¶ SFTPGo部署
docker compose.yaml
services:
sftpgo:
container_name: sftpgo
image: drakkan/sftpgo:v2.7.0
restart: unless-stopped
hostname: sftpgo
ports:
- 29022:2022 # sftp
- 8040:8080 # http
- 8041:8090 # webdav
volumes:
- $PWD/data:/srv/sftpgo/data
- $PWD/backups:/srv/sftpgo/backups
- $PWD/config:/etc/sftpgo
- $PWD/plugins:/usr/local/bin/plugins
- $PWD/home:/var/lib/sftpgo
networks:
- default
networks:
default:
name: caddy_default
external: truesftpgo容器默认是以用户1000:1000(UID:GID)运行的,
/var/lib/sftpgo:容器的工作目录(home working directory)
/srv/sftpgo/data:存放用户数据的目录
在宿主上创建目录,这些目录将要映射到sftpgo容器里面,因此要注意这些目录的权限问题
chown 1000:1000 -R /opt/stack/sftpgo/data /opt/stack/sftpgo/backups /opt/stack/sftpgo/config /opt/stack/sftpgo/plugins /opt/stack/sftpgo/home
chmod 775 /opt/stack/sftpgo/data /opt/stack/sftpgo/backups /opt/stack/sftpgo/config /opt/stack/sftpgo/plugins /opt/stack/sftpgo/home目录结构如下:
charleye@n1.vm100:/opt/stacks/sftpgo$ tree
.
├── backups
├── compose.yaml
├── config
│ ├── ldap_config.json
│ └── sftpgo.json
├── data
├── home
└── plugins
└── sftpgo-plugin-auth
下载LDAP插件
wget -O /opt/stacks/sftpgo/plugins/sftpgo-plugin-auth https://github.com/sftpgo/sftpgo-plugin-auth/releases/download/v1.0.13/sftpgo-plugin-auth-linux-amd64
chmod 554 /opt/stacks/sftpgo/plugins/sftpgo-plugin-auth
chown 1000:1000 /opt/stacks/sftpgo/plugins/sftpgo-plugin-auth在/opt/stack/sftpgo/config目录下添加两个配置文件:sftpgo.json和ldap_config.json。
在sftpgo.json里面添加plugins配置:
"plugins": [
{
"type": "auth",
"name": "ldap",
"cmd": "/usr/local/bin/plugins/sftpgo-plugin-auth",
"args": [
"serve",
"--config-file",
"/etc/sftpgo/ldap_config.json"
],
"auto_mtls": true,
"auth_options": {
"scope": 1
}
}
]ldap_config.json配置内容:
{
"cache_size": 100,
"configs": [
{
"dial_urls": [
"ldap://192.168.0.110:389"
],
"base_dn": "dc=abitacc,dc=com",
"bind_dn": "cn=admin,dc=abitacc,dc=com",
"password": "YourselfPassword",
"search_query": "(&(|(uid=%username%)(mail=%username%))(objectClass=inetOrgPerson))",
"group_attributes": [
"memberOf"
],
"require_groups": false,
"sftpgo_user_requirements": 0
}
]
}
¶ 测试验证
¶ http验证
在浏览器里面输入https://sftpgo.abitacc.com,首次登陆需要配置admin的账号和密码,后面再次登录就可以使用LDAP账号进行login, 然后在界面里面就可以进行创建目录、上传文件、删除文件和分享等操作
¶ webdav验证
curl -u username:password -T test.txt http://192.168.0.120:8041/test.txt
AUTH=$(printf "username:password" | base64)
curl -H "Authorization: Basic $AUTH" -T test.txt http://192.168.0.120:8041/test.txt
¶ sftp验证
登录后,将id_rsa.pub文件内容复制到softpgo的用户profiles里面
这样就可以免密进行下面的操作:
ssh -p 29022 wangxinlu@192.168.0.120 "md5sum test.txt"
b5e808f2a41cb05f73fd604ab1b3bda6 /test.txtsftp交互式命令:
sftp -P 29022 wangxinlu@192.168.0.120
Connected to 192.168.0.120.
sftp> ls
test.txt
sftp> mkdir uploads
sftp> ls
test.txt uploads
sftp> put test.txt uploads
Uploading test.txt to /uploads/test.txt
test.txt 100% 5 4.7KB/s 00:00
sftp> bye
#下载最新的rclone,不然会出现无法解析私钥的错误
wget https://downloads.rclone.org/v1.73.0/rclone-v1.73.0-linux-amd64.deb
sudo dpkg -i rclone-v1.73.0-linux-amd64.deb
rclone config create mysftp sftp host 192.168.0.120 user wangxinlu port 29022 key_file ~/.ssh/id_rsa
rclone sync ./Downloads/ mysftp:/uploads --progress
or
rclone copy bitin.png mysftp:/uploads/ --progress
Transferred: 1.785 MiB / 1.785 MiB, 100%, 0 B/s, ETA -
Transferred: 1 / 1, 100%
Elapsed time: 0.0s¶ References
- https://hub.docker.com/r/drakkan/sftpgo
- https://docs.sftpgo.com/latest/docker/
- https://github.com/sftpgo/sftpgo-plugin-auth