From 970da1228c9e23313f64adec925c0f67c722eebb Mon Sep 17 00:00:00 2001 From: shu Date: Fri, 29 Jan 2021 09:34:06 +0000 Subject: [PATCH 01/10] use proftp from main repository --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 70ef3ac..9100c89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,9 +4,7 @@ RUN apk add --no-cache \ openssl \ openssh-client \ zlib \ - perl - -RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ + perl \ proftpd \ proftpd-mod_sftp \ proftpd-utils From 98dc1fb1a5e6c427fa563e99578977f39a37f757 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 28 Sep 2021 15:55:15 +0200 Subject: [PATCH 02/10] prepare for k3s --- Dockerfile | 4 ++-- README.md | 17 +++++++++++++++-- rootfs/etc/confd/templates/proftpd.conf.tmpl | 4 ++-- rootfs/etc/cont-init.d/02-dhparam | 5 ----- .../{04-static-user => 02-static-user} | 0 rootfs/etc/cont-init.d/03-ssh-keys | 5 ----- 6 files changed, 19 insertions(+), 16 deletions(-) delete mode 100644 rootfs/etc/cont-init.d/02-dhparam rename rootfs/etc/cont-init.d/{04-static-user => 02-static-user} (100%) delete mode 100644 rootfs/etc/cont-init.d/03-ssh-keys diff --git a/Dockerfile b/Dockerfile index 9100c89..992fc06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,6 @@ ADD /rootfs / WORKDIR / -VOLUME /etc/proftpd/keys /var/lib/ftp/data +VOLUME /var/lib/ftp/data -EXPOSE 22 +EXPOSE 2222 diff --git a/README.md b/README.md index 7d6f401..4179f23 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,19 @@ File access with [ProFTPD](http://www.proftpd.org/) over sftp and a static user/ # Volumes - `/var/lib/ftp/data`: root directory for files -- `/etc/proftpd/keys`: ssh key files + +# Files +## /etc/proftpd/keys/dhparams.pem +``` +openssl dhparam -outform PEM -5 + +``` + +## /etc/proftpd/keys/ssh_key +``` +ssh-keygen -b 2048 -t ed25519 -q -N "" -f ./ssh +cat ./ssh +``` # Environment Variables ## SERVER_NAME @@ -25,5 +37,6 @@ Uid for the static user. ## STATIC_GID Gid for the static user. + # Ports -- 22 +- 2222 diff --git a/rootfs/etc/confd/templates/proftpd.conf.tmpl b/rootfs/etc/confd/templates/proftpd.conf.tmpl index f59eafb..4b2a955 100644 --- a/rootfs/etc/confd/templates/proftpd.conf.tmpl +++ b/rootfs/etc/confd/templates/proftpd.conf.tmpl @@ -3,7 +3,7 @@ Include /etc/proftpd/modules.d/*.conf ServerName "{{getenv "SERVER_NAME"}}" ServerType standalone DefaultServer on -Port 22 +Port 2222 UseIPv6 off Umask {{ getenv "UMASK" "006 007" }} MaxInstances 30 @@ -27,6 +27,6 @@ AuthUserFile /etc/proftpd/passwd SFTPEngine on SFTPAuthMethods password SFTPDHParamFile /etc/proftpd/keys/dhparams.pem - SFTPHostKey /etc/proftpd/keys/ssh_rsa_key + SFTPHostKey /etc/proftpd/keys/ssh_key SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms diff --git a/rootfs/etc/cont-init.d/02-dhparam b/rootfs/etc/cont-init.d/02-dhparam deleted file mode 100644 index 9d4e7b5..0000000 --- a/rootfs/etc/cont-init.d/02-dhparam +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/with-contenv sh - -if [ ! -f /etc/proftpd/keys/dhparams.pem ]; then - openssl dhparam -outform PEM -5 nbits >> /etc/proftpd/keys/dhparams.pem -fi diff --git a/rootfs/etc/cont-init.d/04-static-user b/rootfs/etc/cont-init.d/02-static-user similarity index 100% rename from rootfs/etc/cont-init.d/04-static-user rename to rootfs/etc/cont-init.d/02-static-user diff --git a/rootfs/etc/cont-init.d/03-ssh-keys b/rootfs/etc/cont-init.d/03-ssh-keys deleted file mode 100644 index 20abf54..0000000 --- a/rootfs/etc/cont-init.d/03-ssh-keys +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/with-contenv sh - -if [ ! -f /etc/proftpd/keys/ssh_rsa_key ]; then - ssh-keygen -b 2048 -t rsa -f /etc/proftpd/keys/ssh_rsa_key -q -N "" -fi From 5f0424e2aa59a6467f196765fa8255581a290286 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 28 Sep 2021 17:25:15 +0200 Subject: [PATCH 03/10] prepare for k3s --- rootfs/etc/cont-init.d/02-static-user | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/cont-init.d/02-static-user b/rootfs/etc/cont-init.d/02-static-user index f5cdf5c..9fd2d8c 100644 --- a/rootfs/etc/cont-init.d/02-static-user +++ b/rootfs/etc/cont-init.d/02-static-user @@ -5,8 +5,8 @@ if [ ! -z ${STATIC_USER+x} ]; then --sha512 \ --passwd \ --home /var/lib/ftp/data \ - --uid "$STATIC_UID" \ - --gid "$STATIC_GID" \ + #--uid "$STATIC_UID" \ + #--gid "$STATIC_GID" \ --name "$STATIC_USER" \ --shell /bin/sh \ --file /etc/proftpd/passwd \ From 5cef43fdaadba52af5e37d8d575c9ad3ca3a4423 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 28 Sep 2021 17:29:57 +0200 Subject: [PATCH 04/10] prepare for