config: remove deprecated configuration keys

2024-11-22 07:30:25 +00:00 · 2021-06-19 09:47:06 +02:00 · 2021-06-19 09:47:06 +02:00 · 3bb0ca1d2b
commit 3bb0ca1d2b
parent d5b42f72e2
7 changed files with 3 additions and 288 deletions
--- a/config/config.go
+++ b/config/config.go
@ -483,95 +483,7 @@ func LoadConfig(configDir, configFile string) error {
 	return nil
 }
 func checkSFTPDBindingsCompatibility() {
 	if globalConf.SFTPD.BindPort == 0 { //nolint:staticcheck
 		return
 	}
 	// we copy deprecated fields to new ones to keep backward compatibility so lint is disabled
 	binding := sftpd.Binding{
 		ApplyProxyConfig: true,
 	}
 	if globalConf.SFTPD.BindPort > 0 { //nolint:staticcheck
 		binding.Port = globalConf.SFTPD.BindPort //nolint:staticcheck
 	}
 	if globalConf.SFTPD.BindAddress != "" { //nolint:staticcheck
 		binding.Address = globalConf.SFTPD.BindAddress //nolint:staticcheck
 	}
 	globalConf.SFTPD.Bindings = []sftpd.Binding{binding}
 }
 func checkFTPDBindingCompatibility() {
 	if globalConf.FTPD.BindPort == 0 { //nolint:staticcheck
 		return
 	}
 	binding := ftpd.Binding{
 		ApplyProxyConfig: true,
 	}
 	if globalConf.FTPD.BindPort > 0 { //nolint:staticcheck
 		binding.Port = globalConf.FTPD.BindPort //nolint:staticcheck
 	}
 	if globalConf.FTPD.BindAddress != "" { //nolint:staticcheck
 		binding.Address = globalConf.FTPD.BindAddress //nolint:staticcheck
 	}
 	if globalConf.FTPD.TLSMode > 0 { //nolint:staticcheck
 		binding.TLSMode = globalConf.FTPD.TLSMode //nolint:staticcheck
 	}
 	if globalConf.FTPD.ForcePassiveIP != "" { //nolint:staticcheck
 		binding.ForcePassiveIP = globalConf.FTPD.ForcePassiveIP //nolint:staticcheck
 	}
 	globalConf.FTPD.Bindings = []ftpd.Binding{binding}
 }
 func checkWebDAVDBindingCompatibility() {
 	if globalConf.WebDAVD.BindPort == 0 { //nolint:staticcheck
 		return
 	}
 	binding := webdavd.Binding{
 		EnableHTTPS: globalConf.WebDAVD.CertificateFile != "" && globalConf.WebDAVD.CertificateKeyFile != "",
 	}
 	if globalConf.WebDAVD.BindPort > 0 { //nolint:staticcheck
 		binding.Port = globalConf.WebDAVD.BindPort //nolint:staticcheck
 	}
 	if globalConf.WebDAVD.BindAddress != "" { //nolint:staticcheck
 		binding.Address = globalConf.WebDAVD.BindAddress //nolint:staticcheck
 	}
 	globalConf.WebDAVD.Bindings = []webdavd.Binding{binding}
 }
 func checkHTTPDBindingCompatibility() {
 	if globalConf.HTTPDConfig.BindPort == 0 { //nolint:staticcheck
 		return
 	}
 	binding := httpd.Binding{
 		EnableWebAdmin: globalConf.HTTPDConfig.StaticFilesPath != "" && globalConf.HTTPDConfig.TemplatesPath != "",
 		EnableHTTPS:    globalConf.HTTPDConfig.CertificateFile != "" && globalConf.HTTPDConfig.CertificateKeyFile != "",
 	}
 	if globalConf.HTTPDConfig.BindPort > 0 { //nolint:staticcheck
 		binding.Port = globalConf.HTTPDConfig.BindPort //nolint:staticcheck
