Add a Getting Started Guide

2021-05-20 18:16:27 +02:00 · 2021-05-20 18:16:27 +02:00 · ecfed4dc04
commit ecfed4dc04
parent b415e4d98f
22 changed files with 509 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -12,42 +12,42 @@ Several storage backends are supported: local filesystem, encrypted local filesy

 ## Features

- SFTPGo uses virtual accounts stored inside a "data provider".
- SQLite, MySQL, PostgreSQL, Bolt (key/value store in pure Go), CockroachDB and in-memory data providers are supported.
- Each local account is chrooted in its home directory, for cloud-based accounts you can restrict access to a certain base path.
+- Support for serving local filesystem, encrypted local filesystem, S3 Compatible Object Storage, Google Cloud Storage, Azure Blob Storage or other SFTP accounts over SFTP/SCP/FTP/WebDAV.
+- Virtual folders are supported: a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one. Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
+- Configurable custom commands and/or HTTP notifications on file upload, download, pre-delete, delete, rename, on SSH commands and on user add, update and delete.
+- Virtual accounts stored within a "data provider".
+- SQLite, MySQL, PostgreSQL, CockroachDB, Bolt (key/value store in pure Go) and in-memory data providers are supported.
+- Chroot isolation for local accounts. Cloud-based accounts can be restricted to a certain base path.
+- Per user and per directory virtual permissions, for each exposed path you can allow or deny: directory listing, upload, overwrite, download, delete, rename, create directories, create symlinks, change owner/group/file mode.
+- [REST API](./docs/rest-api.md) for users and folders management, backup, restore and real time reports of the active connections with possibility of forcibly closing a connection.
+- [Web based administration interface](./docs/web-admin.md) to easily manage users, folders and connections.
+- [Web client interface](./docs/web-client.md) so that end users can change their credentials and browse their files.
 - Public key and password authentication. Multiple public keys per user are supported.
 - SSH user [certificate authentication](https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8).
 - Keyboard interactive authentication. You can easily setup a customizable multi-factor authentication.
 - Partial authentication. You can configure multi-step authentication requiring, for example, the user password after successful public key authentication.
- Per user authentication methods. You can configure the allowed authentication methods for each user.
- Custom authentication via external programs/HTTP API is supported.
- [Data At Rest Encryption](./docs/dare.md) is supported.
- Dynamic user modification before login via external programs/HTTP API is supported.
+- Per user authentication methods.
+- Custom authentication via external programs/HTTP API.
+- [Data At Rest Encryption](./docs/dare.md).
+- Dynamic user modification before login via external programs/HTTP API.
 - Quota support: accounts can have individual quota expressed as max total size and/or max number of files.
- Bandwidth throttling is supported, with distinct settings for upload and download.
+- Bandwidth throttling, with distinct settings for upload and download.
+- Per-protocol [rate limiting](./docs/rate-limiting.md) is supported and can be optionally connected to the built-in defender to automatically block hosts that repeatedly exceed the configured limit.
 - Per user maximum concurrent sessions.
- Per user and per directory permission management: list directory contents, upload, overwrite, download, delete, rename, create directories, create symlinks, change owner/group and mode, change access and modification times.
- Per user files/folders ownership mapping: you can map all the users to the system account that runs SFTPGo (all platforms are supported) or you can run SFTPGo as root user and map each user or group of users to a different system account (\*NIX only).
- Per user IP filters are supported: login can be restricted to specific ranges of IP addresses or to a specific IP address.
- Per user and per directory shell like patterns filters are supported: files can be allowed or denied based on shell like patterns.
- Virtual folders are supported: directories outside the user home directory or based on a different storage provider can be exposed as virtual folders.
- Configurable custom commands and/or HTTP notifications on file upload, download, pre-delete, delete, rename, on SSH commands and on user add, update and delete.
+- Per user and global IP filters: login can be restricted to specific ranges of IP addresses or to a specific IP address.
+- Per user and per directory shell like patterns filters: files can be allowed or denied based on shell like patterns.
 - Automatically terminating idle connections.
- Automatic blocklist management is supported using the built-in [defender](./docs/defender.md).
