174 lines
7.1 KiB
Bash
174 lines
7.1 KiB
Bash
|
|
PUID=${PUID}
|
|
PGID=${MEDIA_GID}
|
|
TZ=${TZ}
|
|
|
|
SFTPGO_GRACE_TIME=80 # must set docker grace time to be > 80
|
|
|
|
# COMMON
|
|
# ------
|
|
SFTPGO_COMMON__IDLE_TIMEOUT=30
|
|
SFTPGO_COMMON__UPLOAD_MODE=2
|
|
# SFTPGO_COMMON__ACTIONS__EXECUTE_ON=upload,download
|
|
SFTPGO_COMMON__TEMP_PATH=/srv/sftpgo/temp
|
|
SFTPGO_COMMON__MAX_TOTAL_CONNECTIONS=0
|
|
SFTPGO_COMMON__MAX_PER_HOST_CONNECTIONS=20
|
|
SFTPGO_COMMON__UMASK=002
|
|
|
|
SFTPGO_COMMON__DEFENDER__ENABLED=true
|
|
SFTPGO_COMMON__DEFENDER__DRIVER=memory
|
|
SFTPGO_COMMON__DEFENDER__BAN_TIME=30
|
|
SFTPGO_COMMON__DEFENDER__BAN_TIME_INCREMENT=50
|
|
SFTPGO_COMMON__DEFENDER__THRESHOLD=15
|
|
SFTPGO_COMMON__DEFENDER__SCORE_INVALID=2
|
|
SFTPGO_COMMON__DEFENDER__SCORE_VALID=1
|
|
SFTPGO_COMMON__DEFENDER__SCORE_LIMIT_EXCEEDED=3
|
|
SFTPGO_COMMON__DEFENDER__SCORE_NO_AUTH=0
|
|
SFTPGO_COMMON__DEFENDER__OBSERVATION_TIME=30
|
|
SFTPGO_COMMON__DEFENDER__ENTRIES_SOFT_LIMIT=100
|
|
SFTPGO_COMMON__DEFENDER__ENTRIES_HARD_LIMIT=150
|
|
SFTPGO_COMMON__DEFENDER__LOGIN_DELAY__SUCCESS=0
|
|
SFTPGO_COMMON__DEFENDER__LOGIN_DELAY__PASSWORD_FAILED=1000
|
|
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__AVERAGE=100
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__PERIOD=1000
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__BURST=1
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__TYPE=1
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__PROTOCOLS=SSH,FTP,DAV,HTTP
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__GENERATE_DEFENDER_EVENTS=0
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__ENTRIES_SOFT_LIMIT=100
|
|
SFTPGO_COMMON__RATE_LIMITERS__0__ENTRIES_HARD_LIMIT=150
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__AVERAGE=10
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__PERIOD=1000
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__BURST=1
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__TYPE=2
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__PROTOCOLS=SSH,FTP
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__GENERATE_DEFENDER_EVENTS=1
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__ENTRIES_SOFT_LIMIT=100
|
|
SFTPGO_COMMON__RATE_LIMITERS__1__ENTRIES_HARD_LIMIT=150
|
|
|
|
# ACME
|
|
# ----
|
|
# refer to https://docs.sftpgo.com/latest/config-file/#acme
|
|
SFTPGO_ACME__DOMAINS="sthome.org, stokvis.co.za"
|
|
SFTPGO_ACME__EMAIL="stuurmcp@telkomsa.net"
|
|
SFTPGO_ACME__KEY_TYPE=4096
|
|
SFTPGO_ACME__CERTS_PATH=/srv/sftpgo/certificates
|
|
SFTPGO_ACME__CA_ENDPOINT=https://acme-staging-v02.api.letsencrypt.org/directory
|
|
#SFTPGO_ACME__CA_ENDPOINT=https://acme-v02.api.letsencrypt.org/directory
|
|
SFTPGO_ACME__RENEW_DAYS=30
|
|
