diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml index bfbed3e5..fb4123cf 100644 --- a/.github/workflows/development.yml +++ b/.github/workflows/development.yml @@ -199,6 +199,6 @@ jobs: steps: - uses: actions/checkout@v2 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v1 + uses: golangci/golangci-lint-action@v2.2.1 with: - version: v1.31 + version: latest diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fe28ebea..c36cdd1e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -34,7 +34,7 @@ jobs: - name: Gather image information id: info run: | - DOCKER_IMAGE=ghcr.io/drakkan/sftpgo + DOCKER_IMAGE=drakkan/sftpgo VERSION=noop DOCKERFILE=Dockerfile if [ "${{ github.event_name }}" = "schedule" ]; then @@ -75,12 +75,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - - name: Login to GitHub Container Registry + - name: Login to DockerHub uses: docker/login-action@v1 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.CR_PAT }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} if: github.event_name != 'pull_request' - name: Build and push diff --git a/Dockerfile b/Dockerfile index c8fc8aa3..0c5d2d8f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y ca-certificates SHELL ["/bin/bash", "-c"] -RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo +RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo RUN groupadd --system -g 1000 sftpgo && \ useradd --system --gid sftpgo --no-create-home \ @@ -39,32 +39,29 @@ RUN groupadd --system -g 1000 sftpgo && \ # Install some optional packages used by SFTPGo features RUN apt-get update && apt-get install --no-install-recommends -y git rsync && apt-get clean -# Override some configuration details -ENV SFTPGO_CONFIG_DIR=/etc/sftpgo -ENV SFTPGO_LOG_FILE_PATH="" -ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates -ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static - -# Sane defaults, but users should still be able to override this from env vars -ENV SFTPGO_DATA_PROVIDER__USERS_BASE_DIR=/var/lib/sftpgo/users -ENV SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials -ENV SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups -ENV SFTPGO_SFTPD__HOST_KEYS=/var/lib/sftpgo/host_keys/id_rsa,/var/lib/sftpgo/host_keys/id_ecdsa -ENV SFTPGO_HTTPD__BIND_ADDRESS="" - COPY --from=builder /workspace/sftpgo.json /etc/sftpgo/sftpgo.json COPY --from=builder /workspace/templates /usr/share/sftpgo/templates COPY --from=builder /workspace/static /usr/share/sftpgo/static COPY --from=builder /workspace/sftpgo /usr/local/bin/ -RUN sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" /etc/sftpgo/sftpgo.json +# Log to the stdout so the logs will be available using docker logs +ENV SFTPGO_LOG_FILE_PATH="" +# templates and static paths are inside the container +ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates +ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static -RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && \ +# Modify the default configuration file +RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\",|" /etc/sftpgo/sftpgo.json && \ + sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \ + sed -i "s|\"bind_address\": \"127.0.0.1\",|\"bind_address\": \"\",|" /etc/sftpgo/sftpgo.json + +RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo && \ chmod 640 /etc/sftpgo/sftpgo.json && \ - chmod 750 /etc/sftpgo /var/lib/sftpgo + chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo +WORKDIR /var/lib/sftpgo USER sftpgo -VOLUME /var/lib/sftpgo +VOLUME [ "/var/lib/sftpgo", "/srv/sftpgo" ] CMD sftpgo serve diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 6e79ebda..2beaf66d 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -36,7 +36,7 @@ SHELL ["/bin/bash", "-c"] # https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-424546457 RUN test ! -e /etc/nsswitch.conf && echo 'hosts: files dns' > /etc/nsswitch.conf -RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo +RUN mkdir -p /etc/sftpgo /var/lib/sftpgo /usr/share/sftpgo /srv/sftpgo RUN addgroup -g 1000 -S sftpgo && \ adduser -u 1000 -h /var/lib/sftpgo -s /sbin/nologin -G sftpgo -S -D -H sftpgo @@ -44,32 +44,29 @@ RUN addgroup -g 1000 -S sftpgo && \ # Install some optional packages used by SFTPGo features RUN apk add --update --no-cache rsync git -# Override some configuration details -ENV SFTPGO_CONFIG_DIR=/etc/sftpgo -ENV SFTPGO_LOG_FILE_PATH="" -ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates -ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static - -# Sane defaults, but users should still be able to override this from env vars -ENV SFTPGO_DATA_PROVIDER__USERS_BASE_DIR=/var/lib/sftpgo/users -ENV SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/var/lib/sftpgo/credentials -ENV