stilliard / docker-pure-ftpd Goto Github PK
View Code? Open in Web Editor NEWDocker Pure-ftpd Server
Home Page: https://hub.docker.com/r/stilliard/pure-ftpd/
License: MIT License
Docker Pure-ftpd Server
Home Page: https://hub.docker.com/r/stilliard/pure-ftpd/
License: MIT License
doing a password change with
pure-pw passwd myuser -f /etc/pure-ftpd/passwd/pureftpd.passwd
Does finish - but will not work.
Probably related, list wont work either, it tells me, it cannot read the passwd file:
pure-pw passwd list -f /etc/pure-ftpd/passwd/pureftpd.passwd
Even though the ftp daemon is started like this:
root@prd-dvm-001:~# docker logs ftpd_server
Log enabled, see /var/log/messages
Starting Pure-FTPd:
pure-ftpd -c 50 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P viveo2.com -p 30000:30009 -d
When I connect it tells me the maximum clients is 5:
14:18 $ ftp [email protected]
Connected to yyy.com.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 5 allowed.
220-Local time is now 12:18. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
331 User devicelog OK. Password required
Password:
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ^D
Any idea what is wrong here?
It looks like the files inside /etc/pure-ftpd/conf
are not being read by pure-ftpd. Below are my steps:
$> docker run --rm --name dev -p 21:21 -p 30000-30009:30000-30009 stilliard/pure-ftpd:hardened
$> docker exec -it dev bash
root@dev> pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob
root@dev> mkdir -p /home/ftpusers/bob
root@dev> touch /home/ftpusers/bob/foo
root@dev> touch /home/ftpusers/bob/.bar
root@dev> cat /etc/pure-ftpd/conf/DisplayDotFiles
(no
)
$> ftp 127.0.0.1
ftp> name=bob + password
ftp> ls -al
foo
foo
and .bar
both showed upAm I missing something here? It shouldn't display .bar
right?
Similarly, I tried removing -j
from the CMD
(with /etc/pure-ftpd/conf/CreateHomeDir
=yes
of course, I was using hardened
image) and it doesn't create home directory anymore.
Hi,
I used a new dockerfile to change the settings for the maximum connections number. The new image is running fine with 10 max connections however, I still have the old image stilliard/pure-ftpd:latest as an orphan.
I tried to remove it but I get this error : Error response from daemon: conflict: unable to delete 6a2be31ca0ab (cannot be forced) - image has dependent child images
Is it normal? Did I did something wrong when I created the new dockerfile?
Regards,
Ben
When activating TLS/SSL, I personally wanted to disable non-tls connections.
But to do this, I had to completely build the docker myself after git cloning it and modify the run.sh.
Therefore I suggest, you implement an environment variable for personal interest and maybe a default value, when not set.
Debians Pureftpd Wrapper has a somewhat unusual way of defining a number of settings by requiring that a bunch of files be created/edited to contain yes/no/number variables
My current non docker Pureftpd install has most of these set.
Do you have any interest if I document here what I believe are sane settings with a view to explicitly setting them in this docker?
Hello, I am having a problem with changing the passivports.
I simpely just run:
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=x.x.x.x" stilliard/pure-ftpd:hardened
and I guess 30000-30009 are the passiv ports? but the ftpd server uses port 117xx.
If i look in filezilla I can see:
227 Entering Passive Mode (x,x,x,x,117,49)
anyone having the same problem?
Pureftp logging by default is pretty bad. It makes no sense that a log file with a date in the filename would actually contain a mix of differnt days data most of which is the previous day. It is also is surprising to find that most of the logs contain no information to identify which host the log data came from (useless if you run more than one FTP server and they all produce identically named log files).
Unfortunately the fixes for these issues are relatively ugly.
List of known fixes so far (open to better suggestions):
echo "clf:/var/log/pure-ftpd/transfer-FTP-$hostn.log" > /etc/pure-ftpd/conf/AltLog
echo "" >> /etc/rsyslog.conf
echo "#PureFTP Custom Logging" >> /etc/rsyslog.conf
echo "ftp.* /var/log/pure-ftpd/pureftpd-FTP-$hostn.log" >> /etc/rsyslog.conf
echo "Updated /etc/rsyslog.conf with /var/log/pure-ftpd/pureftpd-FTP-$hostn.log"
cat > /etc/logrotate.d/pure-ftpd-common <<- EOM
/var/log/pure-ftpd/pureftpd-FTP-$hostn.log
/var/log/pure-ftpd/transfer-FTP-$hostn.log
{
daily
dateext
dateyesterday
missingok
rotate 365
compress
postrotate
/usr/sbin/pure-ftpd-control restart >/dev/null
endscript
}
/etc/crontab cron.daily
to run at 00:01 so that logs contains predominately one day of data sed -i "s@25 6@01 0@" /etc/crontab
everything is in the quesiton
Check the recommendations for handling layers in the images.