# cloudflare does not support TLS-ALPN-01 challenge, so we have to use HTTP-01
|
|
SFTPGO_ACME__HTTP01_CHALLENGE__PORT=80
|
|
SFTPGO_ACME__HTTP01_CHALLENGE__PROXY_HEADER=Host
|
|
SFTPGO_ACME__HTTP01_CHALLENGE__WEBROOT="/var/www/sftpgo.com"
|
|
# SFTPGO_ACME__TLS_ALPN01_CHALLENGE=443
|
|
|
|
# SSH/SFTP server
|
|
# ---------------
|
|
SFTPGO_SFTPD__BINDINGS__0__PORT=${TCP_PORT1}
|
|
SFTPGO_SFTPD__BINDINGS__1__PORT=${TCP_PORT2}
|
|
SFTPGO_SFTPD__BINDINGS__2__PORT=${TCP_PORT3}
|
|
SFTPGO_SFTPD__BINDINGS__3__PORT=${TCP_PORT4}
|
|
SFTPGO_SFTPD__BINDINGS__4__PORT=${TCP_PORT5}
|
|
SFTPGO_SFTPD__BINDINGS__5__PORT=${TCP_PORT6}
|
|
SFTPGO_SFTPD__BINDINGS__6__PORT=${TCP_PORT7}
|
|
SFTPGO_SFTPD__BINDINGS__7__PORT=${TCP_PORT8}
|
|
# SFTPGO_SFTPD__BINDINGS__0__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__1__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__2__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__3__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__4__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__5__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__6__ADDRESS=
|
|
# SFTPGO_SFTPD__BINDINGS__7__ADDRESS=
|
|
SFTPGO_SFTPD__BINDINGS__0__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__1__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__2__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__3__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__4__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__5__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__6__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__BINDINGS__7__APPLY_PROXY_CONFIG=true
|
|
SFTPGO_SFTPD__MAX_AUTH_TRIES=6
|
|
SFTPGO_SFTPD__HOST_KEYS=
|
|
SFTPGO_SFTPD__HOST_CERTIFICATES=
|
|
SFTPGO_SFTPD__HOST_KEY_ALGORITHMS=rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519
|
|
SFTPGO_SFTPD__KEX_ALGORITHMS=curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha256
|
|
SFTPGO_SFTPD__MIN_DH_GROUP_EXCHANGE_KEY_SIZE=2048
|
|
SFTPGO_SFTPD__CIPHERS=aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr
|
|
SFTPGO_SFTPD__MACS=hmac-sha2-256-etm@openssh.com, hmac-sha2-256
|
|
SFTPGO_SFTPD__PUBLIC_KEY_ALGORITHMS=ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-ed25519, sk-ssh-ed25519@openssh.com, sk-ecdsa-sha2-nistp256@openssh.com
|
|
SFTPGO_SFTPD__TRUSTED_USER_CA_KEYS=
|
|
SFTPGO_SFTPD__REVOKED_USER_CERTS_FILE=
|
|
SFTPGO_SFTPD__LOGIN_BANNER_FILE=
|
|
SFTPGO_SFTPD__ENABLED_SSH_COMMANDS=
|
|
SFTPGO_SFTPD__KEYBOARD_INTERACTIVE_AUTHENTICATION=true
|
|
SFTPGO_SFTPD__KEYBOARD_INTERACTIVE_AUTH_HOOK=
|
|
SFTPGO_SFTPD__PASSWORD_AUTHENTICATION=true
|
|
|
|
# Data provider
|
|
# -------------
|
|
SFTPGO_DATA_PROVIDER__DRIVER=${DB_TYPE}
|
|
SFTPGO_DATA_PROVIDER__HOST=${POSTGRES_DB_HOST}
|
|
