SFTPGo

SFTPGo is a high‑performance, event‑driven file transfer platform written entirely in Go. It exposes a unified set of protocols—SFTP, FTP/S, HTTP/HTTPS, and WebDAV—allowing clients to interact with a single backend regardless of the protocol they prefer. The server can serve as an internal file exchange hub, a secure drop‑box for partners, or a front‑end to cloud object stores. Its event‑oriented design means that every file operation (upload, download, delete, rename) can trigger custom hooks or WebSocket notifications, making it a natural fit for workflow automation and audit logging.

Architecture & Technical Stack

• Language & Runtime: Core engine in Go (1.20+), compiled to a single static binary for easy distribution.
• Protocol Handling: Uses the go-sftp library for SFTP, go-ftpd for FTP/S, and the standard net/http package for HTTP/HTTPS. WebDAV support is built atop the same HTTP stack with additional method handling.
• Storage Backends: Abstracted via a pluggable storage interface. Supported backends include:
  • Local filesystem (plain or encrypted via AES‑256 GCM)
  • S3-compatible object stores (Amazon, MinIO, Wasabi)
  • Google Cloud Storage
  • Azure Blob Storage
  • Remote SFTP servers (acting as a proxy)
• Database: User, group, and policy definitions are persisted in an embedded SQLite database or a remote PostgreSQL/MySQL instance for multi‑node deployments. The schema is lightweight and fully ACID compliant.
• Event Bus: Internally uses a Go channel‑based event bus that can be extended with external systems (Kafka, NATS) through the plugin API.

Core Capabilities & APIs

• RESTful Admin API: Exposes CRUD operations for users, groups, policies, and storage mounts. Authentication is token‑based (JWT) and can be integrated with LDAP/AD via PAM.
• WebSocket Notifications: Clients can subscribe to real‑time file events, enabling instant UI updates or downstream processing.
• WebAdmin & WebClient UIs: Built with React and served by the same binary. They provide a modern, responsive interface for both administrators and end‑users.
• Two‑Factor Authentication: Supports TOTP (Google Authenticator, Authy) and WebAuthn for MFA.
• Audit Logging: Every action is recorded with timestamps, user identity, and operation details. Logs can be streamed to external log aggregators via hooks.

Deployment & Infrastructure

• Containerization: Official Docker images are available on Docker Hub. The image is minimal (Alpine‑based) and can be run in Kubernetes, Docker Swarm, or any OCI‑compatible runtime.
• Scalability: The server is stateless except for the SQLite/DB and storage mounts. For high‑throughput workloads, deploy multiple instances behind a load balancer; session persistence is handled via the admin API’s token mechanism.
• Self‑Hosting Requirements: A single CPU core and 512 MiB RAM suffice for modest workloads; production deployments typically reserve 2–4 cores and 1 GiB RAM. Disk I/O should be SSD for best performance.
• High Availability: The embedded SQLite can be replaced with a replicated PostgreSQL cluster. A shared storage backend (e.g., NFS, Ceph) allows multiple instances to operate on the same file set.

Integration & Extensibility

• Plugin System: Written in Go, plugins can hook into authentication (custom LDAP/AD providers), storage (e.g., custom encryption layers), or events. The plugin API is exposed via a simple Go interface; compiled plugins are loaded at runtime.
• Webhooks: HTTP callbacks can be configured for file events, enabling integration with CI/CD pipelines, message queues, or third‑party services.
• SDKs & Libraries: While no official SDK exists yet, the REST API is fully documented and can be consumed from any language. The community has produced Go and Python clients that wrap the API.

Developer Experience

• Configuration: YAML‑based configuration files with clear defaults. The sftpgo config validate command (available in the binary) checks schema validity before startup.
• Documentation: Comprehensive README, API reference, and a dedicated wiki. The codebase is well‑commented, and the CI pipeline ensures backwards compatibility for the API.
• Community & Support: Active GitHub Discussions, Slack channel, and a quarterly release cadence. For enterprise users, a commercial support contract is available that includes priority bug fixes and feature requests.

Use Cases

1. Secure File Exchange – Companies can expose a single endpoint to partners while routing data to cloud object stores for compliance.
2. Backup & Restore Gateway – SFTPGo can act as a local front‑end to remote storage, allowing backup tools that only understand SFTP to store data in S3 or Azure Blob.
3. WebDAV File Manager – In environments where legacy applications require WebDAV, SFTPGo provides an easy‑to‑deploy solution with fine‑grained ACLs.
4. Microservice File API – A Go microservice can embed SFTPGo as a library to expose file operations without building a full server.

Advantages Over Alternatives

• Pure Go Implementation: Eliminates external dependencies, leading to faster binary builds and easier cross‑platform deployment.
• **Unified Protocol