A secure, configurable, and feature-rich FTP server written in C++ for Linux, macOS, and Windows.
- RFC 959 Compliant: Full FTP protocol implementation
- Passive Mode: Full PASV support with data connections
- Active Mode: Full PORT command support
- File Transfer: Upload, download, append, and resume support
- Directory Operations: List, create, remove, and navigate directories
- File Management: Delete, rename, and directory operations
- SSL/TLS Support: Full FTPS implementation with OpenSSL
- User Authentication: Username/password and PAM authentication
- Access Control: Basic permissions, path restrictions, and IP whitelisting
- Path Validation: Directory traversal protection and home directory enforcement
- Chroot Support: Directory isolation and privilege dropping
- Rate Limiting: Time-window based protection against abuse and DoS attacks
- Bandwidth Throttling: Upload and download speed limits
- Multi-Domain Support: Host multiple FTP sites on one server
- Per-Host Configuration: Individual settings for each virtual host
- SSL Certificate Management: Separate certificates per domain
- Access Control: User restrictions per virtual host
- Flexible Permissions: Granular control over user capabilities
- Anonymous Access: Configurable anonymous user support
- Guest Accounts: Limited access for temporary users
- Connection Limits: Per-user connection and transfer restrictions
- Session Management: Timeout and activity tracking
- Multi-threaded: Efficient handling of multiple connections
- Connection Management: Thread-safe connection tracking and cleanup
- Transfer Optimization: Basic file transfers (sendfile and memory-mapped I/O in v0.2.0)
- Statistics: Basic metrics (comprehensive statistics in v0.2.0)
- Logging: Advanced logging with STANDARD, JSON, and EXTENDED formats
- Cross-Platform: Linux, macOS, and Windows
- Native Builds: Optimized for each platform
- Package Management: DEB, RPM, PKG, and MSI packages
- Service Integration: systemd, launchd, and Windows services
The fastest way to get started with simple-sftpd is using Docker:
# Clone the repository
git clone https://github.com/simple-sftpd/simple-sftpd.git
cd simple-sftpd
# Quick start with Docker
cd deployment/examples/docker
docker-compose up -d
# Test the FTP service
nc -z localhost 21Docker Features:
- ✅ Zero dependencies - No need to install build tools
- ✅ Cross-platform - Works on Linux, macOS, Windows
- ✅ Production-ready - Optimized runtime image
- ✅ Development environment - Full debugging tools included
- ✅ Multi-architecture - x86_64, ARM64, ARMv7 support
For detailed Docker deployment, see Docker Deployment Guide.
- C++17 Compiler: GCC 7+, Clang 5+, or MSVC 2017+
- CMake 3.16+: Build system
- OpenSSL: SSL/TLS support
- jsoncpp: JSON configuration parsing
# Clone the repository
git clone https://github.com/simple-sftpd/simple-sftpd.git
cd simple-sftpd
# Build the project
make install-dev # Install development dependencies
make build # Build the application
make install # Install system-wideUbuntu/Debian:
sudo apt update
sudo apt install simple-sftpdCentOS/RHEL:
sudo yum install simple-sftpd
# or
sudo dnf install simple-sftpdmacOS:
brew install simple-sftpdsimple-sftpd supports multiple configuration formats (INI, JSON, YAML) and provides example configurations for different use cases:
Configuration Formats:
- INI (
.conf) - Traditional format, fully supported - JSON (
.json) - Machine-readable format (parser pending) - YAML (
.yml) - Human-readable format (parser pending)
Example Configurations:
config/simple/- Minimal configuration for basic setupsconfig/advanced/- Enhanced configuration with SSL/TLS and performance tuningconfig/production/- Hardened configuration for production deployments
- Choose and copy a configuration:
# For simple setup
sudo cp config/simple/simple-sftpd.conf /etc/simple-sftpd/simple-sftpd.conf
# For advanced setup
sudo cp config/advanced/simple-sftpd.conf /etc/simple-sftpd/simple-sftpd.conf
# For production
sudo cp config/production/simple-sftpd.conf /etc/simple-sftpd/simple-sftpd.conf- Edit the configuration file:
sudo nano /etc/simple-sftpd/simple-sftpd.conf- Create necessary directories:
sudo mkdir -p /var/ftp /var/log/simple-sftpd
sudo chown ftp:ftp /var/ftpFor detailed configuration options, see Configuration Guide.
