Open millermarkj opened 5 years ago
I was able to resolve this issue with multiple changes to the Dockerfile and other components:
phusion/baseimage should not be using the latest
tag! The "Getting started now" documentation on the main page recommends calling out a specific version. In the Dockerfile, I switched from:
FROM phusion/baseimage:latest
to
FROM phusion/baseimage:0.11
This has the benefit of updating to 18.04, however...
Now syslog-ng
won't start. You need to pull in your own syslog-ng.conf. I created a new syslog-ng directory under config, put a copy of syslog-ng.conf in there, and copied it in with
COPY syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
You'll need to update the version at the top, changing
@version: 3.5
to
@version: 3.13
Then you'll need to update line 56 to remove the backtick (`) from the comment. I replaced mine with a standard single-quote (') char.
Now you need to grant the NET_ADMIN permissions to your container. It's possible this is the only part that's needed to change, but I wanted it running the 18.04 phusion/baseimage anyhow. I'm using docker-compose, so add the following to your docker-compose.yml:
cap_add:
- NET_ADMIN
If you're running directly from the prompt without making changes, you'd call it as:
docker run \
-v /host/config/path:/config \
-p 22:22 -d markusmcnugen/sftp \
--cap-add=NET_ADMIN \
user:pass:::upload
I'll be submitting a change up to git as soon as I can figure out how.
The container starts without errors. The fail2ban process starts but cannot execute any bans because it doesn't appear to have permissions to call iptables:
(I've redacted the IPs included here)
Any ideas?