NFS Servers

NFS Servers

NFS (Network File System) allows Ubuntu servers to share directories over the network, so multiple clients can mount and access the same filesystem simultaneously. NFS is widely used for shared storage in clusters, home directory servers (mount /home from a central NFS server on all workstations), and providing shared storage for Kubernetes PersistentVolumes. NFSv4 is the current standard with better security, better performance, and built-in ACL support compared to NFSv3.

NFS concepts

NFS architecture:

  NFS Server (storage-01):
    Exports: /data/shared → accessible to 10.0.0.0/24
    Exports: /home        → accessible to specific clients

  NFS Client (web-01, web-02, ...):
    /data/shared mounted from storage-01:/data/shared
    Transparent to applications — reads/writes go over network
    Data stored on NFS server's disk, not local disk

  Use cases:
    Shared web content: all web servers read same files
    Home directories: users get same /home on any server they log into
    Kubernetes NFS provisioner: dynamic PV creation

NFS server setup

# On the NFS server:
sudo apt update
sudo apt install -y nfs-kernel-server

# Create directories to share:
sudo mkdir -p /data/shared
sudo chown nobody:nogroup /data/shared
sudo chmod 777 /data/shared

# Configure exports:
sudo nano /etc/exports

/etc/exports — NFS export configuration

# Format: /path  client(options)
/data/shared   10.0.0.0/24(rw,sync,no_subtree_check)
/home          10.0.0.10(rw,sync,no_root_squash)    # One specific client

# Options explained:
# rw              → read and write
# ro              → read-only
# sync            → write to disk before confirming (data safety)
# async           → faster but risk of data loss on server crash
# no_subtree_check → better reliability (recommended for rw shares)
# root_squash     → map client root to nobody (security, the default)
# no_root_squash  → client root = server root (only for trusted admin hosts)

# Apply export configuration:
sudo exportfs -a
sudo exportfs -v    # Show current exports with options

# Start and enable NFS:
sudo systemctl enable --now nfs-kernel-server

# Open firewall for NFS:
sudo ufw allow from 10.0.0.0/24 to any port nfs

NFS client configuration

# On NFS clients:
sudo apt install -y nfs-common

# Mount NFS share manually:
sudo mount -t nfs 10.0.0.30:/data/shared /mnt/shared

# Persistent mount in /etc/fstab:
sudo nano /etc/fstab

/etc/fstab NFS entry

10.0.0.30:/data/shared  /mnt/shared  nfs  defaults,_netdev,nfsvers=4,soft,timeo=30  0  0

# _netdev → don't mount until network is up
# nfsvers=4 → force NFSv4 (more secure than v3)
# soft → return error instead of hanging if server unreachable
# timeo=30 → retry timeout (in tenths of seconds)

# Mount from fstab without reboot:
sudo mount -a

# Verify mount:
df -h | grep 10.0.0.30
mount | grep nfs

NFS performance and security

# Tune NFS performance with rsize/wsize (read/write block size):
sudo mount -t nfs -o rsize=1048576,wsize=1048576,nfsvers=4 10.0.0.30:/data/shared /mnt/shared

# Security: restrict exports to specific IPs only (never export to 0.0.0.0/0)
# Use Kerberos authentication (krb5) for strong auth (NFSv4):
# /etc/exports: /data/shared *(rw,sec=krb5p) — encrypt data in transit

# Monitor NFS performance:
nfsstat -s    # Server statistics
nfsstat -c    # Client statistics

# Check NFS server exports:
showmount -e 10.0.0.30

Conclusion

Use sync instead of async for any share that contains data you cannot afford to lose. The async option improves performance by acknowledging writes before they are committed to disk, but a server crash between the acknowledgment and the actual write means data loss. For home directories and shared application data, always use sync. The soft mount option prevents NFS client hangs when the server is unreachable — applications get an error instead of hanging indefinitely waiting for I/O to complete.