From d7856c046374d5691b751947324a0a88c4181371 Mon Sep 17 00:00:00 2001 From: FanDjango Date: Tue, 11 Oct 2022 21:05:53 +0200 Subject: [PATCH 1/2] proftpd server --- FluentFTP.Dockers/proftpd/Dockerfile | 66 ++++-- FluentFTP.Dockers/proftpd/docker-compose.yml | 15 ++ FluentFTP.Dockers/proftpd/modules.conf | 124 +++++++++++ FluentFTP.Dockers/proftpd/proftpd.conf | 210 ++++++++++++++++++ FluentFTP.Dockers/proftpd/run-proftpd.sh | 18 ++ FluentFTP.Dockers/proftpd/tls.conf | 66 ++++++ FluentFTP.Dockers/vsftpd/Dockerfile | 15 +- FluentFTP.Dockers/vsftpd/docker-compose.yml | 9 +- FluentFTP.Dockers/vsftpd/vsftpd.conf | 4 +- .../System/IntegrationTestSuite.cs | 12 + .../Docker/Containers/ProFtpdContainer.cs | 12 +- .../Docker/Containers/VsFtpdContainer.cs | 12 +- 12 files changed, 517 insertions(+), 46 deletions(-) create mode 100644 FluentFTP.Dockers/proftpd/docker-compose.yml create mode 100644 FluentFTP.Dockers/proftpd/modules.conf create mode 100644 FluentFTP.Dockers/proftpd/proftpd.conf create mode 100644 FluentFTP.Dockers/proftpd/run-proftpd.sh create mode 100644 FluentFTP.Dockers/proftpd/tls.conf diff --git a/FluentFTP.Dockers/proftpd/Dockerfile b/FluentFTP.Dockers/proftpd/Dockerfile index 578ae552c..87541d66c 100644 --- a/FluentFTP.Dockers/proftpd/Dockerfile +++ b/FluentFTP.Dockers/proftpd/Dockerfile @@ -1,20 +1,58 @@ -FROM debian:bullseye-slim +FROM debian:bullseye -MAINTAINER Philippe Le Van (@plv on twitter) +MAINTAINER FluentFTP +LABEL Description="FluentFTP proftpd docker image based on Debian Bullseye." -RUN apt-get update -qq && \ - apt-get install -y proftpd && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -RUN sed -i "s/# DefaultRoot/DefaultRoot /" /etc/proftpd/proftpd.conf +RUN apt -y update && apt clean all -EXPOSE 20 21 +RUN apt install -y \ + apt-utils \ + dialog + +RUN apt install -y \ + openssl \ + iproute2 \ + proftpd \ + proftpd-mod-crypto + + +RUN apt remove --purge -y \ + exim4-base \ + mariadb-common + +RUN apt autoremove -y + +COPY proftpd.conf /etc/proftpd/ +RUN sed -i -e "s/\r//" /etc/proftpd/proftpd.conf +COPY modules.conf /etc/proftpd/ +RUN sed -i -e "s/\r//" /etc/proftpd/modules.conf +COPY tls.conf /etc/proftpd/ +RUN sed -i -e "s/\r//" /etc/proftpd/tls.conf +COPY run-proftpd.sh /usr/sbin/ +RUN sed -i -e "s/\r//" /usr/sbin/run-proftpd.sh + +RUN chmod +x /usr/sbin/run-proftpd.sh -ADD docker-entrypoint.sh /usr/local/sbin/docker-entrypoint.sh -# Remove \r from the windows style \r\n newline. -RUN sed -e 's/\r//' /usr/local/sbin/docker-entrypoint.sh > /usr/local/sbin/docker-entrypoint2.sh && \ - chmod 777 /usr/local/sbin/docker-entrypoint2.sh -ENTRYPOINT ["/usr/local/sbin/docker-entrypoint2.sh"] +RUN useradd -m -p savatlcb.1m26 fluentuser + +RUN mkdir -p /home/fluentuser/ +RUN chown -R fluentuser:users /home/fluentuser + +RUN mkdir /var/ftp + +RUN openssl req -x509 -newkey rsa:4096 \ + -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ + -subj "/C=US/ST=State/L=/O=Dev/CN=fluentftp" \ + -nodes -days 3650 + +RUN chmod 0600 /etc/ssl/private/proftpd.key +RUN chmod 0640 /etc/ssl/private/proftpd.key + +VOLUME /home/fluentuser +VOLUME /var/log/proftpd + +EXPOSE 20 21 -CMD ["proftpd", "--nodaemon"] +CMD ["/usr/sbin/run-proftpd.sh"] diff --git a/FluentFTP.Dockers/proftpd/docker-compose.yml b/FluentFTP.Dockers/proftpd/docker-compose.yml new file mode 100644 index 000000000..45d061783 --- /dev/null +++ b/FluentFTP.Dockers/proftpd/docker-compose.yml @@ -0,0 +1,15 @@ +services: + proftpd: + build: + context: . + network: host + restart: unless-stopped + restart: always + network_mode: "host" + ports: + - 0.0.0.0:20:20 + - 0.0.0.0:21:21 + - 21100-21110:21100-21110 + volumes: + - ./home:/home/proftpd + - ./logs:/var/log/proftpd diff --git a/FluentFTP.Dockers/proftpd/modules.conf b/FluentFTP.Dockers/proftpd/modules.conf new file mode 100644 index 000000000..998b1c979 --- /dev/null +++ b/FluentFTP.Dockers/proftpd/modules.conf @@ -0,0 +1,124 @@ +# +# This file is used to manage DSO modules and features +# + +# This is the directory where DSO modules reside + +ModulePath /usr/lib/proftpd + +# Allow only user root to load and unload modules, but allow everyone +# to see which modules have been loaded + +ModuleControlsACLs insmod,rmmod allow user root +ModuleControlsACLs lsmod allow user * + +#This is required only if you need to set IdentLookups on +#LoadModule mod_ident.c + +LoadModule mod_ctrls_admin.c + +# Install proftpd-mod-crypto to use this module for TLS/SSL support. +LoadModule mod_tls.c +# Even these modules depend on the previous one +LoadModule mod_tls_fscache.c +LoadModule mod_tls_shmcache.c + +# Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other +# SQL backend engine to use this module and the required backend. +# This module must be mandatory loaded before anyone of +# the existent SQL backeds. +#LoadModule mod_sql.c + +# Install proftpd-mod-ldap to use this for LDAP support. +#LoadModule mod_ldap.c + +# +# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives +# are required to have SQL authorization working. You can also comment out the +# unused module here, in alternative. +# + +# Install proftpd-mod-mysql and decomment the previous +# mod_sql.c module to use this. +#LoadModule mod_sql_mysql.c + +# Install proftpd-mod-pgsql and decomment the previous +# mod_sql.c module to use this. +#LoadModule mod_sql_postgres.c + +# Install proftpd-mod-sqlite and decomment the previous +# mod_sql.c module to use this +#LoadModule mod_sql_sqlite.c + +# Install proftpd-mod-odbc and decomment the previous +# mod_sql.c module to use this +#LoadModule mod_sql_odbc.c + +# Install one of the previous SQL backends and decomment +# the previous mod_sql.c module to use this +#LoadModule mod_sql_passwd.c + +LoadModule mod_radius.c +LoadModule mod_quotatab.c +LoadModule mod_quotatab_file.c + +# Install proftpd-mod-ldap to use this +#LoadModule mod_quotatab_ldap.c + +# Install one of the previous SQL backends and decomment +# the previous mod_sql.c module to use this +#LoadModule mod_quotatab_sql.c +LoadModule mod_quotatab_radius.c +# Install proftpd-mod-wrap module to use this +#LoadModule mod_wrap.c +LoadModule mod_rewrite.c +LoadModule mod_load.c +LoadModule mod_ban.c +LoadModule mod_wrap2.c +LoadModule mod_wrap2_file.c +# Install one of the previous SQL backends and decomment +# the previous mod_sql.c module to use this +#LoadModule mod_wrap2_sql.c +LoadModule mod_dynmasq.c +LoadModule mod_exec.c +LoadModule mod_shaper.c +LoadModule mod_ratio.c +LoadModule mod_site_misc.c + +# Install proftpd-mod-crypto to use this module for SFTP support. +#LoadModule mod_sftp.c +#LoadModule mod_sftp_pam.c + +# Install one of the previous SQL backends and decomment +# the previous mod_sql.c