diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1269488 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +data diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e11d8ec --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,59 @@ +--- +services: + sftpgo: + image: drakkan/sftpgo:${SG_VERSION} + restart: unless-stopped + environment: + - SFTPGO_COMMON__IDLE_TIMEOUT=${SG_COMMON__IDLE_TIMEOUT} + - SFTPGO_COMMON__UPLOAD_MODE=${SG_COMMON__UPLOAD_MODE} + - SFTPGO_SFTPD__BINDINGS__0__PORT=${SG_SFTPD__BINDINGS__PORT} + - SFTPGO_FTPD__BINDINGS__0__PORT=${SG_FTPD__BINDINGS__PORT} + - SFTPGO_FTPD__BINDINGS__0__TLS_MODE=${SG_FTPD__BINDINGS__TLS_MODE} + - SFTPGO_FTPD__DISABLE_ACTIVE_MODE=${SG_FTPD__DISABLE_ACTIVE_MODE} + - SFTPGO_FTPD__CERTIFICATE_FILE=${SG_FTPD__CERTIFICATE_FILE} + - SFTPGO_FTPD__CERTIFICATE_KEY_FILE=${SG_FTPD__CERTIFICATE_KEY_FILE} + - SFTPGO_DATA_PROVIDER__DRIVER=${SG_DATA_PROVIDER__DRIVER} + - SFTPGO_DATA_PROVIDER__NAME=${SG_DATA_PROVIDER__NAME} + - SFTPGO_TELEMETRY__BIND_PORT=${SG_TELEMETRY__BIND_PORT} + - SFTPGO_TELEMETRY__BIND_ADDRESS=${SG_TELEMETRY__BIND_ADDRESS} + - SFTPGO_MFA__TOTP__NAME=${SG_MFA__TOTP__NAME} + - SFTPGO_MFA__TOTP__ISSUER=${SG_MFA__TOTP__ISSUER} + - SFTPGO_SMTP__HOST=${SG_SMTP__HOST} + - SFTPGO_SMTP__PORT=${SG_SMTP__PORT} + - SFTPGO_SMTP__FROM=${SG_SMTP__FROM} + - SFTPGO_SMTP__USER=${SG_SMTP__USER} + - SFTPGO_SMTP__PASSWORD=${SG_SMTP__PASSWORD} + - SFTPGO_SMTP__ENCRYPTION=${SG_SMTP__ENCRYPTION} + - SFTPGO_SMTP__DOMAIN=${SG_SMTP__DOMAIN} + labels: + ### Section Træfik + - traefik.enable=${TRAEFIK_ENABLED} + - traefik.docker.network=${TRAEFIK_NETWORK} + ## HTTP + - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http + # redirect to HTTPS only + - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTP_MIDDLEWARES} + - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE} + ## HTTPS + - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https + # configure the exposed service + - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTPS_MIDDLEWARES} + - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE} + # enable TLS and its certificate provider + - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED} + - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER} + # specify a service so a custom port can be used + - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT} + ports: + - 21:2021 + - 50000-50100:50000-50100 + volumes: + - ${SG_CONFIG}:/var/lib/sftpgo + - ${SG_DATA}:/srv/sftpgo/data + networks: + - traefik + +networks: + traefik: + external: true + name: ${TRAEFIK_NETWORK} diff --git a/env.example b/env.example new file mode 100644 index 0000000..27da462 --- /dev/null +++ b/env.example @@ -0,0 +1,38 @@ +# Træfik +TRAEFIK_ENABLED=true +TRAEFIK_NETWORK=traefik +TRAEFIK_ROUTER=ftp_example_com +TRAEFIK_SERVICE=ftp_example_com +TRAEFIK_SERVICE_PORT=8080 +TRAEFIK_MATCHRULE=Host(`ftp.example.com`) +TRAEFIK_TLSENABLED=true +TRAEFIK_CERTRESOLVER=letsencrypt +TRAEFIK_HTTP_MIDDLEWARES=http-to-https +TRAEFIK_HTTPS_MIDDLEWARES=hsts + +# SFTPGo +SG_VERSION=latest +SG_CONFIG=./data/config +SG_DATA=./data/userdata +SG_COMMON__IDLE_TIMEOUT=3 +SG_COMMON__UPLOAD_MODE=1 +SG_SFTPD__BINDINGS__PORT=0 +SG_FTPD__BINDINGS__PORT=2021 +# CHANGEME: +SG_FTPD__BINDINGS__TLS_MODE=0 +SG_FTPD__DISABLE_ACTIVE_MODE=true +SG_FTPD__CERTIFICATE_FILE= +SG_FTPD__CERTIFICATE_KEY_FILE= +SG_DATA_PROVIDER__DRIVER=sqlite +SG_DATA_PROVIDER__NAME=config.db +SG_TELEMETRY__BIND_PORT=8081 +SG_TELEMETRY__BIND_ADDRESS= +SG_MFA__TOTP__NAME=ftp.example.com +SG_MFA__TOTP__ISSUER=FTP Example Company +SG_SMTP__HOST=smtp.example.com +SG_SMTP__PORT=465 +SG_SMTP__FROM=FTP +SG_SMTP__USER=noreply@example.com +SG_SMTP__PASSWORD=P4ssw0rd! +SG_SMTP__ENCRYPTION=1 +SG_SMTP__DOMAIN=ftp.example.com