SFTPGo — Self-Hosted Secure File Transfer Server

Introduction

SFTPGo is a modern, fully-featured file transfer server that supports SFTP, SCP, FTP/S, WebDAV, and HTTP/S file sharing. Written in Go, it replaces legacy OpenSSH-based SFTP setups with a secure, performant server that includes a web admin panel, virtual users (no OS accounts needed), and pluggable storage backends.

What SFTPGo Does

• Serves files via SFTP, SCP, FTP/S, WebDAV, and HTTP/S from a single process
• Manages virtual users with quotas, bandwidth limits, and per-directory permissions
• Supports multiple storage backends: local disk, S3, GCS, Azure Blob, and encrypted local
• Provides a web admin panel and REST API for user and configuration management
• Triggers event actions (webhooks, scripts, email) on file upload, download, or deletion

Architecture Overview

SFTPGo is a single Go binary with an event-driven architecture. Each protocol (SFTP, FTP, WebDAV, HTTP) runs as a listener sharing a common virtual filesystem layer. User data is stored in SQLite, PostgreSQL, or MySQL. The virtual filesystem abstraction maps user home directories to any storage backend transparently.

Self-Hosting & Configuration

• Deploy via Docker, native packages (deb/rpm), or a single binary download
• Configure via sftpgo.json, environment variables, or the web admin UI
• Choose database backend: embedded SQLite for single-node, PostgreSQL for HA
• Set up TLS certificates for FTPS and HTTPS; SFTP uses SSH host keys
• Integrate with external auth via LDAP, HTTP hooks, or PAM modules

Key Features

• Multi-protocol: SFTP, SCP, FTP/S, WebDAV, HTTP/S from one server
• Virtual users with no OS account requirement and fine-grained permissions
• Storage backends: local, S3, GCS, Azure Blob, SFTP-to-SFTP proxy, encrypted FS
• Event system with webhooks, email notifications, and custom scripts
• Two-factor authentication and IP-based access rules

Comparison with Similar Tools

• OpenSSH sftp-server — requires OS users, no web UI; SFTPGo uses virtual users with quotas
• ProFTPD — FTP-focused with complex config; SFTPGo is multi-protocol with modern defaults
• vsftpd — FTP only, minimal features; SFTPGo adds SFTP, WebDAV, and cloud storage backends
• Nextcloud — full collaboration suite; SFTPGo is focused on file transfer protocols
• MinIO — S3-only interface; SFTPGo provides traditional file transfer protocols over any backend

FAQ

Q: Do I need to create Linux users for each SFTP account? A: No. SFTPGo uses virtual users stored in its database. No OS accounts needed.

Q: Can I use S3 as the storage backend? A: Yes. Configure an S3 bucket as a user's home directory or as a virtual folder.

Q: Does it support public key authentication? A: Yes, with per-user authorized keys, certificate auth, and keyboard-interactive methods.

Q: How do I monitor transfers? A: Use the REST API, web admin live connections view, or configure event actions for logging.

Sources

• https://github.com/drakkan/sftpgo
• https://docs.sftpgo.com