Add a Getting Started Guide

2021-05-20 18:16:27 +02:00 · 2021-05-20 18:16:27 +02:00 · ecfed4dc04
commit ecfed4dc04
parent b415e4d98f
22 changed files with 509 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -12,42 +12,42 @@ Several storage backends are supported: local filesystem, encrypted local filesy
 ## Features
- SFTPGo uses virtual accounts stored inside a "data provider".
+- Support for serving local filesystem, encrypted local filesystem, S3 Compatible Object Storage, Google Cloud Storage, Azure Blob Storage or other SFTP accounts over SFTP/SCP/FTP/WebDAV.
- SQLite, MySQL, PostgreSQL, Bolt (key/value store in pure Go), CockroachDB and in-memory data providers are supported.
+- Virtual folders are supported: a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one. Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
- Each local account is chrooted in its home directory, for cloud-based accounts you can restrict access to a certain base path.
+- Configurable custom commands and/or HTTP notifications on file upload, download, pre-delete, delete, rename, on SSH commands and on user add, update and delete.
 - Virtual accounts stored within a "data provider".
 - SQLite, MySQL, PostgreSQL, CockroachDB, Bolt (key/value store in pure Go) and in-memory data providers are supported.
 - Chroot isolation for local accounts. Cloud-based accounts can be restricted to a certain base path.
 - Per user and per directory virtual permissions, for each exposed path you can allow or deny: directory listing, upload, overwrite, download, delete, rename, create directories, create symlinks, change owner/group/file mode.
 - [REST API](./docs/rest-api.md) for users and folders management, backup, restore and real time reports of the active connections with possibility of forcibly closing a connection.
 - [Web based administration interface](./docs/web-admin.md) to easily manage users, folders and connections.
 - [Web client interface](./docs/web-client.md) so that end users can change their credentials and browse their files.
 - Public key and password authentication. Multiple public keys per user are supported.
 - SSH user [certificate authentication](https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8).
 - Keyboard interactive authentication. You can easily setup a customizable multi-factor authentication.
 - Partial authentication. You can configure multi-step authentication requiring, for example, the user password after successful public key authentication.
- Per user authentication methods. You can configure the allowed authentication methods for each user.
+- Per user authentication methods.
- Custom authentication via external programs/HTTP API is supported.
+- Custom authentication via external programs/HTTP API.
- [Data At Rest Encryption](./docs/dare.md) is supported.
+- [Data At Rest Encryption](./docs/dare.md).
- Dynamic user modification before login via external programs/HTTP API is supported.
+- Dynamic user modification before login via external programs/HTTP API.
 - Quota support: accounts can have individual quota expressed as max total size and/or max number of files.
- Bandwidth throttling is supported, with distinct settings for upload and download.
+- Bandwidth throttling, with distinct settings for upload and download.
 - Per-protocol [rate limiting](./docs/rate-limiting.md) is supported and can be optionally connected to the built-in defender to automatically block hosts that repeatedly exceed the configured limit.
 - Per user maximum concurrent sessions.
- Per user and per directory permission management: list directory contents, upload, overwrite, download, delete, rename, create directories, create symlinks, change owner/group and mode, change access and modification times.
+- Per user and global IP filters: login can be restricted to specific ranges of IP addresses or to a specific IP address.
- Per user files/folders ownership mapping: you can map all the users to the system account that runs SFTPGo (all platforms are supported) or you can run SFTPGo as root user and map each user or group of users to a different system account (\*NIX only).
+- Per user and per directory shell like patterns filters: files can be allowed or denied based on shell like patterns.
 - Per user IP filters are supported: login can be restricted to specific ranges of IP addresses or to a specific IP address.
 - Per user and per directory shell like patterns filters are supported: files can be allowed or denied based on shell like patterns.
 - Virtual folders are supported: directories outside the user home directory or based on a different storage provider can be exposed as virtual folders.
 - Configurable custom commands and/or HTTP notifications on file upload, download, pre-delete, delete, rename, on SSH commands and on user add, update and delete.
 - Automatically terminating idle connections.
- Automatic blocklist management is supported using the built-in [defender](./docs/defender.md).
