Dockerized Samba
This post shows the process of setting up a remote samba server in a docker container.
What is Samba?
Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.
Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.
Why SMB?
- Integrates nicely with Window’s File Explorer.
- SMB shares can be mounted/mapped locally on the filesystem for other programs to access as they were local drive partitions.
- Doesn’t require any additional software or plugins. users can start connecting from a fresh Windows installation.
- Ability to create multiple create multiple user and shares with granular permissions.
Why not FTP?
- Handshake overhead leads to slow transmission for small files.
- Files and credentials are not encrypt during transmission.
- You cannot edit files on the server directly, you need to fetch a local copy -> modify it -> then upload back.
- Dedicated FTP client on the user machine is required most of the time.
Server Prerequisite
Any machine that is capable of running docker will do just fine.
I don’t recommend any particular cloud provider, but i would stay away from the big three (AWS, GCP, Azure) despite their very attractive prices.
Why not AWS?#
EC2 might be a little intimidating if it’s your first time setting-up a server, there is a lot of ACL and firewall rules you need to setup just to get something up and running.
Prices are NOT consistent throughout all data centers.
Lightsail is much more beginner friendly but you pay a small fee for the nice UI and the ability to remotely SSH into your machine from the browser.
Why not GCP?#
Compute Engine offer extremely cheap CPU, RAM and disk space. you even get a free f1-micro
instance as part of their Always Free Tier. but, you will find your self paying alot for traffic per GB inside and outside their data centers.
Prices are NOT consistent throughout all data centers.
Arguably it’s not that much (my bill was around 1$ last month) but it’s something to keep in mind if you are going to use it for production load.
Why not Azure?#
no comment.
Consider Vultr#
$2.5/month for 500GB of traffic is really good.
Consider Digital Ocean#
Pricing starts from $5/month for 1TB of traffic which more than enough.
Friendly UI for managing droplets and firewall rules.
Their prices consistent throughout all data centers.
Consider Linode#
Offers similar pricing to DigitalOcean.
Docker
If you have a windows machine laying around and you are planning to use it as a SMB server, that’s completely fine.
you can simply install docker from this executable:
https://desktop.docker.com/win/stable/amd64/Docker%20Desktop%20Installer.exe
In case of a debian-based linux distribution (which i highly recommend) you can run this to get up and running:
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
dperson/samba
By default there are no shares configured, additional ones can be added.
Hosting a Samba instance#
$ sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba -p
OR set local storage:#
sudo docker run -it --name samba -p 139:139 -p 445:445 \
-v /path/to/directory:/mount -d dperson/samba -p
Sample Samba Instance#
Create 7 users (pc1-pc7) and 1 share called (central) that mount inside the container’s root directory /central
with the following configuration:
- browse: yes
- readonly: no
- guest: no
- (disable any guest, you must be one of the users to access share)
- users: all
- (pc1-pc7)
- admins: all
- (all of them have admin permissions over this share)
- writelist: all
- (all of them an write on into this share)
- comment: somerandomcomment
- (doesn’t matter)
$ docker run -it -p 139:139 -p 445:445 -d dperson/samba -p \
-u "pc1;pc1234567" \
-u "pc2;pc1234567" \
-u "pc3;pc1234567" \
-u "pc4;pc1234567" \
-u "pc5;pc1234567" \
-u "pc6;pc1234567" \
-u "pc7;pc1234567" \
-s "central;/central;yes;no;no;all;all;all;somerandomcomment"
-s "<name;/path>[;browse;readonly;guest;users;admins;writelist;comment]"
for a full list of of configurations and environment variables, please refer to the maintainer’s documentation: https://github.com/dperson/samba
Container Health#
Run docker container ls
to make sure the container is running in a Healthy state:
Connecting from Windows#
\\<domainname>\share
Map remote share
Use FQDN domains
The proper format for connecting to a share is: \\<domainname>\share
where domain name can be an IP or fully qualified domain name. \\ellembi.party\central
is 100% valid.
Register a cheap domain name and assign it to server’s IP. typing domains is easier that typing IPs.
More space
Can you use google compute storage with computer engine and FUSE?
It’s NOT a good idea to use an object storage solution + FUSE as a filesystem. YES it will work. YES it might look cheaper at first but:
- Object storage don’t allow modifying a file, you must read and write the whole entirety of a file. (which FUSE does under the hood)
- Very high latency and TONS of traffic going back and forth that you will have to pay the bill for.
Please use a proper block storage solution (on GCP it’s called Persistent disk).
F.A.Q
-
Why doesn’t Docker doesn’t obey UFW rules?
- docker directly manipulates iptables, bypassing UFW entirely. consider using
https://github.com/chaifeng/ufw-docker
- docker directly manipulates iptables, bypassing UFW entirely. consider using
-
Why does container keep restarting every 5 seconds?
- Double check configuration provided, most probably it’s just a case of invalid configuration.
-
Why I cannot reach SMB container from the outside?
- Allow port
139
and445
on your cloud provider’s firewall.
- Allow port
-
How to prevent files from being delete every time i restart the container?
- By design, docker containers are ephemeral. if you want to persist you data, you need to mount the data inside the container to a bind volume or a named volume. (refer to set local storage above)
-
Why doesn’t Window allow me to connect?
- Make sure to enable guest login.