Saturday, December 28, 2024
Google search engine
HomeSecurity & TestingSetup Secure FTP Server(SFTP) with WebDAV using SFTPGo

Setup Secure FTP Server(SFTP) with WebDAV using SFTPGo

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

File Transfer Protocol (FTP) is a communication protocol used to transfer files between computers via the internet. FTP uses a client-server model with different data and connections between them. Normally, users in FTP authenticate themselves using a clear-text sign-in(username and password) but once can also connect to it anonymously if the server is configured to accept it.

Secure File Transfer Protocol(SFTP) is a secure FTP that uses shell encryption when sending and receiving files to provide maximum security. SFTPGo can be used to run SFTP with added HTTP, WebDAV, and FTP/S support. Furthermore, it supports several storage backends such as; S3 (compatible) Object Storage, local filesystem, encrypted local filesystem, Azure Blob Storage, Google Cloud Storage e.t.c

Other features for SFTPGo are:

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

  • Supports virtual folders: a virtual folder can use any of the supported storage backends
  • Chroot isolation for local accounts: Cloud-based accounts can be restricted to a certain base path.
  • Per user and per directory virtual permissions: for each exposed path you can allow or deny: directory listing, upload, delete, overwrite, download, rename, create directories, create symlinks, change owner/group/file mode.
  • REST API for users and folders management, data retention, backup, restore and real time reports e.t.c
  • Web admin interface: to easily manage users, folders and connections.
  • Web client interface: this is used by end users to change their credentials, manage and share their files.
  • Supports public key and password authentication. Multiple public keys per user are also supported.
  • Keyboard interactive authentication: You can easily setup a customizable multi-factor authentication.
  • Custom authentication using external programs/HTTP API.
  • Bandwidth throttling: with separate settings for upload and download and overrides based on the client’s IP address.
  • Supports SQLite, MySQL, PostgreSQL, CockroachDB, Bolt (key/value store in pure Go) and in-memory data providers.
  • Support for Git repositories over SSH.
  • SCP and rsync are supported.
  • Supports the HAProxy load balancing protocol: you can proxy and/or load balance the SFTP/SCP/FTP/WebDAV service without losing the information about the client’s address.

This guide offers an in-depth illustration of how to set up a Secure FTP Server(SFTP) with WebDAV using SFTPGo

Let’s plunge in!

Step 1 – Install SFTPGo on Linux

This guide demonstrates how to install SFTPGo on your system using the following methods:

  • On Ubuntu Using PPAs
  • Using .RPM/.DEB packages
  • Using Docker

Method 1 – Install SFTPGo using PPAs(Ubuntu)

There is a PPA that provides the currently supported release of SFTPGo. This PPA can be added to your Ubuntu system as below.

Begin by updating your APT package index.

sudo apt update

Then install the required package dependencies.

sudo apt install software-properties-common

Now add the SFTPGo PPA

sudo add-apt-repository ppa:sftpgo/sftpgo
sudo apt-get update

Once the PPA has been added, you can install SFTPGo on Ubuntu using the command:

sudo apt install sftpgo

Dependency tree:

The following NEW packages will be installed:
  sftpgo
0 upgraded, 1 newly installed, 0 to remove and 84 not upgraded.
Need to get 9,871 kB of archives.
After this operation, 41.0 MB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/sftpgo/sftpgo/ubuntu focal/main amd64 sftpgo amd64 2.2.2-1ppa1 [9,871 kB]
Fetched 9,871 kB in 0s (30.9 MB/s)
Selecting previously unselected package sftpgo.

On successful installation, the service automatically starts, verify the status as below.

$ systemctl status sftpgo
 sftpgo.service - SFTPGo Server
     Loaded: loaded (/lib/systemd/system/sftpgo.service; enabled; vendor preset>
     Active: active (running) since Mon 2022-02-14 08:26:18 UTC; 1min 7s ago
   Main PID: 3801 (sftpgo)
      Tasks: 8 (limit: 7029)
     Memory: 16.1M
     CGroup: /system.slice/sftpgo.service
             └─3801 /usr/bin/sftpgo serve

Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>
Feb 14 08:26:22 ubuntu sftpgo[3801]: {"level":"info","time":"2022-02-14T08:26:2>

Method 2 – Install SFTPGo using .RPM and .DEB packages.

