ProFTPD Docker Image

Caution

We created this image for a specific use case. We're not actively pursuing to expand features in this project. We just had a legacy integration to deal with on a customer project, so we created this image in case others might find it useful.

This Docker image provides a customizable ProFTPD server with MySQL authentication support and TLS encryption.

Docker Image	Size
serversideup/proftpd

Base Image

The image is based on ubuntu:24.04, providing a stable and up-to-date environment for running ProFTPD.

Features

• ProFTPD server with MySQL authentication
• TLS encryption support
• Customizable configuration via environment variables
• Self-signed SSL certificate generation
• IP address banning (bans IP addresses for 1 hour that fail authentication 5 times in 10 minutes)

Environment Variables

The following environment variables can be used to customize the ProFTPD server:

Variable	Description	Default Value
FTP_DEBUG_LEVEL	Sets the debug level for ProFTPD	0
FTP_LOG_LEVEL	Sets the syslog level for ProFTPD	warn
FTP_MASQUERADE_ADDRESS	IP address or hostname for passive mode connections	-
FTP_PASSIVE_PORT_RANGE_START	Start of the passive port range	60000
FTP_PASSIVE_PORT_RANGE_END	End of the passive port range	60100
FTP_SQL_USERS_TABLE	MySQL table to authenticate users against	ftpusers
FTP_TLS_CERTIFICATE_FILE	SSL certificate file	/etc/ssl/ftp/proftpd.crt
FTP_TLS_CERTIFICATE_KEY_FILE	SSL certificate key file	/etc/ssl/ftp/proftpd.key
FTP_TLS_REQUIRED	Require TLS	off
MYSQL_DATABASE	MySQL database name	ftpdb
MYSQL_HOST	MySQL host	mysql
MYSQL_PASSWORD	MySQL password	ftppassword
MYSQL_PORT	MySQL port	3306
MYSQL_USER	MySQL user	ftpuser

Build Defaults

The following build arguments are used during the image build process:

Build Argument	Description	Value
FTP_USER	The user under which ProFTPD will run	proftpd_user
FTP_GROUP	The group under which ProFTPD will run	nogroup
FTP_SSL_CERTS_DIR	Directory for SSL certificates	/etc/ssl/ftp
FTP_USERS_DIR	Base directory for user homes	/var/ftp/users

Usage

1. Build the Docker image:

docker build -t proftpd-mysql .

2. Run the container:

services:
  proftpd:
    image: serversideup/proftpd
    ports:
      - "21:21"
      - "990:990"
      - "60000-60100:60000-60100"
    environment:
      - MYSQL_HOST=your_mysql_host
      - MYSQL_DATABASE=your_database
      - MYSQL_USER=your_user
      - MYSQL_PASSWORD=your_password
      - FTP_MASQUERADE_ADDRESS=your_masquerade_address

Make sure to replace the MySQL connection details with your own.

Configuration

The ProFTPD configuration file (proftpd.conf) is included in the image. It sets up the following:

• FTP and FTPS (TLS) support
• MySQL authentication
• Passive port range: 60000-60100
• TLS Protocol: TLSv1.2 and TLSv1.3
• Logging configuration
• Home directory creation for users
• Anonymous access disabled
• IP address banning (bans IP addresses for 1 hour that fail authentication 5 times in 10 minutes) You can modify the proftpd.conf file to further customize the ProFTPD server according to your needs.

Security Considerations

• The image generates a self-signed SSL certificate for FTPS. For production use, replace it with a valid SSL certificate.
• Ensure to use strong passwords for MySQL authentication.
• Review and adjust the proftpd.conf file to match your security requirements.
• Consider using Docker secrets or a secure method to pass sensitive information like database credentials.

Ports

The following ports are exposed:

Port	Service
21	FTP
990	FTPS (FTP over TLS)
60000-60100	Passive port range

Special Note on orchestrators

If you are using an orchestrator like Kubernetes, you will need to ensure that the ports are opened on the container and the host.

