Browse Source

Second edition.

master
Søren Roug 6 years ago
parent
commit
006ee5d8af
  1. 13
      Dockerfile
  2. 17
      README.md
  3. 2
      docker-compose.yml
  4. 6
      entrypoint.sh

13
Dockerfile

@ -2,14 +2,12 @@ @@ -2,14 +2,12 @@
# This image is designed to collaborate with the Docker Hub image httpd:2.4
FROM debian:jessie
ENV HTTPD_PREFIX /usr/local/apache2
ENV DATADIR $HTTPD_PREFIX/htdocs
ENV AUTHORIZED_KEYS_FILE /authorized_keys
ENV OWNER www
ENV DATADIR=/usr/local/apache2/htdocs AUTHORIZED_KEYS_FILE=/authorized_keys USERID=33 GROUPID=33 OWNER=data
RUN apt-get update \
&& apt-get install -y openssh-server rssh \
&& apt-get install -y openssh-server rssh rsync \
&& rm -f /etc/ssh/ssh_host_* \
&& useradd --non-unique --uid 33 --gid 33 --no-create-home --home-dir /usr/local/apache2/htdocs --shell /usr/bin/rssh $OWNER \
&& groupadd --non-unique --gid $GROUPID data \
&& useradd --non-unique --uid $USERID --gid $GROUPID --no-create-home --home-dir $DATADIR --shell /usr/bin/rssh $OWNER \
&& mkdir -p "$DATADIR" \
&& chown $OWNER "$DATADIR" \
&& echo "AuthorizedKeysFile $AUTHORIZED_KEYS_FILE" >>/etc/ssh/sshd_config \
@ -19,7 +17,8 @@ RUN apt-get update \ @@ -19,7 +17,8 @@ RUN apt-get update \
&& chmod 0600 $AUTHORIZED_KEYS_FILE \
&& mkdir /var/run/sshd && chmod 0755 /var/run/sshd \
&& echo "allowscp" >> /etc/rssh.conf \
&& echo "allowsftp" >> /etc/rssh.conf
&& echo "allowsftp" >> /etc/rssh.conf \
&& echo "allowrsync" >> /etc/rssh.conf
ADD entrypoint.sh /

17
README.md

@ -1,9 +1,14 @@ @@ -1,9 +1,14 @@
SCP server
==========
Restricted SSH server which allows SCP / SFTP access only. This image is meant to be used together with the httpd:2.4 image
Restricted SSH server which allows SCP / SFTP / RSYNC access only. This image is meant to provide an ability to update content in data containers. You would normally make a constellation of your service, a data container, and the scp-server container.
The purpose of this image is to make a constellation of a website with a way to update the content using SCP or SFTP.
The scp-server container is configured at runtime with environment variables to match the configuration of the main service. The environment variables are:
* AUTHORIZED_KEYS - contains the public SSH keys for the users who will be allowed to upload.
* DATADIR - The location where relative paths start from.
* USERID - The numeric id of the `data` account. Defaults to 33.
* GROUPID - The numeric id of the `data` group. Defaults to 33.
Original code and idea is from https://github.com/gituser173/docker-scp-server.
@ -23,6 +28,8 @@ scpserver: @@ -23,6 +28,8 @@ scpserver:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4FhFro3H....vg0hrC3s0= My First CERT
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAteQ38qb7....uC839w== Second authorized key
DATADIR: /usr/local/apache2/htdocs
USERID: 500
GROUPID: 500
volumes_from:
- htdocs
@ -39,7 +46,9 @@ htdocs: @@ -39,7 +46,9 @@ htdocs:
- <DATADIR>:/usr/local/apache2/htdocs
```
When started you can upload data into the container (e.g. via scp) as the `www` user:
When started you can upload data into the container (e.g. via scp) as the `data` user:
scp -P <PORT> <FILE> www@<DOCKER-HOST>:
scp -P <PORT> <FILE> data@<DOCKER-HOST>:
sftp -P <PORT> data@<DOCKER-HOST>
rsync --rsh="ssh -p <PORT>" <FILE> data@localhost:

2
docker-compose.yml

@ -6,6 +6,8 @@ scpserver: @@ -6,6 +6,8 @@ scpserver:
AUTHORIZED_KEYS: |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4FhFro3H....vg0hrC3s0= My First CERT
DATADIR: /usr/local/apache2/htdocs
USERID: 500
GROUPID: 500
volumes_from:
- htdocs

6
entrypoint.sh

@ -10,9 +10,11 @@ echo "$AUTHORIZED_KEYS" >$AUTHORIZED_KEYS_FILE @@ -10,9 +10,11 @@ echo "$AUTHORIZED_KEYS" >$AUTHORIZED_KEYS_FILE
#sed -i -e '/chrootpath/d' /etc/rssh.conf
#echo "chrootpath = $DATADIR" >> /etc/rssh.conf
usermod --home "$DATADIR" --shell /usr/bin/rssh "$OWNER"
groupmod --non-unique --gid "$GROUPID" data
usermod --non-unique --home "$DATADIR" --shell /usr/bin/rssh --uid "$USERID" --gid "$GROUPID" "$OWNER"
# Chown data folder (if mounted as a volume for the first time)
chown "$OWNER" "$DATADIR"
chown "${OWNER}:data" "$DATADIR"
chown "${OWNER}:data" $AUTHORIZED_KEYS_FILE
# Run sshd on container start
exec /usr/sbin/sshd -D -e

Loading…
Cancel
Save