A secure, configurable, and feature-rich FTP server written in C++ for Linux, macOS, and Windows.
- RFC 959 Compliant: Full FTP protocol implementation
- Active/Passive Mode: Support for both connection modes
- File Transfer: Upload, download, append, and resume capabilities
- Directory Operations: List, create, remove, and navigate directories
- File Management: Rename, delete, and modify file permissions
- SSL/TLS Support: Secure file transfers with OpenSSL
- User Authentication: Multiple authentication methods (password, hash, PAM, LDAP)
- Access Control: Granular permissions and path restrictions
- Chroot Support: Isolated file system access
- Privilege Dropping: Security hardening for production use
- Rate Limiting: Protection against abuse and DoS attacks
- Multi-Domain Support: Host multiple FTP sites on one server
- Per-Host Configuration: Individual settings for each virtual host
- SSL Certificate Management: Separate certificates per domain
- Access Control: User restrictions per virtual host
- Flexible Permissions: Granular control over user capabilities
- Anonymous Access: Configurable anonymous user support
- Guest Accounts: Limited access for temporary users
- Connection Limits: Per-user connection and transfer restrictions
- Session Management: Timeout and activity tracking
- Multi-threaded: Efficient handling of multiple connections
- Connection Pooling: Optimized resource management
- Transfer Optimization: Sendfile and memory-mapped I/O support
- Statistics: Comprehensive usage and performance metrics
- Logging: Advanced logging with rotation and filtering
- Cross-Platform: Linux, macOS, and Windows
- Native Builds: Optimized for each platform
- Package Management: DEB, RPM, PKG, and MSI packages
- Service Integration: systemd, launchd, and Windows services
The fastest way to get started with ssftpd is using Docker:
# Clone the repository
git clone https://github.com/ssftpd/ssftpd.git
cd ssftpd
# Quick start with Docker
cd deployment/examples/docker
docker-compose up -d
# Test the FTP service
nc -z localhost 21Docker Features:
- ✅ Zero dependencies - No need to install build tools
- ✅ Cross-platform - Works on Linux, macOS, Windows
- ✅ Production-ready - Optimized runtime image
- ✅ Development environment - Full debugging tools included
- ✅ Multi-architecture - x86_64, ARM64, ARMv7 support
For detailed Docker deployment, see Docker Deployment Guide.
- C++17 Compiler: GCC 7+, Clang 5+, or MSVC 2017+
- CMake 3.16+: Build system
- OpenSSL: SSL/TLS support
- jsoncpp: JSON configuration parsing
# Clone the repository
git clone https://github.com/ssftpd/ssftpd.git
cd ssftpd
# Build the project
make install-dev # Install development dependencies
make build # Build the application
make install # Install system-wideUbuntu/Debian:
sudo apt update
sudo apt install ssftpdCentOS/RHEL:
sudo yum install ssftpd
# or
sudo dnf install ssftpdmacOS:
brew install ssftpd- Copy the example configuration:
sudo cp /etc/ssftpd/ssftpd.conf.example /etc/ssftpd/ssftpd.conf- Edit the configuration file:
sudo nano /etc/ssftpd/ssftpd.conf- Create necessary directories:
sudo mkdir -p /var/ftp /var/log/ssftpd
sudo chown ftp:ftp /var/ftp# Start in foreground (for testing)
sudo ssftpd start --config /etc/ssftpd/ssftpd.conf
# Start as daemon
sudo ssftpd --daemon start
# Test configuration
ssftpd --test-config --config /etc/ssftpd/ssftpd.confLinux (systemd):
sudo systemctl enable ssftpd
sudo systemctl start ssftpd
sudo systemctl status ssftpdmacOS (launchd):
sudo launchctl load /Library/LaunchDaemons/com.blburns.ssftpd.plist
sudo launchctl start com.blburns.ssftpdWindows:
sc create ssftpd binPath= "C:\Program Files\ssftpd\bin\ssftpd.exe"
sc start ssftpdThe main configuration file (ssftpd.conf) supports both INI and JSON formats. Here's an example INI configuration:
# Global server settings
server_name = "Simple-Secure FTP Daemon"
server_version = "0.1.0"
enable_ssl = true
enable_virtual_hosts = true
