docker-compose pure-ftpd ssh-server 구성

 

참고사항:

pure-ftpd ubuntu 14.04

ssh-server ubuntu 16.04

vmware NAT 환경시 문제가 생길수 있습니다. Bridge 환경으로 테스트 하시기 바랍니다.

 

Github

test@docker-test:~$ git clone https://github.com/visualwork/Docker-test.git

/Docker-test/test04 에 있습니다. 🙂

 

디렉토리 구조

ftp-server$ tree

├── docker-compose.yml
├── pure-ftpd
│       ├── Dockerfile
│       └── pureftpd.passwd
└── ssh-server
    └── Dockerfile

 

docker-compose 를 구성하기 위하여 디렉토리를 생성 합니다. 

test@docker-test:~$ mkdir ftp-server
test@docker-test:~$ cd ftp-server/
test@docker-test:~/ftp-server$ mkdir pure-ftpd
test@docker-test:~/ftp-server$ mkdir ssh-server
test@docker-test:~/ftp-server$ sudo mkdir /ftp-data
test@docker-test:~/ftp-server$ sudo chown test:test /ftp-data/

 

docker-compose.yml 파일 생성

test@docker-test:~/ftp-server$ pwd
/home/test/ftp-server
test@docker-test:~/ftp-server$ vi docker-compose.yml

version: '3'

services:
  pure-ftpd:
    build:
      context: pure-ftpd
    image: ftp/pure-ftpd:14.04
    container_name: ftpd
    ports:
      - "21:21"
      - "20000-20099:20000-20099"
    volumes:
      - "/ftp-data:/home/ftp"
    restart: always

  ssh-server:
    build:
      context: ssh-server
    image: ssh-server
    container_name: ssh-server
    ports:
      - "12341:22"
    volumes:
      - "/ftp-data:/home/test/ftp:ro"
    restart: always

 

 

ssh-server Dockerfile 생성

test@docker-test:~/ftp-server$ cd ssh-server/
test@docker-test:~/ftp-server/ssh-server$ vi Dockerfile
FROM ubuntu:16.04
MAINTAINER Sven Dowideit <SvenDowideit@docker.com>
 
#RUN apt-get update && apt-get install -y openssh-server
RUN apt-get update && apt-get install -y openssh-server \
&& mkdir /var/run/sshd \
&& useradd -ms /bin/bash test \
&& sed -ie 's/test:!/test:\$6\$pIPlIFrg\$WZRTmOoouwD6L\/IDgz8fw97agQjdeXticOJyayjUYwmiuNKkJE92rBtr0XDXhVE4rSi9PkWv8rtnA0rCuR6ts\//g' /etc/shadow \
&& sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
&& sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
 
#COPY data/* /.ROOT/
 
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
 
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

test user 의 패스워드는 test1234 입니다.

 

pure-ftpd Dockerfile 생성

FROM ubuntu:14.04

MAINTAINER test@test

RUN apt-get update && \
apt-get install pure-ftpd openssl libpam-dev libcap2-dev libldap2-dev libmysqlclient-dev libmysqlclient15-dev libpq-dev libssl-dev po-debconf dpkg-dev debhelper -y

RUN mkdir /tmp/pure-ftpd/ && \
        cd /tmp/pure-ftpd/ && \
        apt-get source pure-ftpd && \
        cd pure-ftpd-* && \
        sed -i '/^optflags=/ s/$/ --without-capabilities/g' ./debian/rules && \
        dpkg-buildpackage -b -uc
RUN dpkg -i /tmp/pure-ftpd/pure-ftpd-common*.deb
RUN apt-get -y install openbsd-inetd
RUN dpkg -i /tmp/pure-ftpd/pure-ftpd_*.deb
RUN apt-mark hold pure-ftpd pure-ftpd-common
RUN cd /etc/pure-ftpd && \
adduser ftpd-data && \
mkdir /home/ftp && \
chown ftpd-data:ftpd-data -R /home/ftp && \
echo yes > ./conf/ChrootEveryone && \
echo yes > ./conf/DontResolve && \
echo yes > ./conf/NoChmod && \
echo yes > ./conf/ProhibitDotFilesWrite && \
echo yes > ./conf/CustomerProof && \
echo '20000 20099' > ./conf/PassivePortRange && \
echo ',21' > ./conf/Bind && \
echo '2' > ./conf/TLS && \
openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=KR/ST=SouthKorea/L=Seoul/O=test.com/OU=IT Department/CN=ftp.test.com"
ADD pureftpd.passwd /etc/pure-ftpd/
RUN pure-pw mkdb
RUN ln -sf /dev/stdout /var/log/pure-ftpd/transfer.log
CMD /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -x -u 30 -H -S ,21 -O clf:/var/log/pure-ftpd/transfer.log -Z -A -p 20000:20099 -E -R -8 UTF-8 -Y 2
EXPOSE 21/tcp 20000-20099/tcp

