[Question] Access the server from outside docker (and between containers)

[Frondor]

This is not an actual issue, but a newbie question.

I want to use this image for running functional tests over a ftp server, but I don't really know how I can access to the server. I don't need any volumes for running the test cases.

docker-compose up -d

version: "3"
services:
  ftpd-server:
    container_name: ftpd-server
    image: stilliard/pure-ftpd:hardened
    ports:
       - "21:21"
       - "30000-30009:30000-30000"
    environment:
      PUBLICHOST: "localhost"
      FTP_USER_NAME: "test"
      FTP_USER_PASS: "test"
      FTP_USER_HOME: "/home/test"
    restart: on-failure

Output:

$ docker-compose logs ftpd-server
Attaching to ftpd-server
ftpd-server      | Creating user...
ftpd-server      | Password:
ftpd-server      | Enter it again:
ftpd-server      | Setting default port range to 30000:30009
ftpd-server      | Adding passive port range
ftpd-server      | Starting Pure-FTPd:
ftpd-server      |   pure-ftpd -c 5 -C 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P localhost -s -A -j -Z -H -4 -E -R -G -X -x   -p30000:30009

Now, I've mapped docker-machine ip to a dev.local host in hosts file.
If I try to log in using filezilla client with test:test@dev.local, I get

Error:	Directory listing aborted by user
Status:	Disconnected from server
Status:	Resolving address of dev.local
Status:	Connecting to 192.168.99.100:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 5 of 5 allowed.
Response:	220-Local time is now 12:16. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	500 This security scheme is not implemented
Command:	AUTH SSL
Response:	500 This security scheme is not implemented
Status:	Insecure server, it does not support FTP over TLS.
Command:	USER test
Response:	331 User test OK. Password required
Command:	PASS ****
Response:	230 OK. Current directory is /
Command:	OPTS UTF8 ON
Response:	200 OK, UTF-8 enabled
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (127,0,0,1,117,49)
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server

In the docs it says I can test the connection from the "host machine" but if I ssh into VirtualBox's boot2docker with docker-machine ssh and then run ftp -p localhost 21 it says -sh: ftp: not found.

So...

1. How can I use filezilla to see the test user contents?
2. How can I test the ftp connection from another container? (using /bin/ftp?)

This is my very first time working with FTP servers, so please, forgive my ignorance.

[stilliard]

Hi @Frondor ,

No problem, I think the problem is that you need to bind your docker machine IP to pure-ftpd as the PUBLICHOST instead of localhost.
This should fix it I think, this is one of the more tricky aspects for these FTP containers.

[Frondor]

Worked! Thank you!

[stilliard]

You're welcome, glad it worked :).

I'd love to add a add a section about docker-machine to the readme file in case anyone else runs into any issues, if you have any notes from your experience with it using ftp let me know 👍

[Frondor]

Thank you Andrew!!

Actually, It didn't really fix the problem. I just changed Filezilla settings to always use Active mode instead of passive.
Something is wrong about it, and I can only browse the containers filesystem via FTP client in active mode.
It's hard to know what is happening with my limited knowledge.

This works. It allows me to use Filezilla client from Windows to access container's filesystem. It uses docker-machine ip which is 192.168.99.100 and I have to run it like this

export PUBLICHOST=$(docker-machine ip) && docker-compose up -d

compose service:

  ftp-server:
    container_name: ftp-server
    image: stilliard/pure-ftpd:hardened
    ports:
       - "21:21"
       - "30000-30009:30000-30009"
    environment:
      PUBLICHOST: ${PUBLICHOST:-192.168.99.100}
      FTP_USER_NAME: "test"
      FTP_USER_PASS: "test"
      FTP_USER_HOME: "/home/test"
    restart: on-failure

But in the test runner I'm trying to implement this, only the first test passes

  FTP Driver
    ✓ return false when file doesn't exists (71ms)
    ✖ return true when file exists (5s)
    ✖ get and put file content (5s)
    ✖ append file content (5s)
    ✖ prepend file content (5s)
    ✖ delete file (5s)
    ✖ copy file (5s)
    ✖ move file (5s)

If i ignore the PUBLICHOST variable and let the image use its default, some tests pass, but it still fail at some point with an ERRCONNRESET, and also it stops me from using the Filezilla client, since the server is no longer using the external address

  FTP Driver
    ✓ return false when file doesn't exists (47ms)
    ✓ return true when file exists (62ms)
    ✓ get and put file content (56ms)
    ✓ append file content (124ms)
events.js:183
      throw er; // Unhandled 'error' event
      ^

Error: read ECONNRESET
    at _errnoException (util.js:1022:11)
    at TCP.onread (net.js:628:25)

Filezilla logs now:

Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (127,0,0,1,117,48)
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server

If I go to Filezilla client settings and change the default transfer mode to active, it works. I can use it.