module to use this +#LoadModule mod_sftp_sql.c + +LoadModule mod_facl.c +LoadModule mod_unique_id.c +LoadModule mod_copy.c +LoadModule mod_deflate.c +LoadModule mod_ifversion.c +LoadModule mod_memcache.c +# Install proftpd-mod-crypto to use this module for TLS/SSL support. +#LoadModule mod_tls_memcache.c + +#LoadModule mod_redis.c +# Install proftpd-mod-crypto to use this module for TLS/SSL support. +#LoadModule mod_tls_redis.c +#LoadModule mod_wrap2_redis.c + +#LoadModule mod_auth_otp.c + +LoadModule mod_readme.c + +# Install proftpd-mod-geoip to use the GeoIP feature +#LoadModule mod_geoip.c + +# Install proftpd-mod-snmp to use the SNMP feature +#LoadModule mod_snmp.c + +# keep this module the last one +LoadModule mod_ifsession.c + +# mod_digest +LoadModule mod_digest.c diff --git a/FluentFTP.Dockers/proftpd/proftpd.conf b/FluentFTP.Dockers/proftpd/proftpd.conf new file mode 100644 index 000000000..9eeee8732 --- /dev/null +++ b/FluentFTP.Dockers/proftpd/proftpd.conf @@ -0,0 +1,210 @@ +# +# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. +# To really apply changes, reload proftpd after modifications, if +# it runs in daemon mode. It is not required in inetd/xinetd mode. +# + +# Includes DSO modules +Include /etc/proftpd/modules.conf + +# Set off to disable IPv6 support which is annoying on IPv4 only boxes. +UseIPv6 on +# If set on you can experience a longer connection delay in many cases. + + IdentLookups off + + +ServerName "Debian" +# Set to inetd only if you would run proftpd by inetd/xinetd/socket. +# Read README.Debian for more information on proper configuration. +ServerType standalone +DeferWelcome off + +# Disable MultilineRFC2228 per https://github.com/proftpd/proftpd/issues/1085 +# MultilineRFC2228on +DefaultServer on +ShowSymlinks on + +TimeoutNoTransfer 600 +TimeoutStalled 600 +TimeoutIdle 1200 + +DisplayLogin welcome.msg +DisplayChdir .message true +ListOptions "-l" + +DenyFilter \*.*/ + +# Use this to jail all users in their homes +DefaultRoot ~ + +# Users require a valid shell listed in /etc/shells to login. +# Use this directive to release that constrain. +# RequireValidShelloff + +# Port 21 is the standard FTP port. +Port 21 + +# In some cases you have to specify passive ports range to by-pass +# firewall limitations. Ephemeral ports can be used for that, but +# feel free to use a more narrow range. +PassivePorts 21100 21110 + +# If your host was NATted, this option is useful in order to +# allow passive tranfers to work. You have to use your public +# address and opening the passive ports used on your firewall as well. +MasqueradeAddress localhost + +# This is useful for masquerading address with dynamic IPs: +# refresh any configured MasqueradeAddress directives every 8 hours + +# DynMasqRefresh 28800 + + +# To prevent DoS attacks, set the maximum number of child processes +# to 30. If you need to allow more than 30 concurrent connections +# at once, simply increase this value. Note that this ONLY works +# in standalone mode, in inetd mode you should use an inetd server +# that allows you to limit maximum number of processes per service +# (such as xinetd) +MaxInstances 30 + +# Set the user and group that the server normally runs at. +User proftpd +Group nogroup + +# Umask 022 is a good standard umask to prevent new files and dirs +# (second parm) from being group