reviewed volumes and stuff

.env.tpl

@@ -9,11 +9,11 @@ SALT=           # /path/to/salt/dir, optional, defaults to `./salt`
 MASQ_ADDR=			#	ipv4_addr, hostname or "AWS", optional
 
 MOD_TLS=        # ON/OFF, activate/deactivate module mod_tls, optional, defaults to OFF
-MOD_TLS_CONF=		# /path/to/tls.conf configuration file, defaults to ./tls.conf
-CERTS=      		# /path/to/tls/certs/dir, optional, defaults to `./certs`
+MOD_TLS_CONF=		# /path/to/mod_tls.conf configuration file, defaults to ./tls.conf
+CERTS=      		# /path/to/tls_certs/dir, optional, defaults to `./certs`
 
 MOD_EXEC=       # ON/OFF, activate/deactivate module mod_exec, optional, defaults to OFF
-MOD_EXEC_CONF=  # /path/to/mod/exec/dir, optional, defaults to `./exec`
+MOD_EXEC_DIR=  # /path/to/mod_exec/dir, optional, defaults to `./exec`
 
 MOD_VROOOT=     # ON/OFF, activate/desactivate module mod_vroot, optionnal, default to OFF
-MOD_VROOT_CONF= # /path/to/mod/vroot/dir, optional, defaults to `./vroot`
+MOD_VROOT_CONF= # /path/to/mod_vroot.conf, optional, defaults to `./vroot`

Dockerfile

@@ -26,10 +26,15 @@ RUN cd proftpd && \
 RUN groupadd proftpd && \
   useradd -g proftpd proftpd
 
-# CONF FILES
+# MAIN CONF FILE
 COPY proftpd.conf /etc/proftpd/proftpd.conf
+
+# DEFAULT CONF FILES
 COPY tls.conf /etc/proftpd/tls.conf
 COPY sql.conf /etc/proftpd/sql.conf
+COPY vroot.conf /etc/proftpd/vroot.conf
+COPY ./certs /etc/proftpd/certs
+COPY ./exec /etc/proftpd/exec
 
 COPY entrypoint.sh ./entrypoint.sh
 RUN chmod a+x ./entrypoint.sh
@@ -40,18 +45,6 @@ VOLUME /var/log/proftpd
 # FTP ROOT
 VOLUME /srv/ftp
 
-# TLS CERTS
-VOLUME /etc/proftpd/certs
-
-# SQL PASSWORD SALT
-VOLUME /etc/proftpd/salt
-
-# MOD EXEC CONF
-VOLUME /etc/proftpd/exec
-
-# MOD VROOT CONF
-VOLUME /etc/proftpd/vroot
-
 EXPOSE 21 49152-49407
 
 ENTRYPOINT ["./entrypoint.sh"]

Dockerfile-alpine

@@ -36,8 +36,13 @@ RUN addgroup proftpd && \
 
 # CONF FILES
 COPY proftpd.conf /etc/proftpd/proftpd.conf
+
+# DEFAULT CONF FILES
 COPY tls.conf /etc/proftpd/tls.conf
 COPY sql.conf /etc/proftpd/sql.conf
+COPY vroot.conf /etc/proftpd/vroot.conf
+COPY ./certs /etc/proftpd/certs
+COPY ./exec /etc/proftpd/exec
 
 COPY entrypoint.sh ./entrypoint.sh
 RUN chmod a+x ./entrypoint.sh
@@ -48,18 +53,6 @@ VOLUME /var/log/proftpd
 # FTP ROOT
 VOLUME /srv/ftp
 
-# SSL CERTS
-VOLUME /etc/proftpd/ssl
-
-# SQL PASSWORD SALT
-VOLUME /etc/proftpd/salt
-
-# MOD EXEC CONF
-VOLUME /etc/proftpd/exec
-
-# MOD VROOT CONF
-VOLUME /etc/proftpd/vroot
-
 EXPOSE 21 49152-49407
 
 ENTRYPOINT ["./entrypoint.sh"]

Makefile

@@ -13,13 +13,14 @@ run:
 		-e MASQ_ADDR=$$MASQ_ADDR \
 		-v $$FTP_ROOT:/srv/ftp \
 		-v $$LOGS:/var/log/proftpd \
-		-v $$(pwd)/salt:/etc/proftpd/salt \
+		-v $$(pwd)/.salt:/etc/proftpd/.salt \
 		-e MOD_TLS=ON \
+		-v $$(pwd)/tls.conf:/etc/proftpd/tls.conf \
 		-v $$(pwd)/certs:/etc/proftpd/certs \
 		-e MOD_EXEC=ON \
 		-v $$(pwd)/exec:/etc/proftpd/exec \
 		-e MOD_VROOT=ON \
-		-v $$(pwd)/vroot:/etc/proftpd/vroot \
+		-v $$(pwd)/.vroot.conf:/etc/proftpd/vroot.conf \
 		-d proftpd
 
 env_run:

README.md

@@ -25,12 +25,12 @@ The required/optional parameters are described here after:
 - **LOGS**: /path/to/log/dir, optional, defaults to /var/log/proftpd
 - **SALT**: /path/to/salt/dir, optional, defaults to `./salt`
 - **MOD_TLS**: ON/OFF, activate/deactivate module mod_tls, optional, defaults to OFF
-- **MOD_TLS_CONF**: /path/to/mod/tls/conf/file, optional, defaults to included tls.conf
+- **MOD_TLS_CONF**: /path/to/mod_tls.conf, optional, defaults to included tls.conf
 - **CERTS**: /path/to/tls/certs/dir, optional, defaults to `./certs`
 - **MOD_EXEC**: ON/OFF, activate/deactivate module mod_exec, optional, defaults to OFF
-- **MOD_EXEC_CONF**: /path/to/mod/exec/dir, optional, defaults to `./exec`
+- **MOD_EXEC_DIR**: /path/to/mod/exec/dir, optional, defaults to `./exec`
 - **MOD_VROOT**: ON/OFF, activate/desactivate module_vroot, optional, default to OFF
-- **MOD_VROOT_CONF**: /path/to/mod/vroot/dir, optional, defaults to `./vroot`
+- **MOD_VROOT_CONF**: /path/to/mod_vroot.conf, optional, defaults to included vroot.conf
 