- Per-protocol [rate limiting](./docs/rate-limiting.md) is supported and can optionally be connected to the built-in defender to automatically block hosts that repeatedly exceed the configured limit.
+- Automatic blocklist management using the built-in [defender](./docs/defender.md).
 - Atomic uploads are configurable.
+- Per user files/folders ownership mapping: you can map all the users to the system account that runs SFTPGo (all platforms are supported) or you can run SFTPGo as root user and map each user or group of users to a different system account (\*NIX only).
 - Support for Git repositories over SSH.
 - SCP and rsync are supported.
 - FTP/S is supported. You can configure the FTP service to require TLS for both control and data connections.
 - [WebDAV](./docs/webdav.md) is supported.
 - Two-Way TLS authentication, aka TLS with client certificate authentication, is supported for REST API/Web Admin, FTPS and WebDAV over HTTPS.
- Support for serving local filesystem, encrypted local filesystem, S3 Compatible Object Storage, Google Cloud Storage, Azure Blob Storage or other SFTP accounts over SFTP/SCP/FTP/WebDAV.
 - Per user protocols restrictions. You can configure the allowed protocols (SSH/FTP/WebDAV) for each user.
 - [Prometheus metrics](./docs/metrics.md) are exposed.
 - Support for HAProxy PROXY protocol: you can proxy and/or load balance the SFTP/SCP/FTP/WebDAV service without losing the information about the client's address.
- [REST API](./docs/rest-api.md) for users and folders management, backup, restore and real time reports of the active connections with possibility of forcibly closing a connection.
- [Web based administration interface](./docs/web-admin.md) to easily manage users, folders and connections.
- [Web client interface](./docs/web-client.md) so that end users can change their credentials and browse their files.
 - Easy [migration](./examples/convertusers) from Linux system user accounts.
 - [Portable mode](./docs/portable-mode.md): a convenient way to share a single directory on demand.
 - [SFTP subsystem mode](./docs/sftp-subsystem.md): you can use SFTPGo as OpenSSH's SFTP subsystem.
@ -80,10 +80,17 @@ Some Linux distro packages are available:
 - Deb and RPM packages are built after each commit and for each release.
 - For Ubuntu a PPA is available [here](https://launchpad.net/~sftpgo/+archive/ubuntu/sftpgo).

+On Windows you can use:
+
+- the Windows installer to install and run SFTPGo as a Windows service
+- the portable package to start SFTPGo on demand
+
 You can easily test new features selecting a commit from the [Actions](https://github.com/drakkan/sftpgo/actions) page and downloading the matching build artifacts for Linux, macOS or Windows. GitHub stores artifacts for 90 days.

 Alternately, you can [build from source](./docs/build-from-source.md).

+[Getting Started Guide for the Impatient](./docs/howto/getting-started.md).
+
 ## Configuration

 A full explanation of all configuration methods can be found [here](./docs/full-configuration.md).
--- a/docs/howto/README.md
+++ b/docs/howto/README.md
@ -2,5 +2,6 @@

 Here we collect step-to-step tutorials. SFTPGo users are encouraged to contribute!

+- [Getting Started](./getting-started.md)
 - [SFTPGo with PostgreSQL data provider and S3 backend](./postgresql-s3.md)
 - [SFTPGo on Windows with Active Directory Integration + Caddy Static File Server](https://www.youtube.com/watch?v=M5UcJI8t4AI)
--- a/docs/howto/getting-started.md
+++ b/docs/howto/getting-started.md
@ -0,0 +1,469 @@
+# Getting Started
+
+SFTPGo allows to securely share your files over SFTP and optionally FTP/S and WebDAV too.
+Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
+SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
+Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
+
+In this tutorial we explore the main features and concepts using the built-in web admin interface. Advanced users can also use the SFTPGo [REST API](https://sftpgo.stoplight.io/docs/sftpgo/openapi.yaml)
+
+- [Installation](#Installation)
+- [Initial configuration](#Initial-configuration)
+- [Creating users](#Creating-users)
+  - [Creating users with a Cloud Storage backend](#Creating-users-with-a-Cloud-Storage-backend)
+  - [Creating users with a local encrypted backend (Data At Rest Encryption)](#Creating-users-with-a-local-encrypted-backend-Data-At-Rest-Encryption))
+- [Virtual permissions](#Virtual-permissions)
+- [Virtual folders](#Virtual-folders)
+- [Configuration parameters](#Configuration-parameters)
+  - [Use PostgreSQL data provider](#Use-PostgreSQL-data-provider)
+  - [Use MySQL/MariaDB data provider](#Use-MySQLMariaDB-data-provider)
+  - [Use CockroachDB data provider](#Use-CockroachDB-data-provider)
+  - [Enable FTP service](#Enable-FTP-service)
+  - [Enable WebDAV service](#Enable-WebDAV-service)
+
+## Installation
+
+You can easily install SFTPGo by downloading the appropriate package for your operating system and architecture. Please visit the [releases](https://github.com/drakkan/sftpgo/releases "releases") page.
+
+An official Docker image is available. Documentation is [here](./../../docker/README.md).
+
+In this guide, we assume that SFTPGo is already installed and running using the default configuration.
+
+## Initial configuration
+
+Before you can use SFTPGo you need to create an admin account, so open [http://127.0.0.1:8080/web/admin](http://127.0.0.1:8080/web) in your web browser, replacing `127.0.0.1` with the appropriate IP address if SFTPGo is not running on localhost.
+
+![Setup](./img/setup.png)
+
+After creating the admin account you will be automatically logged in.
+
+![Users list](./img/initial-screen.png)
+
+The the web admin is now available at the following URL:
+
+[http://127.0.0.1:8080/web/admin](http://127.0.0.1:8080/web/admin)
+
+From the `Status` page you see the active services.
+
+![Status](./img/status.png)
+
+The default configuration enables the SFTP service on port `2022` and uses `SQLite` as data provider.
+
+## Creating users
+
+Let's create our first local user:
+
+- from the users page click the `+` icon to open the Add user page
+- the only required fields are the `Username`, a `Password` or a `Public key`, and the default `Permissions`
+- if you are on Windows or you installed SFTPGo manually and no `users_base_dir` is defined in your configuration file you also have to set a `Home Dir`. It must be an absolute path, for example `/srv/sftpgo/data/username` on Linux or `C:\sftpgo\data\username` on Windows. SFTPGo will try to automatically create the home directory, if missing, when the user logs in. Each user can only access files and folders inside its home directory.
+- click `Submit`
+
+![Add user](./img/add-user.png)
+
+Now test the new user, we use the `sftp` CLI here, you can use any SFTP client.
+
+```shell
+$ sftp -P 2022 nicola@127.0.0.1
+nicola@127.0.0.1's password:
+Connected to 127.0.0.1.
+sftp> ls
+sftp> put file.txt
+Uploading file.txt to /file.txt
+file.txt                                      100% 4034     3.9MB/s   00:00
+sftp> ls
+file.txt
+sftp> mkdir adir
+sftp> cd adir/
+sftp> put file.txt
+Uploading file.txt to /adir/file.txt
+file.txt                                      100% 4034     4.0MB/s   00:00
+sftp> ls
+file.txt
+sftp> get file.txt
+Fetching /adir/file.txt to file.txt
+/adir/file.txt                                100% 4034     1.9MB/s   00:00
+```
+
+It worked! We can upload/download files and create directories.
+
+Each user can browse and download their files and change their credentials using the web client interface available at the following URL:
+
+[http://127.0.0.1:8080/web/client](http://127.0.0.1:8080/web/client)
+
+![Web client files](./img/web-client-files.png)
+
+![Web client credentials](./img/web-client-credentials.png)
+
+### Creating users with a Cloud Storage backend
+
+The procedure is similar to the one described for local users, you have only specify the Cloud Storage backend and its credentials.
+
+![S3 user](./img/s3-user.png)
+
+![Azure Blob user](./img/az-user.png)
+
+![Google Cloud user](./img/gcs-user.png)
+
+![User using another SFTP server as storage backend](./img/sftp-user.png)
+
+Setting a `Key Prefix` restricts the user to a specific "folder" in the bucket, so that the same bucket can be shared among different users by assigning to each user a specific portion of the bucket.
