File Transfer Protocol (FTP) is a communication protocol used to transfer files between computers via the internet. FTP uses a client-server model with different data and connections between them. Normally, users in FTP authenticate themselves using a clear-text sign-in(username and password) but once can also connect to it anonymously if the server is configured to accept it.
Secure File Transfer Protocol(SFTP) is a secure FTP that uses shell encryption when sending and receiving files to provide maximum security. SFTPGo can be used to run SFTP with added HTTP, WebDAV, and FTP/S support. Furthermore, it supports several storage backends such as; S3 (compatible) Object Storage, local filesystem, encrypted local filesystem, Azure Blob Storage, Google Cloud Storage e.t.c
Other features for SFTPGo are:
- Supports virtual folders: a virtual folder can use any of the supported storage backends
- Chroot isolation for local accounts: Cloud-based accounts can be restricted to a certain base path.
- Per user and per directory virtual permissions: for each exposed path you can allow or deny: directory listing, upload, delete, overwrite, download, rename, create directories, create symlinks, change owner/group/file mode.
- REST API for users and folders management, data retention, backup, restore and real time reports e.t.c
- Web admin interface: to easily manage users, folders and connections.
- Web client interface: this is used by end users to change their credentials, manage and share their files.
- Supports public key and password authentication. Multiple public keys per user are also supported.
- Keyboard interactive authentication: You can easily setup a customizable multi-factor authentication.
- Custom authentication using external programs/HTTP API.
- Bandwidth throttling: with separate settings for upload and download and overrides based on the client’s IP address.
- Supports SQLite, MySQL, PostgreSQL, CockroachDB, Bolt (key/value store in pure Go) and in-memory data providers.
- Support for Git repositories over SSH.
- SCP and rsync are supported.
- Supports the HAProxy load balancing protocol: you can proxy and/or load balance the SFTP/SCP/FTP/WebDAV service without losing the information about the client’s address.
This guide offers an in-depth illustration of how to set up a Secure FTP Server(SFTP) with WebDAV using SFTPGo
Let’s plunge in!
Step 1 – Install SFTPGo on Linux
This guide demonstrates how to install SFTPGo on your system using the following methods:
- On Ubuntu Using PPAs
- Using .RPM/.DEB packages
- Using Docker
Method 1 – Install SFTPGo using PPAs(Ubuntu)
There is a PPA that provides the currently supported release of SFTPGo. This PPA can be added to your Ubuntu system as below.
Begin by updating your APT package index.
sudo apt update
Then install the required package dependencies.
sudo apt install software-properties-common
Now add the SFTPGo PPA
sudo add-apt-repository ppa:sftpgo/sftpgo
sudo apt-get update
Once the PPA has been added, you can install SFTPGo on Ubuntu using the command:
sudo apt install sftpgo
Dependency tree:
The following NEW packages will be installed:
sftpgo
0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded.
Need to get 9,871 kB of archives.
After this operation, 41.0 MB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/sftpgo/sftpgo/ubuntu focal/main amd64 sftpgo amd64 2.2.2-1ppa1 [9,871 kB]
Fetched 9,871 kB in 0s (30.9 MB/s)
Selecting previously unselected package sftpgo.
On successful installation, the service automatically starts, verify the status as below.
$ systemctl status sftpgo
● sftpgo.service - SFTPGo Server
Loaded: loaded (/lib/systemd/system/sftpgo.service; enabled; vendor preset>
Active: active (running) since Mon 2022-02-14 08:26:18 UTC; 1min 7s ago
Main PID: 3801 (sftpgo)
Tasks: 8 (limit: 7029)
Memory: 16.1M
CGroup: /system.slice/sftpgo.service
└─3801 /usr/bin/sftpgo serve
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Method 2 – Install SFTPGo using .RPM and .DEB packages.
There are also DEB and RPM packages built for SFTPGo each release. These packages are available on the SFTPGo Github release page.
