/addon-ftp

FTP - Community Hass.io Add-on for Home Assistant

Primary LanguageShellMIT LicenseMIT

Community Hass.io Add-ons: FTP

GitHub Release Project Stage License

Supports aarch64 Architecture Supports amd64 Architecture Supports armhf Architecture Supports armv7 Architecture Supports i386 Architecture

GitLab CI Project Maintenance GitHub Activity

Discord Community Forum

Buy me a coffee

Support my work on Patreon

A secure and fast FTP server for Hass.io

About

The FTP protocol might be come in handy sometimes. While old, it still has its use. For example, most IP Cameras still support the upload of images or videos via FTP.

This add-on provides an FTP Server for Hass.io in a reasonably secure manner. While FTP is not entirely secure by its (unencrypted) nature, this add-on supports FTP over SSL (FTPS) and jails (chroot) the virtual users in their home directories.

Of course, if you'd really want to, you could also use this add-on to again access to your Home Assistant configuration via FTP.

Installation

The installation of this add-on is pretty straightforward and not different in comparison to installing any other Hass.io add-on.

  1. Add our Hass.io add-ons repository to your Hass.io instance.
  2. Install the "FTP" add-on.
  3. Start the "FTP" add-on
  4. Check the logs of the "FTP" add-on to see if everything went well.

NOTE: Do not add this repository to Hass.io, please use: https://github.com/hassio-addons/repository.

Configuration

Note: Remember to restart the add-on when the configuration is changed.

Example add-on configuration:

{
  "log_level": "info",
  "port": 21,
  "data_port": 20,
  "banner": "Welcome to the Hass.io FTP service.",
  "pasv": true,
  "pasv_min_port": 30000,
  "pasv_max_port": 30010,
  "pasv_address": "",
  "ssl": false,
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem",
  "implicit_ssl": false,
  "max_clients": 5,
  "users": [
    {
      "username": "hassio",
      "password": "changeme",
      "allow_chmod": true,
      "allow_download": true,
      "allow_upload": true,
      "allow_dirlist": true,
      "addons": false,
      "backup": true,
      "config": true,
      "share": true,
      "ssl": false
    },
    {
      "username": "camera",
      "password": "changeme",
      "allow_chmod": false,
      "allow_download": false,
      "allow_upload": true,
      "allow_dirlist": true,
      "addons": false,
      "backup": false,
      "config": false,
      "share": true,
      "ssl": false
    }
  ]
}

Note: This is just an example, don't copy and paste it! Create your own!

Option: log_level

The log_level option controls the level of log output by the addon and can be changed to be more or less verbose, which might be useful when you are dealing with an unknown issue. Possible values are:

  • trace: Show every detail, like all called internal functions.
  • debug: Shows detailed debug information.
  • info: Normal (usually) interesting events.
  • warning: Exceptional occurrences that are not errors.
  • error: Runtime errors that do not require immediate action.
  • fatal: Something went terribly wrong. Add-on becomes unusable.

Please note that each level automatically includes log messages from a more severe level, e.g., debug also shows info messages. By default, the log_level is set to info, which is the recommended setting unless you are troubleshooting.

These log level also affects the log levels of the FTP server.

Option: port

The port the FTP will listen on for incoming FTP connections.

Option: data_port

The port from which PORT style connections originate.

Option: banner

This string option allows you to provide the greeting banner displayed by the FTP server when a connection first comes in.

Option: pasv

Set to false if you want to disallow the PASV method of obtaining a data connection. For more information about passive versus active FTP, see this excellent Stack Overflow answer.

Option: pasv_min_port

The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.

Option: pasv_max_port

The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.

Option: pasv_address

Use this option to override the IP address that the FTP server will advertise in response to the PASV command. Provide a numeric IP address, or provide a hostname which will be DNS resolved for you at startup. When left empty, the address is taken from the incoming connected socket.

Option: ssl

Enables/Disables SSL on the FTP Server. Set it true to enable it, false otherwise.

Option: certfile

The certificate file to use for SSL.

Note: The file MUST be stored in /ssl/, which is default for Hass.io

Option: keyfile

The private key file to use for SSL.

Note: The file MUST be stored in /ssl/, which is default for Hass.io

Option: implicit_ssl

If set to true, an SSL handshake is the first thing expect on all connections (the FTPS protocol).

Option: max_clients

This is the maximum number of clients which may be connected at the same time. Any additional clients connecting will get an error message.

Option: users

This option allows you to specify a list of one or more users. Each user can have its own permissions like defined in the sub-options below.

Sub-option: username

The username the user needs to use to login to the FTP server. A valid username has a maximum of 32 characters, contains only A-Z and 0-9. Usernames may contain a hyphen (-) but must not start or end with one.

Note: This option support secrets, e.g., !secret ftp_username.

Sub-option: password

The password the user logs in with.

Note: This option support secrets, e.g., !secret ftp_password.

Sub-option: allow_chmod

Setting this option to true will allow the use of the SITE CHMOD command for that user.

Sub-option: allow_download

Setting this option to true will allow the user to download files from the FTP server.

Sub-option: allow_upload

This controls whether any FTP commands which change the filesystem are allowed or not.

These commands are STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE.

Sub-option: allow_dirlist

Setting this option to true, allows to user to browse all directories the user was given access to by using the list commands.

Sub-option: addons

Allow the user to access the /addons directory.

Sub-option: backup

Allow the user to access the /backup directory.

Sub-option: config

Allow the user to access the /config directory.

Sub-option: share

Allow the user to access the /share directory.

Sub-option: ssl

Allow the user to access the /ssl directory.

Option: i_like_to_be_pwned

Adding this option to the add-on configuration allows to you bypass the HaveIBeenPwned password requirement by setting it to true.

Note: We STRONGLY suggest picking a stronger/safer password instead of using this option! USE AT YOUR OWN RISK!

Changelog & Releases

This repository keeps a change log using GitHub's releases functionality. The format of the log is based on Keep a Changelog.

Releases are based on Semantic Versioning, and use the format of MAJOR.MINOR.PATCH. In a nutshell, the version will be incremented based on the following:

  • MAJOR: Incompatible or major changes.
  • MINOR: Backwards-compatible new features and enhancements.
  • PATCH: Backwards-compatible bugfixes and package updates.

Support

Got questions?

You have several options to get them answered:

You could also open an issue here GitHub.

Contributing

This is an active open-source project. We are always open to people who want to use the code or contribute to it.

We have set up a separate document containing our contribution guidelines.

Thank you for being involved! 😍

Authors & contributors

The original setup of this repository is by Franck Nijhof.

For a full list of all authors and contributors, check the contributor's page.

We have got some Hass.io add-ons for you

Want some more functionality to your Hass.io Home Assistant instance?

We have created multiple add-ons for Hass.io. For a full list, check out our GitHub Repository.

License

MIT License

Copyright (c) 2017-2019 Franck Nijhof

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.