skip to content
Ruban Selvarajah

Implementing SFTP for Unity WebGL Deployments

/ 3 min read

server-management, unity, sftp

Muggle Struggles

I’ve never really used SFTP all that much. As a backend developer, I’ve primarily stuck with deployments tied to version-control — everything trackable, everything revertible.

So when a Laravel project that I had been working on needed me to deploy a Unity game in the public directory, I went with the simplest approach for me: a GitHub repo setup with a webhook that would automatically deploy each new build to the server.

Then the game grew large enough to require Git LFS. I figured in for a penny, in for a pound right so I made some tweaks to the script and the webhook continued working. But the whole thing stopped making sense when it began to frequently fail due to overuse of the free monthly quota.

Wizarding Insights

This led me to take a step back to see where I went wrong. In my tunnel vision as the backend developer, I didn’t realize that Unity games, especially during development, are going to be huge—that’s just how it goes.

More importantly, there is literally no benefit to having version control for these static builds. Once it clicked, I started to explore how to let the unitydev push his builds directly via SFTP while keeping everything else on the server untouched.

Took a few tries but I found something I was happy with. Here it goes. The commands are meant to allow a certain Unity Wizard, Mr. Harry Potter, to deploy his Quidditch game to quidditch.example.com

Let’s 🚀

Prep for SFTP

First up, SSH into the server and create a unitydev group for SFTP use:

Terminal window
sudo addgroup unitydev
sudo chown -R www-data:unitydev /home/hogwarts/quidditch-app/public/game
sudo chmod -R g+w /home/hogwarts/quidditch-app/public/game


sudo mkdir -p /var/sftp/unitydev/game
sudo chown -R root:root /var/sftp
sudo chmod -R 755 /var/sftp


sudo mount --bind /home/hogwarts/quidditch-app/public/game /var/sftp/unitydev/game
echo '/home/hogwarts/quidditch-app/public/game /var/sftp/unitydev/game none bind 0 0' | sudo tee -a /etc/fstab

Then update the SSH configuration such that the game developer can only use SFTP within their designated directory, without having shell access:

Terminal window
# Open sshd_config with your favorite editor
sudo vi /etc/ssh/sshd_config


# Add this configuration at the end
Match Group unitydev
    ForceCommand internal-sftp
    PasswordAuthentication yes
    ChrootDirectory /var/sftp/unitydev
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

Restart the SSH service to apply the new configurations:

Terminal window
sudo systemctl restart sshd

Setup a user for the Game Developer

The next step is to create a secure user environment, where access is strictly limited to the SFTP directory:

Terminal window
sudo adduser harry
# Set a strong password when prompted


sudo addgroup unitydev
sudo usermod -aG unitydev harry
sudo mkdir /home/harry/.ssh
sudo touch /home/harry/.ssh/authorized_keys
sudo chown -R harry:harry /home/harry/.ssh
sudo chmod 700 /home/harry/.ssh && sudo chmod 600 /home/harry/.ssh/authorized_keys

Once that’s done, generate an SSH key locally and add it to the server’s list of authorized keys:

Terminal window
ssh-keygen # Save as /home/filius/.ssh/quidditchapp-webgl-sftp-harry

Add the public key to /home/harry/.ssh/authorized_keys in the server

And pass the private key to Harry

Making sure everything works

Terminal window
sftp -o IdentitiesOnly=yes harry@quidditch.example.com

Mischief Managed

This setup not only streamlines the deployment process for Unity WebGL builds but also keeps the server secure—a win-win!

via GIPHY