rockylinux8.6上安装sftpgo并配置ssl加密

发表于 2022-11-23 更新于 2024-09-20 分类于技术文章

下载最新sftpgo安装到服务器上 https://github.com/drakkan/sftpgo/releases/

yum install https://github.com/drakkan/sftpgo/releases/download/v2.4.1/sftpgo-2.4.1-1.x86_64.rpm

生成ssl证书，开始加密 cd /etc/sftpgo/ mkdir ssl openssl req -newkey rsa:4096 -nodes -keyout domain.key -x509 -days 3650 -out domain.crt

安装后是默认开启sftp传输,webdav和ftp需要手动打开

配置/etc/sftpgo/sftpgo.json

defender设置”enabled”: true 防止暴力破解密码

"defender": {
      "enabled": true,
      "driver": "memory",
      "ban_time": 30,
      "ban_time_increment": 50,
      "threshold": 15,
      "score_invalid": 2,
      "score_valid": 1,
      "score_limit_exceeded": 3,
      "observation_time": 30,
      "entries_soft_limit": 100,
      "entries_hard_limit": 150,
      "safelist_file": "",
      "blocklist_file": "",
      "safelist": [],
      "blocklist": []
    },

webdav并配置ssl加密修改这几项 “port”: 3443 “enable_https”: true “certificate_file”: “/etc/sftpgo/ssl/domain.crt”, “certificate_key_file”: “/etc/sftpgo/ssl/domain.key”,

  "webdavd": {
    "bindings": [
      {
        "port": 3443,
        "address": "",
        "enable_https": true,
        "certificate_file": "/etc/sftpgo/ssl/domain.crt",
        "certificate_key_file": "/etc/sftpgo/ssl/domain.key",
        "min_tls_version": 12,
        "client_auth_type": 0,
        "tls_cipher_suites": [],
        "prefix": "",
        "proxy_allowed": [],
        "client_ip_proxy_header": "",
        "client_ip_header_depth": 0,
        "disable_www_auth_header": false
      }
    ],
}

配置ftp，修改”port”: 2121

"ftpd": {
    "bindings": [
      {
        "port": 2121,
        "address": "",
        "apply_proxy_config": true,
        "tls_mode": 0,
        "certificate_file": "",
        "certificate_key_file": "",
        "min_tls_version": 12,
        "force_passive_ip": "",
        "passive_ip_overrides": [],
        "client_auth_type": 0,
        "tls_cipher_suites": [],
        "passive_connections_security": 0,
        "active_connections_security": 0,
        "debug": false
      }
    ],
}

加密web管理界面 “enable_https”: true “certificate_file”: “/etc/sftpgo/ssl/domain.crt” “certificate_key_file”: “/etc/sftpgo/ssl/domain.key”

"httpd": {
    "bindings": [
      {
        "port": 3080,
        "address": "",
        "enable_web_admin": true,
        "enable_web_client": true,
        "enable_rest_api": true,
        "enabled_login_methods": 0,
        "enable_https": true,
        "certificate_file": "/etc/sftpgo/ssl/domain.crt",
        "certificate_key_file": "/etc/sftpgo/ssl/domain.key",
    }
}

配置mysql数据库配置下面选项 “driver”: “mysql”, “name”: “sftpgo”, “host”: “127.0.0.1”, “port”: 13306, “username”: “user”, “password”: “password”,

"data_provider": {
    "driver": "mysql",
    "name": "sftpgo",
    "host": "127.0.0.1",
    "port": 3306,
    "username": "user",
    "password": "password",
    "sslmode": 0,
    "disable_sni": false,
    "target_session_attrs": "",
    "root_cert": "",
    "client_cert": "",
    "client_key": "",
    "connection_string": "",
    "sql_tables_prefix": "",
    "track_quota": 2,
    "delayed_quota_update": 0,
    "pool_size": 0,
    "users_base_dir": "/home/sftpgo/data",
    "actions": {
        "execute_on": [],
        "execute_for": [],
        "hook": ""
    }
}

通过webdav挂载成本地目录先下载安装http://www.secfs.net/winfsp 然后再安装rclone 挂载成硬盘

1	rclone.exe mount PC2:/ X: --cache-dir D:\logs_rcloneCache --vfs-cache-mode writes

挂载成目录

1	rclone.exe mount PC2:/ C:\intel\2 --cache-dir D:\logs_rcloneCache --vfs-cache-mode writes