1、前言
使用vsftpd服务的用户总会有很多不一样的需求,而vsftpd的配置相对来说也是眼花缭乱,各种参数与参数之间的微妙关系,参数与目录权限的微妙关系常常会使配置者头疼,如果想要解决这个问题,那么作为解决开发、运维界的杀手:Docker,是一个不错的选择,Docker可以让我们一次配置,随处可用!
你可能需要看:Docker系列-容器修改后保存为镜像并导出
2、环境搭建
2.1、Docker部署
部署方法请参考下文Docker部分:Debian10搭建K8S配合Centos7组成集群-----Centos7篇
以及下文Docker部分:Debian10搭建K8S配合Centos7组成集群-----Debian篇
2.2、创建基础容器
2.2.1、创建Debian容器
命令如下:
docker run -tid --net=host --name ftp_share debian:10 /bin/bash
执行结果:
[root@zabbix-server ~]# docker run -tid --net=host --name ftp_share debian:10 /bin/bash
Unable to find image 'debian:10' locally
10: Pulling from library/debian
57df1a1f1ad8: Pull complete
Digest: sha256:439a6bae1ef351ba9308fc9a5e69ff7754c14516f6be8ca26975fb564cb7fb76
Status: Downloaded newer image for debian:10
f0ca2807a52caa02ab946323868f2513dbf93f3fb660f67b585a5f327338a5f2
然后进入容器操作:
docker exec -ti ftp_share /bin/bash
[root@zabbix-server ~]# docker exec -ti ftp_share /bin/bash
root@zabbix-server:/#
PS:使用host网络模式下容器主机名=宿主机名
3、安装服务
3.1、换源
PS:换源操作主要是提高包下载速度及增加更多可用服务,这个看个人选择
换源教程传送门:Debian10常用国内源
上图为:未换源的速度
3.2、安装服务
换完源之后,先执行下面的命令更新源配置:
apt update
执行结果:
root@zabbix-server:/# apt update
Get:1 http://mirrors.ustc.edu.cn/debian buster InRelease [122 kB]
Get:2 http://mirrors.ustc.edu.cn/debian buster-updates InRelease [51.9 kB]
Get:3 http://mirrors.ustc.edu.cn/debian buster-backports InRelease [46.7 kB]
Get:4 http://mirrors.ustc.edu.cn/debian buster/main Sources [7840 kB]
Get:5 http://mirrors.ustc.edu.cn/debian buster/main amd64 Packages [7906 kB]
Get:6 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:7 http://security.debian.org/debian-security buster/updates/main Sources [138 kB]
Get:8 http://mirrors.ustc.edu.cn/debian buster-updates/main Sources [3716 B]
Get:9 http://mirrors.ustc.edu.cn/debian buster-updates/main amd64 Packages [7868 B]
Get:10 http://mirrors.ustc.edu.cn/debian buster-backports/non-free Sources [7220 B]
Get:11 http://mirrors.ustc.edu.cn/debian buster-backports/main Sources [342 kB]
Get:12 http://mirrors.ustc.edu.cn/debian buster-backports/contrib Sources [4308 B]
Get:13 http://mirrors.ustc.edu.cn/debian buster-backports/non-free amd64 Packages [23.9 kB]
Get:14 http://mirrors.ustc.edu.cn/debian buster-backports/contrib amd64 Packages [7780 B]
Get:15 http://mirrors.ustc.edu.cn/debian buster-backports/main amd64 Packages [376 kB]
Get:16 http://security.debian.org/debian-security buster/updates/main amd64 Packages [233 kB]
Fetched 16.9 MB in 27s (623 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
root@zabbix-server:/#
更新之后,使用下面的命令安装服务
apt install -y vsftpd
安装过程:
root@zabbix-server:/# apt install -y vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
bzip2 cron exim4-base exim4-config exim4-daemon-light file guile-2.2-libs krb5-locales libevent-2.1-6 libexpat1 libfribidi0 libgc1c2 libgnutls-dane0 libgpm2 libgsasl7 libgssapi-krb5-2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libkyotocabinet16v5 libldap-2.4-2 libldap-common libltdl7 liblzo2-2 libmagic-mgc libmagic1 libmailutils5 libmariadb3
libncurses6 libntlm0 libpopt0 libprocps7 libpython2.7 libpython2.7-minimal libpython2.7-stdlib libreadline7 libsasl2-2 libsasl2-modules libsasl2-modules-db libsqlite3-0 libssl1.1
libunbound8 libwrap0 logrotate lsb-base mailutils mailutils-common mariadb-common mime-support mysql-common netbase openssl procps psmisc readline-common sensible-utils ssl-cert
xz-utils
Suggested packages:
bzip2-doc anacron checksecurity exim4-doc-html | exim4-doc-info eximon4 spf-tools-perl swaks dns-root-data gpm krb5-doc krb5-user libsasl2-modules-gssapi-mit
| libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql mailutils-mh mailutils-doc ca-certificates readline-doc openssl-blacklist
The following NEW packages will be installed:
bzip2 cron exim4-base exim4-config exim4-daemon-light file guile-2.2-libs krb5-locales libevent-2.1-6 libexpat1 libfribidi0 libgc1c2 libgnutls-dane0 libgpm2 libgsasl7 libgssapi-krb5-2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libkyotocabinet16v5 libldap-2.4-2 libldap-common libltdl7 liblzo2-2 libmagic-mgc libmagic1 libmailutils5 libmariadb3
libncurses6 libntlm0 libpopt0 libprocps7 libpython2.7 libpython2.7-minimal libpython2.7-stdlib libreadline7 libsasl2-2 libsasl2-modules libsasl2-modules-db libsqlite3-0 libssl1.1
libunbound8 libwrap0 logrotate lsb-base mailutils mailutils-common mariadb-common mime-support mysql-common netbase openssl procps psmisc readline-common sensible-utils ssl-cert vsftpd
xz-utils
0 upgraded, 61 newly installed, 0 to remove and 0 not upgraded.