+- Automatic blocklist management using the built-in [defender](./docs/defender.md).
 - Per-protocol [rate limiting](./docs/rate-limiting.md) is supported and can optionally be connected to the built-in defender to automatically block hosts that repeatedly exceed the configured limit.
 - Atomic uploads are configurable.
 - Per user files/folders ownership mapping: you can map all the users to the system account that runs SFTPGo (all platforms are supported) or you can run SFTPGo as root user and map each user or group of users to a different system account (\*NIX only).
 - Support for Git repositories over SSH.
 - SCP and rsync are supported.
 - FTP/S is supported. You can configure the FTP service to require TLS for both control and data connections.
 - [WebDAV](./docs/webdav.md) is supported.
 - Two-Way TLS authentication, aka TLS with client certificate authentication, is supported for REST API/Web Admin, FTPS and WebDAV over HTTPS.
 - Support for serving local filesystem, encrypted local filesystem, S3 Compatible Object Storage, Google Cloud Storage, Azure Blob Storage or other SFTP accounts over SFTP/SCP/FTP/WebDAV.
 - Per user protocols restrictions. You can configure the allowed protocols (SSH/FTP/WebDAV) for each user.
 - [Prometheus metrics](./docs/metrics.md) are exposed.
 - Support for HAProxy PROXY protocol: you can proxy and/or load balance the SFTP/SCP/FTP/WebDAV service without losing the information about the client's address.
 - [REST API](./docs/rest-api.md) for users and folders management, backup, restore and real time reports of the active connections with possibility of forcibly closing a connection.
 - [Web based administration interface](./docs/web-admin.md) to easily manage users, folders and connections.
 - [Web client interface](./docs/web-client.md) so that end users can change their credentials and browse their files.
 - Easy [migration](./examples/convertusers) from Linux system user accounts.
 - [Portable mode](./docs/portable-mode.md): a convenient way to share a single directory on demand.
 - [SFTP subsystem mode](./docs/sftp-subsystem.md): you can use SFTPGo as OpenSSH's SFTP subsystem.
@ -80,10 +80,17 @@ Some Linux distro packages are available:
 - Deb and RPM packages are built after each commit and for each release.
 - For Ubuntu a PPA is available [here](https://launchpad.net/~sftpgo/+archive/ubuntu/sftpgo).
 On Windows you can use:
 - the Windows installer to install and run SFTPGo as a Windows service
 - the portable package to start SFTPGo on demand
 You can easily test new features selecting a commit from the [Actions](https://github.com/drakkan/sftpgo/actions) page and downloading the matching build artifacts for Linux, macOS or Windows. GitHub stores artifacts for 90 days.
 Alternately, you can [build from source](./docs/build-from-source.md).
 [Getting Started Guide for the Impatient](./docs/howto/getting-started.md).
 ## Configuration
 A full explanation of all configuration methods can be found [here](./docs/full-configuration.md).
--- a/docs/howto/README.md
+++ b/docs/howto/README.md
@ -2,5 +2,6 @@
 Here we collect step-to-step tutorials. SFTPGo users are encouraged to contribute!
 - [Getting Started](./getting-started.md)
 - [SFTPGo with PostgreSQL data provider and S3 backend](./postgresql-s3.md)
 - [SFTPGo on Windows with Active Directory Integration + Caddy Static File Server](https://www.youtube.com/watch?v=M5UcJI8t4AI)
--- a/docs/howto/getting-started.md
+++ b/docs/howto/getting-started.md
@ -0,0 +1,469 @@
 # Getting Started
 SFTPGo allows to securely share your files over SFTP and optionally FTP/S and WebDAV too.
 Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
 SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
 Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
 In this tutorial we explore the main features and concepts using the built-in web admin interface. Advanced users can also use the SFTPGo [REST API](https://sftpgo.stoplight.io/docs/sftpgo/openapi.yaml)
 - [Installation](#Installation)
 - [Initial configuration](#Initial-configuration)
 - [Creating users](#Creating-users)
  - [Creating users with a Cloud Storage backend](#Creating-users-with-a-Cloud-Storage-backend)
  - [Creating users with a local encrypted backend (Data At Rest Encryption)](#Creating-users-with-a-local-encrypted-backend-Data-At-Rest-Encryption))
 - [Virtual permissions](#Virtual-permissions)
 - [Virtual folders](#Virtual-folders)
 - [Configuration parameters](#Configuration-parameters)
  - [Use PostgreSQL data provider](#Use-PostgreSQL-data-provider)
  - [Use MySQL/MariaDB data provider](#Use-MySQLMariaDB-data-provider)
  - [Use CockroachDB data provider](#Use-CockroachDB-data-provider)
  - [Enable FTP service](#Enable-FTP-service)
  - [Enable WebDAV service](#Enable-WebDAV-service)
 ## Installation
 You can easily install SFTPGo by downloading the appropriate package for your operating system and architecture. Please visit the [releases](https://github.com/drakkan/sftpgo/releases "releases") page.
 An official Docker image is available. Documentation is [here](./../../docker/README.md).
 In this guide, we assume that SFTPGo is already installed and running using the default configuration.
 ## Initial configuration
 Before you can use SFTPGo you need to create an admin account, so open [http://127.0.0.1:8080/web/admin](http://127.0.0.1:8080/web) in your web browser, replacing `127.0.0.1` with the appropriate IP address if SFTPGo is not running on localhost.
 ![Setup](./img/setup.png)
 After creating the admin account you will be automatically logged in.
 ![Users list](./img/initial-screen.png)
 The the web admin is now available at the following URL:
 [http://127.0.0.1:8080/web/admin](http://127.0.0.1:8080/web/admin)
 From the `Status` page you see the active services.
 ![Status](./img/status.png)
 The default configuration enables the SFTP service on port `2022` and uses `SQLite` as data provider.
 ## Creating users
 Let's create our first local user:
 - from the users page click the `+` icon to open the Add user page
 - the only required fields are the `Username`, a `Password` or a `Public key`, and the default `Permissions`
 - if you are on Windows or you installed SFTPGo manually and no `users_base_dir` is defined in your configuration file you also have to set a `Home Dir`. It must be an absolute path, for example `/srv/sftpgo/data/username` on Linux or `C:\sftpgo\data\username` on Windows. SFTPGo will try to automatically create the home directory, if missing, when the user logs in. Each user can only access files and folders inside its home directory.
 - click `Submit`
 ![Add user](./img/add-user.png)
 Now test the new user, we use the `sftp` CLI here, you can use any SFTP client.
 ```shell
 $ sftp -P 2022 nicola@127.0.0.1
 nicola@127.0.0.1's password:
 Connected to 127.0.0.1.
 sftp> ls
 sftp> put file.txt
 Uploading file.txt to /file.txt
 file.txt                                      100% 4034     3.9MB/s   00:00
 sftp> ls
 file.txt
 sftp> mkdir adir
 sftp> cd adir/
 sftp> put file.txt
 Uploading file.txt to /adir/file.txt
 file.txt                                      100% 4034     4.0MB/s   00:00
 sftp> ls
 file.txt
 sftp> get file.txt
 Fetching /adir/file.txt to file.txt
 /adir/file.txt                                100% 4034     1.9MB/s   00:00
 ```
 It worked! We can upload/download files and create directories.
 Each user can browse and download their files and change their credentials using the web client interface available at the following URL:
 [http://127.0.0.1:8080/web/client](http://127.0.0.1:8080/web/client)
 ![Web client files](./img/web-client-files.png)
 ![Web client credentials](./img/web-client-credentials.png)
 ### Creating users with a Cloud Storage backend
 The procedure is similar to the one described for local users, you have only specify the Cloud Storage backend and its credentials.
 ![S3 user](./img/s3-user.png)
 ![Azure Blob user](./img/az-user.png)
 ![Google Cloud user](./img/gcs-user.png)
 ![User using another SFTP server as storage backend](./img/sftp-user.png)
 Setting a `Key Prefix` restricts the user to a specific "folder" in the bucket, so that the same bucket can be shared among different users by assigning to each user a specific portion of the bucket.
 ### Creating users with a local encrypted backend (Data At Rest Encryption)
 The procedure is similar to the one described for local users, you have only specify the encryption passphrase.
