This commit is contained in:
Sebastian Hugentobler 2017-06-13 15:36:25 +02:00
parent 23e6d54867
commit bd7346b842
6 changed files with 30 additions and 51 deletions

View File

@ -7,13 +7,13 @@ RUN adduser -h /var/lib/proftp -u 2222 -D -G proftp proftp
ADD /rootfs /
RUN apk add --no-cache libressl openldap tar gcc make g++ openldap-dev file
RUN apk add --no-cache libressl openssh-client openldap tar gcc make g++ openldap-dev zlib zlib-dev file
RUN mkdir /tmp/proftpd
RUN wget -qO- https://github.com/proftpd/proftpd/archive/$PROFTP_VERSION.tar.gz | tar -xz -C /tmp/proftpd --strip 1
WORKDIR /tmp/proftpd
RUN ./configure --with-modules=mod_ldap:mod_tls
RUN ./configure --with-modules=mod_ldap:mod_sftp
RUN patch -p1 -i /musl_mempcpy.patch
RUN make && make install
@ -21,6 +21,8 @@ RUN rm -r /tmp/proftpd
RUN rm /musl_mempcpy.patch
WORKDIR /
RUN apk del tar gcc make g++ openldap-dev file
RUN apk del tar gcc make g++ openldap-dev zlib-dev file
EXPOSE 21
VOLUME /var/lib/proftp/keys /var/lib/proftp/data
EXPOSE 22

View File

@ -1,39 +1,13 @@
File access with [ProFTPD](http://www.proftpd.org/) and ldap authentication.
File access with [ProFTPD](http://www.proftpd.org/) over sftp and ldap authentication.
# Volumes
- `/var/lib/proftp/data`: root directory for files
- `/etc/ssl/proftp:ro`: certificates have to be here
- `/var/lib/proftp/keys`: ssh key files
# Environment Variables
## SERVER_NAME
Name displayed to connecting users.
## PASSIVE_LOWER_BOUND
Lower bound for the passive port range.
## PASSIVE_UPPER_BOUND
Upper bound for the passive port range.
## TLS_PROTOCOL
- default: TLSv1.2
SSL/TLS protocol version to use.
## TLS_CIPHERS
- default: AES128+EECDH:AES128+EDH
Cipher list to use.
## CERT_NAME
- default: fullchain.pem
Name of the certificate file.
## KEY_NAME
- default: privkey.pem
Name of the key file.
## LDAP_URI
Full ldap uri with search qualifier.
@ -64,7 +38,7 @@ Whether to use tls when connecting to the ldap host.
Whether to use auth bind with ldap.
# Ports
- 21
- 22
- All ports in the defined bounds
## Capabilities

View File

@ -1,7 +1,7 @@
ServerName "{{getenv "SERVER_NAME"}}"
ServerType standalone
DefaultServer on
Port 21
Port 22
UseIPv6 off
Umask 006 007
MaxInstances 30
@ -12,24 +12,15 @@ DefaultChdir /var/lib/proftp/data
AllowOverwrite on
RequireValidShell off
PassivePorts {{getenv "PASSIVE_LOWER_BOUND"}} {{getenv "PASSIVE_UPPER_BOUND"}}
<Limit SITE_CHMOD>
DenyAll
</Limit>
<IfModule mod_tls.c>
TLSEngine on
TLSProtocol {{getenv "TLS_PROTOCOL" "TLSv1.2"}}
TLSRequired on
TLSRSACertificateFile /etc/ssl/proftp/{{getenv "CERT_NAME" "fullchain.pem"}}
TLSRSACertificateKeyFile /etc/ssl/proftp/{{getenv "KEY_NAME" "privkey.pem"}}
TLSVerifyClient off
TLSServerCipherPreference on
TLSSessionCache internal: 1800
TLSCipherSuite {{getenv "TLS_CIPHERS" "AES128+EECDH:AES128+EDH"}}
<IfModule mod_sftp.c>
SFTPEngine on
SFTPAuthMethods password
SFTPDHParamFile /var/lib/proftp/keys/dhparams.pem
SFTPHostKey /var/lib/proftp/keys/ssh_rsa_key
</IfModule>
<IfModule mod_ldap.c>

View File

@ -0,0 +1,5 @@
#!/usr/bin/with-contenv sh
if [ ! -f /var/lib/proftp/keys/dhparams.pem ]; then
openssl dhparam -outform PEM -5 nbits >> /var/lib/proftp/keys/dhparams.pem
fi

View File

@ -0,0 +1,5 @@
#!/usr/bin/with-contenv sh
if [ ! -f /var/lib/proftp/keys/ssh_rsa_key ]; then
ssh-keygen -b 2048 -t rsa -f /var/lib/proftp/keys/ssh_rsa_key -q -N ""
fi

View File

@ -1,6 +1,8 @@
diff --git a/lib/pr_fnmatch.c b/lib/pr_fnmatch.c
index a1cb101..03956c1 100644
--- a/lib/pr_fnmatch.c
+++ b/lib/pr_fnmatch.c
@@ -250,7 +250,7 @@
@@ -250,7 +250,7 @@ __wcschrnul (const wchar_t *s, wint_t c)
# endif
# define STRLEN(S) strlen (S)
# define STRCAT(D, S) strcat (D, S)