What inspired the creation of SFTPGo, and what pain points were you trying to address?
SFTPGo was initially started as a hobby project. My initial motivation was to learn a new programming language, rather than the ones I was used to using for work, and go.dev was the ideal candidate at that time. To learn how to use Go I needed to work on a real project and in the past, when I was a system administrator, I had several requests to migrate FTP-based file transfer systems to the more modern and secure SFTP protocol. So I decided to write an SFTP server in Go. The first version was initially developed in about 2 weeks and published on Github on July 20, 2019. Initially, it only supported SFTP protocol, the local filesystem to store files, and REST API to manage users. After about a week the link to my GitHub repo was shared on Hacker News (news.ycombinator.com/item?id=20531541). This was the beginning, many users started trying SFTPGo, sharing their experiences of using it and requesting new features. SFTPGo also started getting a lot of GitHub stars, about 1000 in a week or so, and all this was very exciting and increased a lot my motivation to work on the project and improve it. I started working on SFTPGo for many hours a week. I remember taking 2 weeks off from my job to implement initial support for using AWS S3 as storage backend. I started to think that SFTPGo could become a better alternative to similar commercial products and my motivation to improve the project increased even more. I also contribute to related open source libraries used in SFTPGo such as pkg/sftp, ftpserverlib, golang.org/x/crypto/ssh, and others to add features needed in SFTPGo or to fix bugs.SFTPGo offers a range of features beyond basic file transfer. Can you highlight some of the most valuable features for businesses or individuals using your platform?
SFTPGo is a file transfer solution that abstracts storage backends and allows access to files using the built-in WebClient over HTTPS and the standard SFTP, FTPS, and WebDAV protocols. With SFTPGo you can leverage local and cloud storage backends (S3, Azure Blob, Google Cloud Storage, other SFTP servers) for exchanging and storing files internally or over the Internet using the same tools and processes you are already familiar with. Storage backends are configurable per-user, so you can serve a local directory for a user and an S3 bucket (or part of it) for another one. SFTPGo also supports virtual folders, a virtual folder can use any of the supported storage backends. So you can have, for example, a user with the S3 backend mapping a Google Cloud Storage bucket (or part of it) on a specified path and an encrypted local filesystem on another one. The WebAdmin UI allows a person to easily create and manage users, folders, groups, and other resources. The WebClient UI allows end users to change their credentials, browse and manage their files in the browser, and set up two-factor authentication which works with Microsoft Authenticator, Google Authenticator, Authy, and other standard compliant apps. From the WebClient each authorized user can also create HTTP/S links to externally share files and folders securely, by setting limits to the number of downloads/uploads, protecting the share with a password, limiting access by source IP address, setting an automatic expiration date. Another important feature is the support for groups: they make it easier to manage multiple user accounts by allowing settings to be assigned only once at the group level, rather than multiple times to each individual user. SFTPGo is event-driven and custom workflows can be configured based on events or schedules, webhook or email notifications, command execution, file actions (rename, copy), and more. SFTPGo is extensible via plugins and hooks, for example, we are currently working on a proprietary plugin for our SaaS offerings to keep different S3 storage backends in sync. SFTPGo also provides infrastructure as code using the Terraform provider (registry.terraform.io/providers/drakkan/sftpgo/latest) and REST API for integrating with other systems, as well as single Sign-On using OpenID connect and/or LDAP/Active Directory. SFTPGo is easy to scale for high availability and load balancing and bandwidth, storage quota, and file size limits are configurable per-user/group. It works everywhere: on small embedded devices or large Kubernetes clusters. On Linux, Windows, macOS, FreeBSD. On x86, arm, ppc64.Security is paramount when it comes to file transfers. How does SFTPGo ensure the safety and integrity of data transmitted through its platform?
