a hostname (as opposed to IP address) in the PASV_ADDRESS option.
- Variable name:
PASV_ENABLE - Default value: YES.
- Accepted values: YES or NO.
- Description: Set to NO if you want to disallow the PASV method of obtaining a data connection.
- Variable name:
PASV_MIN_PORT - Default value: 21100.
- Accepted values: Any valid port number.
- Description: This will be used as the lower bound of the passive mode port range. Remember to publish your ports with
docker -pparameter.
- Variable name:
PASV_MAX_PORT - Default value: 21110.
- Accepted values: Any valid port number.
- Description: This will be used as the upper bound of the passive mode port range. It will take longer to start a container with a high number of published ports.
- Variable name:
XFERLOG_STD_FORMAT - Default value: NO.
- Accepted values: YES or NO.
- Description: Set to YES if you want the transfer log file to be written in standard xferlog format.
- Variable name:
LOG_STDOUT - Default value: Empty string.
- Accepted values: Any string to enable, empty string or not defined to disable.
- Description: Output vsftpd log through STDOUT, so that it can be accessed through the container logs.
- Variable name:
FILE_OPEN_MODE - Default value: 0666.
- Accepted values: File system permissions.
- Description: The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.
- Variable name:
LOCAL_UMASK - Default value: 077.
- Accepted values: File system permissions.
- Description: The value that the umask for file creation is set to for local users. NOTE! If you want to specify octal values, remember the "0" prefix otherwise the value will be treated as a base 10 integer!
- Variable name:
SSL_ENABLE - Default value: NO
- Accepted values: YES or NO.
- Description: Set to YES if you want to enable SSL encryption - make FTPS server.
- Variable name:
TLS_CERT - Default value: cert.pem
- Accepted values: Any string represanting filename with extension
- Description: Certificate filename which should be located in
/etc/vsftpd/cert/of container.
- Variable name:
TLS_KEY - Default value: key.pem
- Accepted values: Any string represanting filename with extension
- Description: Key filename which should be located in
/etc/vsftpd/cert/of container.
- Variable name:
REQUIRE_CERT - Default value: NO
- Accepted values: YES or NO.
- Description: Set to YES if you want require client auth cert and validate it on server.
- Variable name:
CA_CERTS_FILE - Default value: cacerts.pem
- Accepted values: Any string represanting filename with extension
- Description: Trust store filename which should be located in
/etc/vsftpd/cert/of container.
The image exposes ports 20 and 21. Also, exports three volumes: /home/vsftpd, which contains users home directories, /var/log/vsftpd, used to store logs and /etc/vsftpd/cert, to provide SSL certificate to container.
When sharing a homes directory between the host and the container (/home/vsftpd) the owner user id and group id should be 14 and 80 respectively. This correspond ftp user and ftp group on the container, but may match something else on the host.
- Create a temporary container for testing purposes:
docker run --rm akue/vsftpd- Create a container in active mode using the default user account, with a binded data directory:
docker run -d -p 21:21 -v /my/data/directory:/home/vsftpd --name vsftpd akue/vsftpd
# see logs for credentials:
docker logs vsftpd- Create a production container with a custom user account, SSL enabled, binding a data directory and enabling both active and passive mode:
docker run -d -v /my/data/directory:/home/vsftpd \
-p 20:20 -p 21:21 -p 21100-21110:21100-21110 \
-e FTP_USER=myuser -e FTP_PASS=mypass \
-e SSL_ENABLE=YES -e TLS_CERT=ftps_localhost.crt -e TLS_KEY=ftps_localhost.key \
-e PASV_ADDRESS=127.0.0.1 -e PASV_MIN_PORT=21100 -e PASV_MAX_PORT=21110 \
--name vsftpd --restart=always akue/vsftpd- Manually add a new FTP user to an existing container:
docker exec -i -t vsftpd bash
mkdir /home/vsftpd/myuser
echo -e "myuser\nmypass" >> /etc/vsftpd/virtual_users.txt
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db
exit
docker restart vsftpd