DEPRECATED

This repository is no longer being updated. Please migrate your containers to netatalk/netatalk.

About Netatalk

Netatalk is an Open Source implementation of Apple Filing Protocol (AFP) v3.3 over TCP/IP and AppleTalk. It provides high-speed AppleShare file sharing for macOS, Classic Mac OS, and Apple II clients.

This container will run the following daemons:

• afpd and cnid_metad (AFP file server)
• avahi-daemon (used by the file server for service discovery)
• papd (PAP print server)
• cups and cups-browsed (used by the print server to locate modern printers)
• timelord (time server)
• a2boot (Apple II netboot server)

How to Use

IMPORTANT AppleTalk services will only start if the host OS has an AppleTalk (DDP) networking stack. Debian GNU/Linux is the recommended host OS.

These are examples. Please replace the username and password with something more secure.

With docker compose

services:
  netatalk:
    image: netatalk/netatalk2:latest
    network_mode: "host"
    cap_add:
      - NET_ADMIN
    volumes:
      - afpshare:/mnt/afpshare
      - afpbackup:/mnt/afpbackup
      - /var/run/dbus:/var/run/dbus
    environment:
      - "SERVER_NAME=Netatalk Server"
      - "SHARE_NAME=Shared Volume"
      - "AFP_USER=atalk"
      - "AFP_PASS=atalk"
      - "AFPD_OPTIONS=-icon -mimicmodel RackMac"
      - "ATALKD_INTERFACE=eth0"
volumes:
  afpshare:
  afpbackup:

With docker run. Substitute /path/to/share with an actual path on your file system with appropriate permissions.

docker run --rm --network host --cap-add=NET_ADMIN --volume "/path/to/share:/mnt/afpshare" --volume "/var/run/dbus:/var/run/dbus" --env AFP_USER=atalk --env AFP_PASS=atalk --env ATALKD_INTERFACE=eth0 --name netatalk netatalk/netatalk2

Environment Variables

Mandatory

• AFP_USER <- username for authenticating with the file server
• AFP_PASS <- password with max length of 8 characters (Classic Mac OS limitation)
• ATALKD_INTERFACE <- the host network interface to broadcast AppleTalk from

Optional

• SERVER_NAME <- the name of the server as displayed in the Chooser or Network drawer (default is hostname)
• SHARE_NAME <- the name of the shared volume (default is the final segment of the path)
• AFP_GROUP <- group that owns the shared volume, and that AFP_USER gets assigned to (default is the AFP_USER group)
• AFP_UID <- specify user id of AFP_USER
• AFP_GID <- specify group id of AFP_GROUP
• AFPD_LOGLEVEL <- increase or reduce the log verbosity (default is: info)
• INSECURE_AUTH <- when non-zero, enable the "Guest" and "Clear Text" UAMs which may be required for very, very old clients
• AFPD_OPTIONS <- additional options to append to afpd.conf
• AVOLUMES_OPTIONS <- additional options to append to AppleVolumes.default
• ATALKD_OPTIONS <- additional options to append to atalkd.conf

Refer to the Netatalk manual⁠ for a list of available options to append each of the config files.

Advanced

• MANUAL_CONFIG <- when non-zero, skip all netatalk config file modification, allowing you to manually manage them (effectively overrides all of the above env variables)
• TZ <- time zone for the timelord time server (e.g. America/Chicago)

Default Configuration

Netatalk is configured with the DHX2 UAM for authentication with macOS or Mac OS X, DHX for Mac OS 8 and 9, and Random Number UAM for authentication with Macintosh System Software 6 and 7, and GS/OS.

By default, exactly one user and one shared volume is supported. If you need more users or shared volumes, it is recommended to enable the MANUAL_CONFIG mode and use bind mounts to override Netatalk config files.

It is hard coded to output afpd logs to the container's stdout, defaulting to info log level. Logging from the other daemons is not available.

It is recommended to set up either a bind mount, or a Docker managed volume for persistent storage. Without this, the file sharing volume be stored in volatile storage that is lost upon container shutdown.

Constraints

AppleTalk networking and Zeroconf relies on the "host" network driver, with NET_ADMIN capabilities. Additionally, the host must have AppleTalk DDP protocol support in kernel. At the time of writing, Linux and NetBSD are the known OSes that support DDP out of the box. Some Linux distributions may need to either remove kernel module blacklisting (Fedora and Red Hat) or compile the kernel manually.

We currently rely on the host's D-Bus for Zeroconf service discovery. You need a bind mount for /var/run/dbus in the container to the D-Bus socket on the host system in order for Bonjour service discovery to work.

Netatalk will still function as a file server without AppleTalk and Zeroconf, but you will lose service discovery and have to connect manually via the host’s IP address.

Printing

The CUPS administrative web app is running on port 631. This is used for configuring CUPS compatible printers for use with the papd print server daemon, if needed.

You may have to restart papd (or the entire container) after adding a CUPS printer for it to be picked up as an AppleTalk printer.

Reporting Issues

If you think you found an issue with Netatalk or the Docker image, or have a feature request, please file an issue ticket at https://github.com/Netatalk/netatalk/issues⁠

See Also

• Netatalk homepage⁠
• GitHub project home⁠
• Netatalk v2 manual⁠