SftpGo是一款高性能、功能齊全、易用可配置的一款sftp server 服務,基於go開發。目前在linux、macos下均可以穩定運行(windows個人未測試)。數據可以持久化到主流的數據庫,諸如Mysql、PostgreSQL、Sqlilte.
sftpgo主要組成
- 服務端主程序: sftpgosever
- cli腳本: sftpcli
數據目錄
- conf存儲服務配置文件
- data創建sftp用戶目錄
- backups存儲應用備份數據
本次基於k8s運行服務、mysql5.7做持久化存儲、騰訊雲NFS服務做數據目錄、configmap掛載配置文件、nginx stream提供域名映射tcp訪問
構建鏡像
直接拉取
<code>docker pull taylordang/sftpgo:v1.0/<code>
本地基於Dockerfile構建
<code>查看具體文檔: [https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine](https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine)/<code>
構建腳手架
<code>構建腳本: [https://github.com/dtcka/sftpgo/blob/master/docker/rest-api-cli/Dockerfile](https://github.com/dtcka/sftpgo/blob/master/docker/rest-api-cli/Dockerfile)/<code>
標準配置文件
<code>{ "sftpd": { "bind_port": 2022, "bind_address": "0.0.0.0", "idle_timeout": 15, "max_auth_tries": 0, "umask": "0022", "banner": "", "upload_mode": 0, "actions": { "execute_on": [], "command": "", "http_notification_url": "" }, "keys": [], "kex_algorithms": [], "ciphers": [], "macs": [], "login_banner_file": "", "setstat_mode": 0, "enabled_ssh_commands": [ "md5sum", "sha1sum", "cd", "pwd", "scp" ], "keyboard_interactive_auth_program": "", "proxy_protocol": 0, "proxy_allowed": [] }, "data_provider": { "driver": "mysql", "name": "sftpgo", "host": "xxxxxx", "port": 9999, "username": "sftpgo", "password": "xxxxx", "sslmode": 0, "connection_string": "", "users_table": "users", "manage_users": 1, "track_quota": 2, "pool_size": 0, "users_base_dir": "", "actions": { "execute_on": [], "command": "", "http_notification_url": "" }, "external_auth_program": "", "external_auth_scope": 0, "credentials_path": "credentials", "pre_login_program": "" }, "httpd": { "bind_port": 8080, "bind_address": "0.0.0.0", "templates_path": "templates", "static_files_path": "static", "backups_path": "backups", "auth_user_file": "", "certificate_file": "", "certificate_key_file": "" } }/<code>
運行應用
以上服務配置準備完成之後,運行容器會在數據庫中自動生成對應的表
提供服務外部入庫
1. 設置內網服務入口
<code>apiVersion: v1 kind: Service metadata: name: sftpgo namespace: sftp spec: clusterIP: xxxx externalTrafficPolicy: Cluster ports: - name: 8080-8080-tcp nodePort: 31807 port: 8080 protocol: TCP targetPort: 8080 - name: 2022-2022-tcp nodePort: 30865 port: 2022 protocol: TCP targetPort: 2022 selector: k8s-app: sftpgo qcloud-app: sftpgo sessionAffinity: None type: LoadBalancer status: loadBalancer: ingress: - ip: xxxx/<code>
2. 設置外部服務入口
- nginx配置文件 ``` apiVersion: v1 data: nginx.conf: |- user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } stream { server { listen 2022; proxy_pass sftpgo服務對應的內網ip:2022; } } kind: ConfigMap metadata: name: tcp-config namespace: sftp
<code> ##### 3.測試下服務狀態以及數據目錄權限 ![image.png](http://q8s9cjjs5.bkt.clouddn.com/1586880607963-e4dc5332-a0b5-4e64-acc6-48c4e691b381.png)
測試ok:數據權限UID GID需要設置為1003.
##### 4. 設置域名解析到nginx的externalIps即可實現域名訪問 ![image.png](http://q8s9cjjs5.bkt.clouddn.com/1586882094117-aa68a9be-c99f-47eb-9806-62abde560150.png) ---
附:/<code>
sftpgo服務源碼:https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine sftpgo容器相關鏡像:https://hub.docker.com/repository/docker/taylordang/sftpgo sftpgo腳手架:https://hub.docker.com/repository/docker/taylordang/sftp-api-cli
```
本文由博客一文多發平臺 OpenWrite 發佈!