首页
云原生
Linux
常用bat文件
Maven教程
mongodb
设计模式
Oracle常用知识梳理
更多……
申请加入课程
虚拟IP(VIP)原理
负载均衡
etcd 分布式key-value存储
Helm 规范及应用开发
Kubernetes 探针
Kubernetes 的备份与迁移
caddy 学习纪要
中标麒麟操作系统安装kubesphere问题处理
Kubernetes 启动命令的使用举例
Kubesphere 健康检查器配置说明手册
Docker 镜像打入python环境私有化案例
Kubernetes 部署sftp
HELM 使用入门
yaml 文件语法
NFS 网络文件存储
Docker 基础知识
Docker 常用操作知识
Docker 创建镜像
Docker Machine
Docker 网络
Harbor 主从复制
Centos7 安装Harbor1.10
Jenkins入门介绍
Jenkins 调度kettle
jenkins+docker+ks8流程推动使用
代码质量管理平台SonarQube的安装、配置与使用和jenkins的集成
详解CI、CD相关概念
k8s 云管理方案
CoreDNS
Kubectl 命令行工具
K8S 的pod相关知识
Kubernetes Ingress
K8S 集群服务器提供要求
K8s 集群服务器信息验证
Kubernetes 添加nfs存储
Kubernetes 搭建mysql集群
Kubernetes 部署sqlserver
k8s 错误处理记录
Kubernetes 资源使用优化
Kubernetes 资源抢占策略
Kubesphere中概念梳理
记录一次客户环境安装kubesphere的流程
Kubesphere 离线自动化安装完整过程
kubesphere 安装错误处理记录
Kubernetes 部署sftp
星辰
2020-12-28
0
0
109
人
0
人评论
0
人举报
[TOC] # Kubernetes 部署sftp ## Docker 部署说明 https://registry.hub.docker.com/r/atmoz/sftp `docker run -p 22:22 -d atmoz/sftp foo:pass:::upload` 挂载存储卷Sharing a directory from your computer ``` docker run \ -v
/upload:/home/foo/upload \ -p 2222:22 -d atmoz/sftp \ foo:pass:1001 ``` ## Using Docker Compose: ``` sftp: image: atmoz/sftp volumes: -
/upload:/home/foo/upload ports: - "2222:22" command: foo:pass:1001 ``` ## Store users in config ``` docker run \ -v
/users.conf:/etc/sftp/users.conf:ro \ -v mySftpVolume:/home \ -p 2222:22 -d atmoz/sftp ``` /users.conf ``` foo:123:1001:100 bar:abc:1002:100 baz:xyz:1003:100 ``` ## Encrypted password Add `:e` behind password to mark it as encrypted. Use single quotes if using terminal. ``` docker run \ -v
/share:/home/foo/share \ -p 2222:22 -d atmoz/sftp \ 'foo:$1$0G2g0GSt$ewU0t6GXG15.0hWoOX8X9.:e:1001' ``` Tip: you can use [atmoz/makepasswd](https://hub.docker.com/r/atmoz/makepasswd/) to generate encrypted passwords: `echo -n "your-password" | docker run -i --rm atmoz/makepasswd --crypt-md5 --clearfrom=-` ## Logging in with SSH keys Mount public keys in the user's `.ssh/keys/` directory. All keys are automatically appended to `.ssh/authorized_keys` (you can't mount this file directly, because OpenSSH requires limited file permissions). In this example, we do not provide any password, so the user `foo` can only login with his SSH key. ``` docker run \ -v
/id_rsa.pub:/home/foo/.ssh/keys/id_rsa.pub:ro \ -v
/id_other.pub:/home/foo/.ssh/keys/id_other.pub:ro \ -v
/share:/home/foo/share \ -p 2222:22 -d atmoz/sftp \ foo::1001 ``` ## Providing your own SSH host key (recommended) This container will generate new SSH host keys at first run. To avoid that your users get a MITM warning when you recreate your container (and the host keys changes), you can mount your own host keys. ``` docker run \ -v
/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key \ -v
/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \ -v
/share:/home/foo/share \ -p 2222:22 -d atmoz/sftp \ foo::1001 ``` Tip: you can generate your keys with these commands: ``` ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null ``` ## Execute custom scripts or applications Put your programs in `/etc/sftp.d/` and it will automatically run when the container starts. See next section for an example. ## Bindmount dirs from another location If you are using `--volumes-from` or just want to make a custom directory available in user's home directory, you can add a script to `/etc/sftp.d/` that bindmounts after container starts. ``` #!/bin/bash # File mounted as: /etc/sftp.d/bindmount.sh # Just an example (make your own) function bindmount() { if [ -d "$1" ]; then mkdir -p "$2" fi mount --bind $3 "$1" "$2" } # Remember permissions, you may have to fix them: # chown -R :users /data/common bindmount /data/admin-tools /home/admin/tools bindmount /data/common /home/dave/common bindmount /data/common /home/peter/common bindmount /data/docs /home/peter/docs --read-only ``` **NOTE:** Using `mount` requires that your container runs with the `CAP_SYS_ADMIN` capability turned on. [See this answer for more information](https://github.com/atmoz/sftp/issues/60#issuecomment-332909232). # What's the difference between Debian and Alpine? The biggest differences are in size and OpenSSH version. [Alpine](https://hub.docker.com/_/alpine/) is 10 times smaller than [Debian](https://hub.docker.com/_/debian/). OpenSSH version can also differ, as it's two different teams maintaining the packages. Debian is generally considered more stable and only bugfixes and security fixes are added after each Debian release (about 2 years). Alpine has a faster release cycle (about 6 months) and therefore newer versions of OpenSSH. As I'm writing this, Debian has version 7.4 while Alpine has version 7.5. Recommended reading: [Comparing Debian vs Alpine for container & Docker apps](https://www.turnkeylinux.org/blog/alpine-vs-debian) # What version of OpenSSH do I get? It depends on which linux distro and version you choose (see available images at the top). You can see what version you get by checking the distro's packages online. I have provided direct links below for easy access. - [List of `openssh` packages on Alpine releases](https://pkgs.alpinelinux.org/packages?name=openssh&branch=&repo=main&arch=x86_64) - [List of `openssh-server` packages on Debian releases](https://packages.debian.org/search?keywords=openssh-server&searchon=names&exact=1&suite=all§ion=main) **Note:** The time when this image was last built can delay the availability of an OpenSSH release. Since this is an automated build linked with [debian](https://hub.docker.com/_/debian/) and [alpine](https://hub.docker.com/_/alpine/) repos, the build will depend on how often they push changes (out of my control). Typically this can take 1-5 days, but it can also take longer. You can of course make this more predictable by cloning this repo and run your own build manually.
所有评论列表
点我发表评论