So finally, I went for mcreations/ftp image which looks like it allows the tests to run just fine. But I can't set the HOST variable to docker-machine ip because the tests fail (although it allows me to use Filezilla).

---

So basically I found two problems. The first is that I can't use something like PUBLICHOST=0.0.0.0 with docker-pure-ftpd to execute the test runner, and use Filezilla client at the same time to see the container's contents. I need to either specify a 127.0.0.1 (for tests to work) or 192.168.99.100 (machine ip for ftp client).

The second problem I find with this image, is some sort of timeout or connection limit when running tests. It would be good to let every param of the Dockerfile.CMD to be settable via environment variables passed to the service, just like PUBLICHOST

This is the project in which I'm trying to implement this image for running FTP tests:
https://github.com/Frondor/node-flydrive

And this is the PR where I explain how to run the tests:
Slynova-Org/flydrive#54

Edit: I'll re-open this in case we start some sort of research in case we find a solution. But feel free to close it again anytime.

[stilliard]

Hi @Frondor,

Thanks for the detailed information on this.
I've not used docker-machine before so sorry I'm not super helpful on this.

Ref the 1st point about the IP, i'm just double checking but does your test connect to FTP via the docker-machine ip as well?

& the 2nd point about changing the other parts of the Dockerfile, you sure can in your docker-compose file by setting the command:

Our default is "/run.sh -c 5 -C 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST" but I believe in the docker-compose file you can change this to whatever you want, e.g. for the timeouts you mentioned, I suspect this is the idle time kicking in which you can set with -I 300 or --maxidletime 300 to set this to 5 minutes.
You can find a full list of flags to pass here: https://linux.die.net/man/8/pure-ftpd

Hope this helps out.

[Warfront1]

Same exact issue, here is how to reproduce:

version: '3.1'

services:
  ftps_server:
    image: stilliard/pure-ftpd:buster-latest@sha256:80ce2a218c58972f7c428b9bb112b32b5bd57ecd7dde458f22f8977e8db8ad5b
    ports:
      - "30000-30009:30000-30009"
      - "21:21"
    environment:
      - "PUBLICHOST=ftps_server"
      - "ADDED_FLAGS=-d -d -b --tls 2"
      - "TLS_CN=ftps_server"
      - "TLS_ORG=Demo"
      - "TLS_C=UK"
      - "TLS_USE_DSAPRAM=true"
      - "FTP_USER_NAME=bob"
      - "FTP_USER_PASS=12345"
      - "FTP_USER_HOME=/home/ftpusers/bob"
    hostname: ftps_server
    volumes:
      - ftp_tls:/etc/ssl/private/
  ftps_client:
    image: jlesage/filezilla:v1.28.0@sha256:d9286b92bc1cc98d0802e621fc2a4b806dd4512d8eca18970d7ba486aea8e750
    ports:
      - "5800:5800"
    links:
      - ftps_server
volumes:
  ftp_tls:

Steps:

1. Docker-compose up
2. On host machine in your web browser of choice navigate to: http://localhost:5800/
3. On the quick connect section fill out the following details:
   a) Host: ftps_server
   b) Username: bob
   c) Passowrd: 12345
   d) You can leave the port blank
4. Press the "Quickconnect" button, and accept all unknown certificate errors/pop ups that occur.\
5. Congratulations you are now connected, and can upload/download/delete/create anything you want on the ftps_server

-- Now go to the host machine
Use your favorite ftp client (I'm on windows using filezilla)

1. On the quick connect section fill out the following details:
   a) Host: ftps_server
   b) Username: bob
   c) Passowrd: 12345
   d) You can leave the port blank
   -- Does not work (obviously)
2. On the quick connect section fill out the following details:
   a) Host: localhost
   b) Username: bob
   c) Passowrd: 12345
   d) You can leave the port blank
   -- You are prompted for a certificate unknown, but get this error: "500 I won't open a connection to ::1%3666957829 (only to 172.19.0.1)"
3. On the quick connect section fill out the following details:
   a) Host: localhost
   b) Username: bob
   c) Passowrd: 12345
   d) You can leave the port blank
   -- You are prompted for a certificate unknown, but get this error: "500 I won't open a connection to ::1%3666957829 (only to 172.19.0.1)"
4. On the quick connect section fill out the following details:
   a) Host: Put your host machines local ip address here (host.docker.internal on my dev machine)
   b) Username: bob
   c) Passowrd: 12345
   d) You can leave the port blank
   -- You hang at "Retrieving directory listing..."

Other Notes:
Just as the original bug report suggests switching the PUBLICHOST env variable to the host machines local ip address here (host.docker.internal on my dev machine) will inverse the test results. Simply put you will then not be able to access the ftps server from within the compose network, but will be able to access from your host machine.