README.md
1# Official Docker image
2
3SFTPGo provides an official Docker image, it is available on both [Docker Hub](https://hub.docker.com/r/drakkan/sftpgo) and on [GitHub Container Registry](https://github.com/users/drakkan/packages/container/package/sftpgo).
4
5## Supported tags and respective Dockerfile links
6
7- [v2.2.0, v2.2, v2, latest](https://github.com/drakkan/sftpgo/blob/v2.2.0/Dockerfile)
8- [v2.2.0-alpine, v2.2-alpine, v2-alpine, alpine](https://github.com/drakkan/sftpgo/blob/v2.2.0/Dockerfile.alpine)
9- [v2.2.0-slim, v2.2-slim, v2-slim, slim](https://github.com/drakkan/sftpgo/blob/v2.2.0/Dockerfile)
10- [v2.2.0-alpine-slim, v2.2-alpine-slim, v2-alpine-slim, alpine-slim](https://github.com/drakkan/sftpgo/blob/v2.2.0/Dockerfile.alpine)
11- [v2.2.0-distroless-slim, v2.2-distroless-slim, v2-distroless-slim, distroless-slim](https://github.com/drakkan/sftpgo/blob/v2.2.0/Dockerfile.distroless)
12- [edge](../Dockerfile)
13- [edge-alpine](../Dockerfile.alpine)
14- [edge-slim](../Dockerfile)
15- [edge-alpine-slim](../Dockerfile.alpine)
16- [edge-distroless-slim](../Dockerfile.distroless)
17
18## How to use the SFTPGo image
19
20### Start a `sftpgo` server instance
21
22Starting a SFTPGo instance is simple:
23
24```shell
25docker run --name some-sftpgo -p 8080:8080 -p 2022:2022 -d "drakkan/sftpgo:tag"
26```
27
28... where `some-sftpgo` is the name you want to assign to your container, and `tag` is the tag specifying the SFTPGo version you want. See the list above for relevant tags.
29
30Now visit [http://localhost:8080/web/admin](http://localhost:8080/web/admin), replacing `localhost` with the appropriate IP address if SFTPGo is not reachable on localhost, create the first admin and a new SFTPGo user. The SFTP service is available on port 2022.
31
32If you don't want to persist any files, for example for testing purposes, you can run an SFTPGo instance like this:
33
34```shell
35docker run --rm --name some-sftpgo -p 8080:8080 -p 2022:2022 -d "drakkan/sftpgo:tag"
36```
37
38If you prefer GitHub Container Registry to Docker Hub replace `drakkan/sftpgo:tag` with `ghcr.io/drakkan/sftpgo:tag`.
39
40### Enable FTP service
41
42FTP is disabled by default, you can enable the FTP service by starting the SFTPGo instance in this way:
43
44```shell
45docker run --name some-sftpgo \
46 -p 8080:8080 \
47 -p 2022:2022 \
48 -p 2121:2121 \
49 -p 50000-50100:50000-50100 \
50 -e SFTPGO_FTPD__BINDINGS__0__PORT=2121 \
51 -e SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP=<your external ip here> \
52 -d "drakkan/sftpgo:tag"
53```
54
55The FTP service is now available on port 2121 and SFTP on port 2022.
56
57You can change the passive ports range (`50000-50100` by default) by setting the environment variables `SFTPGO_FTPD__PASSIVE_PORT_RANGE__START` and `SFTPGO_FTPD__PASSIVE_PORT_RANGE__END`.
58
59It is recommended that you provide a certificate and key file to expose FTP over TLS. You should prefer SFTP to FTP even if you configure TLS, please don't blindly enable the old FTP protocol.
60
61### Enable WebDAV service
62
63WebDAV is disabled by default, you can enable the WebDAV service by starting the SFTPGo instance in this way:
64
65```shell
66docker run --name some-sftpgo \
67 -p 8080:8080 \
68 -p 2022:2022 \
69 -p 10080:10080 \
70 -e SFTPGO_WEBDAVD__BINDINGS__0__PORT=10080 \
71 -d "drakkan/sftpgo:tag"
72```
73
74The WebDAV service is now available on port 10080 and SFTP on port 2022.
75
76It is recommended that you provide a certificate and key file to expose WebDAV over https.
77
78### Container shell access and viewing SFTPGo logs
79
80The docker exec command allows you to run commands inside a Docker container. The following command line will give you a shell inside your `sftpgo` container:
81
82```shell
83docker exec -it some-sftpgo sh
84```
85
86The logs are available through Docker's container log:
87
88```shell
89docker logs some-sftpgo
90```
91
92**Note:** [distroless](../Dockerfile.distroless) image contains only a statically linked sftpgo binary and its minimal runtime dependencies. Shell is not available on this image.
93
94### Where to Store Data
95
96Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the SFTPGo images to familiarize themselves with the options available, including:
97
98- Let Docker manage the storage for SFTPGo data by [writing them to disk on the host system using its own internal volume management](https://docs.docker.com/engine/tutorials/dockervolumes/#adding-a-data-volume). This is the default and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers.
99- Create a data directory on the host system (outside the container) and [mount this to a directory visible from inside the container]((https://docs.docker.com/engine/tutorials/dockervolumes/#mount-a-host-directory-as-a-data-volume)). This places the SFTPGo files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that e.g. directory permissions and other security mechanisms on the host system are set up correctly. The SFTPGo image runs using `1000` as UID/GID by default.