and world writable. +Umask 022 022 +# Normally, we want files to be overwriteable. +AllowOverwrite on + +# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: +# PersistentPasswd off + +# This is required to use both PAM-based authentication and local passwords +# AuthOrder mod_auth_pam.c* mod_auth_unix.c + +# Be warned: use of this directive impacts CPU average load! +# Uncomment this if you like to see progress and transfer rate with ftpwho +# in downloads. That is not needed for uploads rates. +# +# UseSendFile off + +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + +# Logging onto /var/log/lastlog is enabled but set to off by default +#UseLastlog on + +# In order to keep log file dates consistent after chroot, use timezone info +# from /etc/localtime. If this is not set, and proftpd is configured to +# chroot (e.g. DefaultRoot or ), it will use the non-daylight +# savings timezone regardless of whether DST is in effect. +#SetEnv TZ :/etc/localtime + + +QuotaEngine off + + + +Ratios off + + + +# Delay engine reduces impact of the so-called Timing Attack described in +# http://www.securityfocus.com/bid/11430/discuss +# It is on by default. + +DelayEngine on + + + +ControlsEngine off +ControlsMaxClients 2 +ControlsLog /var/log/proftpd/controls.log +ControlsInterval 5 +ControlsSocket /var/run/proftpd/proftpd.sock + + + +AdminControlsEngine off + + +# +# Alternative authentication frameworks +# +#Include /etc/proftpd/ldap.conf +#Include /etc/proftpd/sql.conf + +# +# This is used for FTPS connections +# +Include /etc/proftpd/tls.conf + +# +# This is used for SFTP connections +# +#Include /etc/proftpd/sftp.conf + +# +# This is used for other add-on modules +# +#Include /etc/proftpd/dnsbl.conf +#Include /etc/proftpd/geoip.conf +#Include /etc/proftpd/snmp.conf + +# +# Useful to keep VirtualHost/VirtualRoot directives separated +# +#Include /etc/proftpd/virtuals.conf + +# A basic anonymous configuration, no upload directories. + +# +# User ftp +# Group nogroup +# # We want clients to be able to login with "anonymous" as well as "ftp" +# UserAlias anonymous ftp +# # Cosmetic changes, all files belongs to ftp user +# DirFakeUser on ftp +# DirFakeGroup on ftp +# +# RequireValidShell off +# +# # Limit the maximum number of anonymous logins +# MaxClients 10 +# +# # We want 'welcome.msg' displayed at login, and '.message' displayed +# # in each newly chdired directory. +# DisplayLogin welcome.msg +# DisplayChdir .message +# +# # Limit WRITE everywhere in the anonymous chroot +# +# +# DenyAll +# +# +# +# # Uncomment this if you're brave. +# # +# # # Umask 022 is a good standard umask to prevent new files and dirs +# # # (second parm) from being group and world writable. +# # Umask022 022 +# # +# # DenyAll +# # +# # +# # AllowAll +# # +# # +# +# + +# Include other custom configuration files +# !! Please note, that this statement will read /all/ file from this subdir, +# i.e. backup files created by your editor, too !!! +# Eventually create file patterns like this: /etc/proftpd/conf.d/*.conf +# +Include /etc/proftpd/conf.d/ diff --git a/FluentFTP.Dockers/proftpd/run-proftpd.sh b/FluentFTP.Dockers/proftpd/run-proftpd.sh new file mode 100644 index 000000000..c45d4f947 --- /dev/null +++ b/FluentFTP.Dockers/proftpd/run-proftpd.