Docker下部署ftp服务
文章目录
前言
此篇主要讲述在docker下如何部署ftp服务,适用于已经安装docker的读者。
提示:以下是本篇文章正文内容,下面案例可供参考
一、 查找vsftpd镜像
输入:
docker search vsftpd
输出:
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fauria/vsftpd vsftpd Docker image based on Centos 7. Suppo… 168 [OK]
panubo/vsftpd vsftpd - Secure, fast FTP server 39 [OK]
vimagick/vsftpd 13 [OK]
million12/vsftpd VSFTPD Server in a Docker 7 [OK]
emilybache/vsftpd-server 6 [OK]
avenus/vsftpd-alpine Docker image of vsftpd server based on Alpin… 5 [OK]
wildscamp/vsftpd An FTP server designed to simplify local dev… 4 [OK]
loicmathieu/vsftpd vsftpd container 2 [OK]
instantlinux/vsftpd A clean, easy-to-use, tiny yet full-featured… 1 [OK]
mikenye/vsftpd-anon-uploads A generic, ready-to-go anonymous ftp server … 1 [OK]
akue/vsftpd vsftpd Docker image based on Centos 7. Suppo… 1
benssson/vsftpd copy of wildscamp/vsftpd but with pasv_addr_… 1 [OK]
sparkpos/vsftpd-nginx vsftpd and nginx in one image. see more deta… 1 [OK]
xfmike/vsftpd-test 0
ernestas/vsftpd-server simple vsftpd server 0 [OK]
zloystrelok/vsftpd fixed fork vsftpd 0
valus/vsftpd vsftpd on CentOS 7 for internal usage. 0
dmanas/vsftpd-mysql 0
rhrn/vsftpd FTPS server 0
ledermann/vsftpd Clone of helderco/docker-vsftpd, just to pro… 0
undying/vsftpd Vsftpd Docker Container 0 [OK]
xfmike/vsftpd-anon 0
shourai/vsftpd-alpine vsftpd based on alpine 0
dolphyvn/vsftpd_priv 0
markhobson/vsftpd 0
通过STARS数量了解到fauria/vsftpd星星最多
二、pull vsftpd最新版镜像到本地
输入:
docker pull fauria/vsftpd
输出:
Using default tag: latest
latest: Pulling from fauria/vsftpd
75f829a71a1c: Downloading [===========> ] 17.8MB/75.86MB
a1a6b490d7c7: Download complete
ad2cabfec967: Download complete
c7a98e8d62f5: Download complete
10d192add873: Download complete
fc18a09c86d0: Waiting
5397e9c5e314: Download complete
e89f582c70f5: Waiting
8b8bdebbfc97: Waiting
026ae919720d: Waiting
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/00/007276d7208bc325876de4a0b39f2f0e8e6d545b5fc85a502f304cb565253749/data?verify=1640271389-3qb2dwwXxiIiDg70gc4L0NNEBeg%3D": net/http: TLS handshake timeout
通过输出发现报错了,原因是国内网不好,通过输入:
vim /etc/docker/daemon.json
编辑daemon.json i(编辑) 按Esc键 输入 :wq 保存退出
{
"registry-mirrors": ["https://registry.docker-cn.com","https://nrbewqda.mirror.aliyuncs.com","https://dmmxhzvq.mirror.aliyuncs.com"]
}
重启docker
systemctl restart docker
再次拉取镜像
docker pull fauria/vsftpd
输出
Using default tag: latest
latest: Pulling from fauria/vsftpd
75f829a71a1c: Pull complete
a1a6b490d7c7: Pull complete
ad2cabfec967: Pull complete
c7a98e8d62f5: Pull complete
10d192add873: Pull complete
fc18a09c86d0: Pull complete
5397e9c5e314: Pull complete
e89f582c70f5: Pull complete
8b8bdebbfc97: Pull complete
026ae919720d: Pull complete
Digest: sha256:c3988c1b8418018a05688a0553986d87aa7c72a293ad7e74467972c1aad3d6b7
Status: Downloaded newer image for fauria/vsftpd:latest
docker.io/fauria/vsftpd:latest
到此镜像拉取完成,编辑/etc/docker/daemon.json的步骤可放到第一步骤。
二、配置vsftpd
1.创建vsftpd容器
输入:
docker run -d -p 20:20 -p 21:21 -p 8800-8899:8800-8899 -v /Ftpfile:/home/vsftpd -e FTP_USER=ftpadmin -e FTP_PASS=ftp@123 -e PASV_ADDRESS=127.0.0.1 -e PASV_MIN_PORT=8800 -e PASV_MAX_PORT=8899 --name vsftpd --restart=always fauria/vsftpd
输出:
c2ceb86c2e58389e9693a3dd2ac6d161e2859fbbd5c9a2268d9367e3e397b287
检查容器列表
输入:
docker ps
输出:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2ceb86c2e58 fauria/vsftpd "/usr/sbin/run-vsftp…" 4 minutes ago Up 4 minutes 0.0.0.0:20-21->20-21/tcp, :::20-21->20-21/tcp, 0.0.0.0:8800-8899->8800-8899/tcp, :::8800-8899->8800-8899/tcp vsftpd
此时容器创建完成。
提示:-d 指定容器运行于前台还是后台,默认为false
-p 端口映射 容器暴露的端口:内部真实端口
-v 容器挂载存储卷(暴露给外部的存储卷):挂载到容器的某个目录(内部真实目录)
-e 指定环境变量,容器中可以使用该环境变量
FTP_USER ftp账户
FTP_PASS ftp秘钥
PASV_ADDRESS 宿主机ip
PASV_MIN_PORT ftp被动模式下的最小端口
PASV_MAX_PORT ftp被动模式下的最大端口
