Dokploy · toxfox69 · Mar 3, 2026 · Mar 3, 2026 · greptile-apps · Mar 3, 2026
@@ -0,0 +1,5 @@
+ALTER TABLE "destination" ADD COLUMN "sftpHost" text;--> statement-breakpoint
+ALTER TABLE "destination" ADD COLUMN "sftpPort" integer DEFAULT 22;--> statement-breakpoint
+ALTER TABLE "destination" ADD COLUMN "sftpUser" text;--> statement-breakpoint
+ALTER TABLE "destination" ADD COLUMN "sftpPassword" text;--> statement-breakpoint
+ALTER TABLE "destination" ADD COLUMN "sftpPath" text;
@@ -1,5 +1,5 @@
 import { relations } from "drizzle-orm";
-import { pgTable, text, timestamp } from "drizzle-orm/pg-core";
+import { integer, pgTable, text, timestamp } from "drizzle-orm/pg-core";
 import { createInsertSchema } from "drizzle-zod";
 import { nanoid } from "nanoid";
 import { z } from "zod";
@@ -18,6 +18,12 @@ export const destinations = pgTable("destination", {
 	bucket: text("bucket").notNull(),
 	region: text("region").notNull(),
 	endpoint: text("endpoint").notNull(),
+	// SFTP-specific columns
+	sftpHost: text("sftpHost"),
+	sftpPort: integer("sftpPort").default(22),
+	sftpUser: text("sftpUser"),
+	sftpPassword: text("sftpPassword"),
+	sftpPath: text("sftpPath"),
 	organizationId: text("organizationId")
 		.notNull()
 		.references(() => organization.id, { onDelete: "cascade" }),
@@ -44,6 +50,11 @@ const createSchema = createInsertSchema(destinations, {
 	endpoint: z.string(),
 	secretAccessKey: z.string(),
 	region: z.string(),
+	sftpHost: z.string().optional(),
+	sftpPort: z.number().int().default(22),
+	sftpUser: z.string().optional(),
+	sftpPassword: z.string().optional(),
+	sftpPath: z.string().optional(),
 });
 
 export const apiCreateDestination = createSchema
@@ -55,8 +66,12 @@ export const apiCreateDestination = createSchema
 		region: true,
 		endpoint: true,
 		secretAccessKey: true,
+		sftpHost: true,
+		sftpPort: true,
+		sftpUser: true,
+		sftpPassword: true,
+		sftpPath: true,
 	})
-	.required()
 	.extend({
 		serverId: z.string().optional(),
 	});
@@ -81,6 +96,11 @@ export const apiUpdateDestination = createSchema
 		secretAccessKey: true,
 		destinationId: true,
 		provider: true,
+		sftpHost: true,
+		sftpPort: true,
+		sftpUser: true,
+		sftpPassword: true,
+		sftpPath: true,
 	})
 	.required()
 	.extend({

@@ -8,7 +8,12 @@ import { findEnvironmentById } from "@dokploy/server/services/environment";
 import { findProjectById } from "@dokploy/server/services/project";
 import { sendDatabaseBackupNotifications } from "../notifications/database-backup";
 import { execAsync, execAsyncRemote } from "../process/execAsync";
-import { getBackupCommand, getS3Credentials, normalizeS3Path } from "./utils";
+import {
+	getBackupCommand,
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	normalizeS3Path,
+} from "./utils";
 
 export const runComposeBackup = async (
 	compose: Compose,
@@ -28,8 +33,11 @@ export const runComposeBackup = async (
 	});
 
 	try {
-		const rcloneFlags = getS3Credentials(destination);
-		const rcloneDestination = `:s3:${destination.bucket}/${bucketDestination}`;
+		const { flags: rcloneFlags } = getRcloneCredentials(destination);
+		const rcloneDestination = getRcloneDestinationPath(
+			destination,
+			bucketDestination,
+		);
 		const rcloneCommand = `rclone rcat ${rcloneFlags.join(" ")} "${rcloneDestination}"`;
 
 		const backupCommand = getBackupCommand(

@@ -1,4 +1,3 @@
-import path from "node:path";
 import { CLEANUP_CRON_JOB } from "@dokploy/server/constants";
 import { member } from "@dokploy/server/db/schema";
 import type { BackupSchedule } from "@dokploy/server/services/backup";
@@ -11,7 +10,11 @@ import { startLogCleanup } from "../access-log/handler";
 import { cleanupAll } from "../docker/utils";
 import { sendDockerCleanupNotifications } from "../notifications/docker-cleanup";
 import { execAsync, execAsyncRemote } from "../process/execAsync";
-import { getS3Credentials, scheduleBackup } from "./utils";
+import {
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	scheduleBackup,
+} from "./utils";
 
 export const initCronJobs = async () => {
 	console.log("Setting up cron jobs....");
@@ -116,9 +119,9 @@ export const keepLatestNBackups = async (
 	if (!backup.keepLatestCount) return;
 
 	try {
-		const rcloneFlags = getS3Credentials(backup.destination);
-		const backupFilesPath = path.join(
-			`:s3:${backup.destination.bucket}`,
+		const { flags: rcloneFlags } = getRcloneCredentials(backup.destination);
+		const backupFilesPath = getRcloneDestinationPath(
+			backup.destination,
 			backup.prefix,
 		);
 