# SSL Configuration
[ssl]
enabled = true
certificate_file = "/etc/ssftpd/ssl/server.crt"
private_key_file = "/etc/ssftpd/ssl/server.key"
# Connection settings
[connection]
bind_address = "0.0.0.0"
bind_port = 21
max_connections = 100
# Virtual hosts
[virtual_hosts.default]
hostname = "default"
document_root = "/var/ftp"
enabled = true
# Users
[users.admin]
username = "admin"
password_hash = "$2y$10$hashed_password"
home_directory = "/var/ftp/admin"
permissions = ["READ", "WRITE", "LIST", "UPLOAD", "DOWNLOAD"]# Add a new user
sudo ssftpd user add \
--username john \
--password secret \
--home /var/ftp/john \
--permissions READ,WRITE,LIST,UPLOAD,DOWNLOAD
# Add anonymous user
sudo ssftpd user add \
--username anonymous \
--home /var/ftp/public \
--anonymous \
--permissions READ,LIST,DOWNLOADAvailable permissions:
READ: Read files and directoriesWRITE: Write/create files and directoriesDELETE: Delete files and directoriesRENAME: Rename files and directoriesMKDIR: Create directoriesRMDIR: Remove directoriesLIST: List directory contentsUPLOAD: Upload filesDOWNLOAD: Download filesAPPEND: Append to filesADMIN: Administrative operations
# Add a new virtual host
sudo ssftpd virtual add \
--hostname ftp.example.com \
--root /var/ftp/example \
--ssl \
--certificate /etc/ssl/certs/example.com.crt \
--private-key /etc/ssl/private/example.com.keyEach virtual host can have:
- Separate document root
- Individual SSL certificates
- Custom security settings
- User access restrictions
- Transfer rate limits
# Generate certificate for a domain
sudo ssftpd ssl generate \
--hostname ftp.example.com \
--country US \
--state California \
--city San Francisco \
--organization "Example Corp" \
--email admin@example.com# Install existing certificates
sudo ssftpd ssl install \
--hostname ftp.example.com \
--certificate /path/to/certificate.crt \
--private-key /path/to/private.key \
--ca-certificate /path/to/ca.crt# Start the server
ssftpd start [--config FILE] [--daemon] [--foreground]
# Stop the server
ssftpd stop
# Restart the server
ssftpd restart
# Show server status
ssftpd status
# Reload configuration
ssftpd reload# List all users
ssftpd user list
# Add user
ssftpd user add --username NAME --password PASS --home DIR
# Remove user
ssftpd user remove --username NAME
# Modify user
ssftpd user modify --username NAME --permissions READ,WRITE
# Change password
ssftpd user password --username NAME --password NEW_PASS# List virtual hosts
ssftpd virtual list
# Add virtual host
ssftpd virtual add --hostname DOMAIN --root DIR
# Remove virtual host
ssftpd virtual remove --hostname DOMAIN
# Enable/disable virtual host
ssftpd virtual enable --hostname DOMAIN
ssftpd virtual disable --hostname DOMAIN# Generate certificate
ssftpd ssl generate --hostname DOMAIN
# Install certificate
ssftpd ssl install --hostname DOMAIN --cert FILE --key FILE
# Show SSL status
ssftpd ssl status
# Renew certificate
ssftpd ssl renew --hostname DOMAIN# Clone and setup
git clone https://github.com/ssftpd/ssftpd.git
cd ssftpd
# Install dependencies
make install-dev
# Build options
make debug # Debug build
make release # Release build
make test # Run tests
make clean # Clean build artifacts
# Package creation
make package # Create packages for current platformssftpd/
├── include/ssftpd/ # Header files
│ ├── ftp_server.hpp # Main server class
│ ├── ftp_connection.hpp # Connection handling
│ ├── ftp_user.hpp # User management
│ ├── ftp_virtual_host.hpp # Virtual host support
│ ├── ftp_server_config.hpp # Configuration
│ ├── logger.hpp # Logging system
│ └── platform.hpp # Platform abstraction
├── src/ # Source files
│ ├── core/ # Core implementation
│ ├── utils/ # Utility functions
│ └── main.cpp # Main application
├── config/ # Configuration files
├── tools/ # Management tools
├── docs/ # Documentation
├── scripts/ # Build and deployment scripts
├── deployment/ # Deployment configurations
│ └── examples/
│ └── docker/ # Docker deployment examples