 

pureftpd.passwd file 생성

test@docker-test:~/ftp-server/pure-ftpd$ pwd
/home/test/ftp-server/pure-ftpd
test@docker-test:~/ftp-server/pure-ftpd$ vi pureftpd.passwd
test:$1$P4DB31/0$iIPf8.YJ6XP6k1zsmQtJq1:1000:1000::/home/ftp/./::::::::::::

(pure-ftpd VirtualUser 생성시 pureftpd.passwd 파일에 계정을 추가 하면 됩니다.)

test / test1234 입니다.

 

ftp-server 실행

test@docker-test:~/ftp-server$ docker-compose up -d --build
test@docker-test:~/ftp-server$ docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
25725255d655        ftp/pure-ftpd:14.04   "/bin/sh -c '/usr/sb…"   8 seconds ago       Up 6 seconds        0.0.0.0:21->21/tcp, 0.0.0.0:20000-20099->20000-20099/tcp   ftpd
b319c9a53cb3        ssh-server            "/usr/sbin/sshd -D"      8 seconds ago       Up 6 seconds        0.0.0.0:12341->22/tcp                                      ssh-server
test@docker-test:~/ftp-server$

 

pure-ftp user 생성시 참고

test@docker-test:~/ftp-server$ docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
6906ee88690b        ftp/pure-ftpd:14.04   "/bin/sh -c '/usr/sb…"   37 seconds ago      Up 35 seconds       0.0.0.0:21->21/tcp, 0.0.0.0:20000-20099->20000-20099/tcp   ftpd
c48bb291d39e        ssh-server            "/usr/sbin/sshd -D"      37 seconds ago      Up 35 seconds       0.0.0.0:12341->22/tcp                                      ssh-server
test@docker-test:~/ftp-server$ docker exec -it 6906ee88690b /bin/bash

root@6906ee88690b:/# pure-pw useradd test1 -u ftpd-data -g ftpd-data -d /home/ftp
Password:
Enter it again:
root@6906ee88690b:/# pure-pw mkdb


root@6906ee88690b:/# cat /etc/pure-ftpd/pureftpd.passwd
test:$1$P4DB31/0$iIPf8.YJ6XP6k1zsmQtJq1:1000:1000::/home/ftp/./::::::::::::
test1:$1$R4VNLgS0$Upx3H9Fky0V/LJ9uNALim.:1000:1000::/home/ftp/./::::::::::::

 

pureftpd.passwd 파일에 user:password 필드로 입력하면 됩니다.

컨테이너의  /etc/pure-ftpd/pureftpd.passwd 파일에서 패스워드를 확인 가능 합니다.

test@docker-test:~/ftp-server/pure-ftpd$ cat pureftpd.passwd
test:$1$P4DB31/0$iIPf8.YJ6XP6k1zsmQtJq1:1000:1000::/home/ftp/./::::::::::::

 

 

filezilla 접속테스트

 

별도로 Test는 진행하지 않았지만 sshfs 로 mount 를 할수 있습니다.

ssh-server port 12341 로 mount 하여 사용할수 있습니다. 🙂

 

 

 

 

dockerfile 을 이용한 ssh-server 를 테스트

ftp 운영시 sshfs 로 mount 를 할때 유용 합니다.