Try to reduce the size of the image by combining layers and doing clean up in the end of each.
Remove APT cache, temporary directories, source files (needed only for compilation), *-dev packages, also needed only for compilation.
I configured pure-ftpd config file with these params :
PassivePortRange 49152 65534
ForcePassiveIP LINODE_SERVER_PUBLIC_IP
ftp -p LINODE_SERVER_PUBLIC_IP
Connected to LINODE_SERVER_PUBLIC_IP.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 03:47. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
Name (LINODE_SERVER_PUBLIC_IP:xxxx): sjzzt007
331 User sjzzt007 OK. Password required
Password:
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (LINODE_SERVER_PUBLIC_IP,156,200)
ftp: connect: Connection refused
Several suggestion in one as they are all interrelated.
I suggest the following
groupadd --gid 1010 ftpgroup
useradd --uid 1011 --gid ftpgroup -d /dev/null -r -s /usr/sbin/nologin ftpuser-rw
useradd --uid 1012 --gid ftpgroup -d /dev/null -r -s /usr/sbin/nologin ftpuser-ro
This is different to what we do currently:
-r
tells useradd that it is a system user only-s /usr/sbin/nologin
is perhaps defunct with the -r switch but to be safe we use the standard means to say no shell for these users-d /dev/null
is also perhaps defunct but it ensures the user has no home directoryftpuser-ro
and one for accounts that can write ftpuser-rw
(pureftp has no means to set accounts RO and relys on system acounts to do this)I opened the docker for some friend which in turn had a nice problem ... (whereas I used the ftp with a simple ftp command ... )
Test log
Status: Resolving address of ******
Status: Connecting to ******
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Reply: 220-You are user number 2 of 30 allowed.
Reply: 220-Local time is now 20:48. Server port: 21.
Reply: 220-This is a private system - No anonymous login
Reply: 220-IPv6 connections are also welcome on this server.
Reply: 220 You will be disconnected after 15 minutes of inactivity.
Command: CLNT https://ftptest.net on behalf of ******
Reply: 530 You aren't logged in
Command: USER ******
Reply: 331 User ****** OK. Password required
Command: PASS ********************************
Reply: 230 OK. Current directory is /
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Extensions supported:
Reply: EPRT
Reply: IDLE
Reply: MDTM
Reply: SIZE
Reply: MFMT
Reply: REST STREAM
Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Reply: MLSD
Reply: AUTH TLS
Reply: PBSZ
Reply: PROT
Reply: UTF8
Reply: TVFS
Reply: ESTA
Reply: PASV
Reply: EPSV
Reply: SPSV
Reply: ESTP
Reply: 211 End.
Command: PWD
Reply: 257 "/" is your current location
Status: Current path is /
Command: TYPE I
Reply: 200 TYPE is now 8-bit binary
Command: PASV
Reply: 227 Entering Passive Mode (172,17,0,124,95,104)
Error: Server returned unroutable private IP address in PASV reply
Results
Error: Server returned unroutable private IP address in PASV reply
Make sure the server is configured to allow passive mode connections.
If the server is behind a NAT router, make sure the server knows its external IP address.
The range of ports used for passive mode must be opened in all involved firewalls.
The range of ports used for passive mode must be forwarded by all involved NAT routers.
Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router.
From what I understand of docker this might become troublesome to resolve won't it ? :p I dont know how to enter in passive mode with ftp command ... when I hit passive, it work nice enough... but i guess it fails back to active if passive doesn't work ... so maybe i simply dont get notified.
Any idea ? Guess i'll simply have to ask my friend to go on active if it's possible
What's the license of this project? There is no LICENSE file, nor license in description.
Hi from the documentation it says that overriding the command allows to increase the maximum connections, i tried it and initially didn't work, i looked around a bit and found this post:
https://ubuntuforums.org/archive/index.php/t-1721081.html
Anyway fixed the issue. There where two problems: the passive port range and the order of -c and -p.
