Open pedroponte opened 1 day ago
Whilst the normal FTP connection works, the FTP with TLS and Let's encrypt certificates is not working.
Any help would be appreciated. Many thanks
Client connection
Server settings
Allow connections via FTPs
SFTPGo 2.6.2 636a1c2c
sqlite
Community Docker image
sftpgo.json config { "common": { "idle_timeout": 15, "upload_mode": 0, "actions": { "execute_on": [], "execute_sync": [], "hook": "" }, "setstat_mode": 0, "rename_mode": 0, "resume_max_size": 0, "temp_path": "", "proxy_protocol": 0, "proxy_allowed": [], "proxy_skipped": [], "startup_hook": "", "post_connect_hook": "", "post_disconnect_hook": "", "data_retention_hook": "", "max_total_connections": 0, "max_per_host_connections": 20, "allowlist_status": 0, "allow_self_connections": 0, "umask": "", "server_version": "", "metadata": { "read": 0 }, "defender": { "enabled": false, "driver": "memory", "ban_time": 30, "ban_time_increment": 50, "threshold": 15, "score_invalid": 2, "score_valid": 1, "score_limit_exceeded": 3, "score_no_auth": 0, "observation_time": 30, "entries_soft_limit": 100, "entries_hard_limit": 150, "login_delay": { "success": 0, "password_failed": 1000 } }, "rate_limiters": [ { "average": 0, "period": 1000, "burst": 1, "type": 2, "protocols": [ "SSH", "FTP", "DAV", "HTTP" ], "generate_defender_events": false, "entries_soft_limit": 100, "entries_hard_limit": 150 } ] }, "acme": { "domains": [], "email": "", "key_type": "4096", "certs_path": "certs", "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory", "renew_days": 30, "http01_challenge": { "port": 80, "proxy_header": "", "webroot": "" }, "tls_alpn01_challenge": { "port": 0 } }, "sftpd": { "bindings": [ { "port": 2022, "address": "", "apply_proxy_config": true } ], "max_auth_tries": 0, "host_keys": [], "host_certificates": [], "host_key_algorithms": [], "kex_algorithms": [], "min_dh_group_exchange_key_size": 2048, "ciphers": [], "macs": [], "public_key_algorithms": [], "trusted_user_ca_keys": [], "revoked_user_certs_file": "", "login_banner_file": "", "enabled_ssh_commands": [ "md5sum", "sha1sum", "sha256sum", "cd", "pwd", "scp" ], "keyboard_interactive_authentication": true, "keyboard_interactive_auth_hook": "", "password_authentication": true, "folder_prefix": "" }, "ftpd": { "bindings": [ { "port": "2121", "address": "", "apply_proxy_config": true, "tls_mode": "1", "tls_session_reuse": 0, "certificate_file": "/etc/sftpgo/certs/ftp.domain.com.crt", "certificate_key_file": "/etc/sftpgo/certs/ftp.domain.com.key", "min_tls_version": 12, "force_passive_ip": "", "passive_ip_overrides": [], "passive_host": "", "client_auth_type": 0, "tls_cipher_suites": [], "passive_connections_security": 0, "active_connections_security": 0, "ignore_ascii_transfer_type": 0, "debug": true } ], "banner_file": "", "active_transfers_port_non_20": true, "passive_port_range": { "start": 50000, "end": 50100 }, "disable_active_mode": true, "enable_site": false, "hash_support": 0, "combine_support": 0, "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [] }, "webdavd": { "bindings": [ { "port": 0, "address": "", "enable_https": false, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "client_auth_type": 0, "tls_cipher_suites": [], "tls_protocols": [], "prefix": "", "proxy_allowed": [], "client_ip_proxy_header": "", "client_ip_header_depth": 0, "disable_www_auth_header": false } ], "certificate_file": "/etc/sftpgo/certs/ftp.domain.com.crt", "certificate_key_file": "/etc/sftpgo/certs/ftp.domain.com.key", "ca_certificates": [], "ca_revocation_lists": [], "cors": { "enabled": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 0, "options_passthrough": false, "options_success_status": 0, "allow_private_network": false }, "cache": { "users": { "expiration_time": 0, "max_size": 50 }, "mime_types": { "enabled": true, "max_size": 1000, "custom_mappings": [] } } }, "data_provider": { "driver": "sqlite", "name": "sftpgo.db", "host": "", "port": 0, "username": "", "password": "", "sslmode": 0, "disable_sni": false, "target_session_attrs": "", "root_cert": "", "client_cert": "", "client_key": "", "connection_string": "", "sql_tables_prefix": "", "track_quota": 2, "delayed_quota_update": 0, "pool_size": 0, "users_base_dir": "/srv/sftpgo/data", "actions": { "execute_on": [], "execute_for": [], "hook": "" }, "external_auth_hook": "", "external_auth_scope": 0, "pre_login_hook": "", "post_login_hook": "", "post_login_scope": 