 	}
 	if globalConf.HTTPDConfig.BindAddress != "" { //nolint:staticcheck
 		binding.Address = globalConf.HTTPDConfig.BindAddress //nolint:staticcheck
 	}
 	globalConf.HTTPDConfig.Bindings = []httpd.Binding{binding}
 }
 func loadBindingsFromEnv() {
 	checkSFTPDBindingsCompatibility()
 	checkFTPDBindingCompatibility()
 	checkWebDAVDBindingCompatibility()
 	checkHTTPDBindingCompatibility()
 	for idx := 0; idx < 10; idx++ {
 		getRateLimitersFromEnv(idx)
 		getSFTPDBindindFromEnv(idx)
--- a/config/config_test.go
+++ b/config/config_test.go
@ -19,7 +19,6 @@ import (
 	"github.com/drakkan/sftpgo/httpd"
 	"github.com/drakkan/sftpgo/sftpd"
 	"github.com/drakkan/sftpgo/utils"
 	"github.com/drakkan/sftpgo/webdavd"
 )
 const (
@ -49,7 +48,7 @@ func TestLoadConfigTest(t *testing.T) {
 	assert.NoError(t, err)
 	err = config.LoadConfig(configDir, confName)
 	assert.NoError(t, err)
-	err = os.WriteFile(configFilePath, []byte("{\"sftpd\": {\"bind_port\": \"a\"}}"), os.ModePerm)
+	err = os.WriteFile(configFilePath, []byte(`{"sftpd": {"max_auth_tries": "a"}}`), os.ModePerm)
 	assert.NoError(t, err)
 	err = config.LoadConfig(configDir, confName)
 	assert.Error(t, err)
@ -291,143 +290,6 @@ func TestServiceToStart(t *testing.T) {
 	assert.True(t, config.HasServicesToStart())
 }
 func TestSFTPDBindingsCompatibility(t *testing.T) {
 	reset()
 	configDir := ".."
 	confName := tempConfigName + ".json"
 	configFilePath := filepath.Join(configDir, confName)
 	err := config.LoadConfig(configDir, "")
 	assert.NoError(t, err)
 	sftpdConf := config.GetSFTPDConfig()
 	require.Len(t, sftpdConf.Bindings, 1)
 	sftpdConf.Bindings = nil
 	sftpdConf.BindPort = 9022           //nolint:staticcheck
 	sftpdConf.BindAddress = "127.0.0.1" //nolint:staticcheck
 	c := make(map[string]sftpd.Configuration)
 	c["sftpd"] = sftpdConf
 	jsonConf, err := json.Marshal(c)
 	assert.NoError(t, err)
 	err = os.WriteFile(configFilePath, jsonConf, os.ModePerm)
 	assert.NoError(t, err)
 	err = config.LoadConfig(configDir, confName)
 	assert.NoError(t, err)
 	sftpdConf = config.GetSFTPDConfig()
 	// the default binding should be replaced with the deprecated configuration
 	require.Len(t, sftpdConf.Bindings, 1)
 	require.Equal(t, 9022, sftpdConf.Bindings[0].Port)
 	require.Equal(t, "127.0.0.1", sftpdConf.Bindings[0].Address)
 	require.True(t, sftpdConf.Bindings[0].ApplyProxyConfig)
 	err = config.LoadConfig(configDir, confName)
 	assert.NoError(t, err)
 	sftpdConf = config.GetSFTPDConfig()
 	require.Len(t, sftpdConf.Bindings, 1)
 	require.Equal(t, 9022, sftpdConf.Bindings[0].Port)
 	require.Equal(t, "127.0.0.1", sftpdConf.Bindings[0].Address)
 	require.True(t, sftpdConf.Bindings[0].ApplyProxyConfig)
 	err = os.Remove(configFilePath)
 	assert.NoError(t, err)
 }
 func TestFTPDBindingsCompatibility(t *testing.T) {
 	reset()
 	configDir := ".."