There are also DEB and RPM packages built for SFTPGo each release. These packages are available on the SFTPGo Github release page.

First save the latest release version in variable:

VER=$(curl -s https://api.github.com/repos/drakkan/sftpgo/releases/latest|grep tag_name | cut -d '"' -f 4 |sed 's/v//g')

Download the appropriate package for your system as below.

  • On Debian/Ubuntu
##For AMD64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo_$VER-1_amd64.deb

##For ARM64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo_$VER-1_arm64.deb

##For PPC64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo_$VER-1_ppc64el.deb

  • On RHEL/CentOS/Rocky Linux/Alma Linux
##For x86_64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.x86_64.rpm

##For ARMV7Hl##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.armv7hl.rpm

##For PPC64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.ppc64le.rpm

##For AARCH64##
wget https://github.com/drakkan/sftpgo/releases/download/v$VER/sftpgo-$VER-1.aarch64.rpm

With the right package downloaded, proceed and install it as below.

##On Debian/Ubuntu##
sudo apt install ./sftpgo_$VER-1_*.deb

##On RHEL/CentOS/Rocky Linux/Alma Linux##
sudo rpm -i sftpgo-$VER-1.*.rpm

Once installed, start and enable STPGo.

sudo systemctl enable --now sftpgo

Check the status of the service.

$ systemctl status sftpgo
● sftpgo.service - SFTPGo Server
     Loaded: loaded (/lib/systemd/system/sftpgo.service; enabled; ve>
     Active: active (running) since Mon 2022-02-14 04:28:32 EST; 55s>
   Main PID: 1490 (sftpgo)
      Tasks: 7 (limit: 7075)
     Memory: 17.6M
        CPU: 1.150s
     CGroup: /system.slice/sftpgo.service
             └─1490 /usr/bin/sftpgo serve

Now enable WebDAV by specifying the port as below:

$ 
"webdavd": {
    "bindings": [
      {
        "port": 8090,
        "address": "",
        "enable_https": false,
        "client_auth_type": 0,
        "tls_cipher_suites": [],
        "prefix": "",
        "proxy_allowed": []
.....

Secure SFTPGO with SSL/TLS.

Once installed, you need to create SSL/TLS certificates to secure SFTPGo. For this guide, we will generate self-signed certificates using OpenSSL as below.

First, ensure OpenSSL is installed.

##On Debian/ubuntu
sudo apt install openssl

##On RHEL/CentOS/Rocky Linux/Alma Linux
sudo yum install openssl

Once installed issue certificates as below.

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/sftpgo.pem -out /etc/sftpgo/sftpgo.pem

Provide the required details to create the key.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 12

Set the required permissions.

sudo chmod 777 /etc/sftpgo/sftpgo.pem
sudo chmod 777 /etc/sftpgo.pem

Once created, add the keys to the container(docker). On the normal installation, edit the JSON file as below.

sudo vim /etc/sftpgo/sftpgo.json

In the file, enable HTTPS and add the certificates.

  "httpd": {
    "bindings": [
      {
 ........
        "enable_https": true,
...
      }
    ],
    "templates_path": "/usr/share/sftpgo/templates",
    "static_files_path": "/usr/share/sftpgo/static",
    "openapi_path": "/usr/share/sftpgo/openapi",
    "backups_path": "/srv/sftpgo/backups",
    "web_root": "",
    "certificate_file": "/etc/sftpgo/sftpgo.pem",
    "certificate_key_file": "/etc/sftpgo.pem",
    "ca_certificates": [],
....

Save the file and restart SFTPGo.

sudo systemctl restart sftpgo

Method 3 – Install SFTPGo using Docker

There are also SFTPGo docker images provided on Docker Hub and GitHub container registry. With this method, ensure that Docker is installed on your system.