├── Dockerfile # Multi-stage Docker build
├── docker-compose.yml # Docker Compose orchestration
├── .dockerignore # Docker build context optimization
├── CMakeLists.txt # CMake build configuration
└── Makefile # Make build system
ssftpd includes comprehensive Docker support for development, testing, and production deployment:
- Multi-stage builds for different Linux distributions (Ubuntu, CentOS, Alpine)
- Multi-architecture support (x86_64, ARM64, ARMv7)
- Development environment with debugging tools and live code mounting
- Production-ready runtime with minimal footprint and security hardening
- Health checks and monitoring capabilities
- Volume mounts for configuration, logs, and FTP data
# Development environment
docker-compose --profile dev up -d
# Production deployment
docker-compose --profile runtime up -d
# Build for all platforms
./scripts/build-docker.sh -d all
# Deploy with custom configuration
./scripts/deploy-docker.sh -p runtime -c ./config -l ./logs -d ./data- 21/tcp - FTP control port
- 990/tcp - FTPS control port (SSL/TLS)
- 1024-65535/tcp - Passive mode data ports
For complete Docker documentation, see Docker Deployment Guide.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
# Run all tests
make test
# Run specific test suites
cd build && ctest -R "unit_tests"
cd build && ctest -R "integration_tests"
# Run with coverage (Linux only)
make coverage
# Run with memory checking (Linux only)
make memcheck- Check configuration:
ssftpd --test-config --config /etc/ssftpd/ssftpd.conf- Check permissions:
sudo chown -R ftp:ftp /var/ftp
sudo chmod 755 /var/ftp- Check ports:
sudo netstat -tlnp | grep :21- Verify certificate files:
openssl x509 -in /etc/ssftpd/ssl/server.crt -text -noout- Check certificate permissions:
sudo chmod 600 /etc/ssftpd/ssl/server.key
sudo chown ftp:ftp /etc/ssftpd/ssl/server.key- Check system resources:
top
iostat
netstat -i- Adjust configuration:
[connection]
max_connections = 50
thread_pool_size = 4
[transfer]
buffer_size = 16384
use_sendfile = true- Main log:
/var/log/ssftpd/ssftpd.log - Access log:
/var/log/ssftpd/access.log - Error log:
/var/log/ssftpd/error.log
Enable debug logging:
[logging]
log_level = "DEBUG"
log_commands = true
log_transfers = true
# Development settings
debug_mode = true
verbose_logging = true
trace_commands = true- Use strong SSL certificates
- Enable chroot for users
- Drop privileges to non-root user
- Implement rate limiting
- Restrict allowed commands
- Use firewall rules
- Regular security updates
# Firewall rules (iptables)
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
# Or with ufw (Ubuntu)
sudo ufw allow 21/tcp
sudo ufw allow 1024:65535/tcp- Strong password policies
- Limited permissions
- Path restrictions
- Connection limits
- Session timeouts
# Increase file descriptor limits
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
# Kernel parameters
echo "net.core.somaxconn = 65536" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 65536" >> /etc/sysctl.conf
sysctl -p[connection]
max_connections = 200
backlog = 100
keep_alive = true
tcp_nodelay = true
[transfer]
buffer_size = 32768
use_sendfile = true
use_mmap = true
# Performance settings
thread_pool_size = 16
enable_compression = true
cache_size = 100MB# Show server statistics
ssftpd status
# Show performance metrics
ssftpd metrics
# Show connection information
ssftpd connections- Prometheus: Metrics endpoint at
/metrics - Grafana: Dashboard templates included
- Log aggregation: Structured logging support
- Health checks: HTTP health endpoint
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.
- Documentation: docs/
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Email: SimpleDaemons
- OpenSSL: SSL/TLS implementation
- jsoncpp: JSON parsing library
- CMake: Build system
- FTP RFC 959: Protocol specification
- Initial release
- Core FTP server functionality
- SSL/TLS support
- Virtual hosting
- User management
- Multi-platform support
- Comprehensive configuration system