The port range based on my first case was: (40115 + 1 - 40110) / 2=3
And ubuntu doesn't ensure -c comes before -p, so if you use the default config and run script in /etc/init.d/pure-ftpd then it will not work (even if you get the port range correct).
i did exactly the same mistakes and following this i fixed my issue, do you think you could make this more clear in the README?
the -o as modification in the launch command in the dockerfile doesn't work by the way... So I do'nt have any log for verify the problem. But I have some Ideas I will try that first... can you just watch the -0 option?
Hello,
I'm trying to setup this docker on my server so that I can serve a folder via FTP.
I have forwarded the port 10021 -> docker 21, as well as a range of ports for the passive connection (11000-11100)
I set the /etc/pure-ftpd/conf/PassivePortRange to "11000 11100" and .../ForcePassiveIP to my (host) server IP.
Connecting from the host with the host external IP is fine, but connecting from the host to localhost gives me "I won't open a connection to 127.0.0.1, only to <container_IP>".
Connecting from outside to the host:10021 checks the credentials alright, but when doing an ls
, it hangs on "Entering passive mode".
Any idea how I can make it work?
Thanks
Hi,
I've created a ftp server, mounted a folder in my docker host as the /home/ftpusers directory
I ran the
a folder has been created there for the user by this command (a .sh script):
pure-pw useradd $1 -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/$1
the directory was created. The user cannot upload any files to the home folder (access denied).. i guess theres something wrong with the access the the folder (is created by root):
drwxr-xr-x 2 root root 4096 Mar 30 14:07 testuser
???????
Hope for some help
/OhmegaStar
Following on from #15 which defines two system accounts for pureftp use it starts to make little sense to place the pureftp root directory under /home/user at all.
There is a debate to be had where this data should be stored in a the traditional Linux filesystem hierarchy however in docker land I propose that it could possibly be /ftp
.
This makes the command to volume mount this directly to the host OS if necessary shorter and probably better fits the appliance model of docker.
This change will necessitate the creation of the directory and the setting of the permissions within the dockerfile but combined with #15 allows users the power of debian system user security for RO/RW.
I've searched for what I'm missing but I can't seem to get the build to allow anonymous access.
I've removed the -E flag, and even changed the /etc/pure-ftpd/conf/NoAnonymous but nothing seems to allow anonymous.
Response is always error 421
What do I need to do to allow anonymous user access?
Sending build context to Docker daemon
Step 0 : FROM debian:wheezy
---> 1265e16d0c28
Step 1 : ENV DEBIAN_FRONTEND noninteractive
---> Using cache
---> b149445a29ec
Step 2 : RUN echo "deb http://http.debian.net/debian wheezy main\ndeb-src http://http.debian.net/debian wheezy main\ndeb http://http.debian.net/debian wheezy-updates main\ndeb-src http://http.debian.net/debian wheezy-updates main\ndeb http://security.debian.org wheezy/updates main\ndeb-src http://security.debian.org wheezy/updates main\n" > /etc/apt/sources.list
---> Using cache
---> 15abba097636
Step 3 : RUN apt-get -y update
---> Using cache
---> d89b23217e07
Step 4 : RUN apt-get -y --force-yes install dpkg-dev debhelper
---> Running in 5e4e86a93924
Reading package lists...
Building dependency tree...
Reading state information...
Package debhelper is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'debhelper' has no installation candidate
Hi,
I'm testing your docker image and I'm facing off a problem.
If I use ftp in command line I can send a file with my virtual user. But when I'm trying to use a GUI tool (filezilla, Winscp, CyberDuck, ...) I have always the error "Cannot list directory" that turn into a timeout error after 20 seconds, but I can see the user is logged in.
The only thing I've changed is the home directory which is not in /home/username. I've set the rights. IpTable show me ACCEPT on each ports (21 and 3000/3009).
Do you have an idea why I can't list directory?
Thanks a lot and great job!
Yu.
Hello.
I run below command to create a container
docker run -d --name ftp_server -p 21 -e "PUBLICHOST=localhost" stilliard/pure-ftpd:hardened
pure-pw useradd RALLIPROD -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/RALLIPROD
Now I am trying to connect from another container but my issue is how to pass username and credential in on FTP command
[root@aefd3ba6593e /]# ftp -p ftp_server
Connected to ftp_server (10.0.108.6).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 5 allowed.
