1 基础知识
本章节需要你先掌握Linux系统的SFTP以及相关的编译部署,如你尚未具备此知识,烦请参阅如下章节熟悉,
2 最佳实践
2.1 部署前的准备
本章使用如下Docker环境部署,参阅本章建议你先搭建以下Docker集群环境并熟悉,
2.2 创建新镜像
2.2.1 创建镜像项目文件夹
mkdir ~/imageProject-centos7x-vsftp
2.2.2 创建Dockerfile
vim ~/imageProject-centos7x-vsftp/Dockerfile
加入如下配置,
FROM centos:centos7 MAINTAINER will@cmdschool.org # Update OS RUN rm -rf /etc/yum.repos.d/* RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo RUN yum update -y # Deploy tools RUN yum install -y wget net-tools vim bzip2 lftp RUN yum -y install gcc gcc-c++ make expat-devel # Download fiels WORKDIR /root/ RUN wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz # Deploy VSFTP RUN yum install -y vsftpd pam-devel mariadb-devel WORKDIR /root/ RUN tar -xf pam_mysql-0.7RC1.tar.gz WORKDIR /root/pam_mysql-0.7RC1 RUN ./configure --with-mysql=/usr/bin/mysql_config --with-pam-mods-dir=/usr/lib64/security RUN make RUN make install # config vsftpd RUN mkdir -p /data COPY vsftpd.conf /etc/vsftpd/vsftpd.conf # Clean cache WORKDIR /root RUN yum clean all RUN rm -rf /root/pam_mysql* # Config Start Scripts ENV MYSQL_USER=vsftpd ENV MYSQL_PASSWORD=vsftpdpwd ENV MYSQL_HOST=mysqldb ENV MYSQL_DB=vsftpd ENV MYSQL_TABLE=users ENV MYSQL_USERCOLUMN=name ENV MYSQL_PASSWDCOLUMN=passwd ENV MYSQL_CRYPT=2 RUN echo '#!/bin/bash' > /root/start.sh RUN echo 'echo -e "\ auth sufficient /usr/lib64/security/pam_mysql.so user=${MYSQL_USER} passwd=${MYSQL_PASSWORD} host=${MYSQL_HOST} db=${MYSQL_DB} table=${MYSQL_TABLE} usercolumn=${MYSQL_USERCOLUMN} passwdcolumn=${MYSQL_PASSWDCOLUMN} crypt=${MYSQL_CRYPT}\n\ auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed\n\ auth required pam_shells.so\n\ auth include password-auth\n\ account sufficient /usr/lib64/security/pam_mysql.so user=${MYSQL_USER} passwd=${MYSQL_PASSWORD} host=${MYSQL_HOST} db=${MYSQL_DB} table=${MYSQL_TABLE} usercolumn=${MYSQL_USERCOLUMN} passwdcolumn=${MYSQL_PASSWDCOLUMN} crypt=${MYSQL_CRYPT}\n\ account include password-auth\n\ session required pam_loginuid.so\n\ session include password-auth"\ > /etc/pam.d/vsftpd' >> /root/start.sh RUN echo 'echo "Starting VSFTP Server...";' >> /root/start.sh RUN echo '/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf' >> /root/start.sh RUN chmod +x /root/start.sh EXPOSE 20 21 WORKDIR /root CMD ["/bin/bash","./start.sh"]
注:
“FROM”指令声明基于“centos7”镜像打包
“COPY”指令声明复制当前目录的具体文件到打包的镜像
“RUN”指令声明容器环境执行的命令
“EXPOSE ”指令声明容器使用的端口
“WORKDIR”指令声明切换容器内部的某个目录
“CMD”指令声明启动容器执行的启动服务命令
根据以上命令的要求,我们需要准备程序所需的配置文件,
vim ~/imageProject-centos7x-vsftp/vsftpd.conf
加入如下配置,
background=NO listen=YES anonymous_enable=NO local_enable=YES virtual_use_local_privs=YES write_enable=YES connect_from_port_20=YES pasv_enable=YES pasv_min_port=50000 pasv_max_port=50000 pam_service_name=vsftpd #pasv_address=10.168.0.x guest_enable=YES guest_username=root chroot_local_user=YES allow_writeable_chroot=YES user_sub_token=$USER local_root=/data/$USER hide_ids=YES dual_log_enable=YES xferlog_enable=YES xferlog_std_format=YES xferlog_file=/var/log/xferlog.log vsftpd_log_file=/var/log/vsftpd.log local_umask=0007
请注意,实际部署中需要启用“pasv_address”并对外声明客户端接入的IP地址,否则客户端无法使用VSFTP服务,然后,可使用如下命令确认文件,
ls ~/imageProject-centos7x-vsftp
可见如下显示,
Dockerfile vsftpd.conf
2.2.3 执行打包操作
cd ~/imageProject-centos7x-vsftp docker build -t build/centos7x-vsftp .
以上“.”指当前目录为编译目录,编译程序会自动加载“Dockerfile”文件定义,可见如下显示,
Sending build context to Docker daemon 5.632kB Step 1/25 : FROM centos:centos7 ---> c5d48e81b986 [...] Successfully built cfd8243424e3 Successfully tagged build/centos7x-vsftp:latest
完成后,可使用如下命令查看镜像,
docker images
可见如下显示,
REPOSITORY TAG IMAGE ID CREATED SIZE build/centos7x-vsftp latest cfd8243424e3 3 minutes ago 749MB [...]
2.2.4 测试软件运行
docker run -d --name vsftp -p 20:21 -p 21:21 build/centos7x-vsftp
以上运行容器环境后,我们使用以下命令登录容器虚拟机,
docker exec -it `docker container ls | grep 'vsftp' | cut -d" " -f1` /bin/bash
测试apache-php运行
netstat -antp
可见如下显示,
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 6/vsftpd
测试完成后可使用如下命令退出容器虚拟机,
exit
另外,你可以使用如下命令查询当前运行的container,
docker ps -a
可见如下显示,
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 94faed814ae1 build/centos7x-vsftp "/bin/bash ./start.sh" 3 minutes ago Up 3 minutes 20/tcp, 0.0.0.0:21->21/tcp, 0.0.0.0:20->21/tcp vsftp [...]
然后可以使用如下命令停止并删除,
docker container stop 94faed814ae1 docker container rm 94faed814ae1
参阅文档
====================
VSFTP官方主页
————–
https://security.appspot.com/vsftpd.html
VSFTP配置文件
—————–
https://security.appspot.com/vsftpd/vsftpd_conf.html
docker hub
————
https://hub.docker.com/_/85c386ff-85a7-4d61-b309-5901f625c36f?tab=description
docker builder
————–
https://docs.docker.com/engine/reference/builder/
http://www.linuxfromscratch.org/blfs/view/svn/server/vsftpd.html
没有评论