From 29038418388a08a27bf962ff24edd539dbf9e442 Mon Sep 17 00:00:00 2001 From: alexcos20 Date: Tue, 10 Mar 2026 14:44:16 +0200 Subject: [PATCH] fix apache & vsftp in storage --- additional-modules/storage/Dockerfile | 26 +++++++++++++++++++----- additional-modules/storage/entrypoint.sh | 20 ++++++++++++++++++ compose-files/storage.yml | 4 ++++ start_ocean.sh | 3 +++ 4 files changed, 48 insertions(+), 5 deletions(-) diff --git a/additional-modules/storage/Dockerfile b/additional-modules/storage/Dockerfile index 9870c23..ce5edb6 100644 --- a/additional-modules/storage/Dockerfile +++ b/additional-modules/storage/Dockerfile @@ -16,14 +16,30 @@ RUN apt -y update && apt -y install \ iproute2 \ jq # ---------------------------------------------------- -# Apache config +# Apache config (allow PUT uploads via WebDAV on /var/www/html) # ---------------------------------------------------- -RUN a2enmod rewrite +RUN a2enmod rewrite dav dav_fs && \ + mkdir -p /var/lib/apache2/dav && chown www-data:www-data /var/lib/apache2/dav +RUN echo 'DavLockDB /var/lib/apache2/dav/DavLock' > /etc/apache2/conf-available/dav.conf && \ + echo '' >> /etc/apache2/conf-available/dav.conf && \ + echo ' DAV On' >> /etc/apache2/conf-available/dav.conf && \ + echo ' Require all granted' >> /etc/apache2/conf-available/dav.conf && \ + echo '' >> /etc/apache2/conf-available/dav.conf && \ + a2enconf dav # ---------------------------------------------------- -# FTP config +# FTP config (local user only; credentials from env at runtime) # ---------------------------------------------------- -RUN sed -i 's/anonymous_enable=NO/anonymous_enable=YES/' /etc/vsftpd.conf && \ - sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf +RUN sed -i 's/#write_enable=YES/write_enable=YES/' /etc/vsftpd.conf && \ + echo "local_enable=YES" >> /etc/vsftpd.conf && \ + echo "chroot_local_user=YES" >> /etc/vsftpd.conf && \ + echo "allow_writeable_chroot=YES" >> /etc/vsftpd.conf && \ + echo "anonymous_enable=NO" >> /etc/vsftpd.conf && \ + echo "check_shell=NO" >> /etc/vsftpd.conf && \ + echo "userlist_enable=NO" >> /etc/vsftpd.conf +# PAM: auth by password only (no shell/listfile checks that block ftpuser) +RUN echo 'auth required pam_unix.so' > /etc/pam.d/vsftpd && \ + echo 'account required pam_unix.so' >> /etc/pam.d/vsftpd && \ + echo 'session required pam_unix.so' >> /etc/pam.d/vsftpd RUN wget \ -q \ -O- https://download.ceph.com/keys/release.asc | \ diff --git a/additional-modules/storage/entrypoint.sh b/additional-modules/storage/entrypoint.sh index a7258ae..0a25789 100755 --- a/additional-modules/storage/entrypoint.sh +++ b/additional-modules/storage/entrypoint.sh @@ -7,6 +7,8 @@ set -o pipefail ACCESS_KEY="${ACCESS_KEY:-ocean123}" SECRET_KEY="${SECRET_KEY:-ocean123secret}" MGR_PASSWORD="${MGR_PASSWORD:-admin}" +FTP_USER="${FTP_USER:-ftpuser}" +FTP_PASS="${FTP_PASS:-ftppass}" # In Docker, hostname -d is often empty; use defaults so MAIN=none single-node works ZONE="$(hostname -s | grep -oP '^[a-z]+[0-9]+' || echo 'a')" @@ -107,6 +109,24 @@ ceph auth get-or-create "client.rgw.$(hostname -s)" osd 'allow rwx' mon 'allow r touch "/var/lib/ceph/radosgw/ceph-rgw.$(hostname -s)/done" chown -R ceph:ceph /var/lib/ceph/radosgw +## +# start Apache and vsftpd (local FTP user; /var/www/html and /srv/ftp from volumes) +## +echo "starting apache2 and vsftpd..." +mkdir -p /var/www/html /srv/ftp +chown -R www-data:www-data /var/www/html 2>/dev/null || true +# Create FTP user if missing, set password from env +if ! id -u "$FTP_USER" >/dev/null 2>&1; then + useradd --home /srv/ftp --no-create-home --shell /usr/sbin/nologin "$FTP_USER" +fi +echo "${FTP_USER}:${FTP_PASS}" | chpasswd +# Allow FTP_USER to log in (remove from blacklist if present) +sed -i "/^${FTP_USER}$/d" /etc/ftpusers 2>/dev/null || true +chown -R "${FTP_USER}:${FTP_USER}" /srv/ftp 2>/dev/null || true +chmod 755 /srv/ftp 2>/dev/null || true +apachectl -D FOREGROUND & +vsftpd /etc/vsftpd.conf & + if [ "${MAIN}" == "none" ]; then echo "create admin-user" radosgw-admin user create \ diff --git a/compose-files/storage.yml b/compose-files/storage.yml index 597578f..e7c6c9c 100644 --- a/compose-files/storage.yml +++ b/compose-files/storage.yml @@ -1,3 +1,4 @@ +# Storage: Apache (www), vsftpd (ftp), Ceph RGW (S3). Folder vars from start_ocean.sh. version: '3' services: storage: @@ -14,9 +15,12 @@ services: SECRET_KEY: "ocean123secret" MGR_USERNAME: "admin" MGR_PASSWORD: "admin" + FTP_USER: "${FTP_USER:-ftpuser}" + FTP_PASS: "${FTP_PASS:-ftppass}" networks: ocean_backend: ipv4_address: 172.15.0.7 volumes: + # OCEAN_WWW_FOLDER, OCEAN_FTP_FOLDER set in start_ocean.sh (e.g. ~/.ocean/storage-www, ~/.ocean/storage-ftp) - ${OCEAN_WWW_FOLDER}:/var/www/html - ${OCEAN_FTP_FOLDER}:/srv/ftp diff --git a/start_ocean.sh b/start_ocean.sh index 5973f1d..68c2067 100755 --- a/start_ocean.sh +++ b/start_ocean.sh @@ -80,6 +80,9 @@ mkdir -p ${OCEAN_WWW_FOLDER} #ftp folder export OCEAN_FTP_FOLDER="${OCEAN_HOME}/storage-ftp/" mkdir -p ${OCEAN_FTP_FOLDER} +# FTP local user (no anonymous); set FTP_USER/FTP_PASS to override +export FTP_USER="${FTP_USER:-ftpuser}" +export FTP_PASS="${FTP_PASS:-ftppass}" # Specify which ethereum client to run or connect to: development export CONTRACTS_NETWORK_NAME="development"