–name 指定容器的名字
–restart 指定容器停止后的重启策略:no:容器退出时不重启 on-failure:容器故障退出(返回值非零)时重启 always:容器退出时总是重启
fauria/vsftpd 要部署到容器中得镜像
最后需要在服务器端开启 20-21 8800-8899 端口
2.创建其他ftp账户
进入容器
输入:
docker exec -i -t vsftpd bash
编辑编辑配置文件写入用户名和密码:
vi /etc/vsftpd/virtual_users.txt
保存退出
添加新用户的文件夹,以用户名命名
mkdir -p /home/vsftpd/ftptest
登录的验证信息并写入数据库
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db
退出容器
exit
重启容器
docker restart vsftpd
登录ftptest验证
连接成功
2.ftp其他配置
进入docker的vsftpd容器
docker exec -i -t vsftpd bash
配置vsftpd.conf
vi /etc/vsftpd/vsftpd.conf
配置文件
# Run in the foreground to keep the container running:
background=NO
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
## Enable virtual users
guest_enable=YES
## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
## PAM file name
pam_service_name=vsftpd_virtual
## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/vsftpd/$USER
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# Uncomment this to allow local users to log in.
local_enable=YES
## Enable virtual users
guest_enable=YES
## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
## PAM file name
pam_service_name=vsftpd_virtual
## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/vsftpd/$USER
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# Run in the foreground to keep the container running:
background=NO
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
## Enable virtual users
guest_enable=YES
## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
## PAM file name
pam_service_name=vsftpd_virtual
## Home Directory for virtual users
user_sub_token=$USER
local_root=/home/vsftpd/$USER
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
# Workaround chroot check.
# See https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# and http://serverfault.com/questions/362619/why-is-the-chroot-local-user-of-vsftpd-insecure
allow_writeable_chroot=YES
## Hide ids from user
hide_ids=YES
## Enable logging
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
## Enable active mode
port_enable=YES
connect_from_port_20=YES
ftp_data_port=20
##| Disable seccomp filter sanboxing
seccomp_sandbox=NO
### Variables set at container runtime
pasv_address=127.0.0.1
pasv_max_port=8899
pasv_min_port=8800
pasv_addr_resolve=NO
pasv_enable=YES
file_open_mode=0666
local_umask=077
xferlog_std_format=NO
reverse_lookup_enable=YES
pasv_promiscuous=NO
port_promiscuous=NO
pasv_address=127.0.0.1
pasv_max_port=8899
pasv_min_port=8800
pasv_addr_resolve=NO
pasv_enable=YES
file_open_mode=0666
local_umask=077
xferlog_std_format=NO
reverse_lookup_enable=YES
pasv_promiscuous=NO
port_promiscuous=NO
由此可见,与linux下部署vsftpd的配置相同,具体配置参数可访问的这篇文章Linux服务器下部署ftp服务
,fauria/vsftpd 在github中的介绍使用的是虚拟用户的配置方法,步骤更简便点,所以在linux下ftp服务与在docker下部署ftp本质上是一样的,至于大家喜欢那种还是看跟人喜好。
2.配置个人用户配置
在/etc/vsftpd/vsftpd.conf中输入:
user_config_dir=/etc/vsftpd/userconf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
创建新ftp用户 ftpuser1、ftpuser2
mkdir -p /home/vsftpd/ftpuser1
mkdir -p /home/vsftpd/ftpuser2
添加账号密码
vi /etc/vsftpd/virtual_users.txt
将账号密码加入数据库
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db
在/home/vsftpd/ftpuser1和/home/vsftpd/ftpuser2中分别创建u1和u2文件夹来等会做校验
mkdir /home/vsftpd/ftpuser1/u1
mkdir /home/vsftpd/ftpuser2/u2
编辑/etc/vsftpd/userconf/ftpuser1 和
/etc/vsftpd/userconf/ftpuser2
创建/etc/vsftpd/userconf 用户配置文件目录
mkdir /etc/vsftpd/userconf
编辑ftpuser1配置文件:
vi /etc/vsftpd/userconf/ftpuser1
输入:
lcal_root=/home/vsftpd/ftpuser1/u1
local_max_rate=1048576
编辑ftpuser2配置文件:
vi /etc/vsftpd/userconf/ftpuser2
输入:
local_root=/home/vsftpd/ftpuser2/u2
local_max_rate=2097152
将ftpuser1 ftpuser2 加入/etc/vsftpd/chroot_list
vi /etc/vsftpd/chroot_list
编辑输入:
ftpuser1
ftpuser2
保存后,exit退出容器
exit
重新启动容器
docker restart vsftpd
连接验证:连接成功
写的比较急,如有不足之处,还望多包容。