220-Local time is now 14:36. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
Name (ftp_server:root): RALLIPROD
331 User RALLIPROD OK. Password required
Password:
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
[root@aefd3ba6593e /]# ftp ftp_server RALLIPROD/abc123
ftp: ftp_server RALLIPROD/abc123: Servname not supported for ai_socktype
Hello,
I used this docker and it works great. I mean, I can connect using command line but when I use a real ftp client, I have error like :
I also have limit to 5 connections :
$ ftp 192.168.99.100
Connected to 192.168.99.100.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 5 allowed.
220-Local time is now 10:28. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
In my docker-composer I have :
ftp:
image: stilliard/pure-ftpd:latest
env_file: docker/ftp.env
ports:
- "21:21"
- "30000-30009:30000-30009"
volumes:
- ./ftp:/home/ftpusers/bob
- ./vsftpd:/etc/pure-ftpd/passwd
ps aux on machine give me :
/bin/sh -c /run.sh -c 50 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30009
Any idea?
How to watch the log of ftp server ?
Thanks
Hi Andrew, i've been trying to use your container as a base for a gitlab continuous integration service. however, there are two issues,
Waiting for services to be up and running...
*** WARNING: Service runner-0f9980e5-project-711-concurrent-0-.....__...__ftpd_env probably didn't start properly.
service runner-0f9980e5-project-711-concurrent-0-.....__...__ftpd_env did timeout
*********
which is probably more of a gitlab-ci issue though. i need to find out what exactly it expects a service container to do to prevent the timeout. but this is just a minor issue and not a show-stopper.
421 Illegal forced IP for passive connections
do you have any suggestions?
Hello I've extended your image with a simple Dockerfile which adds a prebuild pdb
FROM stilliard/pure-ftpd
VOLUME /home/ftpusers/someone
ADD pureftpd.pdb /etc/pure-ftpd/
When I run this new container in a docker-compose port 21 is closed. The same container uses a mysql image where ports are opened on the host in the same way.
What am I doing wrong?
This is my docker-compose
fidelio-application:
build: code
volumes:
- ../../../../data:/home/ftpusers/someone
tty: true
fidelio-db:
image: mysql
ports:
- 3306:3306
volumes_from:
- fidelio-application
ftpserver:
build: ftp
container_name: ftpserver
ports:
- 21:21
- 30000-30009:30000-30009
environment:
PUBLICHOST: localhost
volumes_from:
- fidelio-application
BTW if i run the image directly with docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd
the cointainer operates correctly.
Our webshop-team needs a server to upload pictures via ftp (explicit ftp over tls, Port 21 as far as I know) with passive ftp (ports 30000 - 30009) and get them via https. Don't ask me why...
So I have been trying to set up docker via one docker-compose.yml and some Dockerfiles. And I am stuck at this pure-ftpd-image. Therefore I have some questions...
I am using stilliard/pure-ftpd:hardened.
Inside the container, the ftp-server-daemon is running with:
root@6dfbbafdd741:/etc/pure-ftpd# ps faux | grep pure
/bin/sh -c /run.sh -E -c 5 -C 5 -j -R -p 30000:30009 -P $PUBLICHOST -l puredb:/etc/pure-ftpd/db/pureftpd.pdb -e "ADDED_FLAGS=-d -d -O w3c:/var/log/pure-ftpd/transfer.log"
root 7 0.0 0.0 19788 4104 ? S 12:00 0:00 pure-ftpd (SERVER) -d -O w3c:/var/log/pure-ftpd/transfer.log --tls=1
root@6dfbbafdd741:/# echo $PUBLICHOST
localhost
...but the puredb seems to be located in /etc/pure-ftpd/, not in /etc/pure-ftpd/db/. Why?
And even with changing my Dockerfile-entry:
CMD /run.sh -E -c 5 -C 5 -j -R -p 30000:30009 -P $PUBLICHOST -l puredb:/etc/pure-ftpd/pureftpd.pdb -e "ADDED_FLAGS=-d -d -O w3c:/var/log/pure-ftpd/transfer.log"
(without adding db in the puredb-path), I always get:
Status: Connection established
Return: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Return: 220-You are user number 1 of 5 allowed.
Return: 220-Local time is now 11:57. Server port: 21.
