vsftp之docker版

环境

服务器参数：

• CentOS Linux release 7.9.2009 (Core)
• 4核（vCPU）8GB

防火墙：关闭
SELINUX：SELINUX=disabled
软件环境：

• docker版本：20.10.22
• docker-compose版本：2.15.1
• 本文用户和密码均为：test123456，使用时请修改，注意安全！！！

一、vsftp

1、创建目录

# 本次操作路径为：/root/service_yaml/ftp_share
cd /root/service_yaml/ftp_share
mkdir -p data

2、vsftp-share.yml

cat > vsftp-share.yml << EOF
version: "3"
services:
   ftp-share:
     image: fauria/vsftpd
     ports:
       - "0.0.0.0:20:20"
       - "0.0.0.0:21:21"
       - "8800:8800"
     environment:
       - FTP_USER=test123456
       - FTP_PASS=test123456
       - PASV_ENABLE=YES
       - PASV_ADDRESS=127.0.0.1
       - PASV_MIN_PORT=8800
       - PASV_MAX_PORT=8800
       - ANON_ENABLE=NO
       - NO_ANON_PASSWD=NO
       - ANON_ROOT=/var/ftp
       - LOCAL_ENABLE=YES
       - ANONYMOUS_ENABLE=NO
     volumes:
       # 此处的/home/vsftpd/admin 中的admin需要和FTP_USER的值保持一致
       - ./data:/home/vsftpd/admin
       - /usr/share/zoneinfo/Etc/GMT-8:/etc/localtime
     restart: always
     container_name: ftp-share
     networks:
       ftp:
         aliases:
           - ftp-share
networks:
   ftp:
     driver: bridge
EOF

2、启动 vsftp-share.yml

# 下载docker-compose
curl -kL https://github.com/docker/compose/releases/download/v1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# 加入执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 查看docker-compose版本
docker-compose -v
# 离线下载
# 到github release中下载我们的docker-compose
https://github.com/docker/compose/releases

# 启动
docker-compose -f vsftp-share.yml up -d
# 关闭
docker-compose -f vsftp-share.yml down
# 查看
docker-compose -f vsftp-share.yml ps
# 日志
docker-compose -f vsftp-share.yml logs

3、一条命令完事

cd /root/service_yaml/ftp_share

docker run -dit --name ftp-share \
-p 20:20 -p 21:21 -p 8800:8800 \
-v ./data:/home/vsftpd/admin \
-v /usr/share/zoneinfo/Etc/GMT-8:/etc/localtime \
-e FTP_USER=test123456 \
-e FTP_PASS=test123456 \
-e PASV_ENABLE=YES \
-e PASV_ADDRESS=127.0.0.1 \
-e PASV_MIN_PORT=8800 \
-e PASV_MAX_PORT=8800 \
-e ANON_ENABLE=NO \
-e NO_ANON_PASSWD=NO \
-e ANON_ROOT=/var/ftp \
-e LOCAL_ENABLE=YES \
-e ANONYMOUS_ENABLE=NO \
fauria/vsftpd

访问：

ftp://47.102.47.151/

二、nginx-vsftp版

1、创建目录

# 本次操作路径为：/root/service_yaml/ftp_share
cd /root/service_yaml/ftp_share
mkdir -p data nginx/conf.d log

2、创建 nginx 配置文件：nginx/nginx.conf

cat > nginx/nginx.conf << EOF
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    default_type        application/octet-stream;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.

    include /etc/nginx/conf.d/*.conf;
    server {
        listen 80;
        server_name  _;
        root    /usr/share/nginx/html/download;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        # limit_rate 50k;# 限制下载速度

        location / {
          auth_basic "登陆验证";
          auth_basic_user_file /usr/local/nginx/htpasswd;
          autoindex on;    #开启索引功能
          autoindex_exact_size off;  #关闭计算文件确切大小（单位bytes），只显示大概大小（单位kb、mb、gb）
          autoindex_localtime on;   #显示本机时间而非 GMT 时间
          charset utf-8,gbk;
        }

        error_page 404 /404.html;

        location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
        }
    }
}
EOF

3、创建 nginx/htpasswd

1、法1：
yum -y install httpd-devel
htpasswd -cm nginx/htpasswd test123456
# 输入两次密码：例如：test123456

2、法2：
printf "test123456:$(openssl passwd -crypt test123456)\n" >> nginx/htpasswd
cat nginx/htpasswd

