February 4, 20251 yr Greeting Ladies and Gents, I manage a server for a friend's machine shop. They have an old Sharp copier that they use for blueprints (works great) and scanning to the server. I had Proftpd setup since the only protocol the old server uses for scanning to network is FTP. (I told you that the copier is old.) Proftpd no longer works in Unraid 7.0 so I need an alternative. Any suggestions?
February 4, 20251 yr Community Expert CrushFTP works well on UNRAID, but it is a bit too much for that pupose.
February 4, 20251 yr Author Yes, I did search apps but it seemed that the tools I see there are for downloading from an FTP source (that is, if I understand their descriptions correctly)
February 4, 20251 yr Community Expert 4 minutes ago, rdagitz said: for downloading from an FTP source As I said: look at CrushFTP. Its a server where the scanner can send his files too (after it has been configured proper
February 7, 20251 yr Community Expert 10 hours ago, rdagitz said: Any guidance on that? Dunno what you need. Simply you set up a User, give him access to share(s) and thats it. CrushFTP just can do so many more things that might confuse you at first. But if you keep it simple, there should not be a big problem.
February 7, 20251 yr Author When you say "set up a user and give access to share(s)" do you mean in Unraid, in CrushFTP or both? I am very familiar with Unraid but feel like I am poking around in the dark on CrushFTP.
February 7, 20251 yr Community Expert I prefer to use ssh and sftp. You can install a docker and setup user profiles with a fail2ban to protect your self and configure a secusre ftp instance... port 22 Unriad has a builtin ftp server. review in docs: https://docs.unraid.net/unraid-os/manual/shares/network-access/ Unriad has a builtin ssh server. I run and recomend: Base: phusion/baseimage:master-amd64 Size: 357MB Application: https://www.openssh.com/ Application Version: Latest when docker was built on 03/22/2021 Docker Hub: https://hub.docker.com/r/markusmcnugen/sftp/ Github: https://github.com/MarkusMcNugen/docker-sftp Runnign that docker, I add this aditional data to the docker template.. admin user as seen here is the default user and has full acceess... note other "ftp/secure ssh sftp users" Using this methiod Logan only has access to the path set to profile. If I want another path for logan to login to use i would add a path for /home/logan/data so when filezilla / sftp access logan will see profile and data and can only access that data... recomend ssh_cofig: # Secure SSHD Configuration # Based on best practices and secure defaults # Protocol and Key Settings Protocol 2 HostKey /config/sshd/keys/ssh_host_ed25519_key HostKey /config/sshd/keys/ssh_host_rsa_key KexAlgorithms curve25519-sha256,[email protected] Ciphers [email protected],[email protected] MACs hmac-sha2-512,hmac-sha2-256 # Authentication PermitRootLogin no #PasswordAuthentication no # Disable password authentication (use keys only) #PubkeyAuthentication yes # Enable public key authentication AuthorizedKeysFile %h/.ssh/authorized_keys # Login Grace and Timeouts LoginGraceTime 0 # Allow 30 seconds to authenticate MaxAuthTries 2 # Limit failed login attempts #MaxSessions 2 # Restrict concurrent sessions # Connection Settings UseDNS no AllowTcpForwarding no GatewayPorts no PermitTunnel no # SFTP and Chroot Jail Subsystem sftp internal-sftp ForceCommand internal-sftp ChrootDirectory %h AllowAgentForwarding no # Logging and Monitoring SyslogFacility AUTH LogLevel INFO # Detailed logging for debugging and monitoring # Additional Security #ClientAliveInterval 300 # Disconnect idle clients after 5 minutes #ClientAliveCountMax 2 # Allow two keep-alive messages before disconnection #AllowUsers sftpuser # Restrict access to specific users (modify as needed) DenyUsers root # Explicitly deny root login # Host Key Algorithms (Optional: Ensure older clients can connect) HostKeyAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256 review other options here: https://linux.die.net/man/5/sshd_config example users_config *This is what generates the accounts for ssh / sftp for ftp access admin:password:1000:100 brandon:password:1001:100 will:password:1002:100 elliott:password:1003:100 logan:password:1004:100 chris:password:1005:100 so logan can login with user logan and passowrd password ... Run docker once to generate files go into the appdata sshd