Files
truecharts/charts/stable/sftpgo/values.yaml
T
TrueCharts Bot ea60a1fe89 fix(sftpgo): update image ghcr.io/drakkan/sftpgo v2.7.3 → v2.7.4 (#49582)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/drakkan/sftpgo](https://redirect.github.com/drakkan/sftpgo) |
patch | `4d47ba4` → `d915394` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>drakkan/sftpgo (ghcr.io/drakkan/sftpgo)</summary>

###
[`v2.7.4`](https://redirect.github.com/drakkan/sftpgo/releases/tag/v2.7.4)

[Compare
Source](https://redirect.github.com/drakkan/sftpgo/compare/v2.7.3...v2.7.4)

##### New features

- Symbolic links: the new `symlink_mode` setting selects, per backend,
whether clients holding the `create_symlinks` permission may create
symbolic links on the local filesystem, the SFTP backend, or both. It is
disabled by default. Creating a link requires `create_symlinks` on both
the link's directory and the directory it points into, so per-directory
permissions are enforced consistently on the path the client requests.
- OIDC redirect: the WebClient OIDC login now preserves a `next`
redirect target across the IdP round-trip.

##### Bug fixes

- httpd: return after a CSRF failure in the web client login. The login
POST handler rendered the CSRF error page but did not return, so
execution fell through into the post-connect hook and the credential
verification pipeline. Added the missing `return` to match the admin
login, password reset, and setup handlers.

##### Hardening

- Improve symbolic links handling and add more test cases.
- httpd: clean and unify the WebClient post-login redirect target
validation.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZnRwZ28iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
2026-06-28 02:20:59 +02:00

111 lines
3.7 KiB
YAML

# yaml-language-server: $schema=./values.schema.json
image:
pullPolicy: IfNotPresent
repository: ghcr.io/drakkan/sftpgo
tag: v2.7.4-plugins@sha256:d9153947a0758c5eba37441554b5d8ce977a81013cbeea1f9c2d72db607fcbbf
securityContext:
container:
runAsNonRoot: false
readOnlyRootFilesystem: false
runAsUser: 0
runAsGroup: 0
service:
main:
ports:
main:
port: 2221
protocol: http
targetPort: 8080
ftpport:
enabled: true
ports:
ftpport:
enabled: true
port: 2121
protocol: http
targetPort: 2121
passiveports:
enabled: true
ports:
passiveports:
enabled: true
port: 50000
protocol: http
targetPort: 50000
sftpport:
enabled: true
ports:
sftpport:
enabled: true
port: 2022
protocol: tcp
targetPort: 2022
webdavport:
enabled: true
ports:
webdavport:
enabled: true
port: 10080
protocol: tcp
targetPort: 10080
workload:
main:
podSpec:
containers:
main:
env:
SFTPGO_COMMON__DEFENDER__ENABLED: "true"
SFTPGO_FTPD__BINDINGS__0__DEBUG: "0"
SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP: 10.0.0.10
SFTPGO_FTPD__BINDINGS__0__PORT: "2121"
SFTPGO_FTPD__PASSIVE_PORT_RANGE__END: "50100"
SFTPGO_FTPD__PASSIVE_PORT_RANGE__START: "50000"
SFTPGO_WEBDAVD__BINDINGS__0__PORT: "10080"
# plugins section
# each plugin will require couple more manual settings due to
# how they can each be combined differently. see docs on truecharts website
# ref - https://github.com/sftpgo/sftpgo-plugin-auth
SFTPGO_PLUGIN_AUTH_LDAP_URL: "ldap://192.168.1.5:389"
SFTPGO_PLUGIN_AUTH_LDAP_BASE_DN: "dc=mylab,dc=local"
SFTPGO_PLUGIN_AUTH_LDAP_BIND_DN: "cn=Administrator,cn=users,dc=mylab,dc=local"
SFTPGO_PLUGIN_AUTH_LDAP_PASSWORD: "Password.123456"
SFTPGO_PLUGIN_AUTH_LDAP_SEARCH_QUERY: "(&(objectClass=user)(sAMAccountType=805306368)(sAMAccountName=%username%))"
SFTPGO_PLUGIN_AUTH_LDAP_GROUP_ATTRIBUTES: "memberOf"
SFTPGO_PLUGIN_AUTH_PRIMARY_GROUP_PREFIX: ""
SFTPGO_PLUGIN_AUTH_SECONDARY_GROUP_PREFIX: ""
SFTPGO_PLUGIN_AUTH_MEMBERSHIP_GROUP_PREFIX: ""
SFTPGO_PLUGIN_AUTH_REQUIRE_GROUPS: ""
SFTPGO_PLUGIN_AUTH_STARTTLS: "0"
SFTPGO_PLUGIN_AUTH_USERS_BASE_DIR: "/mnt/home"
SFTPGO_PLUGIN_AUTH_CACHE_TIME: 0
SFTPGO_PLUGIN_AUTH_SKIP_TLS_VERIFY: "0"
SFTPGO_PLUGIN_AUTH_CA_CERTIFICATES: ""
# ref - https://github.com/sftpgo/sftpgo-plugin-eventsearch
SFTPGO_PLUGIN_EVENTSEARCH_DRIVER: ""
SFTPGO_PLUGIN_EVENTSEARCH_DSN: ""
# ref - https://github.com/sftpgo/sftpgo-plugin-eventstore
SFTPGO_PLUGIN_EVENTSTORE_DRIVER: ""
SFTPGO_PLUGIN_EVENTSTORE_DSN: ""
SFTPGO_PLUGIN_EVENTSTORE_INSTANCE_ID: ""
SFTPGO_PLUGIN_EVENTSTORE_RETENTION: "0"
# ref - https://github.com/sftpgo/sftpgo-plugin-geoipfilter
SFTPGO_PLUGIN_GEOIPFILTER_DB_FILE: "/mnt/database/geolite.db"
SFTPGO_PLUGIN_GEOIPFILTER_ALLOWED_COUNTRIES: "JP"
SFTPGO_PLUGIN_GEOIPFILTER_DENIED_COUNTRIES: "KP"
# ref - https://github.com/sftpgo/sftpgo-plugin-kms
# ref - https://github.com/sftpgo/sftpgo-plugin-pubsub
persistence:
backupdirectory:
enabled: true
mountPath: /srv/sftpgo/backups
configpath:
enabled: true
mountPath: /var/lib/sftpgo
data:
enabled: true
mountPath: /srv/sftpgo/data
shareaccess:
enabled: true
mountPath: /shareaccess