# Start in foreground (for testing)
sudo simple-sftpd start --config /etc/simple-sftpd/simple-sftpd.conf
# Start as daemon
sudo simple-sftpd --daemon start
# Test configuration
simple-sftpd --test-config --config /etc/simple-sftpd/simple-sftpd.confLinux (systemd):
sudo systemctl enable simple-sftpd
sudo systemctl start simple-sftpd
sudo systemctl status simple-sftpdmacOS (launchd):
sudo launchctl load /Library/LaunchDaemons/com.blburns.simple-sftpd.plist
sudo launchctl start com.blburns.simple-sftpdWindows:
sc create simple-sftpd binPath= "C:\Program Files\simple-sftpd\bin\simple-sftpd.exe"
sc start simple-sftpdThe main configuration file (simple-sftpd.conf) supports both INI and JSON formats. Here's an example INI configuration:
# Global server settings
server_name = "Simple-Secure FTP Daemon"
server_version = "0.1.0"
enable_ssl = true
enable_virtual_hosts = true
# SSL Configuration
[ssl]
enabled = true
certificate_file = "/etc/simple-sftpd/ssl/server.crt"
private_key_file = "/etc/simple-sftpd/ssl/server.key"
# Connection settings
[connection]
bind_address = "0.0.0.0"
bind_port = 21
max_connections = 100
# Virtual hosts
[virtual_hosts.default]
hostname = "default"
document_root = "/var/ftp"
enabled = true
# Users
[users.admin]
username = "admin"
password_hash = "$2y$10$hashed_password"
home_directory = "/var/ftp/admin"
permissions = ["READ", "WRITE", "LIST", "UPLOAD", "DOWNLOAD"]# Add a new user
sudo simple-sftpd user add \
--username john \
--password secret \
--home /var/ftp/john \
--permissions READ,WRITE,LIST,UPLOAD,DOWNLOAD
# Add anonymous user
sudo simple-sftpd user add \
--username anonymous \
--home /var/ftp/public \
--anonymous \
--permissions READ,LIST,DOWNLOADAvailable permissions:
READ: Read files and directoriesWRITE: Write/create files and directoriesDELETE: Delete files and directoriesRENAME: Rename files and directoriesMKDIR: Create directoriesRMDIR: Remove directoriesLIST: List directory contentsUPLOAD: Upload filesDOWNLOAD: Download filesAPPEND: Append to filesADMIN: Administrative operations
# Add a new virtual host
sudo simple-sftpd virtual add \
--hostname ftp.example.com \
--root /var/ftp/example \
--ssl \
--certificate /etc/ssl/certs/example.com.crt \
--private-key /etc/ssl/private/example.com.keyEach virtual host can have:
- Separate document root
- Individual SSL certificates
- Custom security settings
- User access restrictions
- Transfer rate limits
# Generate certificate for a domain
sudo simple-sftpd ssl generate \
--hostname ftp.example.com \
--country US \
--state California \
--city San Francisco \
--organization "Example Corp" \
--email admin@example.com# Install existing certificates
sudo simple-sftpd ssl install \
--hostname ftp.example.com \
--certificate /path/to/certificate.crt \
--private-key /path/to/private.key \
--ca-certificate /path/to/ca.crt# Start the server
simple-sftpd start [--config FILE] [--daemon] [--foreground]
# Stop the server
simple-sftpd stop
# Restart the server
simple-sftpd restart
# Show server status
simple-sftpd status
# Reload configuration
simple-sftpd reload# List all users
simple-sftpd user list
# Add user
simple-sftpd user add --username NAME --password PASS --home DIR
# Remove user
simple-sftpd user remove --username NAME
# Modify user
simple-sftpd user modify --username NAME --permissions READ,WRITE
# Change password
simple-sftpd user password --username NAME --password NEW_PASS# List virtual hosts
simple-sftpd virtual list
# Add virtual host
simple-sftpd virtual add --hostname DOMAIN --root DIR
# Remove virtual host
simple-sftpd virtual remove --hostname DOMAIN
# Enable/disable virtual host
simple-sftpd virtual enable --hostname DOMAIN
simple-sftpd virtual disable --hostname DOMAIN# Generate certificate
simple-sftpd ssl generate --hostname DOMAIN
# Install certificate
simple-sftpd ssl install --hostname DOMAIN --cert FILE --key FILE
# Show SSL status
simple-sftpd ssl status
# Renew certificate
simple-sftpd ssl renew --hostname DOMAIN# Clone and setup
git clone https://github.com/simple-sftpd/simple-sftpd.git
cd simple-sftpd
# Install dependencies
make install-dev
# Build options
make debug # Debug build
make release # Release build
make test # Run tests
make clean # Clean build artifacts
# Package creation
make package # Create packages for current platformsimple-sftpd/
├── include/simple-sftpd/ # Header files
│ ├── ftp_server.hpp # Main server class
│ ├── ftp_connection.hpp # Connection handling
│ ├── ftp_user.hpp # User management
│ ├── ftp_virtual_host.hpp # Virtual host support
│ ├── ftp_server_config.hpp # Configuration
│ ├── logger.hpp # Logging system
│ └── platform.hpp # Platform abstraction
├── src/ # Source files
│ ├── core/ # Core implementation