You can achieve this using aid from the guide below:

Once installed, you run the SFTPGo container using the syntax below.

docker run --name some-sftpgo -p 8080:8080 -p 2022:2022 -d drakkan/sftpgo

In the command:

  • some-sftpgo is the name of the container
  • drakkan/sftpgo is the specific SFTPGo version to use.

You can also run the container with FTP service enabled. Remember this is disabled by default and is enabled by starting the instance as below

docker run --name some-sftpgo \
    -p 8080:8080 \
    -p 2022:2022 \
    -p 2121:2121 \
    -p 50000-50100:50000-50100 \
    -e SFTPGO_FTPD__BINDINGS__0__PORT=2121 \
    -e SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP=<your external ip here> \
    -d drakkan/sftpgo

At this point, FTP is available on port 2121 and SFTP on 2022.

Enable WebDAV and set data persistence in whereby:

  • /my/own/sftpgodata is the data path:
sudo mkdir -p /my/own/sftpgodata
sudo chown -R 1000:1000 /my/own/sftpgodata
  • /my/own/sftpgohome as the home directory for the conatiner
sudo mkdir /my/own/sftpgohome
sudo chown -R 1000:1000 /my/own/sftpgohome

Now run the container as below

docker run --name some-sftpgo \
    -p 8080:8080 \
    -p 2022:2022 \
    -p 8090:8090 \
    --mount type=bind,source=/my/own/sftpgodata,target=/srv/sftpgo \
    --mount type=bind,source=/my/own/sftpgohome,target=/var/lib/sftpgo \
    -e SFTPGO_WEBDAVD__BINDINGS__0__PORT=8090 \
    -d drakkan/sftpgo

With this, WebDAV is available on port 8090 with SFTP on 2022.

Check the status of the container.

$ docker ps
CONTAINER ID   IMAGE            COMMAND          CREATED         STATUS         PORTS                                                                                                                             NAMES
bc98cb37b837   drakkan/sftpgo   "sftpgo serve"   6 seconds ago   Up 4 seconds   0.0.0.0:2022->2022/tcp, :::2022->2022/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:8090->8090/tcp, :::8090->8090/tcp   some-sftpgo

Step 2 – Access the SFTPGO web admin UI.

With HTTPS enabled, we can access the SFTPGO via the web using the URL https://IP_address:8080, or http://IP_address:8080 but first, ensure the necessary ports are allowed through the firewall.

##For UFW
sudo ufw allow 8080
sudo ufw allow 2022
sudo ufw allow 8090

#For Firewalld
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8090/tcp
sudo firewall-cmd --permanent --add-port=2022/tcp
sudo firewall-cmd --reload

Create the user and password for SFTPGO

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo

The admin dashboard will appear as below.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 1

Create a user to be used to connect to SFTPGo, with the desired username, password, and add public keys if you want.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 2

Step 3 – Test SFTP using SFTP Client(FileZilla)

Begin by installing the SFTP client package(FileZilla)

$ sudo apt install filezilla    #[On Debian, Ubuntu & Mint]
$ sudo yum install filezilla    #[On RHEL/CentOS/Fedora & Rocky Linux/AlmaLinux]
$ sudo pacman -S filezilla      #[On Arch Linux]
$ sudo zypper in filezilla      #[On OpenSUSE]

Now launch it and configure communication under File->Site Manager.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 3

Create a new SFTP connection as above. Click connect, and trust the fingerprints.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 4

Now the new connection will appear as below. We have the local machine on the left and the SFTP server on your right.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 5

Upload a file from your local machine to the server.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 6

You can also download a file from your SFTP server to your local machine as below.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 7

On a successful client connection, the connection tab on the web interface is updated as below.

Step 4 – Test SFTP using WebDav

Open the files window and add the new connection as below.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 9

Provide the created SFTPGo user credentials.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 10

You will be able to view the file, modify them and copy them to your machine.

How To Setup Secure FTP ServerSFTP with WebDAV using SFTPGo 11

Voila.

That marks the end of this amazing guide on how to set up a Secure FTP Server(SFTP) with WebDAV using SFTPGo. I hope this was of great significance to you.

Recommended Linux Books  to read:

See more:

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments