A rsync/sshd server for storing/providing files. This image can support rsync, scp and sftp access (via docker build arguments). As default rsync over ssh and scp are enabled.
Access is only allowed via public key authentication.
This docker container uses two volumes:
/home/data- base path for storing data/var/local/etc/ssh- volume to store SSH host keys
docker run -p 2200:22 -e AUTHORIZED_KEYS="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjWn9ccu2hU/5o5CYbz4qj5FW+7SGgby39rgVHOqGuQ test-key" -v rsync_ssh:/var/local/etc/ssh -v rsync_data:/home/data rsync-server:latest
This creates two volumes rsync_ssh and rsync_data to store persistent data. rsync_ssh has the generated SSH host keys, rsync_data will receive all files.
rsync -av -e "ssh -p 2200" mydir data@<docker-host>:
will sync your local mydir directory to the rsync_data volume of the docker host.
Use the build-args RSYNC, SCP and SFTP to enable/disable those protocols. As default RSYNC and SCP are enabled.
docker build -t rsync-server --build-arg SCP=1 --build-arg SFTP=1 --build-arg RSYNC=0 .
You can also use the ALLOWED_OPTIONS enviroment variable to enable services during container start, this overrrides the build settings.
docker run -p 2200:22 -e ALLOWED_OPTIONS="allowrsync\n allowscp" rsync-server:latest
You can use the build-args USER, UID and GID to specify user name and numeric user/group id.
Defaults are USER=data, UID=1000, GID=1000.
docker build -t rsync-server --build-arg USER=user --build-arg UID=500 .
Then you can use user@container, and your volume needs to be /home/user.
There are three different ways to specifiy authorized keys for ssh access.
- Specify authorized_keys at container startup via an environment var
docker run -p 2200:22 -e AUTHORIZED_KEYS="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjWn9ccu2hU/5o5CYbz4qj5FW+7SGgby39rgVHOqGuQ test-key" rsync-server:latest
- Bind mount an existing file
docker run -p 2200:22 -v /home/user/.ssh/authorized_keys:/etc/ssh/authorized_keys:ro rsync-server:latest
- Put authorized_keys in a volume
When building the container you can use the AUTH_DIR build variable to place the authorized_keys file in the ssh key volume
docker build -t rsync-server --build-arg AUTHDIR=/var/local/etc/ssh .
Then mount the ssh key volume to some directory and modify the authorized files directly (as root).
docker run -p 2200:22 --name rsync-server -v $HOME/rsync_ssh:/var/local/etc/ssh rsync-server:latest
In this case $HOME/rsync_ssh will contain ssh host keys and the authorized_keys file.
No chroot is setup, so the data user can read system files outside his home directory via rsync/scp/sftp. But as this is only a small docker container I didn't spend any time to prevent this.