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# stdout server info: +cat << EOB + ************************************************* + * * + * Docker image: fluentftp proftpd * + * * + ************************************************* + + SERVER SETTINGS + --------------- + · FTP User: fluentuser + · FTP Password: fluentpass +EOB + +# Run proftpd: +&>/dev/null /usr/sbin/proftpd -n diff --git a/FluentFTP.Dockers/proftpd/tls.conf b/FluentFTP.Dockers/proftpd/tls.conf new file mode 100644 index 000000000..48c3610b2 --- /dev/null +++ b/FluentFTP.Dockers/proftpd/tls.conf @@ -0,0 +1,66 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +TLSProtocol TLSv1.2 TLSv1.3 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /etc/ssl/certs/proftpd.crt +TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +#TLSRequired on +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +#TLSRenegotiate required off + +TLSRequired on +#TLSOptions NoCertRequest AllowClientRenegotiations +#TLSOptions NoCertRequest NoSessionReuseRequired +TLSOptions NoCertRequest +#TLSRenegotiate ctrl 1500 timeout 300 FluentFTP will fail the renogotiation +#TLSSessionCache internal: 1800 FluentFTP will fail the renogotiation + + diff --git a/FluentFTP.Dockers/vsftpd/Dockerfile b/FluentFTP.Dockers/vsftpd/Dockerfile index ce52aecd4..85410ddaa 100644 --- a/FluentFTP.Dockers/vsftpd/Dockerfile +++ b/FluentFTP.Dockers/vsftpd/Dockerfile @@ -12,8 +12,9 @@ RUN apt install -y \ dialog RUN apt install -y \ - vsftpd \ - iproute2 + openssl \ + iproute2 \ + vsftpd RUN apt remove --purge -y \ exim4-base \ @@ -31,10 +32,18 @@ RUN chmod +x /usr/sbin/run-vsftpd.sh RUN useradd -m -p savatlcb.1m26 fluentuser RUN mkdir -p /home/fluentuser/ -RUN chown -R fluentuser:users /home/fluentuser/ +RUN chown -R fluentuser:users /home/fluentuser RUN mkdir /var/ftp +RUN openssl req -x509 -newkey rsa:4096 \ + -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.crt \ + -subj "/C=US/ST=State/L=/O=Dev/CN=fluentftp" \ + -nodes -days 3650 + +RUN chmod 0600 /etc/ssl/private/vsftpd.key +RUN chmod 0640 /etc/ssl/private/vsftpd.key + VOLUME /home/fluentuser VOLUME /var/log/vsftpd diff --git a/FluentFTP.Dockers/vsftpd/docker-compose.yml b/FluentFTP.Dockers/vsftpd/docker-compose.yml index dd23e9017..c30b2effe 100644 --- a/FluentFTP.Dockers/vsftpd/docker-compose.yml +++ b/FluentFTP.Dockers/vsftpd/docker-compose.yml @@ -1,14 +1,9 @@ -version: "3" - services: - vsftpd: build: context: . - dockerfile: ./Dockerfile - args: - USER_ID: 1000 - GROUP_ID: 1000 + network: host + restart: unless-stopped restart: always ports: - 0.0.0.0:20:20 diff --git a/FluentFTP.Dockers/vsftpd/vsftpd.conf b/FluentFTP.Dockers/vsftpd/vsftpd.conf index 25798f9a0..595ccafb6 100644 --- a/FluentFTP.Dockers/vsftpd/vsftpd.conf +++ b/FluentFTP.Dockers/vsftpd/vsftpd.conf @@ -156,8 +156,8 @@ pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. -rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +rsa_cert_file=/etc/ssl/certs/vsftpd.crt +rsa_private_key_file=/etc/ssl/private/vsftpd.key ssl_enable=YES # session resume diff --git a/FluentFTP.Tests/Integration/System/IntegrationTestSuite.cs b/FluentFTP.Tests/Integration/System/IntegrationTestSuite.cs index c7fa090db..550981c4b 100644 --- a/FluentFTP.Tests/Integration/System/IntegrationTestSuite.cs +++ b/FluentFTP.Tests/Integration/System/IntegrationTestSuite.cs @@ -39,6 +39,9 @@ protected FtpClient GetClient() { var client = new FtpClient("localhost", new