 	confName := tempConfigName + ".json"
 	configFilePath := filepath.Join(configDir, confName)
 	err := config.LoadConfig(configDir, "")
 	assert.NoError(t, err)
 	ftpdConf := config.GetFTPDConfig()
 	require.Len(t, ftpdConf.Bindings, 1)
 	ftpdConf.Bindings = nil
 	ftpdConf.BindPort = 9022              //nolint:staticcheck
 	ftpdConf.BindAddress = "127.1.0.1"    //nolint:staticcheck
 	ftpdConf.ForcePassiveIP = "127.1.1.1" //nolint:staticcheck
 	ftpdConf.TLSMode = 2                  //nolint:staticcheck
 	c := make(map[string]ftpd.Configuration)
 	c["ftpd"] = ftpdConf
 	jsonConf, err := json.Marshal(c)
 	assert.NoError(t, err)
 	err = os.WriteFile(configFilePath, jsonConf, os.ModePerm)
 	assert.NoError(t, err)
 	err = config.LoadConfig(configDir, confName)
 	assert.NoError(t, err)
 	ftpdConf = config.GetFTPDConfig()
 	// the default binding should be replaced with the deprecated configuration
 	require.Len(t, ftpdConf.Bindings, 1)
 	require.Equal(t, 9022, ftpdConf.Bindings[0].Port)
 	require.Equal(t, "127.1.0.1", ftpdConf.Bindings[0].Address)
 	require.True(t, ftpdConf.Bindings[0].ApplyProxyConfig)
 	require.Equal(t, 2, ftpdConf.Bindings[0].TLSMode)
 	require.Equal(t, "127.1.1.1", ftpdConf.Bindings[0].ForcePassiveIP)
 	err = os.Remove(configFilePath)
 	assert.NoError(t, err)
 }
 func TestWebDAVDBindingsCompatibility(t *testing.T) {
 	reset()
 	configDir := ".."
 	confName := tempConfigName + ".json"
 	configFilePath := filepath.Join(configDir, confName)
 	err := config.LoadConfig(configDir, "")
 	assert.NoError(t, err)
 	webdavConf := config.GetWebDAVDConfig()
 	require.Len(t, webdavConf.Bindings, 1)
 	webdavConf.Bindings = nil
 	webdavConf.BindPort = 9080           //nolint:staticcheck
 	webdavConf.BindAddress = "127.0.0.1" //nolint:staticcheck
 	c := make(map[string]webdavd.Configuration)
 	c["webdavd"] = webdavConf
 	jsonConf, err := json.Marshal(c)
 	assert.NoError(t, err)
 	err = os.WriteFile(configFilePath, jsonConf, os.ModePerm)
 	assert.NoError(t, err)
 	err = config.LoadConfig(configDir, confName)
 	assert.NoError(t, err)
 	webdavConf = config.GetWebDAVDConfig()
 	// the default binding should be replaced with the deprecated configuration
 	require.Len(t, webdavConf.Bindings, 1)
 	require.Equal(t, 9080, webdavConf.Bindings[0].Port)
 	require.Equal(t, "127.0.0.1", webdavConf.Bindings[0].Address)
 	require.False(t, webdavConf.Bindings[0].EnableHTTPS)
 	err = os.Remove(configFilePath)
 	assert.NoError(t, err)
 }
 func TestHTTPDBindingsCompatibility(t *testing.T) {
 	reset()
 	configDir := ".."