For example, for Docker Swarm you need to use the long format for the ports directive in your docker compose file:

services:
  ftp:
    image: serversideup/proftpd
    ports:
      - target: 21
        published: 21
        protocol: tcp
        mode: host
      - target: 990
        published: 990
        protocol: tcp
        mode: host
      - target: 60000
        published: 60000
        protocol: tcp
        mode: host
      - target: 60001
        published: 60001
        protocol: tcp
        mode: host
      - target: 60002
        published: 60002
        protocol: tcp
        mode: host

Unfortunately, Docker Swarm does not support specifying ranges for published ports with the long format, so you need to specify each port individually. Just be sure to open all ports within the range that you define within the FTP_PASSIVE_PORT_RANGE_START and FTP_PASSIVE_PORT_RANGE_END environment variables.

MySQL Database

You can use either MySQL or MariaDB. Create a table in the database with the following SQL:

CREATE TABLE ftpusers (
    id INT AUTO_INCREMENT PRIMARY KEY,  -- Auto-incrementing primary key
    username VARCHAR(255) NOT NULL,     -- Username, max length 255 characters
    password VARCHAR(255) NOT NULL,     -- Password, max length 255 characters
    uid INT NOT NULL,                   -- User ID, integer type
    gid INT NOT NULL,                   -- Group ID, integer type
    homedir VARCHAR(255) NOT NULL,      -- Home directory path, max length 255 characters
    shell VARCHAR(255) NOT NULL         -- Shell, max length 255 characters
);

Then you can add users to the database with the following SQL:

INSERT INTO ftpusers (username, password, uid, gid, homedir, shell)
VALUES (
  'testuser',
  CONCAT('{sha256}', TO_BASE64(UNHEX(SHA2('mypassword', 256)))),
  2001,
  2001,
  '/var/ftp/users/testuser',
  '/bin/false'
);

Resources

• Discord for friendly support from the community and the team.
• GitHub for source code, bug reports, and project management.
• Get Professional Help - Get video + screen-sharing help directly from the core contributors.

Contributing

As an open-source project, we strive for transparency and collaboration in our development process. We greatly appreciate any contributions members of our community can provide. Whether you're fixing bugs, proposing features, improving documentation, or spreading awareness - your involvement strengthens the project.

• Bug Report: If you're experiencing an issue while using these images, please create an issue.
• Security Report: Report critical security issues via our responsible disclosure policy.

Need help getting started? Join our Discord community and we'll help you out!

Our Sponsors

All of our software is free an open to the world. None of this can be brought to you without the financial backing of our sponsors.

Bronze Sponsors

No bronze sponsors yet. Become a sponsor →

Individual Supporters

      

About Us

We're Dan and Jay - a two person team with a passion for open source products. We created Server Side Up to help share what we learn.

Dan Pastori	Jay Rogers

Find us at:

• 📖 Blog - Get the latest guides and free courses on all things web/mobile development.
• 🙋 Community - Get friendly help from our community members.
• 🤵‍♂️ Get Professional Help - Get video + screen-sharing support from the core contributors.
• 💻 GitHub - Check out our other open source projects.
• 📫 Newsletter - Skip the algorithms and get quality content right to your inbox.
• 🐥 Twitter - You can also follow Dan and Jay.
• ❤️ Sponsor Us - Please consider sponsoring us so we can create more helpful resources.

Our products

If you appreciate this project, be sure to check out our other projects.

📚 Books

• The Ultimate Guide to Building APIs & SPAs: Build web & mobile apps from the same codebase.
• Building Multi-Platform Browser Extensions: Ship extensions to all browsers from the same codebase.

🛠️ Software-as-a-Service

• Bugflow: Get visual bug reports directly in GitHub, GitLab, and more.
• SelfHost Pro: Connect Stripe or Lemonsqueezy to a private docker registry for self-hosted apps.

🌍 Open Source

• AmplitudeJS: Open-source HTML5 & JavaScript Web Audio Library.
• Spin: Laravel Sail alternative for running Docker from development → production.
• Financial Freedom: Open source alternative to Mint, YNAB, & Monarch Money.