Set up an FTP Server for your WQHD Camera using Docker

Update: This tutorial only works with Active (PORT Mode) uploads. For Passive (PASV) mode please read our tutorial Set up a Passive FTP Server for your WQHD Camera using Docker

Update: Extended tutorial to Set up a Secure FTP Server for your WQHD Camera using Docker by adding TLS encryption.

Q: I want to use my cameras FTP service to upload alarm recordings and snapshot series to my Linux Server (Raspberry Pi).

A: The simplest way would be to use your Internet Router as FTP Server. If you want to use a Linux Server like an Raspberry Pi we recommend using the sFTP Service instead of FTP or FTPS. But of course you can also set up your own FTP server instead. I would recommend building an vsftpd Docker image for this task.

Preparing the Docker Image

Start by creating a work directory and your Dockerfile, e.g. :

mkdir -p /opt/vsftpd/ftpuser && cd /opt/vsftpd
nano Dockerfile

And add the following content:

# Dockerfile for vsftpd on CentOS7
FROM centos:7

MAINTAINER m.polinowski@instar.com

RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all

COPY vusers.txt /etc/vsftpd/
RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; \
	chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
COPY vsftpd.conf /etc/vsftpd/
COPY vsftpd.virtual /etc/pam.d/
RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp

EXPOSE 20 21

CMD ["/usr/sbin/vsftpd","-obackground=NO"]

This Dockerfile will take the CentOS as a base image - this can be replaced by any flavour of Enterprise Linux. The next step installs the vsftpd service and creates the FTP User account for us. After that we need to copy the following configuration files into the image - all of the need to be created in the same directory where we placed our Dockerfile:

FTP User Login

vusers.txt

ftpuser
mypassword

This is the user we will have to use to connect to the FTP server - change both the username and password according to your needs.

FTP User Configuration

vsftpd.virtual

#%PAM-1.0
auth       required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
account    required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
session    required     pam_loginuid.so

Server Configuration

vsftpd.conf

anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
pam_service_name=vsftpd.virtual
guest_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Let's start with a very basic configuration.

Starting the Docker Container

Build the Image

With those 4 files in place we are now ready to build our Docker image:

docker build -t vsftpd .

Export the Image (Optional)

This will have build our image and named it vsftpd. We can export this image and place it where we need it - skip this step if you are already on the system you want to use for your server:

docker save -o vsftpd.docker vsftpd:latest

Copy the exported vsftpd.docker file to your offline PC and import it:

docker load -i vsftpd.docker

Run the Container

Make sure that the FTP user directory exists and can be written to by your Docker user:

mkdir -p /opt/vsftpd/ftpuser
chmod 755 -R /opt/vsftpd/*

Make sure that the home directory /opt/vsftpd/ftpuser is set to 777 to prevent the FTP write error ftp 550 Create directory operation failed. or 553 Could not create file.

And run the container with - note if you build the image locally it will be called vsftpd:latest. If you imported it it will be called localhost/vsftpd:latest and you have to change the name below:

docker run -d \
    --name vsftpd \
    --net=host \
    --privileged \
    --rm \
    -v /opt/vsftpd/ftpuser/:/home/vftp/ftpuser/ \
    vsftpd:latest

Verify that the Server is Operational

We can now verify that our server is active for example with the lftp client (apt install lftp):

lftp -d -u ftpuser 192.168.2.111
Password: mypassword
---- Resolving host address...
---- 1 address found: 192.168.2.111

Use your FTP servers IP address, e.g. 192.168.2.111, and your FTP login, e.g. ftpuser/mypassword, to login. Use the ls command to see details about your connection:

lftp ftpuser@192.168.2.111:~> ls
---- Connecting to 192.168.2.111 (192.168.2.111) port 21
<--- 220 (vsFTPd 3.0.2)
---> FEAT
<--- 211-Features:
<---  EPRT
<---  EPSV
<---  MDTM
<---  PASV
<---  REST STREAM
<---  SIZE
<---  TVFS
<---  UTF8
<--- 211 End
---> AUTH TLS
<--- 530 Please login with USER and PASS.
---> OPTS UTF8 ON
<--- 200 Always in UTF8 mode.
---> USER ftpuser
<--- 331 Please specify the password.
---> PASS XXXX
<--- 230 Login successful.
---> PWD
<--- 257 "/"
---> PASV
<--- 227 Entering Passive Mode (192,168,2,111,47,12).
---- Connecting data socket to (192.168.2.111) port 12044
---- Data connection established
---> LIST
<--- 150 Here comes the directory listing.
---- Got EOF on data connection
---- Closing data socket
-rwxr-xr-x    1 ftp      ftp        194654 Dec 29 07:16 T21122908162800.jpg
<--- 226 Directory send OK.
---- Closing idle connection
---> QUIT
<--- 221 Goodbye.
---- Closing control socket

Or in a more graphical way use Filezilla:

Set up an FTP Server for your WQHD Camera using Docker

Make sure that you use the Active aka Port mode here:

Set up an FTP Server for your WQHD Camera using Docker

Try to connect and create a folder inside the home director. If you see ftp 550 Create directory operation failed. you have to re-run chmod 755 /opt/vsftpd/ftpuser to make sure that you have write permissions.

Connecting an INSTAR IP Camera

Make sure to set the Mode to PORT:

Full HD Cameras

Set up an FTP Server for your WQHD Camera using Docker

WQHD Cameras

Set up an FTP Server for your WQHD Camera using Docker