0, "check_password_hook": "", "check_password_scope": 0, "password_hashing": { "bcrypt_options": { "cost": 10 }, "argon2_options": { "memory": 65536, "iterations": 1, "parallelism": 2 }, "algo": "bcrypt" }, "password_validation": { "admins": { "min_entropy": 0 }, "users": { "min_entropy": 0 } }, "password_caching": true, "update_mode": 0, "create_default_admin": false, "naming_rules": 5, "is_shared": 0, "node": { "host": "", "port": 0, "proto": "http" }, "backups_path": "/srv/sftpgo/backups" }, "httpd": { "bindings": [ { "port": 8080, "address": "", "enable_web_admin": true, "enable_web_client": true, "enable_rest_api": true, "enabled_login_methods": 0, "enable_https": false, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "client_auth_type": 0, "tls_cipher_suites": [], "tls_protocols": [], "proxy_allowed": [], "client_ip_proxy_header": "", "client_ip_header_depth": 0, "hide_login_url": 0, "render_openapi": true, "oidc": { "client_id": "", "client_secret": "", "client_secret_file": "", "config_url": "", "redirect_base_url": "", "scopes": [ "openid", "profile", "email" ], "username_field": "", "role_field": "", "implicit_roles": false, "custom_fields": [], "insecure_skip_signature_check": false, "debug": false }, "security": { "enabled": false, "allowed_hosts": [], "allowed_hosts_are_regex": false, "hosts_proxy_headers": [], "https_redirect": false, "https_host": "", "https_proxy_headers": [], "sts_seconds": 0, "sts_include_subdomains": false, "sts_preload": false, "content_type_nosniff": false, "content_security_policy": "", "permissions_policy": "", "cross_origin_opener_policy": "" }, "branding": { "web_admin": { "name": "", "short_name": "", "favicon_path": "", "logo_path": "", "disclaimer_name": "", "disclaimer_path": "", "default_css": [], "extra_css": [] }, "web_client": { "name": "", "short_name": "", "favicon_path": "", "logo_path": "", "disclaimer_name": "", "disclaimer_path": "", "default_css": [], "extra_css": [] } } } ], "templates_path": "templates", "static_files_path": "static", "openapi_path": "openapi", "web_root": "", "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [], "signing_passphrase": "", "signing_passphrase_file": "", "token_validation": 0, "max_upload_file_size": 0, "cors": { "enabled": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 0, "options_passthrough": false, "options_success_status": 0, "allow_private_network": false }, "setup": { "installation_code": "", "installation_code_hint": "Installation code" }, "hide_support_link": false }, "telemetry": { "bind_port": 0, "bind_address": "127.0.0.1", "enable_profiler": false, "auth_user_file": "", "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "tls_cipher_suites": [], "tls_protocols": [] }, "http": { "timeout": 20, "retry_wait_min": 2, "retry_wait_max": 30, "retry_max": 3, "ca_certificates": [], "certificates": [], "skip_tls_verify": false, "headers": [] }, "command": { "timeout": 30, "env": [], "commands": [] }, "kms": { "secrets": { "url": "", "master_key": "", "master_key_path": "" } }, "mfa": { "totp": [ { "name": "Default", "issuer": "SFTPGo", "algo": "sha1" } ] }, "smtp": { "host": "", "port": 587, "from": "", "user": "", "password": "", "auth_type": 0, "encryption": 0, "domain": "", "templates_path": "templates", "debug": 0, "oauth2": { "provider": 0, "tenant": "", "client_id": "", "client_secret": "", "refresh_token": "" } }, "plugins": [] }
Error log - IPs ommited 2024-10-17T15:29:53.621 DBG Client connected | sender=ftpserverlib server_id=FTP_0 clientId=1 clientIp=1x.yy.yy.6:63261 2024-10-17T15:29:53.623 DBG connection added, local address "1xx.1x.0.2:2121", remote address "1x.yy.yy.6:63261", num open connections: 1 | sender=FTP connection_id=FTP_0_1 2024-10-17T15:29:53.652 ERR Read error | sender=ftpserverlib server_id=FTP_0 clientId=1 err=tls: client offered only unsupported versions: [302 301] 2024-10-17T15:29:53.652 DBG connection removed, local address "1xx.1x.0.2:2121", remote address "1x.yy.yy.6:63261" close fs error: <nil>, num open connections: 0 | sender=FTP connection_id=FTP_0_1 2024-10-17T15:29:53.652 DBG | sender=connection_failed client_ip=1x.yy.yy.6 username= login_type=no_auth_tried protocol=FTP error=no auth tried 2024-10-17T15:29:53.652 DBG Client disconnected | sender=ftpserverlib server_id=FTP_0 clientId=1 clientIp=1x.yy.yy.6:63261
Private user, home usecase (home backup/VPS)
No response
@drakkan FYA please, TIA!