4、nginx-vsftp-share.yml

cat > nginx-vsftp-share.yml << EOF
version: '3'
services:
  ftp-nginx:
    image: nginx:1.21.6-alpine
    container_name: ftp-nginx
    ports:
      - "80:80"
    volumes:
      - /home/sharefiles:/usr/share/nginx/html/download
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/htpasswd:/usr/local/nginx/htpasswd
      - ./log:/var/log/nginx
      - /usr/share/zoneinfo/Etc/GMT-8:/etc/localtime
    restart: always
    networks:
      ftp:
        aliases:
          - nginx-share

  ftp-share:
    image: fauria/vsftpd
    container_name: ftp-share
    environment:
      - FTP_USER=test123456
      - FTP_PASS=test123456
      - PASV_ENABLE=YES
      - PASV_ADDRESS=127.0.0.1
      - PASV_MIN_PORT=8800
      - PASV_MAX_PORT=8800
      - ANON_ENABLE=NO
      - NO_ANON_PASSWD=NO
      - ANON_ROOT=/var/ftp
      - LOCAL_ENABLE=YES
      - ANONYMOUS_ENABLE=NO
    volumes:
      # 此处的/home/vsftpd/test123456 中的test123456需要和FTP_USER的值保持一致
      - /home/sharefiles:/home/vsftpd/test123456
      - /usr/share/zoneinfo/Etc/GMT-8:/etc/localtime
    ports:
      - "20:20"
      - "21:21"
      - "8800:8800"
    restart: always
    networks:
      ftp:
        aliases:
          - ftp-share
networks:
   ftp:
     driver: bridge
EOF

5、启动 nginx-vsftp-share.yml

# 下载docker-compose
curl -kL https://github.com/docker/compose/releases/download/2.15.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# 加入执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 查看docker-compose版本
docker-compose -v
# 离线下载
# 到github release中下载我们的docker-compose
https://github.com/docker/compose/releases

# 启动
docker-compose -f nginx-vsftp-share.yml up -d
# 关闭
docker-compose -f nginx-vsftp-share.yml down
# 查看
docker-compose -f nginx-vsftp-share.yml ps
# 日志
docker-compose -f nginx-vsftp-share.yml logs

6、一条命令完事

1、vsftp
cd /root/service_yaml/ftp_share

docker run -dit --name ftp-share \
-p 20:20 -p 21:21 -p 8800:8800 \
-v ./data:/home/vsftpd/test123456 \
-v /usr/share/zoneinfo/Etc/GMT-8:/etc/localtime \
-e FTP_USER=test123456 \
-e FTP_PASS=test123456 \
-e PASV_ENABLE=YES \
-e PASV_ADDRESS=127.0.0.1 \
-e PASV_MIN_PORT=8800 \
-e PASV_MAX_PORT=8800 \
-e ANON_ENABLE=NO \
-e NO_ANON_PASSWD=NO \
-e ANON_ROOT=/var/ftp \
-e LOCAL_ENABLE=YES \
-e ANONYMOUS_ENABLE=NO \
fauria/vsftpd

2、nginx
cd /root/service_yaml/ftp_share

docker run -dit --name ftp-nginx \
-p 80:80 \
-v ./data:/usr/share/nginx/html/download \
-v ./nginx/conf.d:/etc/nginx/conf.d \
-v ./nginx/nginx.conf:/etc/nginx/nginx.conf \
-v ./nginx/htpasswd:/usr/local/nginx/htpasswd \
-v ./log:/var/log/nginx \
-v /usr/share/zoneinfo/Etc/GMT-8:/etc/localtime \
nginx:1.21.6-alpine

访问：

ftp://47.102.47.151/
http://47.102.47.151/

用户/密码：test123456/test123456

ftp://47.102.47.151/
http://47.102.47.151/
用户/密码：test123456/test123456

三、客户端访问问题

1、如遇到下面这个问题

解决：
设置Internet Explorer 开启ftp被动模式

FAQs

1、ftp目录下可能出现木马文件（.scr文件或者.lnk文件）

• 清除脚本delete_lnk_scr.sh

  #!/bin/bash
  
  # ftp's dir
  path="/home/sharefiles"
  key1="*.scr"
  key2="*.lnk"
  
  function start(){
  find ${path} -type f -name ${key1} -print -exec rm -rf {} \
  find ${path} -type f -name ${key2} -print -exec rm -rf {} \
  }
  
  # main
  function main(){
  	start
  }
  
  # action
  main

• 解决方法：

  关闭匿名认证

在ftp-share服务中environment添加
      - LOCAL_ENABLE=YES
      - ANONYMOUS_ENABLE=NO