folder and make the above files for you ftp users... as this also comes prepackaged with fail2ban and a jails.conf to help limit ssh/ftp attacks... edit the jails.conf and adjust times... see more: https://manpages.debian.org/experimental/fail2ban/jail.conf.5.en.html # "bantime" is the number of seconds that a host is banned. bantime = 86400 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 3600 # "maxretry" is the number of failures before a host get banned. maxretry = 2 hour locks 24hour ban if failure. you can console to the docker and run a simple comand to unban... list banned IPs (to confirm the ban): fail2ban-client status <jail-name> fail2ban-client set <jail-name> unbanip <IP-address> example: fail2ban-client set sshd unbanip 192.168.2.251 This is my recomend scure way to run a sftp server where things are isolated and you have proptecton against bad actors... Edited February 7, 20251 yr by bmartino1 typo
February 7, 20251 yr Community Expert simlar to sftp, crush ftp is a docker install for ftp (port 21) here like filezilla, you can use a web http page to configure your ftp server: Edited February 7, 20251 yr by bmartino1
February 7, 20251 yr Community Expert you can also make your own docker image and run Proftpd example docker file: # Use an official Ubuntu image as the base FROM ubuntu:20.04 # Set environment variables to prevent interactive prompts ENV DEBIAN_FRONTEND=noninteractive # Update the package list and install ProFTPD RUN apt-get update && \ apt-get install -y proftpd && \ apt-get clean # Configure ProFTPD to run in standalone mode RUN sed -i 's/^#ServerType\s*inetd/ServerType standalone/' /etc/proftpd/proftpd.conf && \ sed -i 's/^#DefaultRoot.*/DefaultRoot ~/' /etc/proftpd/proftpd.conf && \ sed -i 's/^#RequireValidShell.*/RequireValidShell off/' /etc/proftpd/proftpd.conf # Add an FTP user (username: ftpuser, password: ftpuserpass) RUN useradd -m -d /home/ftpuser -s /bin/false ftpuser && \ echo "ftpuser:ftpuserpass" | chpasswd # Set permissions for the FTP user's home directory RUN mkdir -p /home/ftpuser/ftp && \ chown ftpuser:ftpuser /home/ftpuser/ftp # Expose port 21 for FTP EXPOSE 21 # Start ProFTPD in foreground mode CMD ["proftpd", "--nodaemon"] build the docker file: docker build -t proftpd-server . example docker run command: docker run -d --name proftpd-container -p 21:21 proftpd-server *Atempte to reuse your old proftpd temapte and repalce the repo for proftpd-server to use your docker... Edited February 7, 20251 yr by bmartino1
February 8, 20251 yr Community Expert No News is good news... as there also other premade docker images out there... one could use the docker compose plugin and using a premade proftpd docker: Example: https://hub.docker.com/r/pockost/proftpd with compose file: proftpd: image: pockost/proftpd volumes: - ./proftpd.conf:/usr/local/etc/proftpd.conf - ./data/ftp:/data - ./data/ssh:/etc/ssh links: - mysql ports: - "20:20" - "21:21" - "22:22" - "60000-60100:60000-60100" mysql: image: mariadb ports: - 3306:3306 environment: - MYSQL_ROOT_PASSWORD=password - MYSQL_DATABASE=proftpd or make a custum unraid template example: https://github.com/MekayelAnik/proftpd-server-alpine services: proftpd-server-alpine: image: mekayelanik/proftpd-server-alpine:latest container_name: proftpd-server-alpine environment: - TZ=Asia/Dhaka - FTP_PORT=21 - NUMBER_OF_SHARES=4 - FTP_SHARE_1=SHARE_1 - FTP_PASSWORD_1=PASS_1 - FTP_SHARE_1_PUID=1001 - FTP_SHARE_1_PGID=1001 - FTP_SHARE_2=SHARE_2 - FTP_PASSWORD_2=PASS_2 - FTP_SHARE_2_PUID=1002 - FTP_SHARE_2_PGID=1002 - FTP_SHARE_3=SHARE_3 - FTP_PASSWORD_3=PASS_3 - FTP_SHARE_3_PUID=1003 - FTP_SHARE_3_PGID=1003 - FTP_SHARE_4=SHARE_4 - FTP_PASSWORD_4=PASS_4 - FTP_SHARE_4_PUID=1004 - FTP_SHARE_4_PGID=1004 volumes: - /mnt/Vol1:/data/SHARE_1 - /mnt/Vol1:/data/SHARE_2 - /mnt/Vol1:/data/SHARE_3 - /mnt/Vol1:/data/SHARE_4 restart: unless-stopped and https://hub.docker.com/r/instantlinux/proftpd and make a custom unriad template with docker variables: I will glady help where I can. As I have had some experience 10ish years ago on those sharp scanners and setting up a connection...
February 9, 20251 yr Author Amazing information! Thank you. When I get the opportunity to get to that shop I will try some of these options and see if I hit pay dirt. I'll make sure to post back and let you know how it goes. Thanks again
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.