Welcome to our Help Center 👋

Server parameters

Learn about parameters available on the cli
Written by Mariusz
Updated 1 month ago

The DocEvent server can accept multiple flags when starting up, this article will describe the flags available and how they affect the servers use.

To get a list of options use the -h or --help flag like so:

$ ./sfs-server-darwin-amd64-0.1.7+165230a --help
INFO[0000] DocEvent.io Server Version: 0.1.7+165230a     version=0.1.7+165230a
INFO[0000] Starting Self-Hosted Server                  
Usage of ./sfs-server-darwin-amd64-0.1.7+165230a:
  -license="": DocEvent.io license key (required)
  -passiveports21="2030-2039": Passive ports to use for clear + explicit FTPS server
  -passiveports990="2040-2049": Passive ports to use for implicit FTPS server
  -port21=2021: Port 21 clear + explicit FTPS maps to
  -port22=2022: Port 22 SFTP maps to
  -port990=9990: Port 990 implicit FTPS maps to
  -publicip="": Public IP address and port sent to FTP clients
  -region="": DocEvent region to connect to
  -shutdownwindow=1: Seconds to keep connections open until final shutdown
  -sshkeyfile="": Private key file, ie. id_rsa
  -sshkeypassphrase="": Private key passphrase
  -tlscert="": TLS certificate file, ie. cert.cert
  -tlskey="": TLS certificate key file, ie. cert.key
  -welcome="DocEvent.io Simple File Server": Welcome message

Environment variables

Each option can also be passed as an environment variable, this makes it easy to run the server in a Docker container.

For example the -welcome option can also be read from the environment variable WELCOME

List of options

Flag Environment Default Description
-license LICENSE DocEvent.io license key
-passiveports21 PASSIVEPORTS21 2030-2039 The port range that FTP will use for passive FTP connections
-passiveports990 PASSIVEPORTS990 2040-2049 The port range that Implicit FTP will use for passive FTP connections
-port21 PORT21 2021 The port that the FTP server listens on
-port22 PORT22 2022 The port that the SSH (sftp/scp) server will listen on
-port990 PORT990 9990 The port that the implicit FTPS server will listen on
-publicip PUBLICIP This filed is required for FTP/s passive mode to work.  It is the public IP address sent to the client FTP connection whenever they request a new passive network socket.
-region REGION The region to fetch configuration from. ap-southeast-2, us-east-1, eu-west-1 etc.
-shutdownwindow SHUTDOWNWINDOW 1 After a kill signal is received, the number of seconds to wait for connections to disconnect before forcefully disconnecting and shutting down
-sshkeyfile SSHKEYFILE A typical RSA ssh key file generated from ssh-keygen, e.g. id_rsa
-sshkeypassphrase SSHKEYPASSPHRASE The optional passphrase if the key file (above) has been encrypted
-tlscert TLSCERT The public SSL certificate to provide for Secure FTP connections ie. Explicit FTPS and Implicit FTPS
-tlskey TLSKEY The private SSL key to use to encrypt/decrypt traffic for Secure FTP
-welcome WELCOME The server welcome message when users connect
PRODUCTION 0 Set to 1 in order to run in production mode

Notable options

Many options are standard for SSH and FTPS servers, however a few notable options with more detailed explanations are below.


The public IP is required for passive FTP connections.  Without specifying the public IP passive connections will fail.  This IP address needs to be a routable address over the network that the client FTP connection is connecting to.

For example if Alice is connecting to Bob's FTP server which is hosted on, then the public IP specified will be

Alice will then start all new passive connections to this IP address.

-passiveports21 and -passiveports990

In the DocEvent server, 2 FTP servers are started - An Implicit FTP server and an Explicit FTP server.

These ports are opened on demand when a new passive connection is requested.  Because these ports reference 2 different threads/servers running in the instance it is important these port ranges do not overlap or failures can occur.


By setting this environment variable the server will move into production mode, this means:

  1. The output will be JSON formatted for parsing into a log parser like Cloudwatch or Elasticsearch
  2. The server will require that you provide your own ssh key and ssl certificate and not use the default values

Did this answer your question?