@@ -8,7 +8,12 @@ import type { Mariadb } from "@dokploy/server/services/mariadb";
 import { findProjectById } from "@dokploy/server/services/project";
 import { sendDatabaseBackupNotifications } from "../notifications/database-backup";
 import { execAsync, execAsyncRemote } from "../process/execAsync";
-import { getBackupCommand, getS3Credentials, normalizeS3Path } from "./utils";
+import {
+	getBackupCommand,
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	normalizeS3Path,
+} from "./utils";
 
 export const runMariadbBackup = async (
 	mariadb: Mariadb,
@@ -27,8 +32,11 @@ export const runMariadbBackup = async (
 		description: "MariaDB Backup",
 	});
 	try {
-		const rcloneFlags = getS3Credentials(destination);
-		const rcloneDestination = `:s3:${destination.bucket}/${bucketDestination}`;
+		const { flags: rcloneFlags } = getRcloneCredentials(destination);
+		const rcloneDestination = getRcloneDestinationPath(
+			destination,
+			bucketDestination,
+		);
 		const rcloneCommand = `rclone rcat ${rcloneFlags.join(" ")} "${rcloneDestination}"`;
 
 		const backupCommand = getBackupCommand(

@@ -8,7 +8,12 @@ import type { Mongo } from "@dokploy/server/services/mongo";
 import { findProjectById } from "@dokploy/server/services/project";
 import { sendDatabaseBackupNotifications } from "../notifications/database-backup";
 import { execAsync, execAsyncRemote } from "../process/execAsync";
-import { getBackupCommand, getS3Credentials, normalizeS3Path } from "./utils";
+import {
+	getBackupCommand,
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	normalizeS3Path,
+} from "./utils";
 
 export const runMongoBackup = async (mongo: Mongo, backup: BackupSchedule) => {
 	const { environmentId, name } = mongo;
@@ -24,8 +29,11 @@ export const runMongoBackup = async (mongo: Mongo, backup: BackupSchedule) => {
 		description: "MongoDB Backup",
 	});
 	try {
-		const rcloneFlags = getS3Credentials(destination);
-		const rcloneDestination = `:s3:${destination.bucket}/${bucketDestination}`;
+		const { flags: rcloneFlags } = getRcloneCredentials(destination);
+		const rcloneDestination = getRcloneDestinationPath(
+			destination,
+			bucketDestination,
+		);
 		const rcloneCommand = `rclone rcat ${rcloneFlags.join(" ")} "${rcloneDestination}"`;
 
 		const backupCommand = getBackupCommand(

@@ -8,7 +8,12 @@ import type { MySql } from "@dokploy/server/services/mysql";
 import { findProjectById } from "@dokploy/server/services/project";
 import { sendDatabaseBackupNotifications } from "../notifications/database-backup";
 import { execAsync, execAsyncRemote } from "../process/execAsync";
-import { getBackupCommand, getS3Credentials, normalizeS3Path } from "./utils";
+import {
+	getBackupCommand,
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	normalizeS3Path,
+} from "./utils";
 
 export const runMySqlBackup = async (mysql: MySql, backup: BackupSchedule) => {
 	const { environmentId, name } = mysql;
@@ -25,8 +30,11 @@ export const runMySqlBackup = async (mysql: MySql, backup: BackupSchedule) => {
 	});
 
 	try {
-		const rcloneFlags = getS3Credentials(destination);
-		const rcloneDestination = `:s3:${destination.bucket}/${bucketDestination}`;
+		const { flags: rcloneFlags } = getRcloneCredentials(destination);
+		const rcloneDestination = getRcloneDestinationPath(
+			destination,
+			bucketDestination,
+		);
 
 		const rcloneCommand = `rclone rcat ${rcloneFlags.join(" ")} "${rcloneDestination}"`;
 