 ![User with cryptfs backend](./img/local-encrypted.png)
 You can find more details about Data At Rest Encryption [here](../dare.md).
 ## Virtual permissions
 SFTPGo supports per directory virtual permissions. For each user you have to specify global permissions and then override them on a per-directory basis.
 Take a look at the following screen.
 ![Virtual permissions](./img/virtual-permissions.png)
 This user has full access as default (`*`), can only list and download from `/read-only` path and has no permissions at all for the `/subdir` path.
 Let's test it. We use the `sftp` CLI here, you can use any SFTP client.
 ```shell
 $ sftp -P 2022 nicola@127.0.0.1
 Connected to 127.0.0.1.
 sftp> ls
 adir        file.txt    read-only   subdir
 sftp> put file.txt
 Uploading file.txt to /file.txt
 file.txt                                                                  100% 4034    19.4MB/s   00:00
 sftp> rm file.txt
 Removing /file.txt
 sftp> ls
 adir        read-only   subdir
 sftp> cd read-only/
 sftp> ls
 file.txt
 sftp> put file1.txt
 Uploading file1.txt to /read-only/file1.txt
 remote open("/read-only/file1.txt"): Permission denied
 sftp> get file.txt
 Fetching /read-only/file.txt to file.txt
 /read-only/file.txt                                                       100% 4034     2.2MB/s   00:00
 sftp> cd ..
 sftp> ls
 adir        read-only   subdir
 sftp> cd /subdir
 sftp> ls
 remote readdir("/subdir"): Permission denied
 ```
 as you can see it worked as expected.
 ## Virtual folders
 From the web admin interface click `Folders` and then the `+` icon.
 ![Add folder](./img/add-folder.png)
 To create a local folder you need to specify a `Name` and an `Absolute path`. For other backends you have to specify the backend type and its credentials, this is the same procedure already detailed for creating users with cloud backends.
 Suppose we created two folders name `localfolder` and `minio` as you can see in the following screen.
 ![Folders](./img/folders.png)
 - `localfolder` use the local filesystem as storage backend
 - `minio` use MinIO (S3 compatible) as storage backend
 Now, click `Users`, on the left menu, select a user and click the `Edit` icon, to update the user and associate the virtual folders.
 Virtual folders must be referenced using their unique name and we expose them on a configurable virtual path. Take a look at the following screenshot.
 ![Virtual Folders](./img/virtual-folders.png)
 We exposed the folder named `localfolder` on the path `/vdirlocal` (this must be an absolute UNIX path on Windows too) and the folder named `minio` on the path `/vdirminio`. For `localfolder` the quota usage is included within the user quota, while for the `minio` folder we defined separate quota limits: at most 2 files and at most 100MB, whichever is reached first.
 The folder `minio` can be shared with other users and we can define different quota limits on a per-user basis. The folder `localfolder` is considered private since we have included its quota limits within those of the user, if we share them with other users we will break quota calculation.
 Let's test these virtual folders. We use the `sftp` CLI here, you can use any SFTP client.
 ```shell
 $ sftp -P 2022 nicola@127.0.0.1
 nicola@127.0.0.1's password:
 Connected to 127.0.0.1.
 sftp> ls
 adir        read-only   subdir      vdirlocal   vdirminio
 sftp> cd vdirlocal
 sftp> put file.txt
 Uploading file.txt to /vdirlocal/file.txt
 file.txt                                                                  100% 4034    17.3MB/s   00:00
 sftp> ls
 file.txt
 sftp> cd ..
 sftp> cd vdirminio/
 sftp> put file.txt
 Uploading file.txt to /vdirminio/file.txt
 file.txt                                                                  100% 4034     4.8MB/s   00:00
 sftp> ls
 file.txt
 sftp> put file.txt file1.txt
 Uploading file.txt to /vdirminio/file1.txt
 file.txt                                                                  100% 4034     2.8MB/s   00:00
 sftp> put file.txt file2.txt
 Uploading file.txt to /vdirminio/file2.txt
 remote open("/vdirminio/file2.txt"): Failure
 sftp> quit
 ```
 The last upload failed since we exceeded the number of files quota limit.