+
+### Creating users with a local encrypted backend (Data At Rest Encryption)
+
+The procedure is similar to the one described for local users, you have only specify the encryption passphrase.
+
+![User with cryptfs backend](./img/local-encrypted.png)
+
+You can find more details about Data At Rest Encryption [here](../dare.md).
+
+## Virtual permissions
+
+SFTPGo supports per directory virtual permissions. For each user you have to specify global permissions and then override them on a per-directory basis.
+
+Take a look at the following screen.
+
+![Virtual permissions](./img/virtual-permissions.png)
+
+This user has full access as default (`*`), can only list and download from `/read-only` path and has no permissions at all for the `/subdir` path.
+
+Let's test it. We use the `sftp` CLI here, you can use any SFTP client.
+
+```shell
+$ sftp -P 2022 nicola@127.0.0.1
+Connected to 127.0.0.1.
+sftp> ls
+adir        file.txt    read-only   subdir
+sftp> put file.txt
+Uploading file.txt to /file.txt
+file.txt                                                                  100% 4034    19.4MB/s   00:00
+sftp> rm file.txt
+Removing /file.txt
+sftp> ls
+adir        read-only   subdir
+sftp> cd read-only/
+sftp> ls
+file.txt
+sftp> put file1.txt
+Uploading file1.txt to /read-only/file1.txt
+remote open("/read-only/file1.txt"): Permission denied
+sftp> get file.txt
+Fetching /read-only/file.txt to file.txt
+/read-only/file.txt                                                       100% 4034     2.2MB/s   00:00
+sftp> cd ..
+sftp> ls
+adir        read-only   subdir
+sftp> cd /subdir
+sftp> ls
+remote readdir("/subdir"): Permission denied
+```
+
+as you can see it worked as expected.
+
+## Virtual folders
+
+From the web admin interface click `Folders` and then the `+` icon.
+
+![Add folder](./img/add-folder.png)
+
+To create a local folder you need to specify a `Name` and an `Absolute path`. For other backends you have to specify the backend type and its credentials, this is the same procedure already detailed for creating users with cloud backends.
+
+Suppose we created two folders name `localfolder` and `minio` as you can see in the following screen.
+
+![Folders](./img/folders.png)
+
+- `localfolder` use the local filesystem as storage backend
+- `minio` use MinIO (S3 compatible) as storage backend
+
+Now, click `Users`, on the left menu, select a user and click the `Edit` icon, to update the user and associate the virtual folders.
+
+Virtual folders must be referenced using their unique name and we expose them on a configurable virtual path. Take a look at the following screenshot.
+
+![Virtual Folders](./img/virtual-folders.png)
+
+We exposed the folder named `localfolder` on the path `/vdirlocal` (this must be an absolute UNIX path on Windows too) and the folder named `minio` on the path `/vdirminio`. For `localfolder` the quota usage is included within the user quota, while for the `minio` folder we defined separate quota limits: at most 2 files and at most 100MB, whichever is reached first.
+
+The folder `minio` can be shared with other users and we can define different quota limits on a per-user basis. The folder `localfolder` is considered private since we have included its quota limits within those of the user, if we share them with other users we will break quota calculation.
+
+Let's test these virtual folders. We use the `sftp` CLI here, you can use any SFTP client.
+
+```shell
+$ sftp -P 2022 nicola@127.0.0.1
+nicola@127.0.0.1's password:
+Connected to 127.0.0.1.
+sftp> ls
+adir        read-only   subdir      vdirlocal   vdirminio
+sftp> cd vdirlocal
+sftp> put file.txt
+Uploading file.txt to /vdirlocal/file.txt
+file.txt                                                                  100% 4034    17.3MB/s   00:00
+sftp> ls
+file.txt
+sftp> cd ..
+sftp> cd vdirminio/
+sftp> put file.txt
+Uploading file.txt to /vdirminio/file.txt
+file.txt                                                                  100% 4034     4.8MB/s   00:00
+sftp> ls
+file.txt
+sftp> put file.txt file1.txt
+Uploading file.txt to /vdirminio/file1.txt
+file.txt                                                                  100% 4034     2.8MB/s   00:00
+sftp> put file.txt file2.txt
+Uploading file.txt to /vdirminio/file2.txt
+remote open("/vdirminio/file2.txt"): Failure
+sftp> quit
+```
+
+The last upload failed since we exceeded the number of files quota limit.
