SftpGo:一款高性能的sftp server服务
SftpGo是一款高性能、功能齐全、易用可配置的一款sftp server 服务,基于go开发。目前在linux、macos下均可以稳定运行(windows个人未测试)。数据可以持久化到主流的数据库,诸如Mysql、PostgreSQL、Sqlilte.
sftpgo主要组成
- 服务端主程序: sftpgosever
- cli脚本: sftpcli
数据目录
- conf存储服务配置文件
- data创建sftp用户目录
- backups存储应用备份数据
本次基于k8s运行服务、mysql5.7做持久化存储、腾讯云NFS服务做数据目录、configmap挂载配置文件、nginx stream提供域名映射tcp访问
构建镜像
直接拉取
docker pull taylordang/sftpgo:v1.0本地基于Dockerfile构建
查看具体文档: [https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine](https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine)构建脚手架
构建脚本: [https://github.com/dtcka/sftpgo/blob/master/docker/rest-api-cli/Dockerfile](https://github.com/dtcka/sftpgo/blob/master/docker/rest-api-cli/Dockerfile)标准配置文件
{
"sftpd": {
"bind_port": 2022,
"bind_address": "0.0.0.0",
"idle_timeout": 15,
"max_auth_tries": 0,
"umask": "0022",
"banner": "",
"upload_mode": 0,
"actions": {
"execute_on": [],
"command": "",
"http_notification_url": ""
},
"keys": [],
"kex_algorithms": [],
"ciphers": [],
"macs": [],
"login_banner_file": "",
"setstat_mode": 0,
"enabled_ssh_commands": [
"md5sum",
"sha1sum",
"cd",
"pwd",
"scp"
],
"keyboard_interactive_auth_program": "",
"proxy_protocol": 0,
"proxy_allowed": []
},
"data_provider": {
"driver": "mysql",
"name": "sftpgo",
"host": "xxxxxx",
"port": 9999,
"username": "sftpgo",
"password": "xxxxx",
"sslmode": 0,
"connection_string": "",
"users_table": "users",
"manage_users": 1,
"track_quota": 2,
"pool_size": 0,
"users_base_dir": "",
"actions": {
"execute_on": [],
"command": "",
"http_notification_url": ""
},
"external_auth_program": "",
"external_auth_scope": 0,
"credentials_path": "credentials",
"pre_login_program": ""
},
"httpd": {
"bind_port": 8080,
"bind_address": "0.0.0.0",
"templates_path": "templates",
"static_files_path": "static",
"backups_path": "backups",
"auth_user_file": "",
"certificate_file": "",
"certificate_key_file": ""
}
}运行应用
以上服务配置准备完成之后,运行容器会在数据库中自动生成对应的表
提供服务外部入库
1. 设置内网服务入口
apiVersion: v1
kind: Service
metadata:
name: sftpgo
namespace: sftp
spec:
clusterIP: xxxx
externalTrafficPolicy: Cluster
ports:
- name: 8080-8080-tcp
nodePort: 31807
port: 8080
protocol: TCP
targetPort: 8080
- name: 2022-2022-tcp
nodePort: 30865
port: 2022
protocol: TCP
targetPort: 2022
selector:
k8s-app: sftpgo
qcloud-app: sftpgo
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: xxxx2. 设置外部服务入口
- nginx配置文件 ``` apiVersion: v1 data: nginx.conf: |- user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } stream { server { listen 2022; proxy_pass sftpgo服务对应的内网ip:2022; } } kind: ConfigMap metadata: name: tcp-config namespace: sftp
##### 3.测试下服务状态以及数据目录权限
测试ok:数据权限UID GID需要设置为1003.
##### 4. 设置域名解析到nginx的externalIps即可实现域名访问
---
附:sftpgo服务源码:https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine sftpgo容器相关镜像:https://hub.docker.com/repository/docker/taylordang/sftpgo sftpgo脚手架:https://hub.docker.com/repository/docker/taylordang/sftp-api-cli
```
更多内容请访问【云原生建筑师】https://blog.dtcka.com