Return: 220-Only anonymous FTP is allowed here
Return: 220-IPv6 connections are also welcome on this server.
Return: 220 You will be disconnected after 15 minutes of inactivity.
Cmd: AUTH TLS
Return: 234 AUTH TLS OK.
Status: Initialising TLS...
Status: Check Certificates...
Status: TLS-Connection established.
Cmd: USER [user]
Return: 421 Unable to set up secure anonymous FTP
Fail: Connection to the server could not be established
Why is "Only anonymous FTP allowed here"? I use the -E-flag, my [user] is stored in the /etc/pure-ftpd/passwd/pureftpd.passwd-file, repeating exactly the steps you describe here on GitHub (of course with another username and pwd):
[user]:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:1000:1000::/home/ftpusers/[user]/./::::::::::::
Maybe there is some error with the -P-flag?
And the third question is: if I only want to allow pureftpd-virtual-users, can I delete PAMAuthentication in /etc/pure-ftpd/conf or set it to "no"?
The docker-container runs on CentOS 7 with kernel 4.13.2-1.el7.elrepo.x86_64, the firewall looks like:
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 enp6s0
sources:
services: dhcpv6-client docker-registry ssh http https ftp
ports: 30000-30009/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
and docker ps -a tells me:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6dfbbafdd741 gen_ftps.[xxx].net "/bin/sh -c '/run...." 27 minutes ago Up 26 minutes 0.0.0.0:21->21/tcp, 0.0.0.0:30000-30009->30000-30009/tcp gen_ftps.[xxx].net_1
84b576317d74 nginx "nginx -g 'daemon ..." 4 hours ago Up 4 hours 80/tcp, 443/tcp gen_sslimages.[xxx].net_1
13bf2cfac987 gen_reverseproxy "nginx -g 'daemon ..." 4 hours ago Up 4 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp gen_reverseproxy_1
e05fa187eade nginx "nginx -g 'daemon ..." 4 hours ago Up 4 hours 80/tcp, 443/tcp gen_www.[xxx].com_1
1a3bf3f5b90a nginx "nginx -g 'daemon ..." 4 hours ago Up 4 hours 80/tcp gen_service.[xxx].com_1
The docker-compose.yml contains (snippet):
version: '3.3'
services:
ftps.[xxx].net:
build: ../ftps.[xxx].net/.
volumes:
- type: volume
source: vol-ssldata
target: /home/ftpusers
volume:
nocopy: true
- type: volume
source: vol-ftpsusers
target: /etc/pure-ftpd/passwd
volume:
nocopy: true
- type: volume
source: vol-ftplogs
target: /var/log/pure-ftpd
volume:
nocopy: true
- type: volume
source: vol-ftp-db
target: /etc/pure-ftpd/db
volume:
nocopy: true
expose:
- "21"
- "30000-30009"
networks:
- net_ftps.[xxx].net
ports:
- "21:21"
- "30000-30009:30000-30009"
[...], and I use vol-ssldata in another nginx-container for https.
As far as I can think (which can't be too far ;-) the problem lies in the pureftp-container.
Thanks for your good work and your answers in advance!
Sincerely,
Jochen
Can i allow only ftps? Without pure ftp
Hi Guys,
I'm trying to start the container with the tls flag but for some reason the container terminates on start. Here's what I'm doing; I build my own image, add passwords, *.pem files and run:
#Dockerfile
FROM stilliard/pure-ftpd:hardened
RUN mkdir -p /etc/ssl/private
RUN rm -rf /etc/pure-ftpd/passwd/*
ADD private/* /etc/ssl/private/
ADD passwd/* /etc/pure-ftpd/passwd/
RUN chmod 600 /etc/ssl/private/*.pem
# e.g. you could change the defult command run:
CMD /run.sh -c 30 -C 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R #-tls 1
Build:
docker build -t gag-ftpd-server:latest .
Run:
docker run -d --name ftpd_server6 -e "PUBLICHOST=localhost" gag-ftpd-server
So far so good
Now when I add the -tls flag in the Dockerfile:
CMD /run.sh -c 30 -C 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -tls 1
The container terminates with no logs (docker logs [container]).
I can run it with environmental variable "-e "ADDED_FLAGS=--tls=2", omitting the -tls 1 flag and it starts but doesn't work. I was wondering if you could help me to understand why it's not working with the -tls 1 flag or what am I doing wrong.
Any words of wisdom?
Thank you.
