This project is an SFTP server using Apache MINA SSHD and Spring Boot.
- Project Overview
- Getting Started
- Usage
- Architecture
- Services
- Event Handling
- Configuration
- Logging
- Security
- Testing
- Deployment
- Troubleshooting
- Contributing
- License
- Contact
This is an SFTP server based on the Apache SSHD MINA library, Spring Boot, and PostgreSQL. The fundamental idea behind the project is to provide a serverless SFTP server with Virtual File System (VFS) connectivity to cloud storage, such as AWS S3, Google Cloud Platform (GCP), and others. The project aims to offer a scalable and flexible solution for secure file transfers.
Key features include:
- Cloud Storage Integration: Seamless integration with various cloud storage providers, enabling users to interact with cloud files as if they were local.
- Admin Interface: A comprehensive administrative interface for managing users and permissions. This will include integration with cloud identity and access management (IAM) services like AWS IAM.
- Secure Logging: Robust logging mechanisms to ensure all actions are recorded securely. Logs are stored in a manner that prevents tampering and supports auditing.
- Advanced Security Features: Enhanced security measures such as IP blocking, multi-factor authentication, and detailed access controls.
Currently, the project is a work in progress. The following components have been implemented:
- SFTP Functionality: Basic SFTP operations using Apache MINA SSHD.
- Security Features: IP blocking based on failed login attempts, and support for both password and public key authentication.
- Event Listeners: Custom event listeners to handle various server events, providing hooks for extending functionality.
- Database Connectivity: Integration with PostgreSQL for user management and configuration storage.
There are several key features and enhancements that are still under development:
- REST API: Development of a RESTful API to allow programmatic access to server functionalities, user management, and file operations.
- Admin Interface: Building a user-friendly web interface for administrators to manage users, view logs, and configure server settings.
- Enhanced Logging and Auditing: Further improvements to logging mechanisms to ensure comprehensive auditing capabilities.
- Additional Security Enhancements: Implementing advanced security features such as multi-factor authentication and more granular access controls.
- VFS Connectivity: Extending the VFS capabilities to support a wider range of cloud storage providers and ensuring seamless integration.
This project aims to deliver a robust and scalable SFTP server solution, leveraging the power of cloud storage and modern security practices to meet the needs of today's enterprises.
The project aims to provide a comprehensive SFTP server solution with the following features:
SSH Server: The core SFTP server functionality using Apache MINA SSHD.Password Authentication: Support for user authentication via passwords.Public Key Authentication: Support for user authentication via public key.Logging/Event Monitoring: Robust logging and event monitoring mechanisms to track server activity and user actions.Database Persistence: Integration with PostgreSQL for persisting user data and server configurations.Configuration Persistence: Storing server configurations in the database for easy management.
- Capability to Reload Application Context Beans: Automatically reload application context beans after an admin makes configuration changes.
- REST API: Development of a RESTful API to allow programmatic access to server functionalities, user management, and file operations.
- Admin UI: Building a user-friendly web interface for administrators to manage users, view logs, and configure server settings.
- Integration with AWS IAM:
- Configurable IAM Settings: Allow an admin to configure IAM settings through the Admin UI.
- Admin Login Using IAM Accounts: Enable administrators to log in using their AWS IAM accounts, ensuring secure and centralized user management.
- IAM Role and Permission Management: Provide an interface to manage user roles and permissions using AWS Identity and Access Management (IAM).
- Integration with AWS S3: Admin interface to configure and manage VFS connectivity to AWS S3 for seamless cloud storage integration.
- Additional Security Enhancements: Implementing advanced security features such as multi-factor authentication and more granular access controls.
- Enhanced Logging and Auditing: Further improvements to logging mechanisms to ensure comprehensive auditing capabilities.
- Extended VFS Connectivity: Support for a wider range of cloud storage providers, ensuring seamless integration with various cloud storage solutions.
- Advanced Monitoring and Alerting: Implementing monitoring and alerting mechanisms to notify administrators of suspicious activities or critical server events.
This section outlines the key features that the project aims to achieve, with clear distinctions between what has been completed and what is still pending.
- Java 21: The primary programming language used for the project.
- Spring Boot 3.3.1: Provides a robust framework for building Java-based applications, enabling easy setup and rapid development.
- Spring Boot Starter Web: For building web applications and RESTful services.
- Spring Boot Starter Security: For securing the application.
- Spring Boot Starter Data JPA: For data persistence using JPA and Hibernate.
- Spring Boot Starter Validation: For validating application data.
- Apache MINA SSHD 2.13.1: Used for implementing the core SFTP server functionalities.
- sshd-core: Core SSHD library.
- sshd-sftp: SFTP support in Apache MINA SSHD.
- PostgreSQL: Used as the primary database for storing user data and configurations.
- PostgreSQL JDBC Driver: For connecting to the PostgreSQL database.
- Flyway: For database migrations.
- Gradle: Build automation tool used for managing dependencies and building the project.
- Lombok: For reducing boilerplate code in Java by generating getters, setters, and other utility methods.
- Springfox 3.0.0: For documenting RESTful APIs.
- JUnit 5: For unit testing and integration testing.
- Mockito: For mocking dependencies in tests.
- Logback: For logging during tests.
- HikariCP 5.0.1: A high-performance JDBC connection pool.
- Spring Cloud: Potentially required for dynamically reloading application context beans after configuration changes.
- AWS SDK: To be used for integrating with AWS services like IAM and S3.
- Spring Cloud AWS: For seamless integration with AWS services, enabling features like IAM configuration and S3 connectivity.
- Admin UI Framework: To be decided for building the web-based admin interface for managing users and configurations.
- GitHub Actions: For CI/CD pipelines to automate testing, building, and deployment processes.
- Prerequisite 1
- Prerequisite 2
- Clone the repository
- Install dependencies
- Run the application
- Configuration details
- How to run the application
- Available commands and options
- Overview of the system architecture
- Description of various modules
- Details about BlockedHostService
- Details about SFTPPasswordLoginService
- Details about SFTPPublicKeyLoginService
- Details about CustomSFTPEventListener
- Details about HostBlockedEvent
- Configuration details for SFTPServer
- Details about SFTPInitialConfigService
- Details about SFTPInitialUserInitService
- How to configure logging
- Log formats used in the application
- Details about authentication mechanisms
- Details about authorization mechanisms
- Information on unit tests
- Information on integration tests
- How to deploy using Docker
- How to deploy using Kubernetes
- List of common issues and solutions
- Frequently Asked Questions
- Guidelines for contributing to the project
- Code of conduct for contributors
This project is licensed under the Apache License, Version 2.0. See the LICENSE file for more details.
- Contact details for support or questions
Alex L