 	confName := tempConfigName + ".json"
 	configFilePath := filepath.Join(configDir, confName)
 	err := config.LoadConfig(configDir, "")
 	assert.NoError(t, err)
 	httpdConf := config.GetHTTPDConfig()
 	require.Len(t, httpdConf.Bindings, 1)
 	httpdConf.Bindings = nil
 	httpdConf.BindPort = 9080           //nolint:staticcheck
 	httpdConf.BindAddress = "127.1.1.1" //nolint:staticcheck
 	c := make(map[string]httpd.Conf)
 	c["httpd"] = httpdConf
 	jsonConf, err := json.Marshal(c)
 	assert.NoError(t, err)
 	err = os.WriteFile(configFilePath, jsonConf, os.ModePerm)
 	assert.NoError(t, err)
 	err = config.LoadConfig(configDir, confName)
 	assert.NoError(t, err)
 	httpdConf = config.GetHTTPDConfig()
 	// the default binding should be replaced with the deprecated configuration
 	require.Len(t, httpdConf.Bindings, 1)
 	require.Equal(t, 9080, httpdConf.Bindings[0].Port)
 	require.Equal(t, "127.1.1.1", httpdConf.Bindings[0].Address)
 	require.False(t, httpdConf.Bindings[0].EnableHTTPS)
 	require.True(t, httpdConf.Bindings[0].EnableWebAdmin)
 	err = os.Remove(configFilePath)
 	assert.NoError(t, err)
 }
 func TestRateLimitersFromEnv(t *testing.T) {
 	reset()
--- a/docs/full-configuration.md
+++ b/docs/full-configuration.md
@ -95,27 +95,17 @@ The configuration file contains the following sections:
    - `port`, integer. The port used for serving SFTP requests. 0 means disabled. Default: 2022
    - `address`, string. Leave blank to listen on all available network interfaces. Default: ""
    - `apply_proxy_config`, boolean. If enabled the common proxy configuration, if any, will be applied. Default `true`
  - `bind_port`, integer. Deprecated, please use `bindings`
  - `bind_address`, string. Deprecated, please use `bindings`
  - `idle_timeout`, integer. Deprecated, please use the same key in `common` section.
  - `max_auth_tries` integer. Maximum number of authentication attempts permitted per connection. If set to a negative number, the number of attempts is unlimited. If set to zero, the number of attempts is limited to 6.
  - `banner`, string. Identification string used by the server. Leave empty to use the default banner. Default `SFTPGo_<version>`, for example `SSH-2.0-SFTPGo_0.9.5`
  - `upload_mode` integer. Deprecated, please use the same key in `common` section.
  - `actions`, struct. Deprecated, please use the same key in `common` section.
  - `keys`, struct array. Deprecated, please use `host_keys`.
    - `private_key`, path to the private key file. It can be a path relative to the config dir or an absolute one.
  - `host_keys`, list of strings. It contains the daemon's private host keys. Each host key can be defined as a path relative to the configuration directory or an absolute one. If empty, the daemon will search or try to generate `id_rsa`, `id_ecdsa` and `id_ed25519` keys inside the configuration directory. If you configure absolute paths to files named `id_rsa`, `id_ecdsa` and/or `id_ed25519` then SFTPGo will try to generate these keys using the default settings.
  - `kex_algorithms`, list of strings. Available KEX (Key Exchange) algorithms in preference order. Leave empty to use default values. The supported values can be found here: [`crypto/ssh`](https://github.com/golang/crypto/blob/master/ssh/common.go#L46 "Supported kex algos")
  - `ciphers`, list of strings. Allowed ciphers. Leave empty to use default values. The supported values can be found here: [crypto/ssh](https://github.com/golang/crypto/blob/master/ssh/common.go#L28 "Supported ciphers")
  - `macs`, list of strings. Available MAC (message authentication code) algorithms in preference order. Leave empty to use default values. The supported values can be found here: [crypto/ssh](https://github.com/golang/crypto/blob/master/ssh/common.go#L84 "Supported MACs")
  - `trusted_user_ca_keys`, list of public keys paths of certificate authorities that are trusted to sign user certificates for authentication. The paths can be absolute or relative to the configuration directory.
  - `login_banner_file`, path to the login banner file. The contents of the specified file, if any, are sent to the remote user before authentication is allowed. It can be a path relative to the config dir or an absolute one. Leave empty to disable login banner.