+
+## Configuration parameters
+
+Until now we used the default configuration, to change the global service parameters you have to edit the configuration file, or set appropriate environment variables, and restart SFTPGo to apply the changes.
+
+A full explanation of all configuration methods can be found [here](./../full-configuration.md), we explore some common use cases. Please keep in mind that SFTPGo can also be configured via [environment variables](../full-configuration.md#environment-variables), this is very convenient if you are using Docker.
+
+The default configuration file is `sftpgo.json` and it can be found within the `/etc/sftpgo` directory if you installed from Linux distro packages. On Windows the configuration file can be found within the `{commonappdata}\SFTPGo` directory where `{commonappdata}` is typically `C:\ProgramData`. SFTPGo also supports reading from TOML and YAML configuration files.
+
+The following snippets assume your are running SFTPGo on Linux but they can be easily adapted for other operating systems.
+
+### Use PostgreSQL data provider
+
+Create a PostgreSQL database named `sftpgo` and a PostgreSQL user with the correct permissions, for example using the `psql` CLI.
+
+```shell
+sudo -i -u postgres psql
+CREATE DATABASE "sftpgo" WITH ENCODING='UTF8' CONNECTION LIMIT=-1;
+create user "sftpgo" with encrypted password 'your password here';
+grant all privileges on database "sftpgo" to "sftpgo";
+\q
+```
+
+Open the SFTPGo configuration file, search for the `data_provider` section and change it as follow.
+
+```json
+  "data_provider": {
+    "driver": "postgresql",
+    "name": "sftpgo",
+    "host": "127.0.0.1",
+    "port": 5432,
+    "username": "sftpgo",
+    "password": "your password here",
+    ...
+}
+```
+
+Confirm that the database connection works by initializing the data provider.
+
+```shell
+$ sudo su - sftpgo -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
+2021-05-19T22:21:54.000 INF Initializing provider: "postgresql" config file: "/etc/sftpgo/sftpgo.json"
+2021-05-19T22:21:54.000 INF updating database version: 8 -> 9
+2021-05-19T22:21:54.000 INF Data provider successfully initialized/updated
+```
+
+Ensure that SFTPGo starts after the database service.
+
+```shell
+sudo systemctl edit sftpgo.service
+```
+
+And override the unit definition with the following snippet.
+
+```shell
+[Unit]
+After=postgresql.service
+```
+
+Restart SFTPGo to apply the changes.
+
+### Use MySQL/MariaDB data provider
+
+Create a MySQL database named `sftpgo` and a MySQL user with the correct permissions, for example using the `mysql` CLI.
+
+```shell
+$ mysql -u root
+MariaDB [(none)]> CREATE DATABASE sftpgo CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+Query OK, 1 row affected (0.000 sec)
+
+MariaDB [(none)]> grant all privileges on sftpgo.* to sftpgo@localhost identified by 'your password here';
+Query OK, 0 rows affected (0.027 sec)
+
+MariaDB [(none)]> quit
+Bye
+```
+
+Open the SFTPGo configuration file, search for the `data_provider` section and change it as follow.
+
+```json
+  "data_provider": {
+    "driver": "mysql",
+    "name": "sftpgo",
+    "host": "127.0.0.1",
+    "port": 3306,
+    "username": "sftpgo",
+    "password": "your password here",
+    ...
+}
+```
+
+Confirm that the database connection works by initializing the data provider.
+
+```shell
+$ sudo su - sftpgo -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
+2021-05-19T22:29:30.000 INF Initializing provider: "mysql" config file: "/etc/sftpgo/sftpgo.json"
+2021-05-19T22:29:30.000 INF updating database version: 8 -> 9
+2021-05-19T22:29:30.000 INF Data provider successfully initialized/updated
+```
+
+Ensure that SFTPGo starts after the database service.
+
+```shell
+sudo systemctl edit sftpgo.service
+```
+
+And override the unit definition with the following snippet.
+
+```shell
+[Unit]
+After=mariadb.service
+```
+
+Restart SFTPGo to apply the changes.