 ## Configuration parameters
 Until now we used the default configuration, to change the global service parameters you have to edit the configuration file, or set appropriate environment variables, and restart SFTPGo to apply the changes.
 A full explanation of all configuration methods can be found [here](./../full-configuration.md), we explore some common use cases. Please keep in mind that SFTPGo can also be configured via [environment variables](../full-configuration.md#environment-variables), this is very convenient if you are using Docker.
 The default configuration file is `sftpgo.json` and it can be found within the `/etc/sftpgo` directory if you installed from Linux distro packages. On Windows the configuration file can be found within the `{commonappdata}\SFTPGo` directory where `{commonappdata}` is typically `C:\ProgramData`. SFTPGo also supports reading from TOML and YAML configuration files.
 The following snippets assume your are running SFTPGo on Linux but they can be easily adapted for other operating systems.
 ### Use PostgreSQL data provider
 Create a PostgreSQL database named `sftpgo` and a PostgreSQL user with the correct permissions, for example using the `psql` CLI.
 ```shell
 sudo -i -u postgres psql
 CREATE DATABASE "sftpgo" WITH ENCODING='UTF8' CONNECTION LIMIT=-1;
 create user "sftpgo" with encrypted password 'your password here';
 grant all privileges on database "sftpgo" to "sftpgo";
 \q
 ```
 Open the SFTPGo configuration file, search for the `data_provider` section and change it as follow.
 ```json
  "data_provider": {
    "driver": "postgresql",
    "name": "sftpgo",
    "host": "127.0.0.1",
    "port": 5432,
    "username": "sftpgo",
    "password": "your password here",
    ...
 }
 ```
 Confirm that the database connection works by initializing the data provider.
 ```shell
 $ sudo su - sftpgo -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
 2021-05-19T22:21:54.000 INF Initializing provider: "postgresql" config file: "/etc/sftpgo/sftpgo.json"
 2021-05-19T22:21:54.000 INF updating database version: 8 -> 9
 2021-05-19T22:21:54.000 INF Data provider successfully initialized/updated
 ```
 Ensure that SFTPGo starts after the database service.
 ```shell
 sudo systemctl edit sftpgo.service
 ```
 And override the unit definition with the following snippet.
 ```shell
 [Unit]
 After=postgresql.service
 ```
 Restart SFTPGo to apply the changes.
 ### Use MySQL/MariaDB data provider
 Create a MySQL database named `sftpgo` and a MySQL user with the correct permissions, for example using the `mysql` CLI.
 ```shell
 $ mysql -u root
 MariaDB [(none)]> CREATE DATABASE sftpgo CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 Query OK, 1 row affected (0.000 sec)
 MariaDB [(none)]> grant all privileges on sftpgo.* to sftpgo@localhost identified by 'your password here';
 Query OK, 0 rows affected (0.027 sec)
 MariaDB [(none)]> quit
 Bye
 ```
 Open the SFTPGo configuration file, search for the `data_provider` section and change it as follow.
 ```json
  "data_provider": {
    "driver": "mysql",
    "name": "sftpgo",
    "host": "127.0.0.1",
    "port": 3306,
    "username": "sftpgo",
    "password": "your password here",
    ...
 }
 ```
 Confirm that the database connection works by initializing the data provider.
 ```shell
 $ sudo su - sftpgo -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
 2021-05-19T22:29:30.000 INF Initializing provider: "mysql" config file: "/etc/sftpgo/sftpgo.json"
 2021-05-19T22:29:30.000 INF updating database version: 8 -> 9
 2021-05-19T22:29:30.000 INF Data provider successfully initialized/updated
 ```
 Ensure that SFTPGo starts after the database service.
 ```shell
 sudo systemctl edit sftpgo.service
 ```
 And override the unit definition with the following snippet.
 ```shell
 [Unit]
 After=mariadb.service
 ```
 Restart SFTPGo to apply the changes.