 

Github

test@docker-test:~$ git clone https://github.com/visualwork/Docker-test.git

/Docker-test/test03 에 있습니다. 🙂

 

디렉토리 생성 및 Dockerfile 작성

test@docker-test:~$ mkdir ssh-server
test@docker-test:~$ cd ssh-server/
test@docker-test:~/ssh-server$ vi Dockerfile


FROM ubuntu:16.04
MAINTAINER Sven Dowideit <SvenDowideit@docker.com>

#RUN apt-get update && apt-get install -y openssh-server
RUN apt-get update && apt-get install -y openssh-server \
&& mkdir /var/run/sshd \
&& useradd -ms /bin/bash test \
&& sed -ie 's/test:!/test:\$6\$pIPlIFrg\$WZRTmOoouwD6L\/IDgz8fw97agQjdeXticOJyayjUYwmiuNKkJE92rBtr0XDXhVE4rSi9PkWv8rtnA0rCuR6ts\//g' /etc/shadow \
&& sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
&& sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

#COPY data/* /.ROOT/

ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile

EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

linux 이미지는 16.04 이용합니다.

openssh-server 설치후 user 를 생성 합니다.

username은 test 입니다.

test password 의 경우 sed -ie 로 미리지정된 password 로 변경 합니다.

test 유저의 password 는 test1234 입니다.

 

 

 

dockerfile build

test@docker-test:~/ssh-server$ docker build --tag ssh-server .
Sending build context to Docker daemon 2.56kB
Step 1/7 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
1be7f2b886e8: Pull complete
6fbc4a21b806: Pull complete
c71a6f8e1378: Pull complete
4be3072e5a37: Pull complete
06c6d2f59700: Pull complete
Digest: sha256:e27e9d7f7f28d67aa9e2d7540bdc2b33254b452ee8e60f388875e5b7d9b2b696
Status: Downloaded newer image for ubuntu:16.04
---> 0458a4468cbc
Step 2/7 : MAINTAINER Sven Dowideit <SvenDowideit@docker.com>
---> Running in 6d0f296e4098
Removing intermediate container 6d0f296e4098
---> 03402fb21291
Step 3/7 : RUN apt-get update &
~중략

 

image 확인

test@docker-test:~/ssh-server$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ssh-server latest bb93ba239129 4 minutes ago 206MB
ubuntu 16.04 0458a4468cbc 3 weeks ago 112MB
test@docker-test:~/ssh-server$

test@docker-test:~/ssh-server$ mkdir ~/ftp

 

컨테이너 실행

컨테이너 실행전 /home/test 디렉토리에 ftp 디렉토리를 생성합니다.
test@docker-test:~/ssh-server$ mkdir ~/ftp
test@docker-test:~/ssh-server$ docker run --name ssh-server -d -p 12341:22 -v /home/test/ftp:/home/test/ftp ssh-server
b8b8a4cba5f21f54b93071383ae05b0b9b0d7c4ae64da0ba94bb8b6479f1ca3d
test@docker-test:~/ssh-server$

/home/test/ftp 디렉토리의 경우 ftp 볼륨연결시 sshfs 연결 목적으로 사용합니다.

 

컨테이너 실행확인

test@docker-test:~/ssh-server$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b8b8a4cba5f2 ssh-server "/usr/sbin/sshd -D" 8 seconds ago Up 8 seconds 0.0.0.0:12341->22/tcp ssh-server

 

 Volume 연결 테스트

test@docker-test:~$ cd ftp/
test@docker-test:~/ftp$ ls
test@docker-test:~/ftp$ touch 0
test@docker-test:~/ftp$ cd
test@docker-test:~$ docker ps
CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS                   NAMES
b8b8a4cba5f2        ssh-server          "/usr/sbin/sshd -D"   6 minutes ago       Up 6 minutes        0.0.0.0:12341->22/tcp   ssh-server
test@docker-test:~$ docker exec -it b8b8a4cba5f2 /bin/bash
root@b8b8a4cba5f2:/# cd /home/test/ftp/
root@b8b8a4cba5f2:/home/test/ftp# ls
0

 

ssh 접속 테스트 (port를 12341 로 접속해야 합니다.)

login as: test
test@192.168.192.134's password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-62-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

test@ce4578c8c06b:~$