+
+### Use CockroachDB data provider
+
+We suppose you have installed CocroackDB this way:
+
+```shell
+sudo su
+export CRDB_VERSION=20.2.10 # set the latest available version here
+wget -qO- https://binaries.cockroachdb.com/cockroach-v${CRDB_VERSION}.linux-amd64.tgz | tar xvz
+cp -i cockroach-v${CRDB_VERSION}.linux-amd64/cockroach /usr/local/bin/
+mkdir -p /usr/local/lib/cockroach
+cp -i cockroach-v${CRDB_VERSION}.linux-amd64/lib/libgeos.so /usr/local/lib/cockroach/
+cp -i cockroach-v${CRDB_VERSION}.linux-amd64/lib/libgeos_c.so /usr/local/lib/cockroach/
+mkdir /var/lib/cockroach
+mkdir -p /etc/cockroach/{certs,ca}
+chmod 700 /etc/cockroach/ca
+/usr/local/bin/cockroach cert create-ca --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/ca/ca.key
+/usr/local/bin/cockroach cert create-node localhost $(hostname) --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/ca/ca.key
+/usr/local/bin/cockroach cert create-client root --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/ca/ca.key
+chown -R sftpgo:sftpgo /etc/cockroach/certs
+exit
+```
+
+and you are running it using a systemd unit like this one:
+
+```shell
+[Unit]
+Description=Cockroach Database single node
+Requires=network.target
+[Service]
+Type=notify
+WorkingDirectory=/var/lib/cockroach
+ExecStart=/usr/local/bin/cockroach start-single-node --certs-dir=/etc/cockroach/certs --http-addr 127.0.0.1:8888 --listen-addr 127.0.0.1:26257 --cache=.25 --max-sql-memory=.25 --store=path=/var/lib/cockroach
+TimeoutStopSec=60
+Restart=always
+RestartSec=10
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=cockroach
+User=sftpgo
+[Install]
+WantedBy=default.target
+```
+
+Create a CockroachDB database named `sftpgo`.
+
+```shell
+$ sudo /usr/local/bin/cockroach sql --certs-dir=/etc/cockroach/certs -e 'create database "sftpgo"'
+CREATE DATABASE
+
+Time: 13ms
+```
+
+Open the SFTPGo configuration file, search for the `data_provider` section and change it as follow.
+
+```json
+  "data_provider": {
+    "driver": "cockroachdb",
+    "name": "",
+    "host": "",
+    "port": 0,
+    "username": "",
+    "password": "",
+    "sslmode": 0,
+    "connection_string": "postgresql://root@localhost:26257/sftpgo?sslcert=%2Fetc%2Fcockroach%2Fcerts%2Fclient.root.crt&sslkey=%2Fetc%2Fcockroach%2Fcerts%2Fclient.root.key&sslmode=verify-full&sslrootcert=%2Fetc%2Fcockroach%2Fcerts%2Fca.crt&connect_timeout=10"
+    ...
+}
+```
+
+Confirm that the database connection works by initializing the data provider.
+
+```shell
+$ sudo su - sftpgo -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
+2021-05-19T22:41:53.000 INF Initializing provider: "cockroachdb" config file: "/etc/sftpgo/sftpgo.json"
+2021-05-19T22:41:53.000 INF updating database version: 8 -> 9
+2021-05-19T22:41:53.000 INF Data provider successfully initialized/updated
+```
+
+Ensure that SFTPGo starts after the database service.
+
+```shell
+sudo systemctl edit sftpgo.service
+```
+
+And override the unit definition with the following snippet.
+
+```shell
+[Unit]
+After=cockroachdb.service
+```
+
+Restart SFTPGo to apply the changes.
+
+### Enable FTP service
+
+Open the SFTPGo configuration file, search for the `ftpd` section and change it as follow.
+
+```json
+  "ftpd": {
+    "bindings": [
+      {
+        "port": 2121,
+        "address": "",
+        "apply_proxy_config": true,
+        "tls_mode": 0,
+        "force_passive_ip": "",
+        "client_auth_type": 0,
+        "tls_cipher_suites": []
+      }
+    ],
+    ...
