Configuration File

Certain configuration changes can only be made by modifying the configuration file and restarting the server. The configuration file is located at /etc/filemage/config.yml. You may need to use sudo to modify this file.

acme_use_auto_tls

  • type: bool
  • default: no

Enable automatic certificates from https://letsencrypt.org. acme_hostname must also be set.

acme_hostname

  • type: string

The hostname for which you want a certificate issued. This hostname must resolve to the servers public IP address.

tls_certificate

  • type: string
  • default: /opt/filemage/cert.pem

Path to a file containing a TLS certificate in PEM format.

tls_certificate_key

  • type: string
  • default: /opt/filemage/key.pem

Path to a file containing the secret key for the TLS certificate.

http_address

  • type: string
  • default: 0.0.0.0

The bind address of the HTTP and HTTPS listener.

http_port

  • type: int
  • default: 80

The port used by the HTTP listener.

https_port

  • type: int
  • default: 443

The port used by the HTTPS listener.

pg_host

  • type: string
  • default: /var/run/postgresql/

Database hostname or unix socket.

pg_port

  • type: int
  • default: 5432

Database port.

pg_user

  • type: string
  • default: filemage

Database user.

pg_password

  • type: string

Database user password.

pg_database

  • type: string
  • default: filemage

Database name.

pg_ssl_mode

  • type: string

Database SSL connection mode.

ftp_address

  • type: string
  • default: 0.0.0.0

Bind address of the FTP listener.

ftp_port

  • type: int
  • default: 21

The port used by the FTP listener.

ftp_public_address

  • type: string

The IP address presented to clients for passive connections.

ftp_data_port_start

  • type: int
  • default: 32768

Start value of passive mode FTP port range.

ftp_data_port_end

  • type: int
  • default: 60999

End value of passive mode FTP port range.

Note

When deploying from Azure Marketplace, this range is set to 6000-6005.

ftp_idle_timeout

  • type: int
  • default: 900

Seconds to wait before terminating idle FTP command connections.

ftp_require_tls

  • type: bool
  • default: no

Require FTP connections to use TLS after connecting when in implicit mode.

ftp_tls_mode

  • type: string
  • default: implict

Use 'implicit' or 'explicit' when TLS enabled for FTP.

ftp_log

  • type: map
    • enabled

      • type: bool
      • default: no
    • path

      • type: string
      • default: /var/log/filemage/ftp.log
    • format

      • type: string
      • default: logfmt

      Can be either json or logfmt.

    • max_size_mb

      • type: int
      • default: 100

      Max file size before rotating.

    • max_backups

      • type: int
      • default: 5

      Max number of rotated files to keep. Set to 0 to retain all files.

    • max_age_days

      • type: int
      • default: 0

      Number of days to keep rotated log files. Set to 0 to disable deletion based on age.

    • compress

      • type: bool
      • default: no

      Compress rotated log files.

Generate detailed logs of all received FTP commands.

Example Configuration:

ftp_log:
  enabled: yes
  path: /var/log/filemage/ftp.log
  format: json
  max_size_mb: 10
  max_backups: 3
  max_age_days: 28
  compress: yes

Sample Output:

time=2019-07-04T02:53:37.9396798Z client=172.20.0.3:21 remote=172.20.0.1:38556 command=AUTH param=TLS session=5e70633e15067daf007031a8151ac249
time=2019-07-04T02:53:37.9611056Z client=172.20.0.3:21 remote=172.20.0.1:38556 command=USER param=filemage session=5e70633e15067daf007031a8151ac249
time=2019-07-04T02:53:37.9620737Z client=172.20.0.3:21 remote=172.20.0.1:38556 command=PASS username=filemage session=5e70633e15067daf007031a8151ac249
time=2019-07-04T02:53:38.0968158Z client=172.20.0.3:21 remote=172.20.0.1:38556 command=OPTS param="UTF8 ON" username=filemage session=5e70633e15067daf007031a8151ac249

sftp_address

  • type: string
  • default: 0.0.0.0

Bind address of SFTP listener.

sftp_port

  • type: int
  • default: 2222

Port used by SFTP listener.

sftp_ciphers

  • type: list
  • default:
aes128-gcm@openssh.com
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
  • supported:
3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
arcfour
arcfour128
arcfour256
chacha20-poly1305@openssh.com

Specify the list of cipher algorithms that are presented to the client, in the specified order, during the SSH key exchange.

sftp_key_exchanges

  • type: list
  • default:
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1

Specify the list of key exchange algorithms to use.

sftp_digests

  • type: list
  • default:
hmac-sha2-256-etm@openssh.com
hmac-sha2-256
hmac-sha1
hmac-sha1-96

Specify the list of MAC digest algorithms to use.

connection_log

  • type: map
    • enabled

      • type: bool
      • default: no
    • path

      • type: string
      • default: /var/log/filemage/connections.log
    • format

      • type: string
      • default: logfmt

      Can be either json or logfmt.

    • max_size_mb

      • type: int
      • default: 100

      Max file size before rotating.

    • max_backups

      • type: int
      • default: 5

      Max number of rotated files to keep. Set to 0 to retain all files.

    • max_age_days

      • type: int
      • default: 0

      Number of days to keep rotated log files. Set to 0 to disable deletion based on age.

    • compress

      • type: bool
      • default: no

      Compress rotated log files.

Generate detailed logs of all FTP and SFTP connections established to the server.

Example Configuration:

connection_log:
  enabled: yes
  path: /var/log/filemage/connections.log
  format: json
  max_size_mb: 10
  max_backups: 3
  max_age_days: 28
  compress: yes

Sample Output:

time=2019-07-04T02:53:32.4361712Z client=172.20.0.3:2222 remote=172.20.0.1:57768 msg="open sftp connection"
time=2019-07-04T02:53:37.9370762Z client=172.20.0.3:21 remote=172.20.0.1:38556 msg="open ftp control connection"
time=2019-07-04T02:53:42.2099408Z client=172.20.0.3:6001 remote=172.20.0.1:38624 msg="open ftp passive data connection"