Docker
使用 kubernetes 的 Ftps 伺服器無法正常工作
ftps-filezilla 和 Kubernetes 有幾個星期的問題。
上下文:
我有一個使用 Kubernetes 和 ftps 的學校項目。我需要在 kubernetes 的 21 埠創建一個 ftps 伺服器,它需要在 alpine linux 上執行。因此,我使用 docker 容器創建了我的 ftps-alpine 伺服器的映像。我測試它,如果它自己正常工作:使用
docker run --name test-alpine -itp 21:21 test_alpine
我在 filezilla 中有這個輸出:Status: Connecting to 192.168.99.100:21… Status: Connection established, waiting for welcome message… Status: Initializing TLS… Status: Verifying certificate… Status: TLS connection established. Status: Logged in Status: Retrieving directory listing… Status: Calculating timezone offset of server… Status: Timezone offset of server is 0 seconds. Status: Directory listing of “/” successful
它工作成功,filezilla 看到我的 ftps 目錄中的文件我現在很好(在活動模式下工作)。
問題:
所以我想要的是在我的 kubernetes 集群中使用我的圖像(我使用 Minikube)。當我將我的 docker 映像連接到 kubernetes 中的入口服務部署時,我有:
Status: Connecting to 192.168.99.100:30894... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (192,168,99,100,178,35). Command: LIST Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
設置:
ingress.yaml : kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/rewrite-target: /$1 namespace: default name: ingress-controller spec: backend: serviceName: my-nginx servicePort: 80 backend: serviceName: ftps-alpine servicePort: 21 ftps-alpine.yml : apiVersion: v1 kind: Service metadata: name: ftps-alpine labels: run: ftps-alpine spec: type: NodePort ports: port: 21 targetPort: 21 protocol: TCP name: ftp21 port: 20 targetPort: 20 protocol: TCP name: ftp20 selector: run: ftps-alpine apiVersion: apps/v1 kind: Deployment metadata: name: ftps-alpine spec: selector: matchLabels: run: ftps-alpine replicas: 1 template: metadata: labels: run: ftps-alpine spec: - name: ftps-alpine image: test_alpine imagePullPolicy: Never ports: - containerPort: 21 - containerPort: 20
我做了什麼:
vftpd.conf seccomp_sandbox=NO pasv_promiscuous=NO listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES #secure_chroot_dir=/vsftpd/empty pam_service_name=vsftpd pasv_enable=YES pasv_min_port=20 pasv_max_port=20 user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO allow_writeable_chroot=YES #listen_port=21 pasv_address=192.168.99.100
- 將 pasv_min 和 max port 從 20 更改為 20、20 更改為 21 和 30000 更改為 34000(nodeport 範圍)。
- Listen=YES 和 Listen_ipv6=NO 等等。
- 我確實嘗試過被動模式和主動模式。
- 我將我的 pasv_address 設置為我的 minikube ip。
這是我在 stackoverflow 中的問題:https ://stackoverflow.com/questions/60458028/ftps-server-doesnt-work-properly-using-kubernetes
問題:
除了我的 kubernetes 集群,我怎樣才能成功地收到第一條消息?
如果您有任何問題需要澄清,沒問題。
它適用於以下更改:
apiVersion: v1 kind: Service metadata: name: ftps-alpine labels: run: ftps-alpine spec: type: NodePort ports: - port: 21 targetPort: 21 nodePort: 30025 protocol: TCP name: ftp21 - port: 20 targetPort: 20 protocol: TCP nodePort: 30026 name: ftp20 - port: 30020 targetPort: 30020 nodePort: 30020 protocol: TCP name: ftp30020 - port: 30021 targetPort: 30021 nodePort: 30021 protocol: TCP name: ftp30021 selector: run: ftps-alpine --- apiVersion: apps/v1 kind: Deployment metadata: name: ftps-alpine spec: selector: matchLabels: run: ftps-alpine replicas: 1 template: metadata: labels: run: ftps-alpine spec: containers: - name: ftps-alpine image: test_alpine imagePullPolicy: Never ports: - containerPort: 21 - containerPort: 20 - containerPort: 30020 - containerPort: 30021
對於 vsftpd.conf :
seccomp_sandbox=NO pasv_promiscuous=NO listen=YES listen_ipv6=NO anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES #secure_chroot_dir=/vsftpd/empty pam_service_name=vsftpd pasv_enable=YES pasv_min_port=30020 pasv_max_port=30021 user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO allow_writeable_chroot=YES #listen_port=21 pasv_address=#minikube_ip#