update

vsftpd/ADD/ccmd

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+##################################################
+# Mount file                                     #
+# - /etc/vsftpd/vsftpd.conf                      #
+# Mount dir                                      #
+# - /var/lib/ftp, /home or other data_dir        #
+# - LOG_DIR                                      #
+# ENV                                            #
+# - VSFTPD_OPTS                                  #
+##################################################
+
+set -euo pipefail
+export LANG=en_US.UTF-8
+trap Quit EXIT
+
+PIDS=
+GOT_SIGTERM=
+LOG_DIR='/var/log/vsftpd'
+ARGS="${VSFTPD_OPTS:-}"
+
+function Print {
+    local file=/dev/null
+    [ '-f' = "$1" ] && file=$2 && shift && shift
+    date +"[%F %T] $*" | tee -a $file
+}
+
+function Quit {
+    Print killing vsftpd ...
+    while :; do
+        pkill -f rsync && Print killing vsftpd ... || break
+        sleep 1
+    done
+    Print Container stopped.
+    test -n "$GOT_SIGTERM"
+}
+
+function CreateFtpUser {
+    local kv=
+    local uid=
+    local user=
+    local userList=/etc/vsftpd/user_list
+    Print Create ftp users ...
+    : > $userList
+    grep -q '^anonymous_enable *= *YES' /etc/vsftpd/vsftpd.conf && echo anonymous >> $userList
+    for kv in $(env | grep '^FTP_USER_[0-9]\+='); do
+        uid=$(echo $kv | cut -d= -f1 | cut -d_ -f3)
+        user=$(echo $kv | cut -d= -f2- | cut -d: -f1)
+        userPass=$(echo $kv | cut -d= -f2-)
+        id $uid || adduser -D -s /sbin/nologin -u $uid $user
+        echo "${userPass}" | chpasswd
+        echo $user >> $userList
+    done
+}
+
+function StartProc {
+    Print Starting vsftpd ...
+    vsftpd /etc/vsftpd/vsftpd.conf $ARGS /etc/vsftpd/vsftpd-sys.conf &
+    PIDS="$PIDS $!"
+    Print vsftpd started.
+}
+
+function Main {
+    local pid=
+    CreateFtpUser
+    StartProc
+    trap "GOT_SIGTERM=1; Print Got SIGTERM ..." SIGTERM
+    while [ -z "$GOT_SIGTERM" ] && sleep 1; do
+        for pid in $PIDS; do
+            [ ! -e /proc/$pid ] && Print Unexpected error! && exit
+        done
+    done
+}
+
+# Start here
+Main
+

vsftpd/Demo/README.md

@@ -0,0 +1,16 @@
+# 部署 vsftpd
+
+- 服务器数据盘挂载到 /data/ 目录下
+- 根据实际环境修改
+    - docker-compose.yml
+
+- 创建目录
+    ```
+    grep '\<source:' docker-compose.yml | cut -d: -f2 | xargs mkdir -p
+    ```
+
+- 启动
+    ```
+    docker-compose up -d
+    ```
+

vsftpd/Demo/docker-compose.yml

@@ -0,0 +1,73 @@
+version: "3.7"
+
+services:
+  # 默认开启 anonymous 用户，无密码，数据目录是 /var/lib/ftp/
+  # 把容器的数据目录挂载到宿主机数据盘 /data/ftp
+  # 默认主动模式，控制端口默认监听 21
+  vsftpd-anonymous:
+    image: harbor.colben.cn/general/vsftpd:latest
+    container_name: vsftpd-anonymous
+    restart: "on-failure"
+    network_mode: host
+    volumes:
+    - type: bind
+      source: ./vsftpd/vsftpd.conf
+      target: /etc/vsftpd/vsftpd.conf
+    - type: bind
+      source: ./vsftpd/log
+      target: /var/log/vsftpd
+    - type: bind
+      source: /data/ftp
+      target: /var/lib/ftp
+
+  # 默认开启 anonymous 用户，无密码，数据目录是 /var/lib/ftp/
+  # 创建普通用户 user1，uid: 1001，密码: 123456，允许上传下载，数据目录是 $HOME
+  # 把容器的数据目录挂载到宿主机数据盘 /data/ftp
+  # 默认主动模式，控制端口监听 3021
+  vsftpd-full:
+    image: harbor.colben.cn/general/vsftpd:latest
+    container_name: vsftpd-full
+    restart: "on-failure"
+    environment:
+      FTP_USER_1001: 'user1:123456'
+      VSFTPD_OPTS: '-owrite_enable=YES -olisten_port=8021'
+    network_mode: host
+    volumes:
+    - type: bind
+      source: ./vsftpd/vsftpd.conf
+      target: /etc/vsftpd/vsftpd.conf
+    - type: bind
+      source: ./vsftpd/log
+      target: /var/log/vsftpd
+    - type: bind
+      source: /data/ftp/anonymous
+      target: /var/lib/ftp
+    - type: bind
+      source: /data/ftp
+      target: /home
+
+  # 不允许 anonymous 登录
+  # 创建普通用户 user2，uid 是 1002，密码: 123456，允许上传下载，数据目录是 $HOME
+  # 创建普通用户 user3，uid 是 1003，密码: 123456，允许上传下载，数据目录是 $HOME
+  # 把容器的数据目录挂载到宿主机数据盘 /data/ftp
+  # 开启被动模式，控制端口监听 8021，数据端口监听 8022
+  vsftpd:
+    image: harbor.colben.cn/general/vsftpd:latest
+    container_name: vsftpd
+    restart: "on-failure"
+    environment:
+      FTP_USER_1002: 'user2:123456'
+      FTP_USER_1003: 'user3:123456'
+      VSFTPD_OPTS: '-oanonymous_enable=NO -owrite_enable=YES -olisten_port=8021 -opasv_min_port=8022 -opasv_max_port=8022'
+    network_mode: host
+    volumes:
+    - type: bind
+      source: ./vsftpd/vsftpd.conf
+      target: /etc/vsftpd/vsftpd.conf
+    - type: bind
+      source: ./vsftpd/log
+      target: /var/log/vsftpd
+    - type: bind
+      source: /data/ftp
+      target: /home
+

