Skip to content

Commit

Permalink
feat: Add support for active mode
Browse files Browse the repository at this point in the history
  • Loading branch information
@timo-reymann
timo-reymann committed Jul 21, 2024
1 parent b78c6bd commit b086bc2
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 27 deletions.
41 changes: 23 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,16 @@ services:
# If NO_USER_FTP_POSTFIX is set, USER_FTP_POSTFIX is disabled and the user home directory is exposed over ftp
# - USER_FTP_POSTFIX=/data
# - NO_USER_FTP_POSTFIX=true

# - PUBLIC_HOST=custom-host.domain.tld # optional and only used for passive ftp, defaults to localhost

# optional and only used for passive ftp, defaults to 127.0.0.1
# - PUBLIC_HOST=custom-host.domain.tld
ports:
# active ftp
# ftp control
- "21:21"
# passive ftp ports, may differ if you configured them differently
# active ftp
- "20:20"
# passive ftp ports, may differ if you configured them differently with PASSIVE_MIN_PORT_*
- "10090-10100:10090-10100"

# sftp
- "2022:2022"
volumes:
Expand Down Expand Up @@ -87,25 +89,27 @@ Both can be used together, so you can use env vars and/or file-based user creati

You can further configure the ftp server using the following environment variables:

| Variable | Usage |
|:--------------------|:------------------------------------------------------------|
| PASSIVE_MIN_PORT | Minimum used passive port |
| PASSIVE_MAX_PORT | Maximum used passive port |
| PUBLIC_HOST | Public host |
| UMASK | customize the ftp umask (default 022 => chmod 777) |
| USER_FTP_POSTFIX | Override the path exposed over ftp, defaults to /data |
| NO_USER_FTP_POSTFIX | Disable USER_FTP_POSTFIX, ftp access to user home directory |
| Variable | Default | Usage |
|:---------------------|:----------|:--------------------------------------------------------------------------------------|
| PASSIVE_MODE_ENABLED | yes | Set to `yes` to enable and to `no`to disable passive mode support |
| PASSIVE_MIN_PORT | 10090 | Minimum used passive port |
| PASSIVE_MAX_PORT | 10100 | Maximum used passive port |
| ACTIVE_MODE_ENABLED | yes | Set to `yes` to enable and to `no`to disable active mode support |
| PUBLIC_HOST | 127.0.0.1 | Public host used for passive mode server address |
| UMASK | 022 | customize the ftp umask |
| USER_FTP_POSTFIX | *None* | Override the path exposed over ftp, defaults to /data |
| NO_USER_FTP_POSTFIX | *None* | Disable `USER_FTP_POSTFIX` by setting to any value, ftp access to user home directory |

#### SFTP

> For SFTP there is currently no further configuration possible and necessary.

#### General settings

| Variable | Usage |
|:-------------------|:-----------------------------------------------------------------------------------------------------------|
| BANNER | Banner displayed at connect using SFTP or FTP |
| ACCOUNT_<username> | Set the value to the password to set for <username>, this will create a user to be used with SFTP and FTP. |
| Variable | Usage |
|:---------------------|:-------------------------------------------------------------------------------------------------------------|
| BANNER | Banner displayed at connect using SFTP or FTP |
| ACCOUNT_`{username}` | Set the value to the password to set for `{username}`, this will create a user to be used with SFTP and FTP. |

#### Ports

Expand All @@ -115,7 +119,8 @@ Default ports are:

| Port | Protocol |
|:------------|:------------|
| 21 | Active FTP |
| 20 | Active FTP |
| 21 | FTP control |
| 10090-10100 | Passive FTP |
| 2022 | SFTP |

Expand Down
24 changes: 16 additions & 8 deletions scripts/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,24 +80,32 @@ configure_vsftpd() {

log "FTP" "Append custom config to vsftpd config"
cat <<EOF >> $VSFTPD_CONFIG_FILE
# chroot
allow_writeable_chroot=YES
chroot_local_user=YES
ftpd_banner=${BANNER}
listen_ipv6=NO
passwd_chroot_enable=YES
local_enable=YES
local_root=${DATA_FOLDER}/\$USER${USER_FTP_POSTFIX}
local_umask=${UMASK}
passwd_chroot_enable=YES
pasv_enable=YES
user_sub_token=\$USER
# general
ftpd_banner=${BANNER}
listen_ipv6=NO
write_enable=YES
seccomp_sandbox=NO
vsftpd_log_file=$(tty)
# passive mode
pasv_enable=${PASSIVE_MODE_ENABLED:-'yes'}
pasv_max_port=${PASSIVE_MAX_PORT}
pasv_min_port=${PASSIVE_MIN_PORT}
pasv_addr_resolve=NO
pasv_promiscuous=${PASSIVE_PROMISCUOUS}
pasv_address=${PUBLIC_HOST}
seccomp_sandbox=NO
user_sub_token=\$USER
vsftpd_log_file=$(tty)
write_enable=YES
# active mode
connect_from_port_20=${ACTIVE_MODE_ENABLED:-'yes'}
EOF

log "FTP" "Disable anonymous login"
Expand Down
7 changes: 6 additions & 1 deletion tests/test_usage.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
from io import BytesIO
from tempfile import NamedTemporaryFile

import pytest


def test_crud_sftp(
chrooted_ftp_test_container,
Expand Down Expand Up @@ -38,7 +40,8 @@ def test_crud_sftp(
assert [] == connection.listdir("/data")


def test_crud_ftp(chrooted_ftp_test_container, create_ftp_connection, wait_for_container_to_be_started):
@pytest.mark.parametrize("is_active", [True, False])
def test_crud_ftp(chrooted_ftp_test_container, create_ftp_connection, wait_for_container_to_be_started, is_active):
# Create account to use in test
chrooted_ftp_test_container.with_env("ACCOUNT_pytest", "test")

Expand All @@ -51,6 +54,8 @@ def test_crud_ftp(chrooted_ftp_test_container, create_ftp_connection, wait_for_c
with chrooted_ftp_test_container:
wait_for_container_to_be_started(chrooted_ftp_test_container)
connection = create_ftp_connection(chrooted_ftp_test_container.get_exposed_port(21), "pytest", "test")
if not is_active:
connection.makepasv()

# Create file
connection.storlines("STOR test.txt", BytesIO(b'test'))
Expand Down

0 comments on commit b086bc2

Please sign in to comment.