Data is encrypted in motion and may also be encrypted at rest, but this is only the minimum expected functionality. SFTPGo offers much more: • Brute force prevention using the built-in defender (auto-blocking policy). • Rate limiting. • Geo-IP filtering. • Multi-factor and multi-step authentication. • Certificate authentication: both TLS and SSH certificates are supported. • Safelist and blocklist: both global and per user. • Proxy headers spoofing protection. • Strict Content Security Policies: no unsafe-eval and unsafe-inline are required. • Audit logs. • Granular access control.What is the technology stack behind SFTPGo?
SFTPGo is written using the Go programming language. Different config data store are supported: • PostgreSQL compatible; • MySQL compatible; • Embedded SQLite or Bolt key/value store; • Memory. Supported storage backends: • Local filesystem; • Encrypted local filesystem; • S3 (compatible) object storage; • Azure Blob storage; • Google Cloud Storage; • Other SFTP servers; • Custom storage backends via REST API. External Identity providers based on OpenID Connect or LDAP/Active Directory can be used. Web UIs are developed using Bootstrap, JQuery, and the excellent Mega Bundle HTML5 theme from KeenThemes (keenthemes.com/products/templates-mega-bundle). I also contribute to or maintain some external Go libraries used in SFTPGo, most notably golang.org/x/crypto/ssh for the Go programming language. We are therefore proudly among the few companies that can claim to be able to support the entire file transfer solution they offer, from low-level protocols to web user interfaces.
What different plans do you offer and what are the main differences between them?
We provide different options: 1. SFTPGo as a fully managed service (SaaS) supported by us. (sftpgo.com/saas) 2. Ready-to-use virtual machines and containers from AWS and Azure Marketplaces. 3. Support plans (sftpgo.com/plans) to confidently use a supported copy of SFTPGo, managed by you, in your company. 4. Use SFTPGo for free with self-support and/or community support and in compliance with license and trademark obligations. (sftpgo.com/compliance.html) With our SaaS offerings, you can easily use SFTPGo without having to worry about infrastructure, maintenance, and updates. You get a secure, ready-to-use, and fully supported file transfer solution at a predictable price. Unlike similar solutions, we do not provide you with accounts on a shared installation, but a dedicated installation deployed in a data center close to our customers. This ensures maximum isolation and allows us to freely configure protocols, ciphers, and other algorithms to suit our customers’ needs, without them influencing each other. We provide several SaaS plans according to our customer storage, bandwidth, features, and compliance requirements. We offer SFTPGo ready to use on AWS and Azure Marketplaces, unlike our SaaS plans, you need to manage and update your installation yourself. These offerings come with basic email support and additional support can be purchased if required. Our support plans are the ideal solution to install and use a supported copy of SFTPGo in professional environments: on-premise, in the cloud, or in a hybrid cloud. The “Basic” and “Pro” plans are well-defined and suited for the most common use cases. Enterprise plans are suitable for large-scale deployments and/or advanced security and do not have a fixed price because they are customized to the individual needs of our customers. Some notable features included in Enterprise plans: • Reduced response time. • Bug fixes: once an error can be reproduced, we will fix it no matter what your support plan is. If you have an Enterprise plan, we will work around the clock to provide a custom build with the fix, for other plans you will have to wait for a new release and then a variable time from a few days to a few weeks depending on the severity of the issue. • Hardening security guide covering all the supported protocols and support for applying and adapting it our customers’ environment. • Early security patches: our Enterprise plan subscribers will know in advance when a security issue will be publicly disclosed, so they can prepare for the update and, in the meantime, apply a workaround if one is available. Sometimes we can also anticipate the fix with a custom build. This service is available for SFTPGo itself and for the dependencies, we maintain or contribute to. • Custom builds: they are useful for customers with very specific requirements that are outside the scope of the SFTPGo open-source project, or to provide a fix that is not yet included in an official release. Finally, you can also use SFTPGo for free, provided you comply with the licensing and trademark obligations, in which case you do not expect support or guarantees. This is a good option for testing and home users. Important note: the only SFTPGo offerings provided and supported by us, the authors of SFTPGo, are those described on the sftpgo.com website.To learn more about SFTPGo, you can visit sftpgo.com
