2016-07-31 10:56:13 -04:00
# Supported tags and respective `Dockerfile` links
2014-10-06 15:40:59 -04:00
2016-08-18 06:49:08 -04:00
- [`debian-jessie`, `debian`, `latest` (*Dockerfile*) ](https://github.com/atmoz/sftp/blob/master/Dockerfile ) [![ ](https://images.microbadger.com/badges/image/atmoz/sftp.svg )](http://microbadger.com/images/atmoz/sftp "Get your own image badge on microbadger.com")
- [`alpine-3.4`, `alpine` (*Dockerfile*) ](https://github.com/atmoz/sftp/blob/alpine/Dockerfile ) [![ ](https://images.microbadger.com/badges/image/atmoz/sftp:alpine.svg )](http://microbadger.com/images/atmoz/sftp "Get your own image badge on microbadger.com")
2014-10-06 15:40:59 -04:00
2016-07-31 10:56:13 -04:00
# Securely share your files
Easy to use SFTP ([SSH File Transfer Protocol](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol)) server with [OpenSSH ](https://en.wikipedia.org/wiki/OpenSSH ).
This is an automated build linked with the [debian ](https://hub.docker.com/_/debian/ ) and [alpine ](https://hub.docker.com/_/alpine/ ) repositories.
# Usage
2014-10-06 15:40:59 -04:00
2016-08-06 11:46:28 -04:00
- Define users as command arguments, STDIN or mounted in `/etc/sftp-users.conf`
2016-08-12 10:21:07 -04:00
(syntax: `user:pass[:e][:uid[:gid[:dir1[,dir2]...]]]...` ).
- Set UID/GID manually for your users if you want them to make changes to
2014-10-20 21:21:53 -04:00
your mounted volumes with permissions matching your host filesystem.
2016-08-12 10:21:07 -04:00
- Add directory names at the end, if you want to create them and/or set user
2016-08-12 10:38:38 -04:00
ownership. Perfect when you just want a fast way to upload something without
2016-08-12 10:21:07 -04:00
mounting any directories, or you want to make sure a directory is owned by
2016-08-12 10:38:38 -04:00
a user (chown -R).
2016-08-18 06:45:59 -04:00
- Mount volumes in user's home directory.
2014-10-20 13:43:07 -04:00
- The users are chrooted to their home directory, so you must mount the
volumes in separate directories inside the user's home directory
(/home/user/**mounted-directory**).
2014-10-15 16:26:16 -04:00
2016-07-31 10:56:13 -04:00
# Examples
2014-10-15 16:47:14 -04:00
2016-08-12 10:21:07 -04:00
## Simplest docker run example
```
docker run -p 22:22 -d atmoz/sftp foo:pass:::upload
```
2016-08-18 06:45:59 -04:00
User "foo" with password "pass" can login with sftp and upload files to a folder called "upload". No mounted directories or custom UID/GID. Later you can inspect the files and use `--volumes-from` to mount them somewhere else (or see next example).
2016-08-12 10:21:07 -04:00
## Sharing a directory from your computer
2016-08-18 06:45:59 -04:00
Let's mount a directory and set UID:
2014-10-15 18:09:27 -04:00
2014-10-15 16:47:14 -04:00
```
docker run \
2014-10-20 21:21:53 -04:00
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
foo:123:1001
2014-10-15 16:47:14 -04:00
```
2014-10-06 18:25:49 -04:00
2016-07-31 10:56:13 -04:00
### Using Docker Compose:
2015-11-23 09:11:48 -05:00
```
sftp:
image: atmoz/sftp
volumes:
- /host/share:/home/foo/share
ports:
- "2222:22"
command: foo:123:1001
```
2016-07-31 10:56:13 -04:00
### Logging in
2015-02-18 18:12:37 -05:00
2015-02-23 06:08:11 -05:00
The OpenSSH server runs by default on port 22, and in this example, we are
2016-03-17 16:27:41 -04:00
forwarding the container's port 22 to the host's port 2222. To log in with the
2015-02-23 06:23:07 -05:00
OpenSSH client, run: `sftp -P 2222 foo@<host-ip>`
2015-02-18 18:12:37 -05:00
2016-07-31 10:56:13 -04:00
## Store users in config
2015-12-07 04:10:24 -05:00
2014-10-06 18:25:49 -04:00
```
docker run \
2015-12-07 04:10:24 -05:00
-v /host/users.conf:/etc/sftp-users.conf:ro \
2014-10-20 21:21:53 -04:00
-v /host/share:/home/foo/share \
-v /host/documents:/home/foo/documents \
-v /host/http:/home/bar/http \
2015-12-07 04:10:24 -05:00
-p 2222:22 -d atmoz/sftp
2014-10-06 18:25:49 -04:00
```
2015-12-07 04:27:14 -05:00
/host/users.conf:
```
foo:123:1001
bar:abc:1002
```
2016-07-31 10:56:13 -04:00
## Encrypted password
2014-10-20 13:43:07 -04:00
2016-03-17 16:27:41 -04:00
Add `:e` behind password to mark it as encrypted. Use single quotes if using terminal.
