SFTP Content Intake (Legacy)
The SFTP Content Intake server allows tenants to upload content files via SFTP. Each tenant gets a dedicated Unix user with a chrooted home directory.
This is the legacy SFTP-based content intake system (single GCP VM). For the new ONIX-based system, see Medusa ONIX Intake.
Server Details
| Property | Value |
|---|---|
| Host | 35.229.53.86 |
| Port | 22 |
| Protocol | SFTP |
| OS | CentOS 7 |
| HTTP Access | http://35.229.53.86/dPThH2orLregXLdETatTcihmQ/{username}/files/ |
HTTP access requires Basic Auth (credentials in 1Password).
Managing SFTP Accounts
Via Nova (Recommended)
SFTP accounts are managed through Nova actions on the Tenant resource:
- Create SFTP Account - Creates a Unix user on the SFTP server and stores encrypted credentials in the database
- Delete SFTP Account - Removes the Unix user and all their files, then deletes the database record
- Reset SFTP /files directory permissions - Fixes permission issues that prevent uploads
These actions are only visible to PLA super admins.
Connection Details
After creating an account, the connection details are displayed on the Tenant detail page in Nova:
- Host/IP:
35.229.53.86 - Port: 22
- User:
{tenant-slug}(truncated to 30 chars) - Password: Auto-generated UUID (stored encrypted)
Automatic Cleanup
Old files are automatically deleted to prevent disk exhaustion:
# Runs daily at 02:47 AM (Buenos Aires timezone)
php artisan sftp-content-intake:prune
- Deletes files older than 6 months from all tenant
/filesdirectories - Use
--dry-runto preview without deleting - Configured with
withoutOverlapping()andonOneServer()to prevent concurrent runs
Configuration
Environment variables (in Farfalla):
SFTP_CONTENT_INTAKE_01_HOST=35.229.53.86
SFTP_CONTENT_INTAKE_01_USER=farfalla_to_content_intake_01
SFTP_CONTENT_INTAKE_01_PRIVATE_KEY="-----BEGIN OPENSSH PRIVATE KEY-----..."
SFTP_CONTENT_INTAKE_01_STORAGE_ENCRYPTION_KEY=base64:...
SFTP_CONTENT_INTAKE_01_BASE_URL=http://35.229.53.86/dPThH2orLregXLdETatTcihmQ
Manual SSH Access
For debugging or manual intervention, SSH into the server:
ssh -i /path/to/private_key farfalla_to_content_intake_01@35.229.53.86
Manual User Management (Reference)
These commands are what the Nova actions execute internally:
# Create user
sudo su -c "useradd -g sftpusers -s /sbin/nologin {username}" root
sudo su -c "echo {password} | passwd --stdin {username}" root
sudo su -c "chown -R root /home/{username} && chmod -R 755 /home/{username} && mkdir /home/{username}/files && chown {username}. /home/{username}/files" root
# Delete user
sudo su -c "userdel -f {username}" root
sudo su -c "rm -Rf /home/{username}" root
# Reset permissions
sudo su -c "chown {username}. /home/{username}/files" root
Unix usernames are limited to 32 characters. We use 30 to be safe.
Architecture
┌─────────────────┐ SFTP ┌──────────────────────┐
│ Tenant Client │ ────────────► │ Content Intake VM │
└─────────────────┘ │ (35.229.53.86) │
│ │
┌─────────────────┐ SSH │ /home/{user}/files/ │
│ Farfalla │ ────────────► │ │
│ (Nova Actions) │ └──────────────────────┘
└─────────────────┘ │
│ │ HTTP
│ ▼
│ ┌──────────────────────┐
└────────────────────────►│ Farfalla Workers │
DB (credentials) │ (file processing) │
└──────────────────────┘
Related
- SftpContentIntakeSshService - SSH client implementation
- SftpContentIntakeCredential - Credential model with encryption
- Nova Actions - Create/Delete/Reset actions