NFS, or Network File System, is a distributed file system protocol that allows you to mount remote directories on your server. This lets you manage storage space in a different location and write to that space from multiple clients. NFS provides a relatively standard and performant way to access remote systems over a network and works well in situations where the shared resources must be accessed regularly.

In this guide, we’ll go over how to install the software needed for NFS functionality on Ubuntu 20.04.

Prerequisites

  • Ubuntu 20.04 server with a non-root user and sudo privileges.
  • A firewall set up with UFW
  • A private networking, if it’s available to you.

Step 1: Downloading and Installing the NFS server

Install the nfs-kernel-server package, which will allow you to share your directories. Since this is the first operation that you’re performing with apt in this session, refresh your local package index before the installation:

$ sudo apt update
$ sudo apt install nfs-kernel-server

Step 2: Creating the Share Directories on the Host

First, make the share directory:

$ sudo mkdir /var/nfs/general -p

Since we’re creating it with sudo, the directory is owned by the host’s root user:

$ ls -la /var/nfs/general
drwxr-xr-x 2 root root 4096 May 14 18:36 .
output

NFS will translate any root operations on the client to the nobody:nogroup credentials as a security measure. Therefore, we need to change the directory ownership to match those credentials.

$ sudo chown nobody:nogroup /var/nfs/general

You’re now ready to export this directory.

Step 3: Configuring the NFS Exports

Next, we’ll dive into the NFS configuration file to set up the sharing of these resources.

Open the /etc/exports file in your text editor with root privileges:

$ sudo nano /etc/exports

The file has comments showing the general structure of each configuration line. The syntax is as follows:

directory_to_share    client(share_option1,...,share_optionN)
/etc/exports

We’ll need to create a line for each of the directories that we plan to share. Be sure to change the client_ip placeholder shown here to the client's actual IP address:

/var/nfs/general    client_ip(rw,sync,no_subtree_check)
/etc/exports

When you are finished making your changes, save and close the file. Then, to make the shares available to the clients that you configured, restart the NFS server with the following command:

$ sudo systemctl restart nfs-kernel-server

Before you can actually use the new shares, however, you’ll need to be sure that traffic to the shares is permitted by firewall rules.

Step 4: Adjusting the Firewall

First, let’s check the firewall status to see if it’s enabled and, if so, to see what’s currently permitted:

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Output

On our system, only SSH traffic is being allowed through, so we’ll need to add a rule for NFS traffic.

With many applications, you can use sudo ufw app list and enable them by name, but nfs is not one of those. However, because ufw also checks /etc/services for the port and protocol of a service, we can still add NFS by name. Best practice recommends that you enable the most restrictive rule that will still allow the traffic you want to permit, so rather than enabling traffic from just anywhere, we’ll be specific.

Use the following command to open port 2049 on the host, being sure to substitute your client IP address:

$ sudo ufw allow from client_ip to any port nfs

You can verify the change by typing:

$ sudo ufw status

You should see traffic allowed from port 2049 in the output:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                 
2049                       ALLOW       client_ip        
OpenSSH (v6)               ALLOW       Anywhere (v6)
output

This confirms that UFW will only allow NFS traffic on port 2049 from our client machine.

Step 5: Mount the NFS volume on a NFS client (on K8s)

You can follow this tutorial to mount the exported directories as a NFS volume on K8s using container storage interface protocol (CSI).

Conclusion

In this tutorial, we created an NFS host. If you’re looking to implement NFS in production, it’s important to note that the protocol itself is not encrypted. In cases where you’re sharing over a private network, this may not be a problem. In other cases, a VPN or some other type of encrypted tunnel will be necessary to protect your data.