Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/timo-reymann/chrooted-ftp
Alpine-based docker container for chrooted ftp
https://github.com/timo-reymann/chrooted-ftp
bash docker ftp shell vsftpd
Last synced: 6 days ago
JSON representation
Alpine-based docker container for chrooted ftp
- Host: GitHub
- URL: https://github.com/timo-reymann/chrooted-ftp
- Owner: timo-reymann
- License: other
- Created: 2019-06-08T13:54:33.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-12-06T06:56:15.000Z (about 1 month ago)
- Last Synced: 2024-12-23T10:50:35.609Z (15 days ago)
- Topics: bash, docker, ftp, shell, vsftpd
- Language: Shell
- Homepage: https://hub.docker.com/r/timoreymann/chrooted-ftp
- Size: 170 KB
- Stars: 13
- Watchers: 1
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
chrooted-ftp
====
[![GitHub Release](https://img.shields.io/github/v/tag/timo-reymann/chrooted-ftp.svg?label=version)](https://github.com/timo-reymann/chrooted-ftp/releases)
[![DockerHub](https://img.shields.io/docker/pulls/timoreymann/chrooted-ftp)](https://hub.docker.com/r/timoreymann/chrooted-ftp)
[![Renovate](https://img.shields.io/badge/renovate-enabled-green?logo=)](https://renovatebot.com)
A dead simple alpine-based docker container to allow users only access their own home directory.## Features
- slim FTP server
- SFTP support
- support for passive mode
- every user is jailed into his own root directory## Usage
### Prepare
1. Add user entry in form username:password into a file mounted under `/opt/chrooted-ftp/users`.
2. Mount the desired host volume under `/data/username`
3. Fire up the server.### Usage with FTP
1. Expose port `21` (also see the sample docker-compose)
2. Your user can connect to the ftp server, only seeing their files### Usage with SFTP
1. Expose port `2022` (also see the sample docker-compose)
2. If you want to keep the host keys across restarts make sure to mount `/opt/chrooted-ftp/ssh_hostkeys`
3. Your user can connect to the sftp server on port 2022, the root directory /data contains all files### Sample docker-compose
```yaml
version: '3.2'
services:
ftp:
image: timoreymann/chrooted-ftp
environment:
- "BANNER=Welcome to my dockerized FTP!"
# USER_FTP_POSTFIX determines the ftp directory inside user home directory and defaults to /data if not set
# If NO_USER_FTP_POSTFIX is set, USER_FTP_POSTFIX is disabled and the user home directory is exposed over ftp
# - USER_FTP_POSTFIX=/data
# - NO_USER_FTP_POSTFIX=true
# optional and only used for passive ftp, defaults to 127.0.0.1
# - PUBLIC_HOST=custom-host.domain.tld
ports:
# ftp control
- "21:21"
# active ftp
- "20:20"
# passive ftp ports, may differ if you configured them differently with PASSIVE_MIN_PORT_*
- "10090-10100:10090-10100"
# sftp
- "2022:2022"
volumes:
# Sample mount for user foo
- /var/www/html:/data/foo
# Mount user list
- ./ftp_users:/opt/chrooted-ftp/users
# Make sure to keep host keys across restarts
- ./ssh_host_keys:/opt/chrooted-ftp/ssh_hostkeys
```### Configuration
#### Users
Users can be configured using the `/opt/chrooted-ftp/users` file.
The syntax is `username:password`, once per line.
There is also the default user `bob` with password `s3cr3tCand!`. This user is gone at the moment you mount the users
file.If using files is not your thing you can also create users with env vars, see the list
in [General settings](#general-settings) for more information.
Both can be used together, so you can use env vars and/or file-based user creation.#### FTP
You can further configure the ftp server using the following environment variables:
| Variable | Default | Usage |
|:---------------------|:----------|:--------------------------------------------------------------------------------------|
| PASSIVE_MODE_ENABLED | yes | Set to `yes` to enable and to `no`to disable passive mode support |
| PASSIVE_MIN_PORT | 10090 | Minimum used passive port |
| PASSIVE_MAX_PORT | 10100 | Maximum used passive port |
| ACTIVE_MODE_ENABLED | yes | Set to `yes` to enable and to `no`to disable active mode support |
| PUBLIC_HOST | 127.0.0.1 | Public host used for passive mode server address |
| UMASK | 022 | customize the ftp umask |
| USER_FTP_POSTFIX | *None* | Override the path exposed over ftp, defaults to /data |
| NO_USER_FTP_POSTFIX | *None* | Disable `USER_FTP_POSTFIX` by setting to any value, ftp access to user home directory |#### SFTP
> For SFTP there is currently no further configuration possible and necessary.
#### General settings
| Variable | Usage |
|:---------------------|:-------------------------------------------------------------------------------------------------------------|
| BANNER | Banner displayed at connect using SFTP or FTP |
| ACCOUNT_`{username}` | Set the value to the password to set for `{username}`, this will create a user to be used with SFTP and FTP. |#### Ports
> You must take care of opening/mapping the ports via docker to match your docker configuration.
Default ports are:
| Port | Protocol |
|:------------|:------------|
| 20 | Active FTP |
| 21 | FTP control |
| 10090-10100 | Passive FTP |
| 2022 | SFTP |I recommend exposing them as they are to the host, but you can also change them on the host.
See [docker docs](https://docs.docker.com/config/containers/container-networking/#published-ports) for more information.
For example usage, see the docker-compose example file above.
## Motivation
The problem this container is solving is the following:
I want to provide ftp for some users, but i dont want to configure the chroot stuff and so on.
So this container is doing exactly that. You can mount `/data` as your volume the subfolders are per user.
So you can mount for example a website for a user under `/data/bob` and your host volume
is `/var/www/bobs.homepage.digital`. Its just that simple.# Documentation
## Under the hood
Under the hood the image is based on alpine and vsftpd. So it size and resource usage is really low.
## Chroot(ing)
VSFTPD and SFTP work completely different when it comes to chroot.
VSFTPD works with the user homes out of the box while SFTP chroot requires the common start folder to be owned by root.
To make it work with both, the structure is like this:
```text
/data | user root
| Home folder, owned by root:root
/data | Data folder, owned by - override with USER_FTP_POSTFIX (or disable with NO_USER_FTP_POSTFIX)
```This structure allows FTP to acess the data directly, while via SFTP you need to prepend the path /data
## Contributing
I love your input! I want to make contributing to this project as easy and transparent as possible, whether it's:
- Reporting a bug
- Discussing the current state of the configuration
- Submitting a fix
- Proposing new features
- Becoming a maintainerTo get started please read the [Contribution Guidelines](./CONTRIBUTING.md).
## Development
### Requirements
- [Docker](https://docs.docker.com/get-docker/)