+  }
+```
+
+Restart SFTPGo to apply the changes. The FTP service is now available on port `2121`. It is recommended that you provide a certificate and key file to expose FTP over TLS. You should prefer SFTP to FTP even if you configure TLS, please don't blindly enable the old FTP protocol.
+
+### Enable WebDAV service
+
+Open the SFTPGo configuration file, search for the `webdavd` section and change it as follow.
+
+```json
+  "webdavd": {
+    "bindings": [
+      {
+        "port": 10080,
+        "address": "",
+        "enable_https": false,
+        "client_auth_type": 0,
+        "tls_cipher_suites": [],
+        "prefix": "",
+        "proxy_allowed": []
+      }
+    ],
+    ...
+  }
+```
+
+Restart SFTPGo to apply the changes. The WebDAV service is now available on port `10080`. It is recommended that you provide a certificate and key file to expose WebDAV over https.
--- a/docs/howto/img/add-folder.png
+++ b/docs/howto/img/add-folder.png
--- a/docs/howto/img/add-user.png
+++ b/docs/howto/img/add-user.png
--- a/docs/howto/img/az-user.png
+++ b/docs/howto/img/az-user.png
--- a/docs/howto/img/folders.png
+++ b/docs/howto/img/folders.png
--- a/docs/howto/img/gcs-user.png
+++ b/docs/howto/img/gcs-user.png
--- a/docs/howto/img/initial-screen.png
+++ b/docs/howto/img/initial-screen.png
--- a/docs/howto/img/local-encrypted.png
+++ b/docs/howto/img/local-encrypted.png
--- a/docs/howto/img/logo.png
+++ b/docs/howto/img/logo.png
--- a/docs/howto/img/s3-user.png
+++ b/docs/howto/img/s3-user.png
--- a/docs/howto/img/setup.png
+++ b/docs/howto/img/setup.png
--- a/docs/howto/img/sftp-user.png
+++ b/docs/howto/img/sftp-user.png
--- a/docs/howto/img/status.png
+++ b/docs/howto/img/status.png
--- a/docs/howto/img/virtual-folders.png
+++ b/docs/howto/img/virtual-folders.png
--- a/docs/howto/img/virtual-permissions.png
+++ b/docs/howto/img/virtual-permissions.png
--- a/docs/howto/img/web-client-credentials.png
+++ b/docs/howto/img/web-client-credentials.png
--- a/docs/howto/img/web-client-files.png
+++ b/docs/howto/img/web-client-files.png
--- a/httpd/schema/openapi.yaml
+++ b/httpd/schema/openapi.yaml
@ -11,7 +11,11 @@ tags:
  - name: users
 info:
  title: SFTPGo
-  description: SFTPGo REST API
+  description: |
+    SFTPGo allows to securely share your files over SFTP and optionally FTP/S and WebDAV too.
+    Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
+    SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
+    Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
  version: 2.0.5
  contact:
    name: API support
--- a/logger/logger.go
+++ b/logger/logger.go
@ -118,6 +118,13 @@ func GetLogger() *zerolog.Logger {
 func InitLogger(logFilePath string, logMaxSize int, logMaxBackups int, logMaxAge int, logCompress bool, level zerolog.Level) {
 	zerolog.TimeFieldFormat = dateFormat
 	if isLogFilePathValid(logFilePath) {
+		logDir := filepath.Dir(logFilePath)
+		if _, err := os.Stat(logDir); os.IsNotExist(err) {
+			err = os.MkdirAll(logDir, os.ModePerm)
+			if err != nil {
+				fmt.Printf("unable to create log dir %#v: %v", logDir, err)
+			}
+		}
 		rollingLogger = &lumberjack.Logger{
 			Filename:   logFilePath,
 			MaxSize:    logMaxSize,
--- a/templates/webadmin/user.html
+++ b/templates/webadmin/user.html
@ -206,7 +206,6 @@
                    <small id="vfHelpBlock" class="form-text text-muted">
                        One mapping per line as vpath::folder-name::[quota_files]::[quota_size(bytes)], for example
                        /vdir::afolder or /vdir::afolder::10::104857600. Quota -1 means included inside user quota.
-                        Ignored for non local filesystems
                    </small>
                </div>
            </div>