If you need a simple, secure, and straightforward SFTP server, Atmoz SFTP is one of the easiest solutions available.
It runs inside Docker, requires minimal configuration, and is secure by default, no fiddly chroot setup that can often be error-prone or introduce security risks.
In this guide, we’ll install and run Atmoz SFTP on Debian 12 (Bookworm) using Docker Compose.
If you haven’t installed Docker and Docker Compose yet, follow my earlier guide:
Why Choose Atmoz SFTP?
Unlike traditional FTP, SFTP runs over SSH, providing encryption by default, with Atmoz SFTP, you get:
- Secure by default, only SFTP over SSH, no plaintext FTP.
- Dockerized simplicity, no OS-level tinkering with OpenSSH configs.
- Quick setup, create a user, map a directory, run the container.
- No chroot headaches, the container handles isolation cleanly.
Step 1. Prepare Your Environment Variables
We’ll use a .env file to store credentials, port settings, and the local path to be mounted into the container.
This makes it easier to manage and avoids hardcoding sensitive values into the Compose file.
Create a file named .env:
|
0 1 |
nano .env |
Add the following content (customize to your needs):
|
0 1 2 3 4 |
SFTP_USER=example.user SFTP_PASSWORD=example.pass.1234 SFTP_PORT=22888 SFTP_PATH=/mnt/example.host.path |
Explanation:
SFTP_USER→ The username for SFTP login.SFTP_PASSWORD→ Strong password for authentication.SFTP_PORT→ External port to access SFTP (mapped to container’s port 22).SFTP_PATH→ Local folder path that will be mounted inside the container.
Step 2. Create the Docker Compose File
Next, create a docker-compose.yaml file:
|
0 1 |
nano docker-compose.yaml |
Paste the following configuration:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
services: sftp: image: atmoz/sftp:latest container_name: atmoz-sftp-server-1 mem_limit: 2g # Hard limit on memory usage memswap_limit: 2g # Limit RAM + swap usage mem_reservation: 1g # Soft memory reservation cpus: 2 # Limit to 2 CPU cores restart: unless-stopped ports: - "${SFTP_PORT}:22" # Map SFTP port from .env file volumes: - ${SFTP_PATH}:/home/${SFTP_USER}/upload # Mount local folder env_file: - .env environment: - SFTP_USERS=${SFTP_USER}:${SFTP_PASSWORD}:1001 networks: - atmoz-bridge-network networks: atmoz-bridge-network: driver: bridge |
Highlights:
- Uses environment variables from
.env. - Memory and CPU limits keep the container lightweight and predictable.
- Automatically restarts unless stopped manually.
- Isolated via a custom Docker bridge network.
Step 3. Start the Atmoz SFTP Server
Run the following command in the same directory as your .env and docker-compose.yaml:
|
0 1 |
docker compose up -d |
Check container status:
|
0 1 |
docker ps |
You should see something like:
|
0 1 2 |
CONTAINER ID IMAGE COMMAND STATUS PORTS abc123456789 atmoz/sftp:latest "/entry..." Up 10 seconds 0.0.0.0:22888->22/tcp |
Step 4. Connect to the SFTP Server
From another machine or SFTP client (e.g., FileZilla, WinSCP, or sftp CLI):
|
0 1 |
sftp -P 22888 example.user@your.server.ip |
When prompted, enter your SFTP_PASSWORD.
Step 5. Security and Maintenance Tips
- Use strong passwords, avoid dictionary words.
- Limit IP access via firewall (
ufworiptables). - Implement RSA key, better compare to password.
- Back up your data , mounted folder (
SFTP_PATH) is where files are stored. - Update regularly, keep Docker images up to date:
|
0 1 2 3 |
docker compose pull docker compose up -d |
Conclusion
You now have a fully functional, secure-by-default SFTP server running in Docker on Debian 12, with a clean configuration and minimal fuss.
Atmoz SFTP removes the complexity of traditional SFTP setups while still giving you all the benefits of secure file transfers. Perfect for development teams, backup uploads, or controlled client file sharing.