@@ -8,7 +8,12 @@ import type { Postgres } from "@dokploy/server/services/postgres";
 import { findProjectById } from "@dokploy/server/services/project";
 import { sendDatabaseBackupNotifications } from "../notifications/database-backup";
 import { execAsync, execAsyncRemote } from "../process/execAsync";
-import { getBackupCommand, getS3Credentials, normalizeS3Path } from "./utils";
+import {
+	getBackupCommand,
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	normalizeS3Path,
+} from "./utils";
 
 export const runPostgresBackup = async (
 	postgres: Postgres,
@@ -28,8 +33,11 @@ export const runPostgresBackup = async (
 	const backupFileName = `${new Date().toISOString()}.sql.gz`;
 	const bucketDestination = `${normalizeS3Path(prefix)}${backupFileName}`;
 	try {
-		const rcloneFlags = getS3Credentials(destination);
-		const rcloneDestination = `:s3:${destination.bucket}/${bucketDestination}`;
+		const { flags: rcloneFlags } = getRcloneCredentials(destination);
+		const rcloneDestination = getRcloneDestinationPath(
+			destination,
+			bucketDestination,
+		);
 
 		const rcloneCommand = `rclone rcat ${rcloneFlags.join(" ")} "${rcloneDestination}"`;
 

@@ -77,6 +77,41 @@ export const getS3Credentials = (destination: Destination) => {
 	return rcloneFlags;
 };
 
+export const getSftpCredentials = (destination: Destination) => {
+	const { sftpHost, sftpPort, sftpUser, sftpPassword } = destination;
+	if (!sftpHost || !sftpUser || !sftpPassword) {
+		throw new Error(
+			"SFTP destination requires host, user, and password to be configured",
+		);
+	}
+	return [
+		`--sftp-host="${sftpHost}"`,
+		`--sftp-port="${sftpPort ?? 22}"`,
+		`--sftp-user="${sftpUser}"`,
+		`--sftp-pass=$(rclone obscure "${sftpPassword}")`,
+	];
+};
+
+export const getRcloneCredentials = (
+	destination: Destination,
+): { flags: string[]; backend: string } => {
+	if (destination.provider === "sftp") {
+		return { flags: getSftpCredentials(destination), backend: "sftp" };
+	}
+	return { flags: getS3Credentials(destination), backend: "s3" };
+};
+
+export const getRcloneDestinationPath = (
+	destination: Destination,
+	remotePath: string,
+): string => {
+	if (destination.provider === "sftp") {
+		const basePath = (destination.sftpPath ?? "").replace(/\/+$/, "");
+		return `:sftp:${basePath}/${remotePath}`;
+	}
+	return `:s3:${destination.bucket}/${remotePath}`;
+};
+
 export const getPostgresBackupCommand = (
 	database: string,
 	databaseUser: string,

@@ -10,7 +10,11 @@ import {
 } from "@dokploy/server/services/deployment";
 import { findDestinationById } from "@dokploy/server/services/destination";
 import { execAsync } from "../process/execAsync";
-import { getS3Credentials, normalizeS3Path } from "./utils";
+import {
+	getRcloneCredentials,
+	getRcloneDestinationPath,
+	normalizeS3Path,
+} from "./utils";
 
 export const runWebServerBackup = async (backup: BackupSchedule) => {
 	if (IS_CLOUD) {
@@ -26,12 +30,13 @@ export const runWebServerBackup = async (backup: BackupSchedule) => {
 
 	try {
 		const destination = await findDestinationById(backup.destinationId);
-		const rcloneFlags = getS3Credentials(destination);
+		const { flags: rcloneFlags } = getRcloneCredentials(destination);
 		const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
 		const { BASE_PATH } = paths();
 		const tempDir = await mkdtemp(join(tmpdir(), "dokploy-backup-"));
 		const backupFileName = `webserver-backup-${timestamp}.zip`;
-		const s3Path = `:s3:${destination.bucket}/${normalizeS3Path(backup.prefix)}${backupFileName}`;
+		const remotePath = `${normalizeS3Path(backup.prefix)}${backupFileName}`;
+		const destinationPath = getRcloneDestinationPath(destination, remotePath);
 
 		try {
 			await execAsync(`mkdir -p ${tempDir}/filesystem`);
@@ -79,7 +84,7 @@ export const runWebServerBackup = async (backup: BackupSchedule) => {
 
 			writeStream.write("Zipped database and filesystem\n");
 
-			const uploadCommand = `rclone copyto ${rcloneFlags.join(" ")} "${tempDir}/${backupFileName}" "${s3Path}"`;
+			const uploadCommand = `rclone copyto ${rcloneFlags.join(" ")} "${tempDir}/${backupFileName}" "${destinationPath}"`;
 			writeStream.write("Running command to upload backup to S3\n");
 			await execAsync(uploadCommand);
 			writeStream.write("Uploaded backup to S3 ✅\n");