 * Build and run the container as follows:
 ```sh
@@ -74,11 +74,11 @@ Passwords are stored in the db as salted SHA256/512 digests, in hex64 encoding.
 
 A random crypto string, known as **salt**, is used to mitigate dictionnary attacks and should be provided to the ftp server using the `SALT` env var.
 
-The `SALT` env var let you define the directory where the `.salt` file is stored on the docker's host. Otherwise proftp will look in the `./salt` directory alongside the Dockerfile.
+The `SALT` env var let you define the path to a salt file mounted as a bound volume in the docker container. By default the container will look at a `.salt` file stored along the Dockerfile.
 
 To generate an encrypted password use the following command:
 ```sh
-{ echo -n myPassword; echo -n $(cat salt/.salt); } | openssl dgst -binary -sha256 | openssl enc -base64 -A
+{ echo -n myPassword; echo -n $(cat .salt); } | openssl dgst -binary -sha256 | openssl enc -base64 -A
 ```
 
 where `.salt` is a file containing the **salt**.
@@ -103,6 +103,8 @@ The ftp root (home for all user's directories) can be configured using the `LOGS
 ### Module mod_tls
 When enabling the module with env var MOD_TLS=ON, a module configuration file and associated certificates should be provided as binded volumes. Default included configuration expects a self-signed TLS certificate `proftpd.cert.pem` and it's key file `proftpd.key.pem`.
 
+A custom mod_tls configuration can be provided as a bound volume whose path is defined by the `MOD_TLS_CONF` env var.
+
 Certificates should be stored in a directory accessible by the docker image, whose path is to be provided as the `CERTS` env var.
 
 ### Module mod_exec
@@ -113,7 +115,7 @@ This file should be stored in a directory accessible by the docker image, whose
 ### Module mod_vroot
 When enabling the module with env var MOD_VROOT=ON, a vroot.conf file containing the module configuration should be provided, as per the [module's documentation](http://www.proftpd.org/docs/contrib/mod_vroot.html)
 
-This file should be stored in a directory accessible by the docker image, whose path is to be provided as the `MOD_VROOT_CONF` env var.
+This file can be provided as a bound volume whose path is defined by the `MOD_VROOT_CONF` env var.
 
 ## Running with docker-compose, pulling image from docker hub
 
@@ -154,34 +156,33 @@ Following the previous sections, a number a env vars and volumes needs to be spe
 - **Volumes**:
   - **/srv/ftp** (_ftp root containing users' homes_)
   - **/var/log/proftpd** (_server's logs_)
-  - **/etc/proftpd/salt** (_dir containing `.salt` file_)
+  - **/etc/proftpd/.salt** (_`.salt` file_)
   - **/etc/proftpd/tls.conf** (_mod_tls config file_)
   - **/etc/proftpd/certs** (_dir containing server's certificates_)
   - **/etc/proftpd/exec** (_dir containing server's mod_exec conf and scripts_)
-  - **/etc/proftpd/vroot** (_dir containing server's mod_vroot conf_)
+  - **/etc/proftpd/vroot.conf** (_mod_vroot config file@_)
 
 The following `docker run` example assumes bound volumes, but the anykind of docker volume config can be used.
 
 * Build image:
 ```sh
 docker build -t proftpd .
 ```
-
 * Start container and provide the necessary env vars and volume information:
 ```sh
 docker run --name proftpd --net=host \
   -e FTP_DB_HOST=mydb.com -e FTP_DB_NAME=db_name -e FTP_DB_USER=db_user -e FTP_DB_PASS=db_password \
   -e MASQ_ADDR:AWS \
   -v /data/ftp_root:/srv/ftp \
   -v /var/log/proftpd:/var/log/proftpd \
-  -v $(pwd)/salt:/etc/proftpd/salt \
+  -v $(pwd)/.salt:/etc/proftpd/.salt \
   -e MOD_TLS=ON \
   -v $(pwd)/tls.conf:/etc/proftpd/tls.conf \
   -v $(pwd)/certs:/etc/proftpd/certs \
   -e MOD_EXEC=ON \
   -v $(pwd)/exec:/etc/proftpd/exec \
   -e MOD_VROOT=ON \
-  -v $(pwd)/vroot:/etc/proftpd/vroot
+  -v $(pwd)/vroot.conf:/etc/proftpd/vroot.conf
 	-d proftpd
 ```
 

docker-compose-alpine-image.yml

@@ -19,11 +19,11 @@ services:
         source: "${CERTS:-./certs}"
         target: /etc/proftpd/certs
       - type: bind
-        source: "${MOD_EXEC_CONF:-./exec}"
+        source: "${MOD_EXEC_DIR:-./exec}"
         target: "/etc/proftpd/exec"
       - type: bind
         source: "${SALT:-./salt}"
         target: "/etc/proftpd/salt"
       - type: bind
-        source: "${MOD_VROOT_CONF:-./vroot}"
-        target: "/etc/proftpd/vroot"
+        source: "${MOD_VROOT_CONF:-./vroot.conf}"
+        target: "/etc/proftpd/vroot.conf"

docker-compose-alpine.yml

@@ -21,11 +21,11 @@ services:
         source: "${CERTS:-./certs}"
         target: /etc/proftpd/certs
       - type: bind
-        source: "${MOD_EXEC_CONF:-./exec}"
+        source: "${MOD_EXEC_DIR:-./exec}"
         target: "/etc/proftpd/exec"
       - type: bind
         source: "${SALT:-./salt}"
         target: "/etc/proftpd/salt"
       - type: bind
-        source: "${MOD_VROOT_CONF:-./vroot}"
-        target: "/etc/proftpd/vroot"
+        source: "${MOD_VROOT_CONF:-./vroot.conf}"
+        target: "/etc/proftpd/vroot.conf"

docker-compose-image.yml

@@ -19,11 +19,11 @@ services:
         source: "${CERTS:-./certs}"
         target: /etc/proftpd/certs
       - type: bind
-        source: "${MOD_EXEC_CONF:-./exec}"
+        source: "${MOD_EXEC_DIR:-./exec}"
         target: "/etc/proftpd/exec"
       - type: bind
         source: "${SALT:-./salt}"
         target: "/etc/proftpd/salt"
       - type: bind
-        source: "${MOD_VROOT_CONF:-./vroot}"
-        target: "/etc/proftpd/vroot"
+        source: "${MOD_VROOT_CONF:-./vroot.conf}"
+        target: "/etc/proftpd/vroot.conf"

docker-compose.yml

@@ -19,11 +19,11 @@ services:
         source: "${CERTS:-./certs}"
         target: /etc/proftpd/certs
       - type: bind
-        source: "${MOD_EXEC_CONF:-./exec}"
+        source: "${MOD_EXEC_DIR:-./exec}"
         target: "/etc/proftpd/exec"
       - type: bind
-        source: "${SALT:-./salt}"
-        target: "/etc/proftpd/salt"
+        source: "${SALT:-./.salt}"
+        target: "/etc/proftpd/.salt"
       - type: bind
-        source: "${MOD_VROOT_CONF:-./vroot}"
-        target: "/etc/proftpd/vroot"
+        source: "${MOD_VROOT_CONF:-./vroot.conf}"
+        target: "/etc/proftpd/vroot.conf"

proftpd.conf

@@ -90,5 +90,5 @@ Include /etc/proftpd/sql.conf
 </IfDefine>
 
 <IfDefine MOD_VROOT=ON>
-  Include /etc/proftpd/vroot/vroot.conf
+  Include /etc/proftpd/vroot.conf
 </IfDefine>

sql.conf

@@ -20,10 +20,10 @@
     SQLLog PASS log_session IGNORE_ERRORS
 
   </IfModule>
-  
+
   <IfModule mod_sql_passwd.c>
     SQLPasswordEngine on
     SQLPasswordEncoding base64
-    SQLPasswordSaltFile /etc/proftpd/salt/.salt Append
+    SQLPasswordSaltFile /etc/proftpd/.salt Append
   </IfModule>
 </Global>

vroot/vroot.conf → vroot.conf

@@ -2,4 +2,5 @@
   <IfModule mod_vroot.c>
     VRootEngine on
     VRootLog /var/log/proftpd/vroot.log
+    DefaultRoot ~
   </IfModule>