k3s --- rootfs/etc/cont-init.d/02-static-user | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/cont-init.d/02-static-user b/rootfs/etc/cont-init.d/02-static-user index 9fd2d8c..28bd436 100644 --- a/rootfs/etc/cont-init.d/02-static-user +++ b/rootfs/etc/cont-init.d/02-static-user @@ -5,8 +5,8 @@ if [ ! -z ${STATIC_USER+x} ]; then --sha512 \ --passwd \ --home /var/lib/ftp/data \ - #--uid "$STATIC_UID" \ - #--gid "$STATIC_GID" \ + --uid "2222" \ + --gid "2222" \ --name "$STATIC_USER" \ --shell /bin/sh \ --file /etc/proftpd/passwd \ From fc8c0a489f872577e024b11dc5094af1809f7e8c Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 15 Feb 2022 16:21:13 +0100 Subject: [PATCH 05/10] use new s6-rc layout --- .gitlab-ci.yml | 24 ++++++++++++------- .../02-static-user => bin/static-user} | 2 +- rootfs/etc/fix-attrs.d/01-data | 1 - .../s6-overlay/s6-rc.d/proftpd/dependencies | 2 ++ rootfs/etc/s6-overlay/s6-rc.d/proftpd/run | 3 +++ rootfs/etc/s6-overlay/s6-rc.d/proftpd/type | 1 + .../s6-rc.d/static-user/dependencies | 1 + .../etc/s6-overlay/s6-rc.d/static-user/type | 1 + rootfs/etc/s6-overlay/s6-rc.d/static-user/up | 1 + .../s6-rc.d/user/contents.d/proftpd | 0 rootfs/etc/services.d/proftpd/run | 3 --- 11 files changed, 25 insertions(+), 14 deletions(-) rename rootfs/{etc/cont-init.d/02-static-user => bin/static-user} (91%) mode change 100644 => 100755 delete mode 100644 rootfs/etc/fix-attrs.d/01-data create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/proftpd/run create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/proftpd/type create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/static-user/type create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/static-user/up create mode 100644 rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/proftpd delete mode 100644 rootfs/etc/services.d/proftpd/run diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6c9cb03..19675aa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,12 +1,18 @@ -stages: - - build - variables: - IMAGE_NAME: thallian/user-access - CI_BUILD_ARCHS: "linux/amd64,linux/arm64" + CONTAINER_NAME: thallian/user-access build: - stage: build - script: - - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD $DOCKER_REGISTRY - - docker buildx build --platform "$CI_BUILD_ARCHS" --progress plain --pull --tag "$IMAGE_NAME:$CI_COMMIT_SHA" --tag "$IMAGE_NAME:$CI_COMMIT_REF_NAME" --tag "$IMAGE_NAME:latest" --push . + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json + - >- + /kaniko/executor + --context "$CI_PROJECT_DIR" + --dockerfile "$CI_PROJECT_DIR/Dockerfile" + --destination "$CONTAINER_NAME:$CI_COMMIT_SHA" + --destination "$CONTAINER_NAME:$CI_COMMIT_REF_NAME" + --destination "$CONTAINER_NAME:latest" diff --git a/rootfs/etc/cont-init.d/02-static-user b/rootfs/bin/static-user old mode 100644 new mode 100755 similarity index 91% rename from rootfs/etc/cont-init.d/02-static-user rename to rootfs/bin/static-user index 28bd436..c3d62c4 --- a/rootfs/etc/cont-init.d/02-static-user +++ b/rootfs/bin/static-user @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv sh +#!/bin/sh if [ ! -z ${STATIC_USER+x} ]; then echo ${STATIC_PASSWORD} | ftpasswd \ diff --git a/rootfs/etc/fix-attrs.d/01-data b/rootfs/etc/fix-attrs.d/01-data deleted file mode 100644 index 9ff8fd0..0000000 --- a/rootfs/etc/fix-attrs.d/01-data +++ /dev/null @@ -1 +0,0 @@ -/var/lib/ftp/data/ true proftpd:access 0666 0777 diff --git a/rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies new file mode 100644 index 0000000..64f28ce --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/dependencies @@ -0,0 +1,2 @@ +confd +static-user diff --git a/rootfs/etc/s6-overlay/s6-rc.d/proftpd/run b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/run new file mode 100644 index 0000000..e493d09 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/run @@ -0,0 +1,3 @@ +#!