Using a local FTPS Server for Testing
A quick tutorial on how to setup an FTPS-server on a local Docker instance. #
- “Hey, wait a second, you have already written about this, right?”
Close, but not quite. The last time I have written about using SFTP. This time is about FPTS.
- “So, what’s the difference”
Simply put, FTPS is the same as FTP but on an additional TLS layer. Whereas SFTP is a separate protocol based on SSH.
This article won’t go any deeper in explaining the difference. There are plenty others out there who have already done a great job in doing so.
Let’s get started.
Three directory are needed:
/Users/youruser/ftps/data: The directory where all data for up- and downloading files go./Users/youruser/ftps/passwd: A directory that holds the servers password file./Users/youruser/ftps/ssl: The directory where all the TLS specific files go.
The last two are not really needed, but things go a little faster when they are being used.
The TLS certificates are being created automatically in case they do not exist. By mapping the certificate directory to a directory on the host, the certificates won’t be generated again when a new container instance comes up.
Of course, you can place your own certificates in that directory as well.
Make sure though, that Docker has the privilege to map and write these directories. I am using Docker Desktop for Mac and can add the directories in the settings.
This time I have put the whole configuration in a handy docker-compose.yml:
version: '3'
services:
ftps:
image: stilliard/pure-ftpd
container_name: ftps
ports:
- "21:21"
- "30000-30009:30000-30009"
volumes:
- "/Users/youruser/ftps/data:/home/foo/"
- "/Users/youruser/ftps/passwd:/etc/pure-ftpd/passwd"
- "/Users/youruser/ftps/ssl:/etc/ssl/private/"
environment:
PUBLICHOST: "localhost"
FTP_USER_NAME: foo
FTP_USER_PASS: pass
FTP_USER_HOME: /home/foo
ADDED_FLAGS: "--tls=2"
TLS_CN: "localhost"
TLS_ORG: "YourOrg"
TLS_C: "DE"
As usual we bring it up with docker-compose up -d and check the logs if everything gets up correctly with docker-compose logs -f.
For a test I am using Cyberduck.
After starting CyberDuck, a new connection has to be created.
Now, we are ready to connect.
Upon connecting, a message comes up stating that a failure occurred upon certificate trust verification. This is fine, because for testing purposes the certificate has been generated by us and not by an official authority.
Before the test, I have created two files in the /Users/youruser/ftps/data-directory, which we can see now after being connected.
A file can be downloaded with a double-click. Again, the message about the certificate trust verification comes up which is fine.
Another message comes up after the file has been downloaded which concludes this post.
Thanks for reading. Hope it helped!
Feel free to buy me a coffee if you liked this post.