100
101The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above:
102
1031. Create a data directory on a suitable volume on your host system, e.g. `/my/own/sftpgodata`.
1042. Create a home directory for the sftpgo container user on your host system e.g. `/my/own/sftpgohome`.
1053. Start your SFTPGo container like this:
106
107```shell
108docker run --name some-sftpgo \
109 -p 8080:8090 \
110 -p 2022:2022 \
111 --mount type=bind,source=/my/own/sftpgodata,target=/srv/sftpgo \
112 --mount type=bind,source=/my/own/sftpgohome,target=/var/lib/sftpgo \
113 -e SFTPGO_HTTPD__BINDINGS__0__PORT=8090 \
114 -d "drakkan/sftpgo:tag"
115```
116
117As you can see SFTPGo uses two main volumes:
118
119- `/srv/sftpgo` to handle persistent data. The default home directory for SFTP/FTP/WebDAV users is `/srv/sftpgo/data/<username>`. Backups are stored in `/srv/sftpgo/backups`
120- `/var/lib/sftpgo` is the home directory for the sftpgo system user defined inside the container. This is the container working directory too, host keys will be created here when using the default configuration.
121
122If you want to get fine grained control, you can also mount `/srv/sftpgo/data` and `/srv/sftpgo/backups` as separate volumes instead of mounting `/srv/sftpgo`.
123
124### Configuration
125
126The runtime configuration can be customized via environment variables that you can set passing the `-e` option to the `docker run` command or inside the `environment` section if you are using [docker stack deploy](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [docker-compose](https://github.com/docker/compose).
127
128Please take a look [here](../docs/full-configuration.md#environment-variables) to learn how to configure SFTPGo via environment variables.
129
130Alternately you can mount your custom configuration file to `/var/lib/sftpgo` or `/var/lib/sftpgo/.config/sftpgo`.
131
132### Loading initial data
133
134Initial data can be loaded in the following ways:
135
136- via the `--loaddata-from` flag or the `SFTPGO_LOADDATA_FROM` environment variable
137- by providing a dump file to the memory provider
138
139Please take a look [here](../docs/full-configuration.md) for more details.
140
141### Running as an arbitrary user
142
143The SFTPGo image runs using `1000` as UID/GID by default. If you know the permissions of your data and/or configuration directory are already set appropriately or you have need of running SFTPGo with a specific UID/GID, it is possible to invoke this image with `--user` set to any value (other than `root/0`) in order to achieve the desired access/configuration:
144
145```shell
146$ ls -lnd data
147drwxr-xr-x 2 1100 1100 6 7 nov 09.09 data
148$ ls -lnd config
149drwxr-xr-x 2 1100 1100 6 7 nov 09.19 config
150```
151
152With the above directory permissions, you can start a SFTPGo instance like this:
153
154```shell
155docker run --name some-sftpgo \
156 --user 1100:1100 \
157 -p 8080:8080 \
158 -p 2022:2022 \
159 --mount type=bind,source="${PWD}/data",target=/srv/sftpgo \
160 --mount type=bind,source="${PWD}/config",target=/var/lib/sftpgo \
161 -d "drakkan/sftpgo:tag"
162```
163
164Alternately build your own image using the official one as a base, here is a sample Dockerfile:
165
166```shell
167FROM drakkan/sftpgo:tag
168USER root
169RUN chown -R 1100:1100 /etc/sftpgo && chown 1100:1100 /var/lib/sftpgo /srv/sftpgo
170USER 1100:1100
171```
172
173**Note:** the above Dockerfile will not work if you use the [distroless](../Dockerfile.distroless) image as base since the `chown` command is not available there.
174
175## Image Variants
176
177The `sftpgo` images comes in many flavors, each designed for a specific use case. The `edge`, `edge-slim`, `edge-alpine`, `edge-alpine-slim` and `edge-distroless-slim` tags are updated after each new commit.
178
179### `sftpgo:<version>`
180
181This is the defacto image, it is based on [Debian](https://www.debian.org/), available in [the `debian` official image](https://hub.docker.com/_/debian). If you are unsure about what your needs are, you probably want to use this one.
182
183### `sftpgo:<version>-alpine`
184
185This image is based on the popular [Alpine Linux project](https://alpinelinux.org/), available in [the `alpine` official image](https://hub.docker.com/_/alpine). Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.
186
187This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use [musl libc](https://musl.libc.org/) instead of [glibc and friends](https://www.etalabs.net/compare_libcs.html), so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See [this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.
188
189### `sftpgo:<version>-distroless`
190
191This image is based on the popular [Distroless project](https://github.com/GoogleContainerTools/distroless). We use the latest Debian based distroless image as base.
192
193Distroless variant contains only a statically linked sftpgo binary and its minimal runtime dependencies and so it doesn't allow shell access (no shell is installed).
194SQLite support is disabled since it requires CGO and so a C runtime which is not installed.
195The default data provider is `bolt`, all the supported data providers expect `sqlite` work.
196We only provide the slim variant and so the optional `git` dependency is not available.
197
198### `sftpgo:<suite>-slim`
199
200These tags provide a slimmer image that does not include the optional `git` dependency.
201
202## Helm Chart
203
204An helm chart is [available](https://artifacthub.io/packages/helm/sagikazarmark/sftpgo). You can find the source code [here](https://github.com/sagikazarmark/helm-charts/tree/master/charts/sftpgo).
205