First save the latest release version in variable:
VER=$(curl -s https://api.github.com/repos/drakkan/sftpgo/releases/latest|grep tag_name | cut -d '"' -f 4 |sed 's/v//g')
Download the appropriate package for your system as below.
- On Debian/Ubuntu
##For AMD64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo_$VER-1_amd64.deb
##For ARM64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo_$VER-1_arm64.deb
##For PPC64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo_$VER-1_ppc64el.deb
- On RHEL/CentOS/Rocky Linux/Alma Linux
##For x86_64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.x86_64.rpm
##For ARMV7Hl##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.armv7hl.rpm
##For PPC64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.ppc64le.rpm
##For AARCH64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.aarch64.rpm
With the right package downloaded, proceed and install it as below.
##On Debian/Ubuntu##
sudo apt install ./sftpgo_$VER-1_*.deb
##On RHEL/CentOS/Rocky Linux/Alma Linux##
sudo rpm -i sftpgo-$VER-1.*.rpm
Once installed, start and enable STPGo.
sudo systemctl enable --now sftpgo
Check the status of the service.
$ systemctl status sftpgo
● sftpgo.service - SFTPGo Server
Loaded: loaded (/lib/systemd/system/sftpgo.service; enabled; ve>
Active: active (running) since Mon 2022-02-14 04:28:32 EST; 55s>
Main PID: 1490 (sftpgo)
Tasks: 7 (limit: 7075)
Memory: 17.6M
CPU: 1.150s
CGroup: /system.slice/sftpgo.service
└─1490 /usr/bin/sftpgo serve
Now enable WebDAV by specifying the port as below:
$
"webdavd": {
"bindings": [
{
"port": 8090,
"address": "",
"enable_https": false,
"client_auth_type": 0,
"tls_cipher_suites": [],
"prefix": "",
"proxy_allowed": []
.....
Secure SFTPGO with SSL/TLS.
Once installed, you need to create SSL/TLS certificates to secure SFTPGo. For this guide, we will generate self-signed certificates using OpenSSL as below.
First, ensure OpenSSL is installed.
##On Debian/ubuntu
sudo apt install openssl
##On RHEL/CentOS/Rocky Linux/Alma Linux
sudo yum install openssl
Once installed issue certificates as below.
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/sftpgo.pem -out /etc/sftpgo/sftpgo.pem
Provide the required details to create the key.
Set the required permissions.
sudo chmod 777 /etc/sftpgo/sftpgo.pem
sudo chmod 777 /etc/sftpgo.pem
Once created, add the keys to the container(docker). On the normal installation, edit the JSON file as below.
sudo vim /etc/sftpgo/sftpgo.json
In the file, enable HTTPS and add the certificates.
"httpd": {
"bindings": [
{
........
"enable_https": true,
...
}
],
"templates_path": "/usr/share/sftpgo/templates",
"static_files_path": "/usr/share/sftpgo/static",
"openapi_path": "/usr/share/sftpgo/openapi",
"backups_path": "/srv/sftpgo/backups",
"web_root": "",
"certificate_file": "/etc/sftpgo/sftpgo.pem",
"certificate_key_file": "/etc/sftpgo.pem",
"ca_certificates": [],
....
Save the file and restart SFTPGo.
sudo systemctl restart sftpgo
Method 3 – Install SFTPGo using Docker
There are also SFTPGo docker images provided on Docker Hub and GitHub container registry. With this method, ensure that Docker is installed on your system.
You can achieve this using aid from the guide below:
Once installed, you run the SFTPGo container using the syntax below.
docker run --name some-sftpgo -p 8080:8080 -p 2022:2022 -d drakkan/sftpgo
In the command:
- some-sftpgo is the name of the container
- drakkan/sftpgo is the specific SFTPGo version to use.
