ea60a1fe89
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/drakkan/sftpgo](https://redirect.github.com/drakkan/sftpgo) | patch | `4d47ba4` → `d915394` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>drakkan/sftpgo (ghcr.io/drakkan/sftpgo)</summary> ### [`v2.7.4`](https://redirect.github.com/drakkan/sftpgo/releases/tag/v2.7.4) [Compare Source](https://redirect.github.com/drakkan/sftpgo/compare/v2.7.3...v2.7.4) ##### New features - Symbolic links: the new `symlink_mode` setting selects, per backend, whether clients holding the `create_symlinks` permission may create symbolic links on the local filesystem, the SFTP backend, or both. It is disabled by default. Creating a link requires `create_symlinks` on both the link's directory and the directory it points into, so per-directory permissions are enforced consistently on the path the client requests. - OIDC redirect: the WebClient OIDC login now preserves a `next` redirect target across the IdP round-trip. ##### Bug fixes - httpd: return after a CSRF failure in the web client login. The login POST handler rendered the CSRF error page but did not return, so execution fell through into the post-connect hook and the credential verification pipeline. Added the missing `return` to match the admin login, password reset, and setup handlers. ##### Hardening - Improve symbolic links handling and add more test cases. - httpd: clean and unify the WebClient post-login redirect target validation. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zZnRwZ28iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
111 lines
3.7 KiB
YAML
111 lines
3.7 KiB
YAML
# yaml-language-server: $schema=./values.schema.json
|
|
image:
|
|
pullPolicy: IfNotPresent
|
|
repository: ghcr.io/drakkan/sftpgo
|
|
tag: v2.7.4-plugins@sha256:d9153947a0758c5eba37441554b5d8ce977a81013cbeea1f9c2d72db607fcbbf
|
|
securityContext:
|
|
container:
|
|
runAsNonRoot: false
|
|
readOnlyRootFilesystem: false
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
port: 2221
|
|
protocol: http
|
|
targetPort: 8080
|
|
ftpport:
|
|
enabled: true
|
|
ports:
|
|
ftpport:
|
|
enabled: true
|
|
port: 2121
|
|
protocol: http
|
|
targetPort: 2121
|
|
passiveports:
|
|
enabled: true
|
|
ports:
|
|
passiveports:
|
|
enabled: true
|
|
port: 50000
|
|
protocol: http
|
|
targetPort: 50000
|
|
sftpport:
|
|
enabled: true
|
|
ports:
|
|
sftpport:
|
|
enabled: true
|
|
port: 2022
|
|
protocol: tcp
|
|
targetPort: 2022
|
|
webdavport:
|
|
enabled: true
|
|
ports:
|
|
webdavport:
|
|
enabled: true
|
|
port: 10080
|
|
protocol: tcp
|
|
targetPort: 10080
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
env:
|
|
SFTPGO_COMMON__DEFENDER__ENABLED: "true"
|
|
SFTPGO_FTPD__BINDINGS__0__DEBUG: "0"
|
|
SFTPGO_FTPD__BINDINGS__0__FORCE_PASSIVE_IP: 10.0.0.10
|
|
SFTPGO_FTPD__BINDINGS__0__PORT: "2121"
|
|
SFTPGO_FTPD__PASSIVE_PORT_RANGE__END: "50100"
|
|
SFTPGO_FTPD__PASSIVE_PORT_RANGE__START: "50000"
|
|
SFTPGO_WEBDAVD__BINDINGS__0__PORT: "10080"
|
|
# plugins section
|
|
# each plugin will require couple more manual settings due to
|
|
# how they can each be combined differently. see docs on truecharts website
|
|
# ref - https://github.com/sftpgo/sftpgo-plugin-auth
|
|
SFTPGO_PLUGIN_AUTH_LDAP_URL: "ldap://192.168.1.5:389"
|
|
SFTPGO_PLUGIN_AUTH_LDAP_BASE_DN: "dc=mylab,dc=local"
|
|
SFTPGO_PLUGIN_AUTH_LDAP_BIND_DN: "cn=Administrator,cn=users,dc=mylab,dc=local"
|
|
SFTPGO_PLUGIN_AUTH_LDAP_PASSWORD: "Password.123456"
|
|
SFTPGO_PLUGIN_AUTH_LDAP_SEARCH_QUERY: "(&(objectClass=user)(sAMAccountType=805306368)(sAMAccountName=%username%))"
|
|
SFTPGO_PLUGIN_AUTH_LDAP_GROUP_ATTRIBUTES: "memberOf"
|
|
SFTPGO_PLUGIN_AUTH_PRIMARY_GROUP_PREFIX: ""
|
|
SFTPGO_PLUGIN_AUTH_SECONDARY_GROUP_PREFIX: ""
|
|
SFTPGO_PLUGIN_AUTH_MEMBERSHIP_GROUP_PREFIX: ""
|
|
SFTPGO_PLUGIN_AUTH_REQUIRE_GROUPS: ""
|
|
SFTPGO_PLUGIN_AUTH_STARTTLS: "0"
|
|
SFTPGO_PLUGIN_AUTH_USERS_BASE_DIR: "/mnt/home"
|
|
SFTPGO_PLUGIN_AUTH_CACHE_TIME: 0
|
|
SFTPGO_PLUGIN_AUTH_SKIP_TLS_VERIFY: "0"
|
|
SFTPGO_PLUGIN_AUTH_CA_CERTIFICATES: ""
|
|
# ref - https://github.com/sftpgo/sftpgo-plugin-eventsearch
|
|
SFTPGO_PLUGIN_EVENTSEARCH_DRIVER: ""
|
|
SFTPGO_PLUGIN_EVENTSEARCH_DSN: ""
|
|
# ref - https://github.com/sftpgo/sftpgo-plugin-eventstore
|
|
SFTPGO_PLUGIN_EVENTSTORE_DRIVER: ""
|
|
SFTPGO_PLUGIN_EVENTSTORE_DSN: ""
|
|
SFTPGO_PLUGIN_EVENTSTORE_INSTANCE_ID: ""
|
|
SFTPGO_PLUGIN_EVENTSTORE_RETENTION: "0"
|
|
# ref - https://github.com/sftpgo/sftpgo-plugin-geoipfilter
|
|
SFTPGO_PLUGIN_GEOIPFILTER_DB_FILE: "/mnt/database/geolite.db"
|
|
SFTPGO_PLUGIN_GEOIPFILTER_ALLOWED_COUNTRIES: "JP"
|
|
SFTPGO_PLUGIN_GEOIPFILTER_DENIED_COUNTRIES: "KP"
|
|
# ref - https://github.com/sftpgo/sftpgo-plugin-kms
|
|
# ref - https://github.com/sftpgo/sftpgo-plugin-pubsub
|
|
|
|
persistence:
|
|
backupdirectory:
|
|
enabled: true
|
|
mountPath: /srv/sftpgo/backups
|
|
configpath:
|
|
enabled: true
|
|
mountPath: /var/lib/sftpgo
|
|
data:
|
|
enabled: true
|
|
mountPath: /srv/sftpgo/data
|
|
shareaccess:
|
|
enabled: true
|
|
mountPath: /shareaccess
|