Linux » UFW » Allow » 20022
sudo ufw allow 20022/tcp
sudo ufw status numbered
Docker » Compose » Volume
mkdir -p /opt/shahed/chorke/academia/var/playground/sftp
ln -s /opt/shahed/chorke/academia/var/playground/sftp \
${HOME}/Documents/sftp-playground
cd ${HOME}/Documents/sftp-playground/
mkdir -p ./data/{etc/ssh/sshd_config.d,home/{academia,agronomy}/upload}
ls -lah ./data/{etc/ssh/sshd_config.d,home/{academia,agronomy}/upload}
cat <<'CFG' | tee ./data/etc/ssh/sshd_config >/dev/null
# Secure defaults
# See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
# Faster connection
# See: https://github.com/atmoz/sftp/issues/11
UseDNS no
# Limited access
PermitRootLogin no
X11Forwarding no
AllowTcpForwarding no
# Force sftp and chroot jail
Subsystem sftp internal-sftp
ForceCommand internal-sftp
ChrootDirectory %h
# Enable this for more logs
#LogLevel VERBOSE
CFG
sudo chown 0:0 -R ./data/etc/ssh
sudo chmod 644 ./data/etc/ssh/sshd_config
sudo chmod 755 ./data/etc/ssh/sshd_config.d
cat <<'CFG' | tee ./users.conf >/dev/null
academia:sadaqah!:1001
agronomy:sadaqah!:1002
CFG
Docker » Compose » Create
cat <<'YML' | tee ./docker-compose.yml >/dev/null
---
services:
sftp:
image: atmoz/sftp:alpine
container_name: sftp
network_mode: bridge
restart: always
ports:
- 20022:22
volumes:
- ./data/etc/ssh:/etc/ssh
- ./users.conf:/etc/sftp/users.conf:ro
- ./data/home/academia/upload:/home/academia/upload
- ./data/home/agronomy/upload:/home/agronomy/upload
YML
Docker » Compose » Manage
docker compose up -d
docker compose logs -ft
docker compose down
Docker » Compose » Systemd
cat << INI | sudo tee /etc/systemd/system/sftp.service >/dev/null
[Unit]
Description=Docker SFTP
After=docker.service
[Service]
Restart=always
User=sftp
Group=sftp
ExecStart=/usr/bin/docker-compose -f /etc/sftp/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /etc/sftp/docker-compose.yml stop
[Install]
WantedBy=multi-user.target
Alias=sftpd.service
INI
References