You can also run the container with FTP service enabled. Remember this is disabled by default and is enabled by starting the instance as below
docker run --name some-sftpgo \
-p 8080:8080 \
-p 2022:2022 \
-p 2121:2121 \
-p 50000-50100:50000-50100 \
-e SFTPGO_FTPD__BINDINGS__0__PORT=2121 \
-e SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP=<your external ip here> \
-d drakkan/sftpgo
At this point, FTP is available on port 2121 and SFTP on 2022.
Enable WebDAV and set data persistence in whereby:
- /my/own/sftpgodata is the data path:
sudo mkdir -p /my/own/sftpgodata
sudo chown -R 1000:1000 /my/own/sftpgodata
- /my/own/sftpgohome as the home directory for the conatiner
sudo mkdir /my/own/sftpgohome
sudo chown -R 1000:1000 /my/own/sftpgohome
Now run the container as below
docker run --name some-sftpgo \
-p 8080:8080 \
-p 2022:2022 \
-p 8090:8090 \
--mount type=bind,source=/my/own/sftpgodata,target=/srv/sftpgo \
--mount type=bind,source=/my/own/sftpgohome,target=/var/lib/sftpgo \
-e SFTPGO_WEBDAVD__BINDINGS__0__PORT=8090 \
-d drakkan/sftpgo
With this, WebDAV is available on port 8090 with SFTP on 2022.
Check the status of the container.
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc98cb37b837 drakkan/sftpgo "sftpgo serve" 6 seconds ago Up 4 seconds 0.0.0.0:2022->2022/tcp, :::2022->2022/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:8090->8090/tcp, :::8090->8090/tcp some-sftpgo
Step 2 – Access the SFTPGO web admin UI.
With HTTPS enabled, we can access the SFTPGO via the web using the URL https://IP_address:8080, or http://IP_address:8080 but first, ensure the necessary ports are allowed through the firewall.
##For UFW
sudo ufw allow 8080
sudo ufw allow 2022
sudo ufw allow 8090
#For Firewalld
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8090/tcp
sudo firewall-cmd --permanent --add-port=2022/tcp
sudo firewall-cmd --reload
Create the user and password for SFTPGO
The admin dashboard will appear as below.
Create a user to be used to connect to SFTPGo, with the desired username, password, and add public keys if you want.
Step 3 – Test SFTP using SFTP Client(FileZilla)
Begin by installing the SFTP client package(FileZilla)
$ sudo apt install filezilla #[On Debian, Ubuntu & Mint]
$ sudo yum install filezilla #[On RHEL/CentOS/Fedora & Rocky Linux/AlmaLinux]
$ sudo pacman -S filezilla #[On Arch Linux]
$ sudo zypper in filezilla #[On OpenSUSE]
Now launch it and configure communication under File->Site Manager.
Create a new SFTP connection as above. Click connect, and trust the fingerprints.
Now the new connection will appear as below. We have the local machine on the left and the SFTP server on your right.
Upload a file from your local machine to the server.
You can also download a file from your SFTP server to your local machine as below.
On a successful client connection, the connection tab on the web interface is updated as below.
Step 4 – Test SFTP using WebDav
Open the files window and add the new connection as below.
Provide the created SFTPGo user credentials.
You will be able to view the file, modify them and copy them to your machine.
Voila.
That marks the end of this amazing guide on how to set up a Secure FTP Server(SFTP) with WebDAV using SFTPGo. I hope this was of great significance to you.
Recommended Linux Books to read:
- Best Linux Books for Beginners & Experts
- Best Linux Kernel Programming Books
- Best Linux Bash Scripting Books
- Top RHCSA / RHCE Certification Study Books
- Best Top Rated CompTIA A+ Certification Books
- Best LPIC-1 and LPIC-2 certification study books
See more:
- How To add FTP Site on Windows Server
- Install and Configure FTP Server on Windows Server
- Setup TFTP server on CentOS 8|RHEL 8|Rocky Linux 8