│ ├── utils/ # Utility functions
│ └── main.cpp # Main application
├── config/ # Configuration files
├── tools/ # Management tools
├── docs/ # Documentation
├── scripts/ # Build and deployment scripts
├── deployment/ # Deployment configurations
│ └── examples/
│ └── docker/ # Docker deployment examples
├── Dockerfile # Multi-stage Docker build
├── docker-compose.yml # Docker Compose orchestration
├── .dockerignore # Docker build context optimization
├── CMakeLists.txt # CMake build configuration
└── Makefile # Make build system
simple-sftpd includes comprehensive Docker support for development, testing, and production deployment:
- Multi-stage builds for different Linux distributions (Ubuntu, CentOS, Alpine)
- Multi-architecture support (x86_64, ARM64, ARMv7)
- Development environment with debugging tools and live code mounting
- Production-ready runtime with minimal footprint and security hardening
- Health checks and monitoring capabilities
- Volume mounts for configuration, logs, and FTP data
# Development environment
docker-compose --profile dev up -d
# Production deployment
docker-compose --profile runtime up -d
# Build for all platforms
./scripts/build-docker.sh -d all
# Deploy with custom configuration
./scripts/deploy-docker.sh -p runtime -c ./config -l ./logs -d ./data- 21/tcp - FTP control port
- 990/tcp - FTPS control port (SSL/TLS)
- 1024-65535/tcp - Passive mode data ports
For complete Docker documentation, see Docker Deployment Guide.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
# Run all tests
make test
# Run specific test suites
cd build && ctest -R "unit_tests"
cd build && ctest -R "integration_tests"
# Run with coverage (Linux only)
make coverage
# Run with memory checking (Linux only)
make memcheck- Check configuration:
simple-sftpd --test-config --config /etc/simple-sftpd/simple-sftpd.conf- Check permissions:
sudo chown -R ftp:ftp /var/ftp
sudo chmod 755 /var/ftp- Check ports:
sudo netstat -tlnp | grep :21- Verify certificate files:
openssl x509 -in /etc/simple-sftpd/ssl/server.crt -text -noout- Check certificate permissions:
sudo chmod 600 /etc/simple-sftpd/ssl/server.key
sudo chown ftp:ftp /etc/simple-sftpd/ssl/server.key- Check system resources:
top
iostat
netstat -i- Adjust configuration:
[connection]
max_connections = 50
thread_pool_size = 4
[transfer]
buffer_size = 16384
use_sendfile = true- Main log:
/var/log/simple-sftpd/simple-sftpd.log - Access log:
/var/log/simple-sftpd/access.log - Error log:
/var/log/simple-sftpd/error.log
Enable debug logging:
[logging]
log_level = "DEBUG"
log_commands = true
log_transfers = true
# Development settings
debug_mode = true
verbose_logging = true
trace_commands = true- Use strong SSL certificates
- Enable chroot for users
- Drop privileges to non-root user
- Implement rate limiting
- Restrict allowed commands
- Use firewall rules
- Regular security updates
# Firewall rules (iptables)
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
# Or with ufw (Ubuntu)
sudo ufw allow 21/tcp
sudo ufw allow 1024:65535/tcp- Strong password policies
- Limited permissions
- Path restrictions
- Connection limits
- Session timeouts
# Increase file descriptor limits
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
# Kernel parameters
echo "net.core.somaxconn = 65536" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 65536" >> /etc/sysctl.conf
sysctl -p[connection]
max_connections = 200
backlog = 100
keep_alive = true
tcp_nodelay = true
[transfer]
buffer_size = 32768
use_sendfile = true
use_mmap = true
# Performance settings
thread_pool_size = 16
enable_compression = true
cache_size = 100MB# Show server statistics
simple-sftpd status
# Show performance metrics
simple-sftpd metrics
# Show connection information
simple-sftpd connections- Prometheus: Metrics endpoint at
/metrics - Grafana: Dashboard templates included
- Log aggregation: Structured logging support
- Health checks: HTTP health endpoint
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.
- Documentation: docs/
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Email: SimpleDaemons
- OpenSSL: SSL/TLS implementation
- jsoncpp: JSON parsing library
- CMake: Build system
- FTP RFC 959: Protocol specification
- ✅ Core FTP server functionality with file transfers
- ✅ Passive mode data connections
- ✅ User authentication and management
- ✅ CLI management interface (start, stop, restart, status, reload, test, user, virtual, ssl)
- ✅ Path validation and security
- ✅ Basic permission system
- ✅ Comprehensive logging (STANDARD, JSON, EXTENDED formats)
- ✅ Test suite (46 tests passing)
- ✅ Multi-platform support
- ✅ Comprehensive configuration system
- 🔄 SSL/TLS support (v0.2.0)
- 🔄 Virtual hosting (v0.3.0)