In order to surface SFTP to the public internet, you will have to open port 22 on your router and point it to your Unraid box. This has the unfortunate side effect of surfacing SSH to the public as well. There are a couple of thing in a regular linux environment you can do to mitigate this:

Forward a non standard external port to the internal 22: When you set up your port forwarding, forwarding a port like 61222 to the internal 22 of your Unraid box obscures the open port a bit. Most script kiddies scanning IPs for open ports look for 22 and if that connection is refused, they move one.

Turn off password authentication and use public/private keypairs exclusively: even if you are discovered by a port scanner, they won't be trying to brute force keypair authentication, they usually have a book of leaked passwords. Without a password prompt, they don't have anything to try so they give up. https://www.reddit.com/r/unRAID/comments/jqvxvi/how_to_enable_keyonly_ssh_access/

Doing that first one is almost good enough, doing them both is better, and the second one is required for sure.

Also looks like there are some options in the CA that will work for your purposes:

https://github.com/MarkusMcNugen/docker-sftp

http://lime-technology.com/forum/index.php?topic=47289.0

https://github.com/docgyver/unraid-v6-plugins

Just make sure you strengthen your passwords, at the very least.

SFTP is just a SSH connection. Make sure you use key authentication and disable password authentication. 6.10 will allow you to make those settings in the WebUI.
You don't need any additional software on unRAID, if you want a GUI use something like FileZilla on the client.

I have my SSH exposed to the net (on the default port 22) with key authentication. Apart from lots of spam in the syslog/sshlog there is no downside and I never had an issue this way.

I think that setting up a VPN would be a safer option. Either use wireguard or OpenVPN. Unraid has wireguard built into the kernel so download the configurator plugin and set it up (This will run even without the arrays running in case of a random reboot). OpenVPN will require a docker and will not work unless array is started.

I have been trying to get the sftpgo container to work on unraid installed from community apps (drakkan/sftpgo). So far I have had very limited success and need help but can't find any.

Well, I can install it and open the webadmin GUI, configure users, link directory etc. but after that I'm at a loss.

Did you ever find a guide or help in any other way u/hime0698 ?