I am running Docker version 1.3.3 on Debian 8 Jessie.
When trying to run the example from the docs I receive an error message
sudo docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd
Invalid containerPort: 30000-30009
Do I need to address the ports individually instead? That seems to work.
-p 21:21 -p 30000:30000 -p 30001:30001 -p 30002:30002 ...
Hi, i have this issue:
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
I try to connect with FileZilla. any idea?
After running
mkdir /home/ftpusers/
mkdir /home/ftpusers/ftptest/
pure-pw useradd ftptest -u ftpuser -d /home/ftpusers/ftptest
pure-pw mkdb
Wasn't able to log into the ftp server with the new user. Get the following output.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 06:31. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:jason): ftptest
331 User ftptest OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
Edit: Fixed to have the correct failed attempt.
For some reason, I'm unable to rename directories/files inside a FTP user's home folder. First some information about what I do:
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" -e "ADDED_FLAGS=-d -d" stilliard/pure-ftpd:hardened
docker exec -it ftpd_server /bin/bash
pure-pw useradd blabla -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/blabla
with passwordNow I can login using user blabla
and see the contents of directory (/home/ftpusers/blabla). Here I can upload files to, download from, but for some reason I'm unable to rename files/directories. I get this:
Any idea what I'm doing wrong?
This is my docker compose file.
ftp:
image: stilliard/pure-ftpd:hardened
volumes:
- "./tests/ftp:/hostmount"
ports:
- "21:21"
command: /bin/bash /hostmount/init.sh
Here is my init.sh script for adding the user and starting the ftp server
( echo "test" ; echo "test" ) | pure-pw useradd test -m -u ftpuser -d /home/ftpusers/test
pure-pw show test
sh -c /usr/sbin/pure-ftpd -c 5 -C 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost -p 21:21 -p 30000:30009
Here is the output in the container:
Password:
Enter it again:
2017-08-30T14:33:08.744521558Z
Login : test
Password : $1$7X.BTw60$fXr9SwwP17gIXTyG/xDD6/
UID : 1000 (ftpuser)
GID : 1000 (ftpgroup)
Directory : /home/ftpusers/test/./
Full name :
Download bandwidth : 0 Kb (unlimited)
Upload bandwidth : 0 Kb (unlimited)
Max files : 0 (unlimited)
Max size : 0 Mb (unlimited)
Ratio : 0:0 (unlimited:unlimited)
Allowed local IPs :
Denied local IPs :
Allowed client IPs :
Denied client IPs :
Time restrictions : 0000-0000 (unlimited)
Max sim sessions : 0 (unlimited)
2017-08-30T14:33:08.744762482Z
But when i try to login it gives me an authentication error. And the /home/ftpusers
directory is empty.
I tried to use ftps but I found that your version of pure-ftpd simply won't run at all. After checking with pure-ftpd's tls readme file, it said:
To support TLS, the OpenSSL library must already be installed on your system. This is a common requirement so your operating system probably already ships with it.
Pure-FTPd also has to be configured with the --with-tls switch before compilation :
./configure --with-tls ...
In order to support ftps, you may need to add a line in your build from source section:
# build from source
RUN mkdir /tmp/pure-ftpd/ && \
cd /tmp/pure-ftpd/ && \
apt-get source pure-ftpd && \
cd pure-ftpd-* && \
./configure --with-tls && \ # to add tls support
sed -i '/^optflags=/ s/$/ --without-capabilities/g' ./debian/rules && \
dpkg-buildpackage -b -uc
and the startup CMD should become:
# startup
CMD /usr/sbin/pure-ftpd -c 50 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30009 --tls=2
Hello,
I'm reading the documentation, but it is unclear to me how to achieve what I want.
I have the ftp container running, user created, user has a home directory in ftpusers directory (directory mounted from the host)
-v /dockerserver/folder/ftpusers:/home/ftpusers
in the ftp users directory i have a user directory eg. [email protected]
in this folder (placed here: /dockerserver/folder/ftpusers/[email protected])
I need to mount another folder from the host inside this folder, (eg. a folder representing a dev server filesystem) which the ftp user needs access to.
I've tried with a symlink this does not work, i've tried with a mount --bind, but this does not work either, as both commands are made on the host os..
Is there a way to achieve this ?
Best Regards
OhmegaStar
Hi,
I have a droplet with an app dockerized and docker-pure-ftpd together.
