When you need to FTP, but don't want to.
unFTP is a FTP(S) server written in Rust and built on top of libunftp and the Tokio asynchronous run-time. It is unlike your normal FTP server in that it provides:
With unFTP, you can present RFC compliant FTP(S) to the outside world while freeing yourself to use modern APIs and techniques on the inside of your perimeter.
Precompiled binaries for unFTP are available for Linux and macOS. These binaries are static executables.
You'll need Rust 1.45 (including cargo) or higher to build unFTP.
Run make help to see an overview of the supplied make targets.
unFTP offers optional features in its Cargo.toml:
pam: enables the PAM authentication modulejsonfile_auth: enables the JSON file authentication modulecloud_storage: enables the Google Cloud Storage (GCS) storage backendBoth command line arguments and environment variables are available in unFTP. To show a list of available program arguments:
sh
unftp --help
To run with default settings:
sh
unftp
Example running an instance with a filesystem back-end and custom port:
sh
unftp \
--root-dir=/home/unftp/data \
--bind-address=0.0.0.0:2121 \
--passive-ports=50000-51000 \
-vv
With FTPS enabled:
```sh
openssl req \ -x509 \ -newkey rsa:2048 \ -nodes \ -keyout unftp.key \ -out unftp.crt \ -days 3650 \ -subj '/CN=www.myunftp.domain/O=My Company Name LTD./C=NL'
unftp \ --root-dir=/home/unftp/data \ --ftps-certs-file=/home/unftp/unftp.crt \ --ftps-key-file=/home/unftp/unftp.key \ --ftps-required-on-control-channel=all ```
Enabling the Prometheus exporter on (http://../metrics), binding to port 8080:
sh
unftp \
--bind-address=0.0.0.0:2121 \
--bind-address-http=0.0.0.0:8080 \
--root-dir=/home/unftp/data
Run with the GCS (Google Cloud Storage) back-end:
sh
unftp \
--sbe-type=gcs \
--sbe-gcs-bucket=mybucket \
--sbe-gcs-key-file=file
Run behind a proxy in proxy protocol mode:
sh
unftp \
--proxy-external-control-port=2121
Run sending logs to a Redis list:
sh
unftp \
--log-redis-host=2121 \
--log-redis-key=logs-key \
--log-redis-port=6379
Authenticate with credentials stored in a JSON file:
Create a credentials file (e.g. credentials.json):
json
[
{
"username": "alice",
"password": "12345678"
},
{
"username": "bob",
"password": "secret"
}
]
sh
unftp \
--auth-type=json \
--auth-json-path=credentials.json
The project contains templated Dockerfiles . To get a list of available commands, run:
sh
make help
We offer 3 different options for building an unFTP docker image:
scratch: builds the binary in rust:slim and deploys in a FROM scratch image.alpine (default): builds in rust:slim and deploy in alpine. This image is built with musl instead of a full-blown libc.alpine-debug: same images as alpine but using the debug build of unftp and adds tools like lftpTo build the alpine docker image:
sh
make docker-image-alpine
Alternatively you can download pre-made images from docker hub:
sh
docker pull bolcom/unftp:v0.12.1-alpine
Example running it:
sh
docker run \
-e ROOT_DIR=/ \
-e UNFTP_LOG_LEVEL=info \
-e UNFTP_FTPS_CERTS_FILE='/unftp.crt' \
-e UNFTP_FTPS_KEY_FILE='/unftp.key' \
-e UNFTP_PASSIVE_PORTS=50000-50005 \
-e UNFTP_SBE_TYPE=gcs \
-e UNFTP_SBE_GCS_BUCKET=the-bucket-name \
-e UNFTP_SBE_GCS_KEY_FILE=/key.json \
-p 2121:2121 \
-p 50000:50000 \
-p 50001:50001 \
-p 50002:50002 \
-p 50003:50003 \
-p 50004:50004 \
-p 50005:50005 \
-p 8080:8080 \
-v /Users/xxx/unftp/unftp.key:/unftp.key \
-v /Users/xxx/unftp/unftp.crt:/unftp.crt \
-v /Users/xxx/unftp/the-key.json:/key.json \
-ti \
bolcom/unftp:v0.12.1-alpine
You're free to use, modify and distribute this software under the terms of the Apache-2.0 license.