Support Center

Contact Us

Server parameters

The DocEvent server can accept multiple flags when starting up, this article will describe the flags available and how they affect the servers use.

To get a list of options use the -h or --help flag like so:

$ ./sfs-server-darwin-amd64-0.1.7+165230a --help
INFO[0000] Server Version: 0.1.7+165230a version=0.1.7+165230a
INFO[0000] Starting Self-Hosted Server
Usage of ./sfs-server-darwin-amd64-0.1.7+165230a:
 -banner=" Simple File Server": SSH Banner message
 -license="": license key (required)
 -passiveports21="2030-2039": Passive ports to use for clear + explicit FTPS server
 -passiveports990="2040-2049": Passive ports to use for implicit FTPS server
 -port21=2021: Port 21 clear + explicit FTPS maps to
 -port22=2022: Port 22 SFTP maps to
 -port990=9990: Port 990 implicit FTPS maps to
 -publicip="": Public IP address and port sent to FTP clients
 -region="": DocEvent region to connect to
 -shutdownwindow=1: Seconds to keep connections open until final shutdown
 -sshkeyfile="": Private key file, ie. id_rsa
 -sshkeypassphrase="": Private key passphrase
 -tlscert="": TLS certificate file, ie. cert.cert
 -tlskey="": TLS certificate key file, ie. cert.key
 -welcome=" Simple File Server": FTP Welcome message

Environment variables

Each option can also be passed as an environment variable, this makes it easy to run the server in a Docker container.

For example the -welcome option can also be read from the environment variable WELCOME

List of options

FlagEnvironmentDefaultDescription license key
-passiveports21PASSIVEPORTS212030-2039The port range that FTP will use for passive FTP connections
-passiveports990PASSIVEPORTS9902040-2049The port range that Implicit FTP will use for passive FTP connections
-port21PORT212021The port that the FTP server listens on
-port22PORT222022The port that the SSH (sftp/scp) server will listen on
-port990PORT9909990The port that the implicit FTPS server will listen on
-publicipPUBLICIPThis filed is required for FTP/s passive mode to work. It is the public IP address sent to the client FTP connection whenever they request a new passive network socket.
-regionREGIONThe region to fetch configuration from. ap-southeast-2, us-east-1, eu-west-1 etc.
-shutdownwindowSHUTDOWNWINDOW1After a kill signal is received, the number of seconds to wait for connections to disconnect before forcefully disconnecting and shutting down
-sshkeyfileSSHKEYFILEA typical RSA ssh key file generated from ssh-keygen, e.g. id_rsa
-sshkeypassphraseSSHKEYPASSPHRASEThe optional passphrase if the key file (above) has been encrypted
-tlscertTLSCERTThe public SSL certificate to provide for Secure FTP connections ie. Explicit FTPS and Implicit FTPS
-tlskeyTLSKEYThe private SSL key to use to encrypt/decrypt traffic for Secure FTP
-welcomeWELCOMEThe server welcome message when users connect (FTP)
-bannerBANNERThe server welcome message when users connect (SSH/sftp)
PRODUCTION0Set to 1 in order to run in production mode

Notable options

Many options are standard for SSH and FTPS servers, however a few notable options with more detailed explanations are below.


The public IP is required for passive FTP connections. Without specifying the public IP passive connections will fail. This IP address needs to be a routable address over the network that the client FTP connection is connecting to.

For example if Alice is connecting to Bob's FTP server which is hosted on, then the public IP specified will be

Alice will then start all new passive connections to this IP address.

-passiveports21 and -passiveports990

In the DocEvent server, 2 FTP servers are started - An Implicit FTP server and an Explicit FTP server.

These ports are opened on demand when a new passive connection is requested. Because these ports reference 2 different threads/servers running in the instance it is important these port ranges do not overlap or failures can occur.


By setting this environment variable the server will move into production mode, this means:

  1. The output will be JSON formatted for parsing into a log parser like Cloudwatch or Elasticsearch
  2. The server will require that you provide your own ssh key and ssl certificate and not use the default values