当前位置: 首页 > news >正文

docker 部署匿名文件服务 nfs vsftp samba

news 2026/3/27 1:51:44

Dockerfile

FROM ubuntu:25.10RUN sed -i 's@archive.ubuntu.com@mirrors.aliyun.com@g' /etc/apt/sources.list.d/ubuntu.sources \&& sed -i 's@archive.ubuntu.com@mirrors.aliyun.com@g' /etc/apt/sources.list.d/ubuntu.sources \&& apt-get update \&& apt-get -y install  nfs-kernel-server  net-tools nginx samba samba-common-bin  vsftpd \&& mkdir -p /var/run/vsftpd/empty \&& mkdir -p /data/apps/iso /run/samba \&& apt-get clean \&& rm -rf /var/lib/apt/lists/*VOLUME /data/apps/isoCOPY entrypoint.sh /usr/local/bin/
COPY nfs.conf /etc/nfs.conf
COPY exports /etc/exports
COPY vsftpd.conf /etc/vsftpd/vsftpd.conf
COPY smb.conf /etc/samba/smb.conf
COPY nginx.conf /etc/nginx/nginx.confRUN chmod 755 /usr/local/bin/entrypoint.shEXPOSE 111 2049 50001 40000-40100 20 21 80 445 139ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

entrypoint.sh

#!/bin/bash
set -e# 定义信号处理
trap 'echo "收到停止信号"; nginx -s quit; pkill -TERM smbd; pkill -TERM nmbd; exit 0' TERM INT# 启动所有服务
echo "启动所有服务..."# 1. 启动NFS
if command -v rpcbind &> /dev/null; thenrpcbind -wmount -t nfsd nfsd /proc/fs/nfsd 2>/dev/null || truerpc.mountd &exportfs -rarpc.nfsd &rpc.statd &echo "NFS服务已启动"
fi# 2. 启动VSFTPD
if command -v vsftpd &> /dev/null && [ -f /etc/vsftpd/vsftpd.conf ]; thenvsftpd /etc/vsftpd/vsftpd.conf &echo "VSFTPD已启动"
fi# 3. 启动Samba
if command -v smbd &> /dev/null; thenif [ -f /etc/samba/smb.conf ]; thentestparm -s > /dev/nullfismbd -D --no-process-group &nmbd -D --no-process-group &echo "Samba已启动"
fi# 4. 启动Nginx(前台运行)
if command -v nginx &> /dev/null; thennginx -g "daemon off;" &NGINX_PID=$!echo "Nginx已启动 (PID: $NGINX_PID)"
fi# 等待所有子进程
wait

start_images.sh

docker run -d \--name file_servers \--privileged \--cap-add=SYS_ADMIN \--cap-add=SYS_MODULE \-v /data/apps/iso:/data/apps/iso \-p 2049:2049 \-p 111:111 \-p 50001:50001 \-p 21:21 \-p 20:21 \-p 40000-40100:40000-40100 \-p 445:445 \-p 139:139 \-p 80:80 \anonymous_file_servers:v2

服务测试

docker logs -f file_servers
启动所有服务...
NFS服务已启动
VSFTPD已启动
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)Server role: ROLE_STANDALONESamba已启动
Nginx已启动 (PID: 21)

vsftpd.conf

# vsftpd 匿名访问配置
listen=YES
listen_ipv6=NO
anonymous_enable=YES
local_enable=NO
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_world_readable_only=NO
anon_root=/data/apps/iso
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO# 匿名用户设置
anon_umask=000
anon_max_rate=0
no_anon_password=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO# 连接限制
max_clients=100
max_per_ip=20# 被动模式设置
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100
pasv_address=192.168.56.101
pasv_promiscuous=YES# 日志设置
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log

smb.conf

# Samba 匿名访问配置
[global]workgroup = WORKGROUPserver string = 匿名文件服务器 (192.168.56.101)netbios name = 192-168-56-101security = usermap to guest = Bad Userguest account = rootguest ok = yesguest only = noguest account = rootmap to guest = Bad Userdns proxy = nowins support = yeslog file = /var/log/samba/log.%mmax log size = 1000panic action = /usr/share/samba/panic-action %dserver role = standalone serverpassdb backend = tdbsamobey pam restrictions = yesunix password sync = nopasswd program = /usr/bin/passwd %upam password change = yesmap to guest = Bad Userusershare allow guests = yes# 主共享目录
[AnonymousShare]path = /data/apps/isobrowseable = yesread only = noguest ok = yesguest only = yespublic = yeswritable = yescreate mask = 0777directory mask = 0777force create mode = 0777force directory mode = 0777force user = rootforce group = rootmap archive = nomap hidden = nomap read only = nomap system = nostore dos attributes = no# 上传目录
[Upload]path = /data/apps/isobrowseable = yesread only = noguest ok = yespublic = yeswritable = yescreate mask = 0777directory mask = 0777# 下载目录
[Download]path = /data/apps/isobrowseable = yesread only = yesguest ok = yespublic = yeswritable = nocreate mask = 0777directory mask = 0777

