Sftpgo

From wikinotes

An SFTP/WebDav provider, with a UI, restAPI, and user/permission scheme, metrics etc.
It looks a bit heavyweight for just managing access to org files..

Documentation

config docs https://github.com/drakkan/sftpgo/blob/main/docs/full-configuration.md
getting started https://github.com/drakkan/sftpgo/blob/main/docs/howto/getting-started.md
github https://github.com/drakkan/sftpgo

Locations

http://127.0.0.1:8080/web/admin web admin
/usr/local/etc/sftpgo.json config file
/var/db/sftpgo

Install

pkg install sftpgo

service sftpgo start
http://127.0.0.1:8080/web/admin  # create admin user

Configuration

Database

By default uses sqlite, but can use postgres/mysql/cockroachdb.
Note that if you use sqlite, you won't be able to have concurrent connections.

Users

Create an admin user in the webui
You can then create consumer users in the webui as well.

Once you've created a directory, you can create it in your filesystem and quickly confirm access with sftp.
You do not need a real system user account for these users.
SFTP will provide access to the user's home-directory. 

sftp -P 2022 youruser@X.X.X.X  # provided password

Virtual Folders

By default, you can access your user's home directory over SFTP.
If you want to access a directory outside of their home-dir: 

- Folders Tab:   # create a folder
- Users Tab:     # map a folder to a location within your home-dir so you can access it

Services

Based on webdav/ftp, it looks like you disable a service by assinging it port=0

WebDav

Enable webdav by binding a port other than 0.

Mounting webdav 

# UNTESTED
aura -A davfs2
sudo mount.davfs https://foo.com ~/mnt -o rw,uid=username

Access with netrw/cadaver 

# UNTESTED
pacman -S cadaver
vim 'dav://foo.com:8080/path/to/file'   # webdav
vim 'davs://foo.com:8080/path/to/file'  # webdav + ssl

See https://github.com/drakkan/sftpgo/blob/main/docs/howto/getting-started.md#enable-webdav-service

Common

common:         # defender, general connection settings
acme:           # SSL certificate management
sftpd:          # sftp configuration
ftpd:           # ftp configuration
webdavd:        # webdav configuration
data_provider:  # database configuration
httpd:          # web interface
telemetry:      # pushes metrics to prometheus
kms:            # configure key management
mfa:            # configure multifactor authentication
smtp:           # can send email

You can stop FTP/webdav, if you don't want to use the other services you'll need to block them in your firewall.

Some notable configuration options 

{
    "common": {
	"defender": {
	    "enabled": true, // ships with fail2ban
	}
    }
}
Retrieved from "http://willpittman.net:8080/index.php?title=Sftpgo&oldid=33558"