I've run the container:
docker run -d --name FTP -e "PUBLICHOST=ftp.myftp.com" -p 21:21 -p 30000-30009:30000-30009 -v /var/lib/dokku/data/storage/ftp:/home/ftpusers -v /var/lib/dokku/data/storage/pureftp/:/etc/pure-ftpd stilliard/pure-ftpd
On the host or with any client I can connect to FTP. On my app container I've got always "Connection time out".
Is there a way to fix that?
Thanks a lot!
Yu.
Hi Stilliard,
I encountered the following while building the docker container with the dockerfile provided.
pure-ftpd stat /var/lib/docker/tmp/docker-builder 191299239/run.sh: no such file or directory
Please advise.
Thank you.
Kind Regards,
Cornelius
The container has been fine until a few days ago FileZilla client had this error when using the Default as the Transfer mode. If I switched to Active, then the connection is fine.
Filezilla version 3.24.1
Here's my docker-compose.yml
version: '2'
networks:
app_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.3.0/24
gateway: 172.16.3.1
services:
newcomftp:
build: .
image: myftp:latest
container_name: myftp
environment:
- PUBLICHOST=ftp.mydomain.com
ports:
- "21:21"
- "30000-30009:30000-30009"
volumes:
- /home/me/ftp:/home/ftpusers
- /home/me/config/ftp/passwd:/etc/pure-ftpd/passwd
networks:
app_net:
ipv4_address: 172.16.3.3
Dockerfile
FROM stilliard/pure-ftpd:hardened
CMD /run.sh -c 30 -C 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R
sudo docker-compose up -d --build
It was working before without any changes. But now it doesn't work.
Hi guys,
I'm a docker newb. I used it for the first time yesterday. I'm trying to install this docker on my UnRaid server.
The passive mode is working perfectly from an external ip / client. However, if I try to connect to my FTP server in my local network, i'm still getting this error "The data connection could not be established"
Status: Connecting to 192.168.1.216:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (127,0,0,1,117,55)
Command: MLSD
Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
Thank you for your help
Use pure-ftp transt file use ftp proxy in docker。I can see the transfer log in /var/log/pure-ftpd,but it like this:
#Software: Pure-FTPd 1.0.43 #Version: 1.0 #Date: 2018-04-04 07:46:45 #Fields: date time c-ip cs-method cs-uri-stem sc-status cs-username sc-bytes 2018-04-04 07:53:15 bogon []created /behb/diqu/umsg/test.txt 226 hrb 8
the IP is bogon,It is not my need.I need the ture clinet ip like 172.19.112.3.what can i do?
I was wondering if there was some built in way to have it running in foreground instead ?
Otherwise I'll manage one
Thanks !
i tried to adapt the Dockerfile to provide ldap support, following these instructions :
https://download.pureftpd.org/pub/pure-ftpd/doc/README.LDAP
FROM debian:jessie
# feel free to change this ;)
MAINTAINER Andrew Stilliard <[email protected]>
# properly setup debian sources
ENV DEBIAN_FRONTEND noninteractive
RUN echo "deb http://http.debian.net/debian jessie main\n\
deb-src http://http.debian.net/debian jessie main\n\
deb http://http.debian.net/debian jessie-updates main\n\
deb-src http://http.debian.net/debian jessie-updates main\n\
deb http://security.debian.org jessie/updates main\n\
deb-src http://security.debian.org jessie/updates main\n\
" > /etc/apt/sources.list
RUN apt-get -y update
# install package building helpers
RUN apt-get -y --force-yes --fix-missing install dpkg-dev debhelper
# install dependancies
RUN apt-get -y build-dep pure-ftpd
RUN echo $LD_LIBRARY_PATH > /libpath
RUN apt-get install -y wget db-util libdb-dev libpq5 libpq-dev
RUN wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.45.tgz && \
gunzip -c openldap-2.4.45.tgz | tar xf - && \
cd openldap-2.4.45 && \
./configure && \
make depend && \
make && \
make install
# build from source
RUN mkdir /tmp/pure-ftpd/ && \
cd /tmp/pure-ftpd/ && \
apt-get source pure-ftpd && \
cd pure-ftpd-* && \
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/x86_64-linux-gnu/ && \
./configure --with-tls --with-ldap && \
sed -i '/^optflags=/ s/$/ --without-capabilities/g' ./debian/rules && \
dpkg-buildpackage -b -uc
# install the new deb files
RUN dpkg -i /tmp/pure-ftpd/pure-ftpd-common*.deb
RUN apt-get -y install openbsd-inetd
RUN dpkg -i /tmp/pure-ftpd/pure-ftpd_*.deb
# Prevent pure-ftpd upgrading
RUN apt-mark hold pure-ftpd pure-ftpd-common