NetworkCredential(_fixture.GetUsername(), _fixture.GetPassword())); client.Config.EncryptionMode = FtpEncryptionMode.Auto; client.Config.ValidateAnyCertificate = true; + client.Config.LogHost = true; + client.Config.LogUserName = true; + client.Config.LogPassword = true; return client; } @@ -49,6 +52,9 @@ protected FtpClient GetConnectedClient() { var client = GetClient(); client.Config.EncryptionMode = FtpEncryptionMode.Auto; client.Config.ValidateAnyCertificate = true; + client.Config.LogHost = true; + client.Config.LogUserName = true; + client.Config.LogPassword = true; client.AutoConnect(); return client; } @@ -60,6 +66,9 @@ protected async Task GetAsyncClient() { var client = new AsyncFtpClient("localhost", new NetworkCredential(_fixture.GetUsername(), _fixture.GetPassword())); client.Config.EncryptionMode = FtpEncryptionMode.Auto; client.Config.ValidateAnyCertificate = true; + client.Config.LogHost = true; + client.Config.LogUserName = true; + client.Config.LogPassword = true; return client; } @@ -70,6 +79,9 @@ protected async Task GetConnectedAsyncClient() { var client = await GetAsyncClient(); client.Config.EncryptionMode = FtpEncryptionMode.Auto; client.Config.ValidateAnyCertificate = true; + client.Config.LogHost = true; + client.Config.LogUserName = true; + client.Config.LogPassword = true; await client.AutoConnect(); return client; } diff --git a/FluentFTP.Xunit/Docker/Containers/ProFtpdContainer.cs b/FluentFTP.Xunit/Docker/Containers/ProFtpdContainer.cs index 2312e8606..227a8c594 100644 --- a/FluentFTP.Xunit/Docker/Containers/ProFtpdContainer.cs +++ b/FluentFTP.Xunit/Docker/Containers/ProFtpdContainer.cs @@ -13,9 +13,7 @@ public ProFtpdContainer() { ServerType = FtpServer.ProFTPD; ServerName = "proftpd"; DockerImage = "proftpd:fluentftp"; - DockerImageOriginal = "kibatic/proftpd"; - DockerGithub = "https://github.com/kibatic/docker-proftpd"; - //RunCommand = "docker run -d --net host -e FTP_LIST=\"fluentroot:fluentpass\" -e MASQUERADE_ADDRESS=1.2.3.4 proftpd:fluentftp"; + //RunCommand = "docker run -d --net host proftpd:fluentftp"; } /// @@ -23,13 +21,7 @@ public ProFtpdContainer() { /// public override ITestcontainersBuilder Configure(ITestcontainersBuilder builder) { - builder = ExposePortRange(builder, 50000, 50010); - - builder = builder - .WithEnvironment("FTP_LIST", DockerFtpConfig.FtpUser + ":" + DockerFtpConfig.FtpPass) - .WithEnvironment("PASSIVE_MIN_PORT", "50000") - .WithEnvironment("PASSIVE_MAX_PORT", "50010") - .WithEnvironment("MASQUERADE_ADDRESS", "127.0.0.1"); + builder = ExposePortRange(builder, 21100, 21110); return builder; } diff --git a/FluentFTP.Xunit/Docker/Containers/VsFtpdContainer.cs b/FluentFTP.Xunit/Docker/Containers/VsFtpdContainer.cs index 2ddab282a..5487fd81a 100644 --- a/FluentFTP.Xunit/Docker/Containers/VsFtpdContainer.cs +++ b/FluentFTP.Xunit/Docker/Containers/VsFtpdContainer.cs @@ -13,9 +13,7 @@ public VsFtpdContainer() { ServerType = FtpServer.VsFTPd; ServerName = "vsftpd"; DockerImage = "vsftpd:fluentftp"; - DockerImageOriginal = "fauria/vsftpd"; - DockerGithub = "https://github.com/fauria/docker-vsftpd"; - //RunCommand = "docker run --rm -it -p 21:21 -p 4559-4564:4559-4564 -e FTP_USER=fluentroot -e FTP_PASSWORD=fluentpass vsftpd:fluentftp"; + //RunCommand = "docker run --rm -it -p 21:21 -p 21100-21110:21100-21110 vsftpd:fluentftp"; } /// @@ -23,16 +21,10 @@ public VsFtpdContainer() { /// public override ITestcontainersBuilder Configure(ITestcontainersBuilder builder) { - builder = builder.WithPortBinding(20) - .WithPortBinding(21); + builder = builder.WithPortBinding(20); builder = ExposePortRange(builder, 21100, 21110); - builder = builder - .WithEnvironment("PASV_ADDRESS", "127.0.0.1") - .WithEnvironment("FTP_USER", DockerFtpConfig.FtpUser) - .WithEnvironment("FTP_PASS", DockerFtpConfig.FtpPass); - return builder; } From ed9f4f4681335c4656948bb8f208651557ec4719 Mon Sep 17 00:00:00 2001 From: FanDjango Date: Tue, 11 Oct 2022 21:07:49 +0200 Subject: [PATCH 2/2] Delete unneeded files --- FluentFTP.Dockers/proftpd/LICENSE | 21 ---- FluentFTP.Dockers/proftpd/README.md | 118 ------------------ .../proftpd/docker-entrypoint.sh | 37 ------ .../proftpd/tester/docker-compose.yml | 16 --- 4 files changed, 192 deletions(-) delete mode 100644 FluentFTP.Dockers/proftpd/LICENSE delete mode 100644 FluentFTP.Dockers/proftpd/README.md delete mode 100644 FluentFTP.Dockers/proftpd/docker-entrypoint.sh delete mode 100644 FluentFTP.Dockers/proftpd/tester/docker-compose.yml diff --git a/FluentFTP.Dockers/proftpd/LICENSE b/FluentFTP.Dockers/proftpd/LICENSE deleted file mode 100644 index 096e6e5b4..000000000 --- a/FluentFTP.Dockers/proftpd/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2018 Kibatic - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/FluentFTP.Dockers/proftpd/README.md b/FluentFTP.Dockers/proftpd/README.md deleted file mode 100644 index 74d6c7ced..000000000 --- a/FluentFTP.Dockers/proftpd/README.md +++ /dev/null @@ -1,118 +0,0 @@ -docker-proftpd -============== - -Simple way to install a proftp server on an host. - -This FTP server work in passive mode (perhaps in active mode also but not sure...) - - -Quick start ------------ - -```bash -docker run -d --net host \ - -e FTP_LIST="user1:pass1;user2:pass2" \ - -e MASQUERADE_ADDRESS=1.2.3.4 \ - -v /path_to_ftp_dir_for_user1:/home/user1 \ - -v /path_to_ftp_dir_for_user2:/home/user2 \ - kibatic/proftpd -``` - -The default passive ports are 50000-50100. - -The masquerade address should be the external address of your FTP server - -Warning -------- - -The way to define the users and passwords makes that you should not -use ";" or ":" in your user name or password. - -(ok, this is ugly, but using FTP in 2018 is ugly too) - -USERADD_OPTIONS and PASSIVE_MIN_PORT, PASSIVE_MAX_PORT ------------------------------------------------------- - -```bash -docker run -d --net host \ - -e FTP_LIST="user1:pass1;user2:pass2" \ - -e USERADD_OPTIONS="-o --gid 33 --uid 33" \ - -e PASSIVE_MIN_PORT=50000 - -e PASSIVE_MAX_PORT=50100 - -e MASQUERADE_ADDRESS=1.2.3.4 - -v /path_to_ftp_dir_for_user1:/home/user1 \ - -v /path_to_ftp_dir_for_user2:/home/user2 \ - kibatic/proftpd -``` - -The USERADD_OPTIONS is not mandatory. It contains parameters we can -give to the useradd command (in order for example to indicates the -created user can have the uid of www-data (33) ). - -It allows to give different accesses, but each user will create -the files and directory with the right user on the host. - -docker-compose.yml example --------------------------- - -You can for example use a docker-compose like this : - -```yaml -version: '3.7' - -services: - proftpd: - image: kibatic/proftpd - network_mode: "host" - restart: unless-stopped - environment: - FTP_LIST: "myusername:mypassword" - USERADD_OPTIONS: "-o --gid 33 --uid 33" - # optional : default to 50000 and 50100 - PASSIVE_MIN_PORT: 50000 - PASSIVE_MAX_PORT: 50100 - # optional : default to undefined - MASQUERADE_ADDRESS: 1.2.3.4 - volumes: - - "/the_direcotry_on_the_host:/home/myusername" -``` - -Firewall --------- - -You can use these firewall rules with the FTP in active mode - -```bash -iptables -A INPUT -p tcp --dport 21 -j ACCEPT -iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT -iptables -A INPUT -p tcp --dport 20 -j ACCEPT -iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT -iptables -A INPUT -p tcp --dport 50000:50100 -j ACCEPT -iptables -A OUTPUT -p tcp --dport 50000:50100 -j ACCEPT -``` - -Testing this Dockerfile ------------------------ - -If you want to test this Dockerfile, you can use the tester directory : - -```bash -cd tester -docker-compose build --pull -docker-compose up -``` - -Versions --------- - -* 2022-05-10 : passive port config and masquerade config -* 2022-05-09 : update to debian:bullseye-slim and better doc -* 2019-10-09 : USERADD_OPTIONS added -* 2019-04-01 : update to debian stretch -* 2018-03-30 : creation - -Author ------- - -inspired by the good idea and the image hauptmedia/proftpd -from Julian Haupt. diff --git a/FluentFTP.Dockers/proftpd/docker-entrypoint.sh b/FluentFTP.Dockers/proftpd/docker-entrypoint.sh deleted file mode 100644 index 0bef1f05d..000000000 --- a/FluentFTP.Dockers/proftpd/docker-entrypoint.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -if [ -n "$FTP_LIST" ]; then - IFS=';' read -r -a parsed_ftp_list <<< "$FTP_LIST" ; unset IFS - for ftp_account in ${parsed_ftp_list[@]} - do - IFS=':' read -r -a tab <<< "$ftp_account" ; unset IFS - ftp_login=${tab[0]} - ftp_pass=${tab[1]} - CRYPTED_PASSWORD=$(perl -e 'print crypt($ARGV[0], "password")' $ftp_pass) - useradd --shell /bin/sh ${USERADD_OPTIONS} -d /home/$ftp_login --password $CRYPTED_PASSWORD $ftp_login - echo "ftp_login: $ftp_login" - # Create home directory. Removes requirement to mount volume. - mkdir "/home/$ftp_login" - chown -R $ftp_login:$ftp_login /home/$ftp_login - done -fi - -if [[ -z "${PASSIVE_MIN_PORT}" ]]; then - PASV_MIN=50000 -else - PASV_MIN="${PASSIVE_MIN_PORT}" -fi -if [[ -z "${PASSIVE_MAX_PORT}" ]]; then - PASV_MAX=50100 -else - PASV_MAX="${PASSIVE_MAX_PORT}" -fi -sed -i "s/^\(# \)\?PassivePorts.*$/PassivePorts ${PASV_MIN} ${PASV_MAX}/" /etc/proftpd/proftpd.conf - -if [[ -z "${MASQUERADE_ADDRESS}" ]]; then - sed -i "s/^\(# \)\?MasqueradeAddress.*$/# MasqueradeAddress x.x.x.x/" /etc/proftpd/proftpd.conf -else - sed -i "s/^\(# \)\?MasqueradeAddress.*$/MasqueradeAddress ${MASQUERADE_ADDRESS}/" /etc/proftpd/proftpd.conf -fi - -exec "$@" diff --git a/FluentFTP.Dockers/proftpd/tester/docker-compose.yml b/FluentFTP.Dockers/proftpd/tester/docker-compose.yml deleted file mode 100644 index 68a8e3421..000000000 --- a/FluentFTP.Dockers/proftpd/tester/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3.7' - -services: - proftpd: - # image: kibatic/proftpd - build: - context: .. - network_mode: "host" - restart: unless-stopped - environment: - FTP_LIST: "user1:pass1;user2:pass2" - MASQUERADE_ADDRESS: "4.3.2.1" - # USERADD_OPTIONS: "-o --gid 33 --uid 33" - volumes: - - "./ddata/user1:/home/user1" - - "./ddata/user2:/home/user2"