 ### Use CockroachDB data provider
 We suppose you have installed CocroackDB this way:
 ```shell
 sudo su
 export CRDB_VERSION=20.2.10 # set the latest available version here
 wget -qO- https://binaries.cockroachdb.com/cockroach-v${CRDB_VERSION}.linux-amd64.tgz | tar xvz
 cp -i cockroach-v${CRDB_VERSION}.linux-amd64/cockroach /usr/local/bin/
 mkdir -p /usr/local/lib/cockroach
 cp -i cockroach-v${CRDB_VERSION}.linux-amd64/lib/libgeos.so /usr/local/lib/cockroach/
 cp -i cockroach-v${CRDB_VERSION}.linux-amd64/lib/libgeos_c.so /usr/local/lib/cockroach/
 mkdir /var/lib/cockroach
 mkdir -p /etc/cockroach/{certs,ca}
 chmod 700 /etc/cockroach/ca
 /usr/local/bin/cockroach cert create-ca --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/ca/ca.key
 /usr/local/bin/cockroach cert create-node localhost $(hostname) --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/ca/ca.key
 /usr/local/bin/cockroach cert create-client root --certs-dir=/etc/cockroach/certs --ca-key=/etc/cockroach/ca/ca.key
 chown -R sftpgo:sftpgo /etc/cockroach/certs
 exit
 ```
 and you are running it using a systemd unit like this one:
 ```shell
 [Unit]
 Description=Cockroach Database single node
 Requires=network.target
 [Service]
 Type=notify
 WorkingDirectory=/var/lib/cockroach
 ExecStart=/usr/local/bin/cockroach start-single-node --certs-dir=/etc/cockroach/certs --http-addr 127.0.0.1:8888 --listen-addr 127.0.0.1:26257 --cache=.25 --max-sql-memory=.25 --store=path=/var/lib/cockroach
 TimeoutStopSec=60
 Restart=always
 RestartSec=10
 StandardOutput=syslog
 StandardError=syslog
 SyslogIdentifier=cockroach
 User=sftpgo
 [Install]
 WantedBy=default.target
 ```
 Create a CockroachDB database named `sftpgo`.
 ```shell
 $ sudo /usr/local/bin/cockroach sql --certs-dir=/etc/cockroach/certs -e 'create database "sftpgo"'
 CREATE DATABASE
 Time: 13ms
 ```
 Open the SFTPGo configuration file, search for the `data_provider` section and change it as follow.
 ```json
  "data_provider": {
    "driver": "cockroachdb",
    "name": "",
    "host": "",
    "port": 0,
    "username": "",
    "password": "",
    "sslmode": 0,
    "connection_string": "postgresql://root@localhost:26257/sftpgo?sslcert=%2Fetc%2Fcockroach%2Fcerts%2Fclient.root.crt&sslkey=%2Fetc%2Fcockroach%2Fcerts%2Fclient.root.key&sslmode=verify-full&sslrootcert=%2Fetc%2Fcockroach%2Fcerts%2Fca.crt&connect_timeout=10"
    ...
 }
 ```
 Confirm that the database connection works by initializing the data provider.
 ```shell
 $ sudo su - sftpgo -s /bin/bash -c 'sftpgo initprovider -c /etc/sftpgo'
 2021-05-19T22:41:53.000 INF Initializing provider: "cockroachdb" config file: "/etc/sftpgo/sftpgo.json"
 2021-05-19T22:41:53.000 INF updating database version: 8 -> 9
 2021-05-19T22:41:53.000 INF Data provider successfully initialized/updated
 ```
 Ensure that SFTPGo starts after the database service.
 ```shell
 sudo systemctl edit sftpgo.service
 ```
 And override the unit definition with the following snippet.
 ```shell
 [Unit]
 After=cockroachdb.service
 ```
 Restart SFTPGo to apply the changes.
 ### Enable FTP service
 Open the SFTPGo configuration file, search for the `ftpd` section and change it as follow.
 ```json
  "ftpd": {
    "bindings": [
      {
        "port": 2121,
        "address": "",
        "apply_proxy_config": true,
        "tls_mode": 0,
        "force_passive_ip": "",
        "client_auth_type": 0,
        "tls_cipher_suites": []
      }
    ],
    ...
