Sftpgo
An SFTP/WebDav provider, with a UI, restAPI, and user/permission scheme, metrics etc.
It looks a bit heavyweight for just managing access to org files..
Documentation
Locations
http://127.0.0.1:8080/web/admin
web admin /usr/local/etc/sftpgo.json
config file /var/db/sftpgo
Install
pkg install sftpgoservice sftpgo start http://127.0.0.1:8080/web/admin # create admin user
Configuration
Database
By default uses sqlite, but can use postgres/mysql/cockroachdb.
Note that if you use sqlite, you won't be able to have concurrent connections.Users
Create an admin user in the webui
You can then create consumer users in the webui as well.Once you've created a directory, you can create it in your filesystem and quickly confirm access with
sftp
.
You do not need a real system user account for these users.
SFTP will provide access to the user's home-directory.sftp -P 2022 youruser@X.X.X.X # provided passwordVirtual Folders
By default, you can access your user's home directory over SFTP.
If you want to access a directory outside of their home-dir:- Folders Tab: # create a folder - Users Tab: # map a folder to a location within your home-dir so you can access itServices
Based on webdav/ftp, it looks like you disable a service by assinging it
port=0
WebDav
Enable webdav by binding a port other than
0
.Mounting webdav
# UNTESTED aura -A davfs2 sudo mount.davfs https://foo.com ~/mnt -o rw,uid=usernameAccess with netrw/cadaver
# UNTESTED pacman -S cadaver vim 'dav://foo.com:8080/path/to/file' # webdav vim 'davs://foo.com:8080/path/to/file' # webdav + sslSee https://github.com/drakkan/sftpgo/blob/main/docs/howto/getting-started.md#enable-webdav-service
Common
common: # defender, general connection settings acme: # SSL certificate management sftpd: # sftp configuration ftpd: # ftp configuration webdavd: # webdav configuration data_provider: # database configuration httpd: # web interface telemetry: # pushes metrics to prometheus kms: # configure key management mfa: # configure multifactor authentication smtp: # can send emailYou can stop FTP/webdav, if you don't want to use the other services you'll need to block them in your firewall.
Some notable configuration options
{ "common": { "defender": { "enabled": true, // ships with fail2ban } } }