vsftpd/Dockerfile

@@ -0,0 +1,22 @@
+ARG             ARCH
+FROM            harbor.colben.cn/general/alpine$ARCH:3.12
+MAINTAINER      Colben colbenlee@gmail.com
+ADD             --chown=root:root /ADD/ /opt/
+RUN             apk update \
+                    && apk add --no-cache vsftpd \
+                    && mkdir -p /var/log/vsftpd \
+                    && rm -rf /var/cache/apk/* \
+                    && echo -e 'seccomp_sandbox=NO\n\
+local_enable=YES\n\
+userlist_enable=YES\n\
+userlist_deny=NO\n\
+userlist_file=/etc/vsftpd/user_list\n\
+chroot_local_user=YES\n\
+allow_writeable_chroot=YES\n\
+dual_log_enable=YES\n\
+xferlog_file=/var/log/vsftpd/xfer.log\n\
+vsftpd_log_file=/var/log/vsftpd/vsftpd.log\n\
+' > /etc/vsftpd/vsftpd-sys.conf
+
+CMD             ["/opt/ccmd"]
+

vsftpd/README.md

@@ -0,0 +1,15 @@
+# 构建 vsftpd 镜像
+
+## 定制
+- 安装 vsftpd
+
+## 外挂目录和文件
+- /etc/vsftpd/vsftpd.conf: vsftpd 配置文件
+- /var/log/vsftpd: vsftpd 日志目录
+- 数据目录
+    * anonymous 用户: /var/lib/ftp
+    * 其他用户: $HOME 或 local_root
+
+## 案例
+- [Demo/](Demo/): 部署 vsftpd
+

vsftpd/vsftpd.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+#=========================================
+# Author   : colben
+#=========================================
+
+set -euo pipefail
+export LANG=en_US.UTF-8
+
+[ 'x86_64' == "$(uname -m)" ] && ARCH='' || ARCH="-$(uname -m)"
+ROOT_DIR="$(cd $(dirname $0) && pwd)"
+IMAGE="harbor.colben.cn/general/$(basename ${0%.sh})$ARCH:latest"
+
+if [ -t 0 ]; then
+    function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
+    function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; }
+    function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; }
+else
+    function Print { echo -e "$(date +'[%F %T INFO]') $*"; }
+    function Warn { echo -e "$(date +'[%F %T WARN]') $*"; }
+    function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; }
+fi
+
+function Quit {
+    local exitCode=$?
+    [ 0 -ne $exitCode ] && Error Failed to build or push image!
+    [ -z "${END:-}" ] && echo && Error Interrupted manually!
+    Print Succeeded to build and push image.
+}
+
+function YesOrNo {
+    Warn $*
+    local sw=
+    while :; do
+        read -p '(Yes/No/Quit) ' -n1 sw
+        [[ "$sw" =~ ^Y|y$ ]] && echo && return 0
+        [[ "$sw" =~ ^N|n$ ]] && echo && return 1
+        [[ "$sw" =~ ^Q|q$ ]] && echo && exit 0
+        [ -n "$sw" ] && echo
+    done
+}
+
+function Update {
+    :
+}
+
+function Build {
+    local yn
+    cd $ROOT_DIR
+    docker images --format='{{.Repository}}:{{.Tag}}' | grep "^$IMAGE$" \
+        && Warn Removing image $IMAGE ... \
+        && docker rmi $IMAGE
+    Warn Building image: $IMAGE ...
+    docker build --force-rm --build-arg ARCH="$ARCH" -t $IMAGE .
+    YesOrNo Push image: $IMAGE? && docker push $IMAGE
+}
+
+function Main {
+    trap Quit EXIT
+    Update
+    Build
+    END=1
+}
+
+# Start here
+Main
+