docker 部署匿名文件服务 nfs vsftp samba

Dockerfile

FROM ubuntu:25.10

RUN sed -i 's@archive.ubuntu.com@mirrors.aliyun.com@g' /etc/apt/sources.list.d/ubuntu.sources \
    && sed -i 's@archive.ubuntu.com@mirrors.aliyun.com@g' /etc/apt/sources.list.d/ubuntu.sources \
    && apt-get update \
    && apt-get -y install  nfs-kernel-server  net-tools nginx samba samba-common-bin  vsftpd \
    && mkdir -p /var/run/vsftpd/empty \
    && mkdir -p /data/apps/iso /run/samba \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

VOLUME /data/apps/iso

COPY entrypoint.sh /usr/local/bin/
COPY nfs.conf /etc/nfs.conf
COPY exports /etc/exports
COPY vsftpd.conf /etc/vsftpd/vsftpd.conf
COPY smb.conf /etc/samba/smb.conf
COPY nginx.conf /etc/nginx/nginx.conf

RUN chmod 755 /usr/local/bin/entrypoint.sh

EXPOSE 111 2049 50001 40000-40100 20 21 80 445 139

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

entrypoint.sh

#!/bin/bash
set -e

# 定义信号处理
trap 'echo "收到停止信号"; nginx -s quit; pkill -TERM smbd; pkill -TERM nmbd; exit 0' TERM INT

# 启动所有服务
echo "启动所有服务..."

# 1. 启动NFS
if command -v rpcbind &> /dev/null; then
    rpcbind -w
    mount -t nfsd nfsd /proc/fs/nfsd 2>/dev/null || true
    rpc.mountd &
    exportfs -ra
    rpc.nfsd &
    rpc.statd &
    echo "NFS服务已启动"
fi

# 2. 启动VSFTPD
if command -v vsftpd &> /dev/null && [ -f /etc/vsftpd/vsftpd.conf ]; then
    vsftpd /etc/vsftpd/vsftpd.conf &
    echo "VSFTPD已启动"
fi

# 3. 启动Samba
if command -v smbd &> /dev/null; then
    if [ -f /etc/samba/smb.conf ]; then
        testparm -s > /dev/null
    fi
    smbd -D --no-process-group &
    nmbd -D --no-process-group &
    echo "Samba已启动"
fi

# 4. 启动Nginx（前台运行）
if command -v nginx &> /dev/null; then
    nginx -g "daemon off;" &
    NGINX_PID=$!
    echo "Nginx已启动 (PID: $NGINX_PID)"
fi

# 等待所有子进程
wait

start_images.sh

docker run -d \
  --name file_servers \
  --privileged \
  --cap-add=SYS_ADMIN \
  --cap-add=SYS_MODULE \
  -v /data/apps/iso:/data/apps/iso \
  -p 2049:2049 \
  -p 111:111 \
  -p 50001:50001 \
  -p 21:21 \
  -p 20:21 \
  -p 40000-40100:40000-40100 \
  -p 445:445 \
  -p 139:139 \
  -p 80:80 \
  anonymous_file_servers:v2

服务测试

docker logs -f file_servers

启动所有服务...
NFS服务已启动
VSFTPD已启动
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

Samba已启动
Nginx已启动 (PID: 21)

vsftpd.conf

# vsftpd 匿名访问配置
listen=YES
listen_ipv6=NO
anonymous_enable=YES
local_enable=NO
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_world_readable_only=NO
anon_root=/data/apps/iso
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

# 匿名用户设置
anon_umask=000
anon_max_rate=0
no_anon_password=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO

# 连接限制
max_clients=100
max_per_ip=20

# 被动模式设置
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100
pasv_address=192.168.56.101
pasv_promiscuous=YES

# 日志设置
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log

smb.conf

# Samba 匿名访问配置
[global]
   workgroup = WORKGROUP
   server string = 匿名文件服务器 (192.168.56.101)
   netbios name = 192-168-56-101
   security = user
   map to guest = Bad User
   guest account = root
   guest ok = yes
   guest only = no
   guest account = root
   map to guest = Bad User
   dns proxy = no
   wins support = yes
   log file = /var/log/samba/log.%m
   max log size = 1000
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = no
   passwd program = /usr/bin/passwd %u
   pam password change = yes
   map to guest = Bad User
   usershare allow guests = yes

# 主共享目录
[AnonymousShare]
   path = /data/apps/iso
   browseable = yes
   read only = no
   guest ok = yes
   guest only = yes
   public = yes
   writable = yes
   create mask = 0777
   directory mask = 0777
   force create mode = 0777
   force directory mode = 0777
   force user = root
   force group = root
   map archive = no
   map hidden = no
   map read only = no
   map system = no
   store dos attributes = no

# 上传目录
[Upload]
   path = /data/apps/iso
   browseable = yes
   read only = no
   guest ok = yes
   public = yes
   writable = yes
   create mask = 0777
   directory mask = 0777

# 下载目录
[Download]
   path = /data/apps/iso
   browseable = yes
   read only = yes
   guest ok = yes
   public = yes
   writable = no
   create mask = 0777
   directory mask = 0777

nginx.conf

user root;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;

events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
}

http {
    # 基本设置
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # 日志格式
    log_format iso_download '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log iso_download;

    # 性能优化
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 0;  # 不限制上传大小

    # 下载优化
    client_header_buffer_size 1k;
    large_client_header_buffers 4 4k;
    output_buffers 1 32k;
    postpone_output 1460;

    # 大文件传输优化
    directio 4m;
    directio_alignment 512;

    # 文件缓存
    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    # 包含服务器配置
    include /etc/nginx/conf.d/*.conf;


    # ISO 下载服务器配置
server {
    listen 80;
    server_name _;


    # ISO 下载目录
    location / {
        root /data/apps/iso/;

        # 开启目录列表
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        charset utf-8;

        # 文件列表样式
        autoindex_format html;

        # 添加 Content-Type
        types {
            application/octet-stream iso img bin;
        }

        # 限制访问速率（可选）
        # limit_rate 10m;

        # 大文件优化
        sendfile_max_chunk 512k;

        # 文件缓存
        open_file_cache max=1000 inactive=20s;
        open_file_cache_valid 30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors on;

        # 禁止 POST、PUT、DELETE 等方法
        limit_except GET HEAD {
            deny all;
        }

        # 设置跨域（可选）
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Headers "Range";

        # 支持断点续传
        add_header Accept-Ranges bytes;

        # 禁止列出某些文件
        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
    }


    # 404错误页面
    error_page 404 /404.html;
    location = /404.html {
        internal;
    }

    # 403错误页面
    error_page 403 /403.html;
    location = /403.html {
        internal;
    }

    # 访问日志
    access_log /var/log/nginx/iso.access.log iso_download;
    error_log /var/log/nginx/iso.error.log warn;
}

}

nfs.conf

[lockd]
port=50000
udp-port=50000
[mountd]
port=50001
[statd]
port=50002