mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-06 22:30:56 +03:00
docs: minor improvements
This commit is contained in:
Nicola Murino
@@ -801,6 +801,17 @@ func validateBaseParams(user *User) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func createUserPasswordHash(user *User) error {
|
||||||
|
if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
|
||||||
|
pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user.Password = pwd
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func validateUser(user *User) error {
|
func validateUser(user *User) error {
|
||||||
buildUserHomeDir(user)
|
buildUserHomeDir(user)
|
||||||
if err := validateBaseParams(user); err != nil {
|
if err := validateBaseParams(user); err != nil {
|
||||||
@@ -818,12 +829,8 @@ func validateUser(user *User) error {
|
|||||||
if user.Status < 0 || user.Status > 1 {
|
if user.Status < 0 || user.Status > 1 {
|
||||||
return &ValidationError{err: fmt.Sprintf("invalid user status: %v", user.Status)}
|
return &ValidationError{err: fmt.Sprintf("invalid user status: %v", user.Status)}
|
||||||
}
|
}
|
||||||
if len(user.Password) > 0 && !utils.IsStringPrefixInSlice(user.Password, hashPwdPrefixes) {
|
if err := createUserPasswordHash(user); err != nil {
|
||||||
pwd, err := argon2id.CreateHash(user.Password, argon2id.DefaultParams)
|
return err
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
user.Password = pwd
|
|
||||||
}
|
}
|
||||||
if err := validatePublicKeys(user); err != nil {
|
if err := validatePublicKeys(user); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ For each account, the following properties can be configured:
|
|||||||
- `s3_bucket`, required for S3 filesystem
|
- `s3_bucket`, required for S3 filesystem
|
||||||
- `s3_region`, required for S3 filesystem. Must match the region for your bucket. You can find here the list of available [AWS regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). For example if your bucket is at `Frankfurt` you have to set the region to `eu-central-1`
|
- `s3_region`, required for S3 filesystem. Must match the region for your bucket. You can find here the list of available [AWS regions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). For example if your bucket is at `Frankfurt` you have to set the region to `eu-central-1`
|
||||||
- `s3_access_key`
|
- `s3_access_key`
|
||||||
- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM)
|
- `s3_access_secret`, if provided it is stored encrypted (AES-256-GCM). You can leave access key and access secret blank to use credentials from environment
|
||||||
- `s3_endpoint`, specifies a S3 endpoint (server) different from AWS. It is not required if you are connecting to AWS
|
- `s3_endpoint`, specifies a S3 endpoint (server) different from AWS. It is not required if you are connecting to AWS
|
||||||
- `s3_storage_class`, leave blank to use the default or specify a valid AWS [storage class](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
|
- `s3_storage_class`, leave blank to use the default or specify a valid AWS [storage class](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)
|
||||||
- `s3_key_prefix`, allows to restrict access to the virtual folder identified by this prefix and its contents
|
- `s3_key_prefix`, allows to restrict access to the virtual folder identified by this prefix and its contents
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# Google Cloud Storage backend
|
# Google Cloud Storage backend
|
||||||
|
|
||||||
To connect SFTPGo to Google Cloud Storage, you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details.
|
To connect SFTPGo to Google Cloud Storage you can use use the Application Default Credentials (ADC) strategy to try to find your application's credentials automatically or you can explicitly provide a JSON credentials file that you can obtain from the Google Cloud Console. Take a look [here](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) for details.
|
||||||
|
|
||||||
Specifying a different `key_prefix`, you can assign different virtual folders of the same bucket to different users. This is similar to a chroot directory for local filesystem. Each SFTP/SCP user can only access the assigned virtual folder and its contents. The virtual folder identified by `key_prefix` does not need to be pre-created.
|
Specifying a different `key_prefix`, you can assign different virtual folders of the same bucket to different users. This is similar to a chroot directory for local filesystem. Each SFTP/SCP user can only access the assigned virtual folder and its contents. The virtual folder identified by `key_prefix` does not need to be pre-created.
