SftpGo是一款高性能、功能齐全、易用可配置的一款sftp server 服务，基于go开发。目前在linux、macos下均可以稳定运行(windows个人未测试)。数据可以持久化到主流的数据库，诸如Mysql、PostgreSQL、Sqlilte.  

sftpgo主要组成

• 服务端主程序: sftpgosever
• cli脚本: sftpcli

数据目录

• conf存储服务配置文件
• data创建sftp用户目录
• backups存储应用备份数据

本次基于k8s运行服务、mysql5.7做持久化存储、腾讯云NFS服务做数据目录、configmap挂载配置文件、nginx stream提供域名映射tcp访问

构建镜像

  直接拉取

docker pull taylordang/sftpgo:v1.0

  本地基于Dockerfile构建

查看具体文档: [https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine](https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine)

构建脚手架

构建脚本: [https://github.com/dtcka/sftpgo/blob/master/docker/rest-api-cli/Dockerfile](https://github.com/dtcka/sftpgo/blob/master/docker/rest-api-cli/Dockerfile)

标准配置文件

{"sftpd": {"bind_port": 2022,"bind_address": "0.0.0.0","idle_timeout": 15,"max_auth_tries": 0,"umask": "0022","banner": "","upload_mode": 0,"actions": {"execute_on": [],"command": "","http_notification_url": ""},"keys": [],"kex_algorithms": [],"ciphers": [],"macs": [],"login_banner_file": "","setstat_mode": 0,"enabled_ssh_commands": ["md5sum","sha1sum","cd","pwd","scp"],"keyboard_interactive_auth_program": "","proxy_protocol": 0,"proxy_allowed": []},"data_provider": {"driver": "mysql","name": "sftpgo","host": "xxxxxx","port": 9999,"username": "sftpgo","password": "xxxxx","sslmode": 0,"connection_string": "","users_table": "users","manage_users": 1,"track_quota": 2,"pool_size": 0,"users_base_dir": "","actions": {"execute_on": [],"command": "","http_notification_url": ""},"external_auth_program": "","external_auth_scope": 0,"credentials_path": "credentials","pre_login_program": ""},"httpd": {"bind_port": 8080,"bind_address": "0.0.0.0","templates_path": "templates","static_files_path": "static","backups_path": "backups","auth_user_file": "","certificate_file": "","certificate_key_file": ""}
}

运行应用

   以上服务配置准备完成之后，运行容器会在数据库中自动生成对应的表

提供服务外部入库

1. 设置内网服务入口

apiVersion: v1
kind: Service
metadata:name: sftpgonamespace: sftp
spec:clusterIP: xxxxexternalTrafficPolicy: Clusterports:- name: 8080-8080-tcpnodePort: 31807port: 8080protocol: TCPtargetPort: 8080- name: 2022-2022-tcpnodePort: 30865port: 2022protocol: TCPtargetPort: 2022selector:k8s-app: sftpgoqcloud-app: sftpgosessionAffinity: Nonetype: LoadBalancer
status:loadBalancer:ingress:- ip: xxxx

2. 设置外部服务入口

  - nginx配置文件   ``` apiVersion: v1 data: nginx.conf: |- user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } stream { server { listen 2022; proxy_pass sftpgo服务对应的内网ip:2022; } } kind: ConfigMap metadata: name: tcp-config namespace: sftp

##### 3.测试下服务状态以及数据目录权限
![image.png](https://img-blog.csdnimg.cn/20200419100513838.png)
<br />测试ok：数据权限UID GID需要设置为1003.<br />##### 4. 设置域名解析到nginx的externalIps即可实现域名访问
![image.png](https://img-blog.csdnimg.cn/2020041910051459.png)---
<br/>
<br/>
附：

sftpgo服务源码：https://github.com/dtcka/sftpgo/tree/master/docker/sftpgo/alpine sftpgo容器相关镜像：https://hub.docker.com/repository/docker/taylordang/sftpgo sftpgo脚手架：https://hub.docker.com/repository/docker/taylordang/sftp-api-cli

```

更多内容请访问【云原生建筑师】https://blog.dtcka.com