This is pretty straight forward, though surprisingly hard to find information about. I have tested this on CentOS 7.2 and 7.9, with OpenSSH v6.6 and v7.4.
In /etc/ssh/sshd_config, add the following at the bottom:
Match Group sftponly
ChrootDirectory /shares/uploads
AllowTCPForwarding no
AllowAgentForwarding no
X11Forwarding no
ForceCommand internal-sftpThis forces users with the group sftponly to only be allowed to SFTP in the directory /shares/uploads. This should work with local groups or with realm-joined (Active Directory as well) groups.
Now restart sshd with systemctl restart sshd.
That's it! There's no special downloads or third party tools needed.