  }
 ```
 Restart SFTPGo to apply the changes. The FTP service is now available on port `2121`. It is recommended that you provide a certificate and key file to expose FTP over TLS. You should prefer SFTP to FTP even if you configure TLS, please don't blindly enable the old FTP protocol.
 ### Enable WebDAV service
 Open the SFTPGo configuration file, search for the `webdavd` section and change it as follow.
 ```json
  "webdavd": {
    "bindings": [
      {
        "port": 10080,
        "address": "",
        "enable_https": false,
        "client_auth_type": 0,
        "tls_cipher_suites": [],
        "prefix": "",
        "proxy_allowed": []
      }
    ],
    ...
  }
 ```
 Restart SFTPGo to apply the changes. The WebDAV service is now available on port `10080`. It is recommended that you provide a certificate and key file to expose WebDAV over https.
--- a/docs/howto/img/add-folder.png
+++ b/docs/howto/img/add-folder.png
--- a/docs/howto/img/add-user.png
+++ b/docs/howto/img/add-user.png
--- a/docs/howto/img/az-user.png
+++ b/docs/howto/img/az-user.png
--- a/docs/howto/img/folders.png
+++ b/docs/howto/img/folders.png
--- a/docs/howto/img/gcs-user.png
+++ b/docs/howto/img/gcs-user.png
--- a/docs/howto/img/initial-screen.png
+++ b/docs/howto/img/initial-screen.png
--- a/docs/howto/img/local-encrypted.png
+++ b/docs/howto/img/local-encrypted.png
--- a/docs/howto/img/logo.png
+++ b/docs/howto/img/logo.png
--- a/docs/howto/img/s3-user.png
+++ b/docs/howto/img/s3-user.png
--- a/docs/howto/img/setup.png
+++ b/docs/howto/img/setup.png
--- a/docs/howto/img/sftp-user.png
+++ b/docs/howto/img/sftp-user.png
--- a/docs/howto/img/status.png
+++ b/docs/howto/img/status.png
--- a/docs/howto/img/virtual-folders.png
+++ b/docs/howto/img/virtual-folders.png
--- a/docs/howto/img/virtual-permissions.png
+++ b/docs/howto/img/virtual-permissions.png
--- a/docs/howto/img/web-client-credentials.png
+++ b/docs/howto/img/web-client-credentials.png
--- a/docs/howto/img/web-client-files.png
+++ b/docs/howto/img/web-client-files.png
--- a/httpd/schema/openapi.yaml
+++ b/httpd/schema/openapi.yaml
@ -11,7 +11,11 @@ tags:
  - name: users
 info:
  title: SFTPGo
-  description: SFTPGo REST API
+  description: |
    SFTPGo allows to securely share your files over SFTP and optionally FTP/S and WebDAV too.
    Several storage backends are supported and they are configurable per user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one.
    SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, an S3 user that exposes a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one.
    Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
  version: 2.0.5
  contact:
    name: API support
--- a/logger/logger.go
+++ b/logger/logger.go
@ -118,6 +118,13 @@ func GetLogger() *zerolog.Logger {
 func InitLogger(logFilePath string, logMaxSize int, logMaxBackups int, logMaxAge int, logCompress bool, level zerolog.Level) {
 	zerolog.TimeFieldFormat = dateFormat
 	if isLogFilePathValid(logFilePath) {
 		logDir := filepath.Dir(logFilePath)
 		if _, err := os.Stat(logDir); os.IsNotExist(err) {
 			err = os.MkdirAll(logDir, os.ModePerm)
 			if err != nil {
 				fmt.Printf("unable to create log dir %#v: %v", logDir, err)
 			}
 		}
 		rollingLogger = &lumberjack.Logger{
 			Filename:   logFilePath,
 			MaxSize:    logMaxSize,
--- a/templates/webadmin/user.html
+++ b/templates/webadmin/user.html
@ -206,7 +206,6 @@
                    <small id="vfHelpBlock" class="form-text text-muted">
                        One mapping per line as vpath::folder-name::[quota_files]::[quota_size(bytes)], for example
                        /vdir::afolder or /vdir::afolder::10::104857600. Quota -1 means included inside user quota.
                        Ignored for non local filesystems
                    </small>
                </div>
            </div>