# setup ftpgroup and ftpuser
RUN groupadd ftpgroup
RUN useradd -g ftpgroup -d /home/ftpusers -s /dev/null ftpuser
# rsyslog for logging (ref https://github.com/stilliard/docker-pure-ftpd/issues/17)
RUN apt-get install -y rsyslog && \
echo "" >> /etc/rsyslog.conf && \
echo "#PureFTP Custom Logging" >> /etc/rsyslog.conf && \
echo "ftp.* /var/log/pure-ftpd/pureftpd.log" >> /etc/rsyslog.conf && \
echo "Updated /etc/rsyslog.conf with /var/log/pure-ftpd/pureftpd.log"
# setup run/init file
COPY run.sh /run.sh
RUN chmod u+x /run.sh
# default publichost, you'll need to set this for passive support
ENV PUBLICHOST ftp.foo.com
# couple available volumes you may want to use
VOLUME ["/home/ftpusers", "/etc/pure-ftpd/passwd"]
# startup
CMD /run.sh -c 50 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -p 30000:30009
EXPOSE 21 30000-30009
COPY ldap.conf /ldap.conf
RUN chmod 777 /ldap.conf
but i'm having these logs :
Starting Pure-FTPd:
pure-ftpd -c 50 -C 10 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P 10.56.160.56 -p 30000:30009 -d -l ldap:/ldap.conf -B
421 Unknown authentication method: ldap:/ldap.conf
I don't really know how to make this work. does somebody have an idea. The problem seems to be during the configure or the build :/ but there is so much log i can't find why it fails.
Hi Guys,
First, thanks for this fantastic container and all your hard work.
I followed the guide, tried to run in as hardened, latest, build my own image, added the user, but when I try to ftp and list folders I get error 421 Service not available.
Maybe you can help me to troubleshoot the problem?
Commands I run on t2.medium AWS node (all ports open for my IP):
docker pull stilliard/pure-ftpd:hardened
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=localhost" stilliard/pure-ftpd:hardened
docker exec -it ftpd_server /bin/bash
pure-pw useradd bob -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/bob
out of the container:
ftp -p IP 21
response:
gjanak@CSD006446-D:~$ ftp -p IP
Connected to IP.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 5 allowed.
220-Local time is now 13:40. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (IP:gjanak): xxx
331 User xxx OK. Password required
Password:
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mdir test
(local-file) test
output to local-file: test?
227 Entering Passive Mode (34,251,145,53,117,48)
**421 Service not available, remote server has closed connection**
ftp>
Any help is much appreciated.
Thanks
Hi,
I'm having some trouble connecting to the docker with python ftplib.
I've tried to run the docker with -p 2221:21 which worked and when I create the connection using the FTP command line everything works great.
When using python lib ftplib to create connection it worked but as soon as I try to download a file or run dir the entire python get stuck and no more packets are running from the client or the server.
Is there any explanation for this behavior?
Just to be clear, if I create the docker with -p 21:21 everything work with the python lib.
Thanks
Hi
I will install a soft to update automatically the docker image when a new will be created.
As you can understand, the problem is about the users authorized which are inside the image ...
Do you think if it's possible to create the users via the read of a file ( using -v option of docker) ?
Thank you
I'm currently deploying wordpress app with docker.
On my filezilla client, I am having troubles with following:
1. I am not able to change permission of wp-content directory .
I get the following logs when I try to modify it using filezilla
Command: SITE CHMOD 777 wp-content
Response: 550 Could not change perms on wp-content
Is there an option to allow user to change file permission. I created my ftpuser using the command below:
pure-pw useradd jim -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/jim
2. Dot files are not showing. (I have enabled "Force showing hiddle files" in filezilla)
This is my first time using pureftpd. Hope someone could help me.
Thanks in advance :)
The use of '-d /home/ftpusers/bob' (user chrooting) results in having this error when attempting to log in :
421 Home directory not available - aborting
If you do not intend to allow chrooting please update documentation (use of -D instead of -d)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.