SFTPGO_HTTPD__BACKUPS_PATH=/var/lib/sftpgo/backups -ENV SFTPGO_SFTPD__HOST_KEYS=/var/lib/sftpgo/host_keys/id_rsa,/var/lib/sftpgo/host_keys/id_ecdsa -ENV SFTPGO_HTTPD__BIND_ADDRESS="" - COPY --from=builder /workspace/sftpgo.json /etc/sftpgo/sftpgo.json COPY --from=builder /workspace/templates /usr/share/sftpgo/templates COPY --from=builder /workspace/static /usr/share/sftpgo/static COPY --from=builder /workspace/sftpgo /usr/local/bin/ -RUN sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" /etc/sftpgo/sftpgo.json +# Log to the stdout so the logs will be available using docker logs +ENV SFTPGO_LOG_FILE_PATH="" +# templates and static paths are inside the container +ENV SFTPGO_HTTPD__TEMPLATES_PATH=/usr/share/sftpgo/templates +ENV SFTPGO_HTTPD__STATIC_FILES_PATH=/usr/share/sftpgo/static -RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo && \ +# Modify the default configuration file +RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\",|" /etc/sftpgo/sftpgo.json && \ + sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \ + sed -i "s|\"bind_address\": \"127.0.0.1\",|\"bind_address\": \"\",|" /etc/sftpgo/sftpgo.json + +RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo && \ chmod 640 /etc/sftpgo/sftpgo.json && \ - chmod 750 /etc/sftpgo /var/lib/sftpgo + chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo +WORKDIR /var/lib/sftpgo USER sftpgo -VOLUME /var/lib/sftpgo +VOLUME [ "/var/lib/sftpgo", "/srv/sftpgo" ] CMD sftpgo serve diff --git a/README.md b/README.md index 40e3bbe3..f2618afe 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,16 @@ sftpgo initprovider --help You can disable automatic data provider checks/updates at startup by setting the `update_mode` configuration key to `1`. +## Users and folders management + +After starting SFTPGo you can manage users and folders using: + +- the [web based administration interface](./docs/web-admin.md) +- the [REST API](./docs/rest-api.md) +- the sample [REST API CLI](./examples/rest-api-cli) + +To support embedded data providers like `bolt` and `SQLite` we can't have a CLI that directly write users and folders to the data provider, we always have to use the REST API. + ## Tutorials Some step-to-step tutorials can be found inside the source tree [howto](./docs/howto "How-to") directory. diff --git a/docker/README.md b/docker/README.md index 76f11223..b3da991e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,13 +1,13 @@ # Official Docker images -SFTPGo provides official Docker images. They are available [here](https://github.com/users/drakkan/packages/container/package/sftpgo). +SFTPGo provides official Docker images. They are available [here](https://hub.docker.com/r/drakkan/sftpgo). ## Start a SFTPGo server instance Starting a SFTPGo instance is simple: ```shell -docker run --name some-sftpgo -p 127.0.0.1:8080:8080 -p 2022:2022 -d "ghcr.io/drakkan/sftpgo:edge" +docker run --name some-sftpgo -p 127.0.0.1:8080:8080 -p 2022:2022 -d "sftpgo:edge" ``` Now visit [http://localhost:8080/](http://localhost:8080/) and create a new SFTPGo user. The SFTP service is available on port 2022. @@ -20,12 +20,6 @@ The logs are available through Docker's container log: docker logs some-sftpgo ``` -## Configuration - -The runtime configuration can be customized via environment variables that you can set passing the `-e` option to the `docker run` command or inside the `environment` section if you are using [docker stack deploy](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [docker-compose](https://github.com/docker/compose). - -Please take a look [here](../docs/full-configuration.md#environment-variables) to learn how to configure SFTPGo via environment variables. - ## Where to Store Data Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the SFTPGo images to familiarize themselves with the options available, including: @@ -36,15 +30,28 @@ Important note: There are several ways to store data used by applications that r The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above: 1. Create a data directory on a suitable volume on your host system, e.g. `/my/own/sftpgodata`. -2. Start your SFTPGo container like this: +2. Create a home directory for the sftpgo container user on your host system e.g. `/my/own/sftpgohome`. +3. Start your SFTPGo container like this: ```shell docker run --name some-sftpgo \ -p 127.0.0.1:8080:8090 \ -p 2022:2022 \ - --mount type=bind,source=/my/own/sftpgodata,target=/var/lib/sftpgo \ + --mount type=bind,source=/my/own/sftpgodata,target=/srv/sftpgo \ + --mount type=bind,source=/my/own/sftpgohome,target=/var/lib/sftpgo \ -e SFTPGO_HTTPD__BIND_PORT=8090 \ - -d "ghcr.io/drakkan/sftpgo:edge" + -d "sftpgo:edge" ``` -The `--mount type=bind,source=/my/own/sftpgodata,target=/var/lib/sftpgo` part of the command mounts