pedroponte
commented
1 day ago pedroponte
commented
1 day ago
⚠️ This issue respects the following points: ⚠️
Bug description
Whilst the normal FTP connection works, the FTP with TLS and Let's encrypt certificates is not working.
Any help would be appreciated. Many thanks
Steps to reproduce
Client connection
Server settings
Expected behavior
Allow connections via FTPs
SFTPGo version
SFTPGo 2.6.2 636a1c2c
Data provider
sqlite
Installation method
Community Docker image
Configuration
sftpgo.json config { "common": { "idle_timeout": 15, "upload_mode": 0, "actions": { "execute_on": [], "execute_sync": [], "hook": "" }, "setstat_mode": 0, "rename_mode": 0, "resume_max_size": 0, "temp_path": "", "proxy_protocol": 0, "proxy_allowed": [], "proxy_skipped": [], "startup_hook": "", "post_connect_hook": "", "post_disconnect_hook": "", "data_retention_hook": "", "max_total_connections": 0, "max_per_host_connections": 20, "allowlist_status": 0, "allow_self_connections": 0, "umask": "", "server_version": "", "metadata": { "read": 0 }, "defender": { "enabled": false, "driver": "memory", "ban_time": 30, "ban_time_increment": 50, "threshold": 15, "score_invalid": 2, "score_valid": 1, "score_limit_exceeded": 3, "score_no_auth": 0, "observation_time": 30, "entries_soft_limit": 100, "entries_hard_limit": 150, "login_delay": { "success": 0, "password_failed": 1000 } }, "rate_limiters": [ { "average": 0, "period": 1000, "burst": 1, "type": 2, "protocols": [ "SSH", "FTP", "DAV", "HTTP" ], "generate_defender_events": false, "entries_soft_limit": 100, "entries_hard_limit": 150 } ] }, "acme": { "domains": [], "email": "", "key_type": "4096", "certs_path": "certs", "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory", "renew_days": 30, "http01_challenge": { "port": 80, "proxy_header": "", "webroot": "" }, "tls_alpn01_challenge": { "port": 0 } }, "sftpd": { "bindings": [ { "port": 2022, "address": "", "apply_proxy_config": true } ], "max_auth_tries": 0, "host_keys": [], "host_certificates": [], "host_key_algorithms": [], "kex_algorithms": [], "min_dh_group_exchange_key_size": 2048, "ciphers": [], "macs": [], "public_key_algorithms": [], "trusted_user_ca_keys": [], "revoked_user_certs_file": "", "login_banner_file": "", "enabled_ssh_commands": [ "md5sum", "sha1sum", "sha256sum", "cd", "pwd", "scp" ], "keyboard_interactive_authentication": true, "keyboard_interactive_auth_hook": "", "password_authentication": true, "folder_prefix": "" }, "ftpd": { "bindings": [ { "port": "2121", "address": "", "apply_proxy_config": true, "tls_mode": "1", "tls_session_reuse": 0, "certificate_file": "/etc/sftpgo/certs/ftp.domain.com.crt", "certificate_key_file": "/etc/sftpgo/certs/ftp.domain.com.key", "min_tls_version": 12, "force_passive_ip": "", "passive_ip_overrides": [], "passive_host": "", "client_auth_type": 0, "tls_cipher_suites": [], "passive_connections_security": 0, "active_connections_security": 0, "ignore_ascii_transfer_type": 0, "debug": true } ], "banner_file": "", "active_transfers_port_non_20": true, "passive_port_range": { "start": 50000, "end": 50100 }, "disable_active_mode": true, "enable_site": false, "hash_support": 0, "combine_support": 0, "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [] }, "webdavd": { "bindings": [ { "port": 0, "address": "", "enable_https": false, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "client_auth_type": 0, "tls_cipher_suites": [], "tls_protocols": [], "prefix": "", "proxy_allowed": [], "client_ip_proxy_header": "", "client_ip_header_depth": 0, "disable_www_auth_header": false } ], "certificate_file": "/etc/sftpgo/certs/ftp.domain.com.crt", "certificate_key_file": "/etc/sftpgo/certs/ftp.domain.com.key", "ca_certificates": [], "ca_revocation_lists": [], "cors": { "enabled": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 0, "options_passthrough": false, "options_success_status": 0, "allow_private_network": false }, "cache": { "users": { "expiration_time": 0, "max_size": 50 }, "mime_types": { "enabled": true, "max_size": 