Browse Source

Initial commit

master
Søren Roug 6 years ago
commit
a3b78a4b5a
  1. 28
      Dockerfile
  2. 36
      README.md
  3. 22
      docker-compose.yml
  4. 18
      entrypoint.sh

28
Dockerfile

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
# Original code from https://github.com/gituser173/docker-scp-server
# This image is designed to collaborate with the Docker Hub image httpd:2.4
FROM debian:jessie
ENV HTTPD_PREFIX /usr/local/apache2
ENV DATADIR $HTTPD_PREFIX/htdocs
ENV AUTHORIZED_KEYS_FILE /authorized_keys
ENV OWNER www
RUN apt-get update \
&& apt-get install -y openssh-server rssh \
&& rm -f /etc/ssh/ssh_host_* \
&& useradd --non-unique --uid 33 --gid 33 --no-create-home --home-dir /usr/local/apache2/htdocs --shell /usr/bin/rssh $OWNER \
&& mkdir -p "$DATADIR" \
&& chown $OWNER "$DATADIR" \
&& echo "AuthorizedKeysFile $AUTHORIZED_KEYS_FILE" >>/etc/ssh/sshd_config \
&& echo "KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" >>/etc/ssh/sshd_config \
&& touch $AUTHORIZED_KEYS_FILE \
&& chown $OWNER $AUTHORIZED_KEYS_FILE \
&& chmod 0600 $AUTHORIZED_KEYS_FILE \
&& mkdir /var/run/sshd && chmod 0755 /var/run/sshd \
&& echo "allowscp" >> /etc/rssh.conf \
&& echo "allowsftp" >> /etc/rssh.conf
ADD entrypoint.sh /
EXPOSE 22
CMD ["/entrypoint.sh"]

36
README.md

@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
# SCP server
Restricted SSH server which allows SCP / SFTP access only. This image is meant to be used together with the httpd:2.4 image
Running
-------
```
scpserver:
image: eeacms/scp-server
ports:
- <PORT>:22
environment:
AUTHORIZED_KEYS: |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4FhFro3H....vg0hrC3s0= My First CERT
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAteQ38qb7....uC839w== Second authorized key
DATADIR: /usr/local/apache2/htdocs
volumes_from:
- htdocs
httpd:
image: httpd
ports:
- 80:80
volumes_from:
- htdocs
htdocs:
image: tianon/true
volumes:
- <DATADIR>:/usr/local/apache2/htdocs
```
Then you can copy into the container (e.g. via scp) as the `www` user:
scp -P <PORT> <FILE> www@<DOCKER-HOST>:

22
docker-compose.yml

@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
scpserver:
image: eeacms/scp-server
ports:
- "2222:22"
environment:
AUTHORIZED_KEYS: |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA4FhFro3H....vg0hrC3s0= My First CERT
DATADIR: /usr/local/apache2/htdocs
volumes_from:
- htdocs
httpd:
image: httpd
ports:
- "80:80"
volumes_from:
- htdocs
htdocs:
image: tianon/true
volumes:
- /var/tmp/wwwdata:/usr/local/apache2/htdocs

18
entrypoint.sh

@ -0,0 +1,18 @@ @@ -0,0 +1,18 @@
#!/bin/bash
# This won't be executed if keys already exist (i.e. from a volume)
ssh-keygen -A
# Copy authorized keys from ENV variable
echo "$AUTHORIZED_KEYS" >$AUTHORIZED_KEYS_FILE
# Prevent the user from changing directory upwards
#sed -i -e '/chrootpath/d' /etc/rssh.conf
#echo "chrootpath = $DATADIR" >> /etc/rssh.conf
usermod --home "$DATADIR" --shell /usr/bin/rssh "$OWNER"
# Chown data folder (if mounted as a volume for the first time)
chown "$OWNER" "$DATADIR"
# Run sshd on container start
exec /usr/sbin/sshd -D -e
Loading…
Cancel
Save