Export files to SFTP servers
🤖/sftp/store exports encoding results to your own SFTP server.
Usage example
Export uploaded files to my_target_folder
on an SFTP server:
{
"steps": {
"exported": {
"robot": "/sftp/store",
"use": ":original",
"credentials": "YOUR_SFTP_CREDENTIALS",
"path": "my_target_folder/${unique_prefix}/${file.url_name}"
}
}
}
Parameters
-
use
String / Array of Strings / Object requiredSpecifies which Step(s) to use as input.
-
You can pick any names for Steps except
":original"
(reserved for user uploads handled by Transloadit) -
You can provide several Steps as input with arrays:
"use": [ ":original", "encoded", "resized" ]
💡 That’s likely all you need to know about
use
, but you can view Advanced use cases. -
-
credentials
StringrequiredPlease create your associated Template Credentials in your Transloadit account and use the name of your Template Credentials as this parameter's value. They will contain the values for your SFTP host, user and optional custom public key.
While we recommend to use Template Credentials at all times, some use cases demand dynamic credentials for which using Template Credentials is too unwieldy because of their static nature. If you have this requirement, feel free to use the following parameters instead:
"host"
,"port"
,"user"
,"public_key"
(optional). -
path
String ⋅ default:"${unique_prefix}/${file.url_name}"
The path at which the file is to be stored. This may include any available Assembly variables.
-
url_template
String ⋅ default:"http://host/path"
The URL of the file in the result JSON. This may include any of the following supported Assembly variables.
-
ssl_url_template
String ⋅ default:"https://{HOST}/{PATH}"
The SSL URL of the file in the result JSON. The following Assembly variables are supported.
-
file_chmod
StringThis optional parameter controls how an uploaded file's permission bits are set. You can use any string format that the
chmod
command would accept, such as"755"
. If you don't specify this option, the file's permission bits aren't changed at all, meaning it's up to your server's configuration (e.g. umask).
Note: The URLs in the result JSON already point to the file on your target storage platform, so you can just save that URL in your database.
You can influence the URL using the Robot's
url_template
parameter.
Things to keep in mind
- Your server might be unresponsive from time to time. Since (S)FTP servers are harder to scale, we see this happen a lot. As a result, if this Robot fails to store one of your files, it will retry to store the file 5 times over 15 minutes.
- This also means that when you provided the wrong credentials (when testing for example) Assemblies can take up to 15 minutes to complete.
- If an Assembly has an export Step and takes long to execute, it is almost always due to the export Step having wrong credentials or the server being unreachable.
This robot uses SSH keys, which offer more security at the trade-off of a moderate degree of complexity in setting up. If you prefer a less secure, but easier-to-setup solution, then please have a look at 🤖/ftp/store and 🤖/ftp/import.
Installation on your server
The method explained here is slightly more elaborate than handing out an SSH account with an authorized public key, but is more secure as the user will not be able to traverse outside their home directory. This way, even if the user account is compromised at some point, the accessible data would be recently uploaded files.
The following explains how to create a dedicated user and group for Transloadit, and restrict access as shown in this article.
First, let's create a dedicated group and user:
# Change these variables to suit your needs.
# For additional security, use a randomly picked username.
TL_USER="random873"
TL_PUBLIC_PATH="uploads"
groupadd sftponly
useradd -g sftponly -m ${TL_USER}
# This line sets a random 20-character password for the user.
# We work with keys, but this is required because some operating systems will
# consider the account locked without one.
echo "${TL_USER}:$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c20)" |chpasswd
mkdir -p /home/${TL_USER}/.ssh /home/${TL_USER}/${TL_PUBLIC_PATH}
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA57GdwNLqsWz03X8MBEe4KoMSY2HOURjnUUe9zeTivASI+BLEe3cZcuJjsEBaRpISvCH04hosWUI0H4BQeB1dZZUUW1s4ttnVohCD9CfNiXJ7pwJAvgWb01dTW4YUWFKUTpTeUwQzgcNVLDtSVaQOYh4lAKvCZEcz17X9iZ7AeSEuQKe+QsrcwQoBdSpQ6FnzKwSZsggK81dPiGIW9Cw2z/EZWJpl9QBTYhw25NbNRtZj3fXVbrejnQQ985eZ6TlrvQFpUVwyk0QNHDsN+7zVISM3eXNpxof+vJyQNDLN9tb8vNPf/HXuw7MDJWMphrQevF5V26aMzszl3ZeO1779Mw== sftp@transloadit.com" >> /home/${TL_USER}/.ssh/authorized_keys
chown -R ${TL_USER}.sftponly /home/${TL_USER}
chown root.root /home/${TL_USER}
chmod -R 600 /home/${TL_USER}/.ssh /home/${TL_USER}/${TL_PUBLIC_PATH}
chmod -R u+X /home/${TL_USER}/.ssh /home/${TL_USER}/${TL_PUBLIC_PATH}
Make sure to change ${TL_USER}
and ${TL_PUBLIC_PATH}
to suit your needs. Remember to use a random username for additional security.
Please also give the subfolder where you intend to store your files sufficient permissions for your user to be able create sub-directories via mkdir
.
A combination of chown
and chmod
should achieve this.
Next, we will set up SSH to cage SFTP users in their home directory, and deny them regular shell access.
Enter ${EDITOR} /etc/ssh/sshd_config
, and then find and comment out this line:
# Subsystem sftp /usr/lib/openssh/sftp-server
At the bottom of the same file, add the following:
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Finally, enter /etc/init.d/ssh restart
to reflect the changes made.
Demos
- Copy files from Azure to SFTP servers
- Copy files from Backblaze to SFTP servers
- Copy files from DigitalOcean Spaces to SFTP servers
- Copy files from Dropbox to SFTP servers
- Copy files from FTP servers to SFTP servers
- Copy files from Google Storage to SFTP servers
- Copy files from MinIO to SFTP servers
- Copy files from Openstack/Swift to SFTP servers
- Copy files from Rackspace Cloud Files to SFTP servers
- Copy files from Supabase to SFTP servers
- Copy files from Wasabi to SFTP servers
- Copy files from Webservers to SFTP servers
- Copy files from cloudflare to SFTP servers
Related blog posts
- API update: renaming Robots for better clarity April 7, 2010
- Launching SFTP Robot & unveiling new homepage August 21, 2011
- Introducing new FTP store Robot for easier exports May 29, 2012
- Introducing new /sftp/import Robot for easy file imports October 30, 2012
- Kicking Transloadit into gear for the new year February 1, 2015
- New pricing model for future Transloadit customers February 7, 2018
- Efficient Dropbox to SFTP file transfer with optimization January 28, 2019