  - `setstat_mode`, integer. Deprecated, please use the same key in `common` section.
  - `enabled_ssh_commands`, list of enabled SSH commands. `*` enables all supported commands. More information can be found [here](./ssh-commands.md).
  - `keyboard_interactive_auth_hook`, string. Absolute path to an external program or an HTTP URL to invoke for keyboard interactive authentication. See [Keyboard Interactive Authentication](./keyboard-interactive.md) for more details.
  - `password_authentication`, boolean. Set to false to disable password authentication. This setting will disable multi-step authentication method using public key + password too. It is useful for public key only configurations if you need to manage old clients that will not attempt to authenticate with public keys if the password login method is advertised. Default: true.
  - `proxy_protocol`, integer.  Deprecated, please use the same key in `common` section.
  - `proxy_allowed`, list of strings. Deprecated, please use the same key in `common` section.
 - **"ftpd"**, the configuration for the FTP server
  - `bindings`, list of structs. Each struct has the following fields:
    - `port`, integer. The port used for serving FTP requests. 0 means disabled. Default: 0.
@ -125,12 +115,9 @@ The configuration file contains the following sections:
    - `force_passive_ip`, ip address. External IP address to expose for passive connections. Leavy empty to autodetect. If not empty, it must be a valid IPv4 address. Defaut: "".
    - `client_auth_type`, integer. Set to `1` to require a client certificate and verify it. Set to `2` to request a client certificate during the TLS handshake and verify it if given, in this mode the client is allowed not to send a certificate. At least one certification authority must be defined in order to verify client certificates. If no certification authority is defined, this setting is ignored. Default: 0.
    - `tls_cipher_suites`, list of strings. List of supported cipher suites for TLS version 1.2. If empty, a default list of secure cipher suites is used, with a preference order based on hardware performance. Note that TLS 1.3 ciphersuites are not configurable. The supported ciphersuites names are defined [here](https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L52). Any invalid name will be silently ignored. The order matters, the ciphers listed first will be the preferred ones. Default: empty.
  - `bind_port`, integer. Deprecated, please use `bindings`
  - `bind_address`, string. Deprecated, please use `bindings`
  - `banner`, string. Greeting banner displayed when a connection first comes in. Leave empty to use the default banner. Default `SFTPGo <version> ready`, for example `SFTPGo 1.0.0-dev ready`.
  - `banner_file`, path to the banner file. The contents of the specified file, if any, are displayed when someone connects to the server. It can be a path relative to the config dir or an absolute one. If set, it overrides the banner string provided by the `banner` option. Leave empty to disable.
  - `active_transfers_port_non_20`, boolean. Do not impose the port 20 for active data transfers. Enabling this option allows to run SFTPGo with less privilege. Default: false.
  - `force_passive_ip`, ip address.  Deprecated, please use `bindings`
  - `passive_port_range`, struct containing the key `start` and `end`. Port Range for data connections. Random if not specified. Default range is 50000-50100.
  - `disable_active_mode`, boolean. Set to `true` to disable active FTP, default `false`.
  - `enable_site`, boolean. Set to true to enable the FTP SITE command. We support `chmod` and `symlink` if SITE support is enabled. Default `false`
@ -140,7 +127,6 @@ The configuration file contains the following sections:
  - `certificate_key_file`, string. Private key matching the above certificate. This can be an absolute path or a path relative to the config dir. A certificate and the private key are required to enable explicit and implicit TLS. Certificate and key files can be reloaded on demand sending a `SIGHUP` signal on Unix based systems and a `paramchange` request to the running service on Windows.
  - `ca_certificates`, list of strings. Set of root certificate authorities to be used to verify client certificates.
  - `ca_revocation_lists`, list of strings. Set a revocation lists, one for each root CA, to be used to check if a client certificate has been revoked. The revocation lists can be reloaded on demand sending a `SIGHUP` signal on Unix based systems and a `paramchange` request to the running service on Windows.
