Skip to content
Klutch.sh Docs

Deploying a SFTPGo App

Introduction

SFTPGo is an open-source SFTP/FTPS/WebDAV server with a web admin UI and flexible storage backends. Deploying SFTPGo with a Dockerfile on Klutch.sh provides reproducible builds, managed secrets, and persistent storage—all configured from klutch.sh/app. Because Klutch.sh supports one port per app, this guide shows a split deployment: one app for SFTP (TCP) and an optional second app for the HTTP admin/API.

Prerequisites

  • A Klutch.sh account (sign up)
  • A GitHub repository containing your SFTPGo Dockerfile (GitHub is the only supported git source)
  • Optional: external object storage (S3/MinIO/Azure) if you don’t want local storage

For onboarding, see the Quick Start.

Architecture and ports

  • Klutch.sh allows one port per app. Use two apps (same repo/image) if you need both:
    • SFTP service: TCP traffic, internal port 2022 (default SFTPGo SFTP). External clients connect on example-app.klutch.sh:8000 via TCP.
    • Admin/API (optional): HTTP traffic, internal port 8080 (web admin/API).
  • FTPS/WebDAV ports are not exposed in this layout; use SFTP or HTTP admin/API per app.

Repository layout

sftpgo/
├── Dockerfile              # Must be at repo root for auto-detection
└── README.md

Keep secrets out of Git; store them in Klutch.sh environment variables.

Installation (local) and starter commands

Build and run locally:

Terminal window
docker build -t sftpgo-local .
docker run -p 2022:2022 -p 8080:8080 \
  -e SFTPGO_HTTPD__BIND_PORT=8080 \
  -e SFTPGO_SFTPD__BIND_PORT=2022 \
  sftpgo-local

Dockerfile for SFTPGo (production-ready)

Place this at the repo root; Klutch.sh auto-detects Dockerfiles.

FROM drakkan/sftpgo:latest


ENV SFTPGO_SFTPD__BIND_PORT=2022
ENV SFTPGO_HTTPD__BIND_PORT=8080


EXPOSE 2022 8080
CMD ["/bin/sh", "/entrypoint.sh"]

Notes:

  • Pin to a specific tag (e.g., drakkan/sftpgo:v2.5.6) for stability.
  • /entrypoint.sh launches SFTPGo with both SFTP and HTTP listeners; deploy them as separate apps on Klutch.sh to satisfy single-port routing.

Environment variables (Klutch.sh)

Set these before deploying:

  • For the SFTP app (TCP):
    • SFTPGO_SFTPD__BIND_PORT=2022
    • SFTPGO_HTTPD__BIND_PORT=0 (disable HTTP on this app)
  • For the admin/API app (HTTP):
    • SFTPGO_HTTPD__BIND_PORT=8080
    • SFTPGO_SFTPD__BIND_PORT=0 (disable SFTP on this app)
  • Shared options:
    • SFTPGO_DATA_PROVIDER__DRIVER=sqlite (default) or mysql/postgres if external DB
    • SFTPGO_DATA_PROVIDER__NAME=/var/lib/sftpgo/sftpgo.db (sqlite path) or DB URL for other drivers
    • SFTPGO_DEFAULT_ADMIN_USERNAME=<admin>
    • SFTPGO_DEFAULT_ADMIN_PASSWORD=<strong-password>

If deploying without the Dockerfile and relying on Nixpacks:

  • NIXPACKS_START_CMD=/bin/sh /entrypoint.sh

Attach persistent volumes

Add storage in Klutch.sh (path and size only):

  • /var/lib/sftpgo — user data, sqlite DB, and logs (required for persistence).
  • /srv/sftpgo — user home directories (if using local storage instead of object storage).

Ensure paths are writable inside the container.

Deploy SFTPGo on Klutch.sh (split-port workflow)

  1. Push your repository—with the Dockerfile at the root—to GitHub.
  2. Create the SFTP app: choose TCP traffic, set the internal port to 2022, set SFTPGO_HTTPD__BIND_PORT=0, and attach volumes at /var/lib/sftpgo (and /srv/sftpgo if storing files locally).
  3. Deploy the SFTP app. Clients connect via SFTP to example-app.klutch.sh on external port 8000.
  4. Create the admin/API app: choose HTTP traffic, set the internal port to 8080, set SFTPGO_SFTPD__BIND_PORT=0, and attach the same volumes if needed.
  5. Deploy the admin/API app. Manage users and settings at https://example-app.klutch.sh.

Sample SFTP usage

Test connectivity (replace user/host):

Terminal window
sftp -P 8000 user@example-app.klutch.sh

Upload a file:

Terminal window
echo "hello" > hello.txt
sftp -P 8000 user@example-app.klutch.sh:/upload <<'EOF'
put hello.txt
EOF

Health checks and production tips

  • For the admin app, use an HTTP readiness probe on /healthz (or / if unavailable).
  • Keep admin credentials in Klutch.sh secrets; rotate regularly.
  • Pin image versions and test upgrades in staging before production.
  • Monitor storage usage on /var/lib/sftpgo and /srv/sftpgo; resize volumes proactively or offload to object storage.
  • If using object storage, configure S3/MinIO/Azure env vars per SFTPGo docs and keep them in secrets.

SFTPGo on Klutch.sh delivers reproducible Docker builds, split SFTP and admin endpoints to match single-port routing, managed secrets, and persistent storage—without extra YAML or CI steps. Configure ports, credentials, and volumes, then start serving secure file transfers.