/bin/sh + +exec proftpd --nodaemon diff --git a/rootfs/etc/s6-overlay/s6-rc.d/proftpd/type b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/proftpd/type @@ -0,0 +1 @@ +longrun diff --git a/rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies b/rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies new file mode 100644 index 0000000..7ba7514 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/static-user/dependencies @@ -0,0 +1 @@ +confd diff --git a/rootfs/etc/s6-overlay/s6-rc.d/static-user/type b/rootfs/etc/s6-overlay/s6-rc.d/static-user/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/static-user/type @@ -0,0 +1 @@ +oneshot diff --git a/rootfs/etc/s6-overlay/s6-rc.d/static-user/up b/rootfs/etc/s6-overlay/s6-rc.d/static-user/up new file mode 100644 index 0000000..d13e8c0 --- /dev/null +++ b/rootfs/etc/s6-overlay/s6-rc.d/static-user/up @@ -0,0 +1 @@ +static-user diff --git a/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/proftpd b/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/proftpd new file mode 100644 index 0000000..e69de29 diff --git a/rootfs/etc/services.d/proftpd/run b/rootfs/etc/services.d/proftpd/run deleted file mode 100644 index baf408e..0000000 --- a/rootfs/etc/services.d/proftpd/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv sh - -exec proftpd --nodaemon From 28ea3609c18c4c738813765ae76ad4b9b7cf7373 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 12 Jul 2022 19:56:34 +0200 Subject: [PATCH 06/10] update base image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 992fc06..c14eedf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM thallian/confd-env:latest +FROM docker.io/thallian/confd-env:3.16 RUN apk add --no-cache \ openssl \ From 78b9affb9caacbcf1de90f360ffa73669946a5fd Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 11 Nov 2022 07:14:32 +0000 Subject: [PATCH 07/10] Delete '.gitlab-ci.yml' --- .gitlab-ci.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 19675aa..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,18 +0,0 @@ -variables: - CONTAINER_NAME: thallian/user-access - -build: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - >- - /kaniko/executor - --context "$CI_PROJECT_DIR" - --dockerfile "$CI_PROJECT_DIR/Dockerfile" - --destination "$CONTAINER_NAME:$CI_COMMIT_SHA" - --destination "$CONTAINER_NAME:$CI_COMMIT_REF_NAME" - --destination "$CONTAINER_NAME:latest" From 98642cf280af550a6fdb432edc080286a8ae366b Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 11 Nov 2022 07:15:09 +0000 Subject: [PATCH 08/10] Add '.woodpecker.yml' --- .woodpecker.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .woodpecker.yml diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..27a2496 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,11 @@ +pipeline: + publish-docker-image: + image: plugins/kaniko + settings: + repo: docker.io/thallian/user-access + tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre} + dockerfile: Dockerfile + username: + from_secret: DOCKER_USER + password: + from_secret: DOCKER_PW \ No newline at end of file From 88979d327b262151c2fa975081a8721d1331597e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Wed, 23 Nov 2022 18:04:08 +0100 Subject: [PATCH 09/10] push to alpine 3.17 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c14eedf..2ffda09 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/thallian/confd-env:3.16 +FROM docker.io/thallian/confd-env:3.17 RUN apk add --no-cache \ openssl \ From 13889200536d78d0956b2da55f5dab245d5342d1 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Wed, 20 Dec 2023 15:32:08 +0100 Subject: [PATCH 10/10] use gitea action runners --- .gitea/workflows/container.yaml | 12 ++++++++++++ .woodpecker.yml | 11 ----------- Dockerfile => Containerfile | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 .gitea/workflows/container.yaml delete mode 100644 .woodpecker.yml rename Dockerfile => Containerfile (89%) diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml new file mode 100644 index 0000000..e48b3fd --- /dev/null +++ b/.gitea/workflows/container.yaml @@ -0,0 +1,12 @@ +name: Build Multiarch Container Image +on: [push] +jobs: + call-reusable-workflow: + uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main + with: + repository: ${{ gitea.repository }} + ref_name: ${{ gitea.ref_name }} + sha: ${{ gitea.sha }} + registry_url: ${{ secrets.REGISTRY_URL }} + registry_user: ${{ secrets.REGISTRY_USER }} + registry_pw: ${{ secrets.REGISTRY_PW }} diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index 27a2496..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,11 +0,0 @@ -pipeline: - publish-docker-image: - image: plugins/kaniko - settings: - repo: docker.io/thallian/user-access - tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre} - dockerfile: Dockerfile - username: - from_secret: DOCKER_USER - password: - from_secret: DOCKER_PW \ No newline at end of file diff --git a/Dockerfile b/Containerfile similarity index 89% rename from Dockerfile rename to Containerfile index 2ffda09..17ff3cc 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,4 +1,4 @@ -FROM docker.io/thallian/confd-env:3.17 +FROM docker.io/thallian/confd-env:3.19-3.1.6.2 RUN apk add --no-cache \ openssl \