  - `tls_mode`, integer. Deprecated, please use `bindings`
 - **"webdavd"**, the configuration for the WebDAV server, more info [here](./webdav.md)
  - `bindings`, list of structs. Each struct has the following fields:
    - `port`, integer. The port used for serving WebDAV requests. 0 means disabled. Default: 0.
@ -150,8 +136,6 @@ The configuration file contains the following sections:
    - `tls_cipher_suites`, list of strings. List of supported cipher suites for TLS version 1.2. If empty, a default list of secure cipher suites is used, with a preference order based on hardware performance. Note that TLS 1.3 ciphersuites are not configurable. The supported ciphersuites names are defined [here](https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L52). Any invalid name will be silently ignored. The order matters, the ciphers listed first will be the preferred ones. Default: empty.
    - `prefix`, string. Prefix for WebDAV resources, if empty WebDAV resources will be available at the `/` URI. If defined it must be an absolute URI, for example `/dav`. Default: "".
    - `proxy_allowed`, list of IP addresses and IP ranges allowed to set `X-Forwarded-For`, `X-Real-IP`, `CF-Connecting-IP`, `True-Client-IP` headers. Any of the indicated headers, if set on requests from a connection address not in this list, will be silently ignored. Default: empty.
  - `bind_port`, integer. Deprecated, please use `bindings`.
  - `bind_address`, string. Deprecated, please use `bindings`.
  - `certificate_file`, string. Certificate for WebDAV over HTTPS. This can be an absolute path or a path relative to the config dir.
  - `certificate_key_file`, string. Private key matching the above certificate. This can be an absolute path or a path relative to the config dir. A certificate and a private key are required to enable HTTPS connections. Certificate and key files can be reloaded on demand sending a `SIGHUP` signal on Unix based systems and a `paramchange` request to the running service on Windows.
  - `ca_certificates`, list of strings. Set of root certificate authorities to be used to verify client certificates.
@ -188,12 +172,10 @@ The configuration file contains the following sections:
  - `actions`, struct. It contains the command to execute and/or the HTTP URL to notify and the trigger conditions. See [Custom Actions](./custom-actions.md) for more details
    - `execute_on`, list of strings. Valid values are `add`, `update`, `delete`. `update` action will not be fired for internal updates such as the last login or the user quota fields.
    - `hook`, string. Absolute path to the command to execute or HTTP URL to notify.
  - `external_auth_program`, string. Deprecated, please use `external_auth_hook`.
  - `external_auth_hook`, string. Absolute path to an external program or an HTTP URL to invoke for users authentication. See [External Authentication](./external-auth.md) for more details. Leave empty to disable.
  - `external_auth_scope`, integer. 0 means all supported authentication scopes (passwords, public keys and keyboard interactive). 1 means passwords only. 2 means public keys only. 4 means key keyboard interactive only. 8 means TLS certificate. The flags can be combined, for example 6 means public keys and keyboard interactive
  - `credentials_path`, string. It defines the directory for storing user provided credential files such as Google Cloud Storage credentials. This can be an absolute path or a path relative to the config dir
  - `prefer_database_credentials`, boolean. When true, users' Google Cloud Storage credentials will be written to the data provider instead of disk, though pre-existing credentials on disk will be used as a fallback. When false, they will be written to the directory specified by `credentials_path`.
  - `pre_login_program`, string. Deprecated, please use `pre_login_hook`.
  - `pre_login_hook`, string. Absolute path to an external program or an HTTP URL to invoke to modify user details just before the login. See [Dynamic user modification](./dynamic-user-mod.md) for more details. Leave empty to disable.
  - `post_login_hook`, string. Absolute path to an external program or an HTTP URL to invoke to notify a successful or failed login. See [Post-login hook](./post-login-hook.md) for more details. Leave empty to disable.
