NFS, or Network File System, is a distributed file system protocol that allows you to mount remote directories on your server. This lets you manage storage space in a different location and write to that space from multiple clients. NFS provides a relatively standard and performant way to access remote systems over a network and works well in situations where the shared resources must be accessed regularly.
In this guide, we’ll go over how to install the software needed for NFS functionality on Ubuntu 20.04.
- Ubuntu 20.04 server with a non-root user and
- A firewall set up with UFW
- A private networking, if it’s available to you.
Step 1: Downloading and Installing the NFS server
nfs-kernel-server package, which will allow you to share your directories. Since this is the first operation that you’re performing with
apt in this session, refresh your local package index before the installation:
$ sudo apt update $ sudo apt install nfs-kernel-server
Step 2: Creating the Share Directories on the Host
First, make the share directory:
$ sudo mkdir /var/nfs/general -p
Since we’re creating it with
sudo, the directory is owned by the host’s root user:
$ ls -la /var/nfs/general
NFS will translate any root operations on the client to the
nobody:nogroup credentials as a security measure. Therefore, we need to change the directory ownership to match those credentials.
$ sudo chown nobody:nogroup /var/nfs/general
You’re now ready to export this directory.
Step 3: Configuring the NFS Exports
Next, we’ll dive into the NFS configuration file to set up the sharing of these resources.
/etc/exports file in your text editor with root privileges:
$ sudo nano /etc/exports
The file has comments showing the general structure of each configuration line. The syntax is as follows:
We’ll need to create a line for each of the directories that we plan to share. Be sure to change the
client_ip placeholder shown here to the client's actual IP address:
When you are finished making your changes, save and close the file. Then, to make the shares available to the clients that you configured, restart the NFS server with the following command:
$ sudo systemctl restart nfs-kernel-server
Before you can actually use the new shares, however, you’ll need to be sure that traffic to the shares is permitted by firewall rules.
Step 4: Adjusting the Firewall
First, let’s check the firewall status to see if it’s enabled and, if so, to see what’s currently permitted:
$ sudo ufw status
On our system, only SSH traffic is being allowed through, so we’ll need to add a rule for NFS traffic.
With many applications, you can use
sudo ufw app list and enable them by name, but
nfs is not one of those. However, because
ufw also checks
/etc/services for the port and protocol of a service, we can still add NFS by name. Best practice recommends that you enable the most restrictive rule that will still allow the traffic you want to permit, so rather than enabling traffic from just anywhere, we’ll be specific.
Use the following command to open port
2049 on the host, being sure to substitute your client IP address:
$ sudo ufw allow from client_ip to any port nfs
You can verify the change by typing:
$ sudo ufw status
You should see traffic allowed from port
2049 in the output:
This confirms that UFW will only allow NFS traffic on port
2049 from our client machine.
Step 5: Mount the NFS volume on a NFS client (on K8s)
You can follow this tutorial to mount the exported directories as a NFS volume on K8s using container storage interface protocol (CSI).
In this tutorial, we created an NFS host. If you’re looking to implement NFS in production, it’s important to note that the protocol itself is not encrypted. In cases where you’re sharing over a private network, this may not be a problem. In other cases, a VPN or some other type of encrypted tunnel will be necessary to protect your data.