2016-10-31 18:21:10 +00:00
|
|
|
File access with [ProFTPD](http://www.proftpd.org/) and ldap authentication.
|
2016-10-31 17:53:00 +00:00
|
|
|
|
|
|
|
# Volumes
|
|
|
|
- `/var/lib/proftp/data`: root directory for files
|
|
|
|
- `/etc/ssl/proftp:ro`: certificates have to be here
|
|
|
|
|
|
|
|
# Environment Variables
|
|
|
|
## SERVER_NAME
|
|
|
|
Name displayed to connecting users.
|
|
|
|
|
|
|
|
## PASSIVE_LOWER_BOUND
|
|
|
|
Lower bound for the passive port range.
|
|
|
|
|
|
|
|
## PASSIVE_UPPER_BOUND
|
|
|
|
Upper bound for the passive port range.
|
|
|
|
|
|
|
|
## TLS_PROTOCOL
|
|
|
|
- default: TLSv1.2
|
|
|
|
|
|
|
|
SSL/TLS protocol version to use.
|
|
|
|
|
|
|
|
## TLS_CIPHERS
|
|
|
|
- default: AES128+EECDH:AES128+EDH
|
|
|
|
|
|
|
|
Cipher list to use.
|
|
|
|
|
|
|
|
## CERT_NAME
|
|
|
|
- default: fullchain.pem
|
|
|
|
|
|
|
|
Name of the certificate file.
|
|
|
|
|
|
|
|
## KEY_NAME
|
|
|
|
- default: privkey.pem
|
|
|
|
|
|
|
|
Name of the key file.
|
|
|
|
|
|
|
|
## LDAP_URI
|
|
|
|
Full ldap uri with search qualifier.
|
|
|
|
|
|
|
|
For example: `ldap://ldap:389/??sub`
|
|
|
|
|
|
|
|
## LDAP_BASE
|
|
|
|
Base DN for ldap searches.
|
|
|
|
|
|
|
|
## LDAP_FILTER
|
|
|
|
Ldap [filter](http://www.proftpd.org/docs/directives/linked/config_ref_LDAPUsers.html) to find valid users.
|
|
|
|
|
|
|
|
`%u` is replaced with the username.
|
|
|
|
|
|
|
|
## LDAP_BIND_DN
|
|
|
|
DN to use when connecting to the ldap host.
|
|
|
|
|
|
|
|
## LDAP_BIND_PASSWORD
|
|
|
|
Password to use when connecting to the ldap host.
|
|
|
|
|
|
|
|
## LDAP_USE_TLS
|
|
|
|
- default: on
|
|
|
|
|
|
|
|
Whether to use tls when connecting to the ldap host.
|
|
|
|
|
|
|
|
## LDAP_USE_AUTH_BIND
|
|
|
|
- default: on
|
|
|
|
|
|
|
|
Whether to use auth bind with ldap.
|
|
|
|
|
|
|
|
# Ports
|
|
|
|
- 21
|
|
|
|
- All ports in the defined bounds
|
|
|
|
|
|
|
|
## Capabilities
|
|
|
|
- DAC_OVERRIDE
|
|
|
|
- NET_BIND_SERVICE
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2016-10-31 19:45:16 +00:00
|
|
|
- SYS_CHROOT
|
|
|
|
-
|