  - `post_login_scope`, defines the scope for the post-login hook. 0 means notify both failed and successful logins. 1 means notify failed logins. 2 means notify successful logins.
@ -221,8 +203,6 @@ The configuration file contains the following sections:
    - `client_auth_type`, integer. Set to `1` to require client certificate authentication in addition to JWT/Web authentication. You need to define at least a certificate authority for this to work. Default: 0.
    - `tls_cipher_suites`, list of strings. List of supported cipher suites for TLS version 1.2. If empty, a default list of secure cipher suites is used, with a preference order based on hardware performance. Note that TLS 1.3 ciphersuites are not configurable. The supported ciphersuites names are defined [here](https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L52). Any invalid name will be silently ignored. The order matters, the ciphers listed first will be the preferred ones. Default: empty.
    - `proxy_allowed`, list of IP addresses and IP ranges allowed to set `X-Forwarded-For`, `X-Real-IP`, `X-Forwarded-Proto`, `CF-Connecting-IP`, `True-Client-IP` headers. Any of the indicated headers, if set on requests from a connection address not in this list, will be silently ignored. Default: empty.
  - `bind_port`, integer. Deprecated, please use `bindings`.
  - `bind_address`, string. Deprecated, please use `bindings`. Leave blank to listen on all available network interfaces. On \*NIX you can specify an absolute path to listen on a Unix-domain socket. Default: ""
  - `templates_path`, string. Path to the HTML web templates. This can be an absolute path or a path relative to the config dir
  - `static_files_path`, string. Path to the static files for the web interface. This can be an absolute path or a path relative to the config dir. If both `templates_path` and `static_files_path` are empty the built-in web interface will be disabled
  - `backups_path`, string. Path to the backup directory. This can be an absolute path or a path relative to the config dir. We don't allow backups in arbitrary paths for security reasons
--- a/ftpd/ftpd.go
+++ b/ftpd/ftpd.go
@ -129,12 +129,6 @@ type ServiceStatus struct {
 type Configuration struct {
 	// Addresses and ports to bind to
 	Bindings []Binding `json:"bindings" mapstructure:"bindings"`
 	// Deprecated: please use Bindings
 	BindPort int `json:"bind_port" mapstructure:"bind_port"`
 	// Deprecated: please use Bindings
 	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
 	// Deprecated: please use Bindings
 	ForcePassiveIP string `json:"force_passive_ip" mapstructure:"force_passive_ip"`
 	// Greeting banner displayed when a connection first comes in
 	Banner string `json:"banner" mapstructure:"banner"`
 	// the contents of the specified file, if any, are diplayed when someone connects to the server.
@ -169,8 +163,6 @@ type Configuration struct {
 	// no advantage as it will download the partial files and will upload the
 	// combined one. Cloud backends natively support multipart uploads.
 	CombineSupport int `json:"combine_support" mapstructure:"combine_support"`
 	// Deprecated: please use Bindings
 	TLSMode int `json:"tls_mode" mapstructure:"tls_mode"`
 	// Port Range for data connections. Random if not specified
 	PassivePortRange PortRange `json:"passive_port_range" mapstructure:"passive_port_range"`
 }
--- a/httpd/httpd.go
+++ b/httpd/httpd.go
@ -224,10 +224,6 @@ type ServicesStatus struct {
 type Conf struct {
 	// Addresses and ports to bind to
 	Bindings []Binding `json:"bindings" mapstructure:"bindings"`
 	// Deprecated: please use Bindings
 	BindPort int `json:"bind_port" mapstructure:"bind_port"`
 	// Deprecated: please use Bindings
 	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
 	// Path to the HTML web templates. This can be an absolute path or a path relative to the config dir
 	TemplatesPath string `json:"templates_path" mapstructure:"templates_path"`
 	// Path to the static files for the web interface. This can be an absolute path or a path relative to the config dir.
