The DocEvent server can accept multiple flags when starting up, this article will describe the flags available and how they affect the servers use.
To get a list of options use the -h or --help flag like so:
$ ./sfs-server-darwin-amd64-0.1.7+165230a --help INFO DocEvent.io Server Version: 0.1.7+165230a version=0.1.7+165230a INFO Starting Self-Hosted Server Usage of ./sfs-server-darwin-amd64-0.1.7+165230a: -license="": DocEvent.io license key (required) -passiveports21="2030-2039": Passive ports to use for clear + explicit FTPS server -passiveports990="2040-2049": Passive ports to use for implicit FTPS server -port21=2021: Port 21 clear + explicit FTPS maps to -port22=2022: Port 22 SFTP maps to -port990=9990: Port 990 implicit FTPS maps to -publicip="": Public IP address and port sent to FTP clients -region="": DocEvent region to connect to -shutdownwindow=1: Seconds to keep connections open until final shutdown -sshkeyfile="": Private key file, ie. id_rsa -sshkeypassphrase="": Private key passphrase -tlscert="": TLS certificate file, ie. cert.cert -tlskey="": TLS certificate key file, ie. cert.key -welcome="DocEvent.io Simple File Server": Welcome message
Each option can also be passed as an environment variable, this makes it easy to run the server in a Docker container.
For example the -welcome option can also be read from the environment variable WELCOME
List of options
|-license||LICENSE||DocEvent.io license key|
|-passiveports21||PASSIVEPORTS21||2030-2039||The port range that FTP will use for passive FTP connections|
|-passiveports990||PASSIVEPORTS990||2040-2049||The port range that Implicit FTP will use for passive FTP connections|
|-port21||PORT21||2021||The port that the FTP server listens on|
|-port22||PORT22||2022||The port that the SSH (sftp/scp) server will listen on|
|-port990||PORT990||9990||The port that the implicit FTPS server will listen on|
|-publicip||PUBLICIP||This filed is required for FTP/s passive mode to work. It is the public IP address sent to the client FTP connection whenever they request a new passive network socket.|
|-region||REGION||The region to fetch configuration from. ap-southeast-2, us-east-1, eu-west-1 etc.|
|-shutdownwindow||SHUTDOWNWINDOW||1||After a kill signal is received, the number of seconds to wait for connections to disconnect before forcefully disconnecting and shutting down|
|-sshkeyfile||SSHKEYFILE||A typical RSA ssh key file generated from ssh-keygen, e.g. id_rsa|
|-sshkeypassphrase||SSHKEYPASSPHRASE||The optional passphrase if the key file (above) has been encrypted|
|-tlscert||TLSCERT||The public SSL certificate to provide for Secure FTP connections ie. Explicit FTPS and Implicit FTPS|
|-tlskey||TLSKEY||The private SSL key to use to encrypt/decrypt traffic for Secure FTP|
|-welcome||WELCOME||The server welcome message when users connect|
|PRODUCTION||0||Set to 1 in order to run in production mode|
Many options are standard for SSH and FTPS servers, however a few notable options with more detailed explanations are below.
The public IP is required for passive FTP connections. Without specifying the public IP passive connections will fail. This IP address needs to be a routable address over the network that the client FTP connection is connecting to.
For example if Alice is connecting to Bob's FTP server which is hosted on 22.214.171.124, then the public IP specified will be 126.96.36.199.
Alice will then start all new passive connections to this IP address.
-passiveports21 and -passiveports990
In the DocEvent server, 2 FTP servers are started - An Implicit FTP server and an Explicit FTP server.
These ports are opened on demand when a new passive connection is requested. Because these ports reference 2 different threads/servers running in the instance it is important these port ranges do not overlap or failures can occur.
By setting this environment variable the server will move into production mode, this means:
- The output will be JSON formatted for parsing into a log parser like Cloudwatch or Elasticsearch
- The server will require that you provide your own ssh key and ssl certificate and not use the default values