the `/my/own/sftpgodata` directory from the underlying host system as `/var/lib/sftpgo` inside the container, where SFTPGo will store its data. +As you can see SFTPGo uses two volumes: + +- `/srv/sftpgo` to handle persistent data. The default home directory for SFTP/FTP/WebDAV users is `/srv/sftpgo/data/`. Backups are stored in `/srv/sftpgo/backups` +- `/var/lib/sftpgo` is the home directory for the sftpgo system user defined inside the container. This is the container working directory too, host keys will be created here when using the default configuration. + +## Configuration + +The runtime configuration can be customized via environment variables that you can set passing the `-e` option to the `docker run` command or inside the `environment` section if you are using [docker stack deploy](https://docs.docker.com/engine/reference/commandline/stack_deploy/) or [docker-compose](https://github.com/docker/compose). + +Please take a look [here](../docs/full-configuration.md#environment-variables) to learn how to configure SFTPGo via environment variables. + +Alternately you can mount your custom configuration file to `/var/lib/sftpgo` or `/var/lib/sftpgo/.config/sftpgo`. diff --git a/pkgs/build.sh b/pkgs/build.sh index 109d2a0e..93cd6681 100755 --- a/pkgs/build.sh +++ b/pkgs/build.sh @@ -19,10 +19,10 @@ BASE_DIR="../.." cp ${BASE_DIR}/sftpgo.json . sed -i "s|sftpgo.db|/var/lib/sftpgo/sftpgo.db|" sftpgo.json -sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/var/lib/sftpgo/users\",|" sftpgo.json +sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\",|" sftpgo.json sed -i "s|\"templates\"|\"/usr/share/sftpgo/templates\"|" sftpgo.json sed -i "s|\"static\"|\"/usr/share/sftpgo/static\"|" sftpgo.json -sed -i "s|\"backups\"|\"/var/lib/sftpgo/backups\"|" sftpgo.json +sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" sftpgo.json sed -i "s|\"credentials\"|\"/var/lib/sftpgo/credentials\"|" sftpgo.json $BASE_DIR/sftpgo gen completion bash > sftpgo-completion.bash @@ -61,6 +61,7 @@ config_files: empty_folders: - /var/lib/sftpgo + - /srv/sftpgo/data overrides: deb: diff --git a/pkgs/debian/postinst b/pkgs/debian/postinst index da19af71..95b7e587 100644 --- a/pkgs/debian/postinst +++ b/pkgs/debian/postinst @@ -17,37 +17,17 @@ if [ "$1" = "configure" ]; then fi if [ -z "$2" ]; then + # if configure has no args this is the first installation + # for upgrades the second arg is the previously installed version + # # initialize data provider sftpgo initprovider -c /etc/sftpgo # ensure files and folders have the appropriate permissions - chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo - chmod 750 /etc/sftpgo /var/lib/sftpgo + chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo /srv/sftpgo + chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo chmod 640 /etc/sftpgo/sftpgo.json echo "Please be sure to have the python3-requests package installed if you want to use the REST API CLI" fi fi -if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then - # This will only remove masks created by d-s-h on package removal. - deb-systemd-helper unmask sftpgo.service >/dev/null || true - - # was-enabled defaults to true, so new installations run enable. - if deb-systemd-helper --quiet was-enabled sftpgo.service; then - # Enables the unit on first installation, creates new - # symlinks on upgrades if the unit file has changed. - deb-systemd-helper enable sftpgo.service >/dev/null || true - deb-systemd-invoke start sftpgo.service >/dev/null || true - else - # Update the statefile to add new symlinks (if any), which need to be - # cleaned up on purge. Also remove old symlinks. - deb-systemd-helper update-state sftpgo.service >/dev/null || true - fi - - # Restart only if it was already started - if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true - if [ -n "$2" ]; then - deb-systemd-invoke try-restart sftpgo.service >/dev/null || true - fi - fi -fi +#DEBHELPER# \ No newline at end of file diff --git a/pkgs/debian/postrm b/pkgs/debian/postrm deleted file mode 100644 index 41558184..00000000 --- a/pkgs/debian/postrm +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -set -e - -if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true -fi - -if [ "$1" = "remove" ]; then - if [ -x "/usr/bin/deb-systemd-helper" ]; then - deb-systemd-helper mask sftpgo.service >/dev/null || true - fi -fi - -if [ "$1" = "purge" ]; then - if [ -x "/usr/bin/deb-systemd-helper" ]; then - deb-systemd-helper purge sftpgo.service >/dev/null || true - deb-systemd-helper unmask sftpgo.service >/dev/null || true - fi -fi diff --git a/pkgs/debian/prerm b/pkgs/debian/prerm deleted file mode 100644 index a60145f2..00000000 --- a/pkgs/debian/prerm +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -e - -if [ -d /run/systemd/system ] && [ "$1" = remove ]; then - deb-systemd-invoke stop sftpgo.service >/dev/null || true -fi diff --git a/pkgs/debian/sftpgo.dirs b/pkgs/debian/sftpgo.dirs index c9cf0829..c6ec39fa 100644 --- a/pkgs/debian/sftpgo.dirs +++ b/pkgs/debian/sftpgo.dirs @@ -1 +1,2 @@ /var/lib/sftpgo +/srv/sftpgo/data diff --git a/pkgs/scripts/deb/postinstall.sh b/pkgs/scripts/deb/postinstall.sh index 16c84599..5478c362 100644 --- a/pkgs/scripts/deb/postinstall.sh +++ b/pkgs/scripts/deb/postinstall.sh @@ -17,37 +17,43 @@ if [ "$1" = "configure" ]; then fi if [ -z "$2" ]; then + # if configure has no args this is the first installation + # for upgrades the second arg is the previously installed version + # # initialize data provider sftpgo initprovider -c /etc/sftpgo # ensure files and folders have the appropriate permissions - chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo - chmod 750 /etc/sftpgo /var/lib/sftpgo + chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo /srv/sftpgo + chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo chmod 640 /etc/sftpgo/sftpgo.json echo "Please be sure to have the python3-requests package installed if you want to use the REST API CLI" fi fi if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then - # This will only remove masks created by d-s-h on package removal. - deb-systemd-helper unmask sftpgo.service >/dev/null || true + # This will only remove masks created by d-s-h on package removal. + deb-systemd-helper unmask 'sftpgo.service' >/dev/null || true - # was-enabled defaults to true, so new installations run enable. - if deb-systemd-helper --quiet was-enabled sftpgo.service; then - # Enables the unit on first installation, creates new - # symlinks on upgrades if the unit file has changed. - deb-systemd-helper enable sftpgo.service >/dev/null || true - deb-systemd-invoke start sftpgo.service >/dev/null || true - else - # Update the statefile to add new symlinks (if any), which need to be - # cleaned up on purge. Also remove old symlinks. - deb-systemd-helper update-state sftpgo.service >/dev/null || true - fi - - # Restart only if it was already started - if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true - if [ -n "$2" ]; then - deb-systemd-invoke try-restart sftpgo.service >/dev/null || true - fi - fi + # was-enabled defaults to true, so new installations run enable. + if deb-systemd-helper --quiet was-enabled 'sftpgo.service'; then + # Enables the unit on first installation, creates new + # symlinks on upgrades if the unit file has changed. + deb-systemd-helper enable 'sftpgo.service' >/dev/null || true + else + # Update the statefile to add new symlinks (if any), which need to be + # cleaned up on purge. Also remove old symlinks. + deb-systemd-helper update-state 'sftpgo.service' >/dev/null || true + fi fi + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + if [ -n "$2" ]; then + _dh_action=restart + else + _dh_action=start + fi + deb-systemd-invoke $_dh_action 'sftpgo.service' >/dev/null || true + fi +fi \ No newline at end of file diff --git a/pkgs/scripts/deb/postremove.sh b/pkgs/scripts/deb/postremove.sh index 41558184..3a4021b1 100644 --- a/pkgs/scripts/deb/postremove.sh +++ b/pkgs/scripts/deb/postremove.sh @@ -2,18 +2,17 @@ set -e if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true + systemctl --system daemon-reload >/dev/null || true fi if [ "$1" = "remove" ]; then - if [ -x "/usr/bin/deb-systemd-helper" ]; then - deb-systemd-helper mask sftpgo.service >/dev/null || true - fi + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper mask 'sftpgo.service' >/dev/null || true + fi fi if [ "$1" = "purge" ]; then - if [ -x "/usr/bin/deb-systemd-helper" ]; then - deb-systemd-helper purge sftpgo.service >/dev/null || true - deb-systemd-helper unmask sftpgo.service >/dev/null || true - fi + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper purge 'sftpgo.service' >/dev/null || true + deb-systemd-helper unmask 'sftpgo.service' >/dev/null || true fi diff --git a/pkgs/scripts/rpm/postinstall b/pkgs/scripts/rpm/postinstall index d8b90f21..0ca4550b 100644 --- a/pkgs/scripts/rpm/postinstall +++ b/pkgs/scripts/rpm/postinstall @@ -16,8 +16,8 @@ if [ $1 -eq 1 ]; then # initialize data provider /usr/bin/sftpgo initprovider -c /etc/sftpgo # ensure files and folders have the appropriate permissions - /usr/bin/chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo - /usr/bin/chmod 750 /etc/sftpgo /var/lib/sftpgo + /usr/bin/chown -R sftpgo:sftpgo /etc/sftpgo /var/lib/sftpgo /srv/sftpgo + /usr/bin/chmod 750 /etc/sftpgo /var/lib/sftpgo /srv/sftpgo /usr/bin/chmod 640 /etc/sftpgo/sftpgo.json echo "Please be sure to have the python requests library installed if you want to use the REST API CLI" fi