2014-10-20 13:43:07 -04:00
```
2014-10-20 21:21:53 -04:00
docker run \
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
'foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001'
2014-10-20 13:43:07 -04:00
```
2016-08-06 12:30:12 -04:00
Tip: you can use [atmoz/makepasswd ](https://hub.docker.com/r/atmoz/makepasswd/ ) to generate encrypted passwords:
`echo -n "your-password" | docker run -i --rm atmoz/makepasswd --crypt-md5 --clearfrom=-`
2014-10-20 13:43:07 -04:00
2016-08-12 10:21:07 -04:00
## Using SSH key (and no password)
2014-10-20 13:43:07 -04:00
2016-08-12 14:45:21 -04:00
Mount all public keys in the user's `.ssh/keys/` directory. All keys are automatically
2015-06-03 07:09:01 -04:00
appended to `.ssh/authorized_keys` .
2014-10-20 13:43:07 -04:00
```
2014-10-20 21:21:53 -04:00
docker run \
2015-06-03 07:09:01 -04:00
-v /host/id_rsa.pub:/home/foo/.ssh/keys/id_rsa.pub:ro \
-v /host/id_other.pub:/home/foo/.ssh/keys/id_other.pub:ro \
2014-10-20 21:21:53 -04:00
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
foo::1001
2014-10-20 13:43:07 -04:00
```
2016-03-17 16:27:41 -04:00
2016-09-11 04:55:33 -04:00
## Using custom SSH key for server
This container will generate an ssh-key for OpenSSH at first run. To avoid this, you can map Ed25519 or RSA keys from the host inside the container.
### Ed25519 key
```
docker run \
-v /host/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key \
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
foo::1001
```
Tip: you can generate an Ed25519 key with this command: `ssh-keygen -t ed25519 -f /host/ssh_host_ed25519_key < /dev/null`
### RSA key
```
docker run \
-v /host/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \
-v /host/share:/home/foo/share \
-p 2222:22 -d atmoz/sftp \
foo::1001
```
Tip: you can generate an Ed25519 key with this command: `ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key < /dev/null`
2016-07-31 10:56:13 -04:00
## Execute custom scripts or applications
2016-03-17 16:27:41 -04:00
2016-08-06 11:46:28 -04:00
Put your programs in `/etc/sftp.d/` and it will automatically run when the container starts.
2016-03-17 16:27:41 -04:00
See next section for an example.
2016-07-31 10:56:13 -04:00
## Bindmount dirs from another location
2016-03-17 16:27:41 -04:00
2016-08-06 11:46:28 -04:00
If you are using `--volumes-from` or just want to make a custom directory
available in user's home directory, you can add a script to `/etc/sftp.d/` that
2016-03-17 16:27:41 -04:00
bindmounts after container starts.
```
#!/bin/bash
2016-08-06 11:46:28 -04:00
# File mounted as: /etc/sftp.d/bindmount.sh
# Just an example (make your own)
2016-03-17 16:27:41 -04:00
function bindmount() {
if [ -d "$1" ]; then
mkdir -p "$2"
fi
mount --bind $3 "$1" "$2"
}
2016-08-06 11:46:28 -04:00
# Remember permissions, you may have to fix them:
2016-03-17 16:27:41 -04:00
# chown -R :users /data/common
bindmount /data/admin-tools /home/admin/tools
bindmount /data/common /home/dave/common
bindmount /data/common /home/peter/common
bindmount /data/docs /home/peter/docs --read-only
```