Need to get 21.6 MB of archives.
After this operation, 97.1 MB of additional disk space will be used.
Get:1 http://mirrors.ustc.edu.cn/debian buster/main amd64 sensible-utils all 0.0.12 [15.8 kB]
以下省略好多好多字符。。。。。。。。。。。。。。。。。。。。
4、配置服务
4.1、启动验证
在配置之前,我们可以先启动看看
cd /etc/init.d/
./vsftpd start
./vsftpd status
执行结果:
root@zabbix-server:~# cd /etc/init.d/
root@zabbix-server:/etc/init.d# ./vsftpd start
[ ok ] Starting FTP server: vsftpd.
root@zabbix-server:/etc/init.d# ./vsftpd status
[ ok ] FTP server is running.
root@zabbix-server:/etc/init.d#
此时,服务是启动成功的,然后尝试访问:
先查看IP地址(Docker服务宿主机)
root@zabbix-server:/etc/init.d# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:90:c8:30 brd ff:ff:ff:ff:ff:ff
inet6 fe80::ae52:5692:df8f:9b3b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:90:c8:3a brd ff:ff:ff:ff:ff:ff
inet 10.1.1.134/24 brd 10.1.1.255 scope global dynamic noprefixroute ens34
valid_lft 1640sec preferred_lft 1640sec
inet 10.1.1.8/24 brd 10.1.1.255 scope global secondary noprefixroute ens34
valid_lft forever preferred_lft forever
inet6 fe80::85d0:8de4:e6dd:a6fd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:6e:68:9f:9e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
root@zabbix-server:/etc/init.d#
在这里我的是:
10.1.1.8
所以我的访问路径是:
ftp://10.1.1.8
可以看到,需要提供用户名密码进行访问,那么到这里就说明服务安装启动及访问是没问题的了,下面开始配置。
4.2、匿名访问模式(只读)
4.2.1、备份
在配置之前,先对配置文件进行一个备份
cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
4.2.2、开启匿名
然后使用下面的命令开启匿名访问:
sed -i 's/anonymous_enable=.*/anonymous_enable=YES/g' /etc/vsftpd.conf
然后查看配置效果:
grep anonymous_enable /etc/vsftpd.conf
执行过程:
root@zabbix-server:~# sed -i 's/anonymous_enable=.*/anonymous_enable=YES/g' /etc/vsftpd.conf
root@zabbix-server:~# grep anonymous_enable /etc/vsftpd.conf
anonymous_enable=YES
root@zabbix-server:~#
替换完成之后,重启服务进行访问验证
cd /etc/init.d/
./vsftpd stop
./vsftpd start
./vsftpd status
执行过程:
root@zabbix-server:~# cd /etc/init.d/
root@zabbix-server:/etc/init.d# ./vsftpd stop
[ ok ] Stopping FTP server: vsftpd.
root@zabbix-server:/etc/init.d# ./vsftpd start
[ ok ] Starting FTP server: vsftpd.
root@zabbix-server:/etc/init.d# ./vsftpd status
[ ok ] FTP server is running.
root@zabbix-server:/etc/init.d#
启动成功之后,在共享目录创建一个文件进行测试
touch /srv/ftp/test.file
4.2.3、访问验证
此时,匿名访问&只读模式配置成功,这是最简单的一个模式
4.2.4、扩展需求:自定义共享目录
在Debian系中,默认匿名共享路径为:
/srv/ftp/
如需更改路径,可执行下面的命令:
grep anon_root= /etc/vsftpd.conf
如果没有任何信息返回,则执行下面的命令:
echo 'anon_root=/data/' >> /etc/vsftpd.conf
PS:/data/为新的共享目录,请根据需求自己改
配置匿名目录参数之后,需要创建对应路径,命令如下:
mkdir -p /data/
然后修改权限**(重要)**
chmod -R 755 /data/
最后重启服务,使其生效:
cd /etc/init.d/
./vsftpd restart
./vsftpd status
执行结果:
root@zabbix-server:~# cd /etc/init.d/
root@zabbix-server:/etc/init.d# ./vsftpd restart
[ ok ] Stopping FTP server: vsftpd.
[ ok ] Starting FTP server: vsftpd.
root@zabbix-server:/etc/init.d# ./vsftpd status
[ ok ] FTP server is running.
root@zabbix-server:/etc/init.d#
创建测试文件:
touch /data/ttt.file
访问验证:
至此,匿名访问只读篇结束