1000, "custom_mappings": [] } } }, "data_provider": { "driver": "sqlite", "name": "sftpgo.db", "host": "", "port": 0, "username": "", "password": "", "sslmode": 0, "disable_sni": false, "target_session_attrs": "", "root_cert": "", "client_cert": "", "client_key": "", "connection_string": "", "sql_tables_prefix": "", "track_quota": 2, "delayed_quota_update": 0, "pool_size": 0, "users_base_dir": "/srv/sftpgo/data", "actions": { "execute_on": [], "execute_for": [], "hook": "" }, "external_auth_hook": "", "external_auth_scope": 0, "pre_login_hook": "", "post_login_hook": "", "post_login_scope": 0, "check_password_hook": "", "check_password_scope": 0, "password_hashing": { "bcrypt_options": { "cost": 10 }, "argon2_options": { "memory": 65536, "iterations": 1, "parallelism": 2 }, "algo": "bcrypt" }, "password_validation": { "admins": { "min_entropy": 0 }, "users": { "min_entropy": 0 } }, "password_caching": true, "update_mode": 0, "create_default_admin": false, "naming_rules": 5, "is_shared": 0, "node": { "host": "", "port": 0, "proto": "http" }, "backups_path": "/srv/sftpgo/backups" }, "httpd": { "bindings": [ { "port": 8080, "address": "", "enable_web_admin": true, "enable_web_client": true, "enable_rest_api": true, "enabled_login_methods": 0, "enable_https": false, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "client_auth_type": 0, "tls_cipher_suites": [], "tls_protocols": [], "proxy_allowed": [], "client_ip_proxy_header": "", "client_ip_header_depth": 0, "hide_login_url": 0, "render_openapi": true, "oidc": { "client_id": "", "client_secret": "", "client_secret_file": "", "config_url": "", "redirect_base_url": "", "scopes": [ "openid", "profile", "email" ], "username_field": "", "role_field": "", "implicit_roles": false, "custom_fields": [], "insecure_skip_signature_check": false, "debug": false }, "security": { "enabled": false, "allowed_hosts": [], "allowed_hosts_are_regex": false, "hosts_proxy_headers": [], "https_redirect": false, "https_host": "", "https_proxy_headers": [], "sts_seconds": 0, "sts_include_subdomains": false, "sts_preload": false, "content_type_nosniff": false, "content_security_policy": "", "permissions_policy": "", "cross_origin_opener_policy": "" }, "branding": { "web_admin": { "name": "", "short_name": "", "favicon_path": "", "logo_path": "", "disclaimer_name": "", "disclaimer_path": "", "default_css": [], "extra_css": [] }, "web_client": { "name": "", "short_name": "", "favicon_path": "", "logo_path": "", "disclaimer_name": "", "disclaimer_path": "", "default_css": [], "extra_css": [] } } } ], "templates_path": "templates", "static_files_path": "static", "openapi_path": "openapi", "web_root": "", "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [], "signing_passphrase": "", "signing_passphrase_file": "", "token_validation": 0, "max_upload_file_size": 0, "cors": { "enabled": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 0, "options_passthrough": false, "options_success_status": 0, "allow_private_network": false }, "setup": { "installation_code": "", "installation_code_hint": "Installation code" }, "hide_support_link": false }, "telemetry": { "bind_port": 0, "bind_address": "127.0.0.1", "enable_profiler": false, "auth_user_file": "", "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "tls_cipher_suites": [], "tls_protocols": [] }, "http": { "timeout": 20, "retry_wait_min": 2, "retry_wait_max": 30, "retry_max": 3, "ca_certificates": [], "certificates": [], "skip_tls_verify": false, "headers": [] }, "command": { "timeout": 30, "env": [], "commands": [] }, "kms": { "secrets": { "url": "", "master_key": "", "master_key_path": "" } }, "mfa": { "totp": [ { "name": "Default", "issuer": "SFTPGo", "algo": "sha1" } ] }, "smtp": { "host": "", "port": 587, "from": "", "user": "", "password": "", "auth_type": 0, "encryption": 0, "domain": "", "templates_path": "templates", "debug": 0, "oauth2": { "provider": 0, "tenant": "", "client_id": "", "client_secret": "", "refresh_token": "" } }, "plugins": [] }
Relevant log output
What are you using SFTPGo for?
Private user, home usecase (home backup/VPS)
Additional info
No response