使用 Docker 快速搭建 FTP 服务

拉取镜像

You can download the image with the following command:

docker pull fauria/vsftpd
[root@ec-a ~]# docker pull fauria/vsftpd
Using default tag: latest
latest: Pulling from fauria/vsftpd
8ba884070f61: Already exists 
bf4d64e5b4a9: Pull complete 
67f77917b011: Pull complete 
5267357c06a7: Pull complete 
97b74f38df2a: Pull complete 
7bf19ad281b9: Pull complete 
c9f5ecf027e4: Pull complete 
d4952895856c: Pull complete 
a6bc2c6baa32: Pull complete 
7aad560b8704: Pull complete 
Digest: sha256:3a8a64340773cbfb34f230011c6adf7e717e33beaedc4703361385d2448c2841
Status: Downloaded newer image for fauria/vsftpd:latest

环境变量

This image uses environment variables to allow the configuration of some parameteres at run time:

用户名:

  • Variable name: FTP_USER
  • Default value: admin
  • Accepted values: Any string. Avoid whitespaces and special chars.
  • Description: Username for the default FTP account. If you don’t specify it through the FTP_USER environment variable at run time, admin will be used by default.
密码:

  • Variable name: FTP_PASS
  • Default value: Random string.
  • Accepted values: Any string.
  • Description: If you don’t specify a password for the default FTP account through FTP_PASS, a 16 characters random string will be automatically generated. You can obtain this value through the container logs.
被动模式:

  • Variable name: PASV_ADDRESS_ENABLE
  • Default value: NO
  • Accepted values: <no|yes>
  • Description: Enables / Disables Passive Mode
  • Variable name: PASV_ADDRESS_RESOLVE
  • Default value: YES
  • Accepted values: <no|yes>
  • Description: Set to YES if you want to use a hostname (as opposed to IP address) in the PASV_ADDRESS option.
  • Variable name: PASV_ADDRESS
  • Default value: Docker host IP / Hostname.
  • Accepted values: Any IPv4 address or Hostname (see PASV_ADDRESS_RESOLVE).
  • Description: If you don’t specify an IP address to be used in passive mode, the routed IP address of the Docker host will be used. Bear in mind that this could be a local address.
  • Variable name: PASV_ADDR_RESOLVE
  • Default value: NO.
  • Accepted values: YES or NO.
  • Description: Set to YES if you want to use a hostname (as opposed to IP address) in the PASV_ADDRESS option.
  • Variable name: PASV_ENABLE
  • Default value: YES.
  • Accepted values: YES or NO.
  • Description: Set to NO if you want to disallow the PASV method of obtaining a data connection.
  • Variable name: PASV_MIN_PORT
  • Default value: 21100.
  • Accepted values: Any valid port number.
  • Description: This will be used as the lower bound of the passive mode port range. Remember to publish your ports with docker -p parameter.
  • Variable name: PASV_MAX_PORT
  • Default value: 21110.
  • Accepted values: Any valid port number.
  • Description: This will be used as the upper bound of the passive mode port range. It will take longer to start a container with a high number of published ports.
日志:

  • Variable name: XFERLOG_STD_FORMAT
  • Default value: NO.
  • Accepted values: YES or NO.
  • Description: Set to YES if you want the transfer log file to be written in standard xferlog format.
  • Variable name: LOG_STDOUT
  • Default value: Empty string.
  • Accepted values: Any string to enable, empty string or not defined to disable.
  • Description: Output vsftpd log through STDOUT, so that it can be accessed through the container logs.
文件权限:

  • Variable name: FILE_OPEN_MODE
  • Default value: 0666.
  • Accepted values: File system permissions.
  • Description: The permissions with which uploaded files are created. Umasks are applied on top of this value. You may wish to change to 0777 if you want uploaded files to be executable.
  • Variable name: LOCAL_UMASK
  • Default value: 077.
  • Accepted values: File system permissions.
  • Description: The value that the umask for file creation is set to for local users. NOTE! If you want to specify octal values, remember the “0” prefix otherwise the value will be treated as a base 10 integer!

运行实例

测试:

Create a temporary container for testing purposes:

docker run --rm fauria/vsftpd

主动模式:

Create a container in active mode using the default user account, with a binded data directory:

docker run -d -p 21:21 -v /home/data/vsftpd:/home/vsftpd --name ec.vsftpd fauria/vsftpd

双模式:

Create a production container with a custom user account, binding a data directory and enabling both active and passive mode:

docker run -d -v /home/data/vsftpd:/home/vsftpd \
-p 20:20 -p 21:21 -p 21100-21110:21100-21110 \
-e FTP_USER=ec.admin -e FTP_PASS=passwd321 \
-e PASV_ADDRESS=172.16.1.61 -e PASV_MIN_PORT=21100 \
-e PASV_MAX_PORT=21110 \
--name ec.vsftpd --restart=always fauria/vsftpd
[root@ec-a ~]# docker run -d -v /home/data/vsftpd:/home/vsftpd \
> -p 20:20 -p 21:21 -p 21100-21110:21100-21110 \
> -e FTP_USER=ec.admin -e FTP_PASS=passwd321 \
> -e PASV_ADDRESS=172.16.1.61 -e PASV_MIN_PORT=21100 \
> -e PASV_MAX_PORT=21110 \
> --name ec.vsftpd --restart=always fauria/vsftpd
2317adfca4dd61a399f7e8e53d6fb7b1cd899a21cf6664d27ad420f0d991dfd6


[root@ec-a ~]# docker logs ec.vsftpd 
	*************************************************
	*                                               *
	*    Docker image: fauria/vsftd                 *
	*    https://github.com/fauria/docker-vsftpd    *
	*                                               *
	*************************************************

	SERVER SETTINGS
	---------------
	· FTP User: ec.admin
	· FTP Password: passwd321
	· Log file: /var/log/vsftpd/vsftpd.log
	· Redirect vsftpd log to STDOUT: No.
FileZilla 新建 FTP 站点
传输测试

手动添加用户:

Manually add a new FTP user to an existing container:

docker exec -i -t ec.vsftpd bash

mkdir /home/vsftpd/myuser
echo -e "myuser\nmypass" >> /etc/vsftpd/virtual_users.txt
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db

exit

docker restart ec.vsftpd

Note

主动模式(Active)

优点:
服务端配置简单,利于服务器安全管理,服务器只需要开放21端口

缺点:
如果客户端开启了防火墙,或客户端处于内网(NAT网关之后), 那么服务器对客户端端口发起的连接可能会失败

被动模式(Passive)

优点:
对客户端网络环境没有要求

缺点:
服务器配置管理稍显复杂,不利于安全,服务器需要开放随机高位端口以便客户端可以连接,因此大多数FTP服务软件都可以手动配置被动端口的范围

https://github.com/fauria/docker-vsftpd