nginx.conf

user root;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;events {worker_connections 1024;use epoll;multi_accept on;
}http {# 基本设置include /etc/nginx/mime.types;default_type application/octet-stream;# 日志格式log_format iso_download '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log iso_download;# 性能优化sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;client_max_body_size 0;  # 不限制上传大小# 下载优化client_header_buffer_size 1k;large_client_header_buffers 4 4k;output_buffers 1 32k;postpone_output 1460;# 大文件传输优化directio 4m;directio_alignment 512;# 文件缓存open_file_cache max=1000 inactive=20s;open_file_cache_valid 30s;open_file_cache_min_uses 2;open_file_cache_errors on;# 包含服务器配置include /etc/nginx/conf.d/*.conf;# ISO 下载服务器配置
server {listen 80;server_name _;# ISO 下载目录location / {root /data/apps/iso/;# 开启目录列表autoindex on;autoindex_exact_size off;autoindex_localtime on;charset utf-8;# 文件列表样式autoindex_format html;# 添加 Content-Typetypes {application/octet-stream iso img bin;}# 限制访问速率(可选)# limit_rate 10m;# 大文件优化sendfile_max_chunk 512k;# 文件缓存open_file_cache max=1000 inactive=20s;open_file_cache_valid 30s;open_file_cache_min_uses 2;open_file_cache_errors on;# 禁止 POST、PUT、DELETE 等方法limit_except GET HEAD {deny all;}# 设置跨域(可选)add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";add_header Access-Control-Allow-Headers "Range";# 支持断点续传add_header Accept-Ranges bytes;# 禁止列出某些文件location ~ /\. {deny all;access_log off;log_not_found off;}}# 404错误页面error_page 404 /404.html;location = /404.html {internal;}# 403错误页面error_page 403 /403.html;location = /403.html {internal;}# 访问日志access_log /var/log/nginx/iso.access.log iso_download;error_log /var/log/nginx/iso.error.log warn;
}}

nfs.conf

[lockd]
port=50000
udp-port=50000
[mountd]
port=50001
[statd]
port=50002
http://www.jsqmd.com/news/378353/

相关文章:

  • 好用的便携式打印机品牌推荐,小篆科技口碑好实力强 - 工业品网
  • 2026年武汉不错的车位包销公司推荐,费用怎么算? - 工业品牌热点
  • 26年度花灯厂家推荐榜单:工艺传承与项目落地双维度综合评估 - 品牌推荐
  • 2026年有实力的信阳学车不排队驾校公司优质供应商推荐 - 品牌鉴赏师
  • 2026年全球GEO服务商推荐:五家服务商谁更胜一筹? - 品牌2025
  • 2026年度花灯厂家推荐榜单:工艺传承与项目落地双维度综合评估 - 品牌推荐
  • 2026年口碑好的吉象管道疏通公司排名,详细聊聊靠谱与否 - 工业品网
  • 彻底解决 ComfyUI Mixlab 插件 Whisper.available False 的报错 - 教程
  • 2026 CE认证电机行业推荐:WEG电机(无锡迈腾机电)凭三大核心优势成为首选 - 博客湾
  • 2026年知名的节能蹲便器/泡沫封堵蹲便器哪家质量好厂家推荐(实用) - 品牌宣传支持者
  • winscp、yunedit-ssh和FileZilla哪个好用
  • 2026年四川有害生物防治厂家权威榜单 科学防控长效治理 实力强劲服务到位 精准破解虫控难题 - 深度智识库
  • 聊聊四川比较好的高考一对一培训学校哪家性价比高 - mypinpai
  • 2026年最值得关注的GEO服务商:豆包GEO vs DeepSeek GEO全面对比 - 品牌2025
  • 讲讲PPH储罐哪家好及费用相关问题 - 工业设备
  • 元保亮相“金融集市”:趣味互动助推保险知识普及 - 包罗万闻
  • 2026年木里木外权威解析与推荐:智能高定重塑高端家居体验 - 品牌推荐
  • 谷物健康茶饮品牌深度评测:赛道创新与市场表现对比 - 品牌策略主理人
  • 2026年豆包GEO与DeepSeek GEO双适配服务商实测推荐 - 品牌2025
  • 2026年木里木外权威解析与推荐:智能高定如何重塑家居生活哲学 - 品牌推荐
  • OnlyOffice 平替,用 Vue3 + Vite 做了个“本地 OnlyOffice”:接入成本低到离谱!!!
  • 携程任我行卡回收新攻略 - 团团收购物卡回收
  • 2026年企业必选GEO服务商:豆包GEO+DeepSeek GEO全覆盖 - 品牌2025
  • Jenkins部署 - 教程
  • 话费卡的使用技巧和回收方法,如何避免常见错误? - 团团收购物卡回收
  • 如何安全回收话费卡?4个关键注意事项助你避坑 - 团团收购物卡回收
  • 2026 CPVC 管厂家深度解析与优质品牌推荐 TOP6 - 深度智识库
  • 2026年诚信的K9球墨铸铁管,消防铸铁管厂家优质推荐榜 - 品牌鉴赏师
  • 2026年知名的镀锌钢管,冷拔无缝钢管厂家选购参考汇总 - 品牌鉴赏师
  • 香港中巴租赁新风向:2026口碑服务商盘点,班车租赁/中巴租赁/租车/大巴租赁/租赁/商务租车/中巴租车,租赁公司选哪家 - 品牌推荐师