SFTPGO_DATA_PROVIDER__PORT=${POSTGRES_DB_PORT}
|
|
SFTPGO_DATA_PROVIDER__NAME=${POSTGRES_DB}
|
|
SFTPGO_DATA_PROVIDER__USERNAME=${POSTGRES_USER}
|
|
SFTPGO_DATA_PROVIDER__PASSWORD=${POSTGRES_PASSWORD}
|
|
# SFTPGO_DATA_PROVIDER__NAME=${POSTGRES_DB_FILE}
|
|
# SFTPGO_DATA_PROVIDER__USERNAME=${POSTGRES_USER_FILE}
|
|
# SFTPGO_DATA_PROVIDER__PASSWORD=${POSTGRES_PASSWORD_FILE}
|
|
SFTPGO_DATA_PROVIDER__SSLMODE=0
|
|
# SFTPGO_DATA_PROVIDER__ROOT_CERT=
|
|
SFTPGO_DATA_PROVIDER__DISABLE_SNI=false
|
|
# SFTPGO_DATA_PROVIDER__TARGET_SESSION_ATTRS=
|
|
# SFTPGO_DATA_PROVIDER__CLIENT_CERT=
|
|
# SFTPGO_DATA_PROVIDER__CLIENT_KEY=
|
|
# SFTPGO_DATA_PROVIDER__CONNECTION_STRING=postgres://$${POSTGRES_USER}:$${POSTGRES_PASSWORD}@$${POSTGRES_DB_HOST}:$${POSTGRES_DB_PORT}/$${POSTGRES_DB}
|
|
SFTPGO_DATA_PROVIDER__TRACK_QUOTA=0
|
|
SFTPGO_DATA_PROVIDER__DELAYED_QUOTA_UPDATE=10
|
|
# SFTPGO_DATA_PROVIDER__USERS_BASE_DIR=
|
|
SFTPGO_DATA_PROVIDER__EXTERNAL_AUTH_SCOPE=0
|
|
SFTPGO_DATA_PROVIDER__CREDENTIALS_PATH=/credentials
|
|
SFTPGO_DATA_PROVIDER__POST_LOGIN_SCOPE=0
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_HASHING__ALGO=argon2id
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_HASHING__ARGON2_OPTIONS__MEMORY=65536
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_HASHING__ARGON2_OPTIONS__PARALLELISM=8
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_HASHING__ARGON2_OPTIONS__ITERATIONS=2
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_HASHING__BCRYPT_OPTIONS__COST=20
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_VALIDATION__ADMINS=80
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_VALIDATION__USERS=70
|
|
SFTPGO_DATA_PROVIDER__PASSWORD_CACHING=true
|
|
SFTPGO_DATA_PROVIDER__UPDATE_MODE=0
|
|
SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN=false
|
|
SFTPGO_DATA_PROVIDER__NAMING_RULES=5
|
|
|
|
# Multi-factor authentication
|
|
# ---------------------------
|
|
SFTPGO_MFA__TOTP__NAME=Default
|
|
SFTPGO_MFA__TOTP__ISSUER=STHOME
|
|
SFTPGO_MFA__TOTP__ALGO=sha1
|
|
|
|
# SMTP
|
|
# ----
|
|
SFTPGO_SMTP__PORT=25
|
|
SFTPGO_SMTP__HOST=${SMTP_HOST}
|
|
SFTPGO_SMTP__FROM=${SMTP_FROM}
|
|
SFTPGO_SMTP__USER=${SMTP_USERNAME}
|
|
SFTPGO_SMTP__PASSWORD=${SMTP_PASSWORD}
|
|
# SFTPGO_SMTP__HOST=${SMTP_HOST_FILE}
|
|
# SFTPGO_SMTP__FROM=${SMTP_FROM_FILE}
|
|
# SFTPGO_SMTP__USER=${SMTP_USERNAME_FILE}
|
|
# SFTPGO_SMTP__PASSWORD=${SMTP_PASSWORD_FILE}
|
|
SFTPGO_SMTP__AUTH_TYPE=0
|
|
SFTPGO_SMTP__ENCRYPTION=2
|
|
# SFTPGO_SMTP__DOMAIN=
|
|
# SFTPGO_SMTP__TEMPLATES_PATH=
|
|
SFTPGO_SMTP__DEBUG=1
|
|
SFTPGO_SMTP__OAUTH2__PROVIDER=0
|
|
# SFTPGO_SMTP__OAUTH2__TENANT=
|
|
# SFTPGO_SMTP__OAUTH2__CLIENT_ID=
|
|
# SFTPGO_SMTP__OAUTH2__CLIENT_SECRET=
|
|
# SFTPGO_SMTP__OAUTH2__REFRESH_TOKEN=
|
|
|
|
|