--- a/sftpd/server.go
+++ b/sftpd/server.go
@ -66,22 +66,12 @@ type Configuration struct {
 	Banner string `json:"banner" mapstructure:"banner"`
 	// Addresses and ports to bind to
 	Bindings []Binding `json:"bindings" mapstructure:"bindings"`
 	// Deprecated: please use Bindings
 	BindPort int `json:"bind_port" mapstructure:"bind_port"`
 	// Deprecated: please use Bindings
 	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
 	// Deprecated: please use the same key in common configuration
 	IdleTimeout int `json:"idle_timeout" mapstructure:"idle_timeout"`
 	// Maximum number of authentication attempts permitted per connection.
 	// If set to a negative number, the number of attempts is unlimited.
 	// If set to zero, the number of attempts are limited to 6.
 	MaxAuthTries int `json:"max_auth_tries" mapstructure:"max_auth_tries"`
 	// Deprecated: please use the same key in common configuration
 	UploadMode int `json:"upload_mode" mapstructure:"upload_mode"`
 	// Actions to execute on file operations and SSH commands
 	Actions common.ProtocolActions `json:"actions" mapstructure:"actions"`
 	// Deprecated: please use HostKeys
 	Keys []Key `json:"keys" mapstructure:"keys"`
 	// HostKeys define the daemon's private host keys.
 	// Each host key can be defined as a path relative to the configuration directory or an absolute one.
 	// If empty or missing, the daemon will search or try to generate "id_rsa" and "id_ecdsa" host keys
@ -102,8 +92,6 @@ type Configuration struct {
 	// LoginBannerFile the contents of the specified file, if any, are sent to
 	// the remote user before authentication is allowed.
 	LoginBannerFile string `json:"login_banner_file" mapstructure:"login_banner_file"`
 	// Deprecated: please use the same key in common configuration
 	SetstatMode int `json:"setstat_mode" mapstructure:"setstat_mode"`
 	// List of enabled SSH commands.
 	// We support the following SSH commands:
 	// - "scp". SCP is an experimental feature, we have our own SCP implementation since
@ -130,19 +118,8 @@ type Configuration struct {
 	KeyboardInteractiveHook string `json:"keyboard_interactive_auth_hook" mapstructure:"keyboard_interactive_auth_hook"`
 	// PasswordAuthentication specifies whether password authentication is allowed.
 	PasswordAuthentication bool `json:"password_authentication" mapstructure:"password_authentication"`
-	// Deprecated: please use the same key in common configuration
+	certChecker            *ssh.CertChecker
-	ProxyProtocol int `json:"proxy_protocol" mapstructure:"proxy_protocol"`
+	parsedUserCAKeys       []ssh.PublicKey
 	// Deprecated: please use the same key in common configuration
 	ProxyAllowed     []string `json:"proxy_allowed" mapstructure:"proxy_allowed"`
 	certChecker      *ssh.CertChecker
 	parsedUserCAKeys []ssh.PublicKey
 }
 // Key contains information about host keys
 // Deprecated: please use HostKeys
 type Key struct {
 	// The private key path as absolute path or relative to the configuration directory
 	PrivateKey string `json:"private_key" mapstructure:"private_key"`
 }
 type authenticationError struct {
--- a/webdavd/webdavd.go
+++ b/webdavd/webdavd.go
@ -123,10 +123,6 @@ func (b *Binding) IsValid() bool {
 type Configuration struct {
 	// Addresses and ports to bind to
 	Bindings []Binding `json:"bindings" mapstructure:"bindings"`
 	// Deprecated: please use Bindings
 	BindPort int `json:"bind_port" mapstructure:"bind_port"`
 	// Deprecated: please use Bindings
 	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
 	// If files containing a certificate and matching private key for the server are provided the server will expect
 	// HTTPS connections.
 	// Certificate and key files can be reloaded on demand sending a "SIGHUP" signal on Unix based systems and a