|
||||||
|
|
||||||
|
|||||||
@@ -128,8 +128,8 @@ Stream|Baseline MB/s|Optimized MB/s|Balanced MB/s|OpenSSH MB/s|
|
|||||||
8|897|903|823|887|
|
8|897|903|823|887|
|
||||||
|
|
||||||
### Optimizations applied
|
### Optimizations applied
|
||||||
- AES-CTR optimization of Golang compiler, the patch hasn't been merged yet, you can apply it yourself. [Patch](https://go-review.googlesource.com/c/go/+/51670)
|
- AES-CTR optimization of Go compiler for x86_64, there is a [patch](https://go-review.googlesource.com/c/go/+/51670) that hasn't been merged yet, you can apply it yourself.
|
||||||
- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Golang's SHA256 implementation.
|
- Use [minio/sha256-simd](https://github.com/minio/sha256-simd) to accelerate MAC (Message Authentication Code) computation. In this way the tested hardware will use `Intel SHA Extensions` for SHA256 computation. This will give a significant performance boost compared to `AVX2` extensions used with the Go's SHA256 implementation. This patch is now included in SFTPGo master branch.
|
||||||
```
|
```
|
||||||
diff --git a/go.mod b/go.mod
|
diff --git a/go.mod b/go.mod
|
||||||
index f1b2caa..109e064 100644
|
index f1b2caa..109e064 100644
|
||||||
@@ -142,7 +142,7 @@ index f1b2caa..109e064 100644
|
|||||||
+
|
+
|
||||||
+replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
|
+replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
|
||||||
```
|
```
|
||||||
- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/issues/334).
|
- A new allocator for `pkg/sftp` which greatly improve parallel loads. We are discussing about this patch with `pkg/sftp` maintainers [here](https://github.com/pkg/sftp/pull/344).
|
||||||
```
|
```
|
||||||
diff --git a/go.mod b/go.mod
|
diff --git a/go.mod b/go.mod
|
||||||
index 109e064..4d67a47 100644
|
index 109e064..4d67a47 100644
|
||||||
@@ -152,7 +152,7 @@ index 109e064..4d67a47 100644
|
|||||||
replace github.com/eikenb/pipeat v0.0.0-20190316224601-fb1f3a9aa29f => github.com/drakkan/pipeat v0.0.0-20200123131427-11c048cfc0ec
|
replace github.com/eikenb/pipeat v0.0.0-20190316224601-fb1f3a9aa29f => github.com/drakkan/pipeat v0.0.0-20200123131427-11c048cfc0ec
|
||||||
|
|
||||||
replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
|
replace golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20200303175438-17ef3d252b1c
|
||||||
+replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200227085621-6b4abaad1b9a
|
+replace github.com/pkg/sftp => github.com/drakkan/sftp v0.0.0-20200319122022-2fc68482d27f
|
||||||
```
|
```
|
||||||
|
|
||||||
### HAProxy configuration
|
### HAProxy configuration
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ The following profiles are available, you can obtain them via HTTP GET requests:
|
|||||||
- `threadcreate`, stack traces that led to the creation of new OS threads
|
- `threadcreate`, stack traces that led to the creation of new OS threads
|
||||||
- `trace`, a trace of execution of the current program. You can specify the duration in the `seconds` GET parameter. After you get the trace file, use the `go tool trace` command to investigate the trace
|
- `trace`, a trace of execution of the current program. You can specify the duration in the `seconds` GET parameter. After you get the trace file, use the `go tool trace` command to investigate the trace
|
||||||
|
|
||||||
Let's see some examples:
|
For example you can:
|
||||||
|
|
||||||
- download a 30 seconds CPU profile from the URL `/debug/pprof/profile?seconds=30`
|
- download a 30 seconds CPU profile from the URL `/debug/pprof/profile?seconds=30`
|
||||||
- download a sampling of memory allocations of live objects from the URL `/debug/pprof/heap?gc=1`
|
- download a sampling of memory allocations of live objects from the URL `/debug/pprof/heap?gc=1`
|
||||||
|
|||||||
Reference in New Issue
Block a user