NFS Share
Overview
Exposing application data as an NFS share can be useful for copying large numbers of media files into or from Emby/Jellyfin, or copying images into Surfer.
This guide explains how to expose directories on Cloudron via NFS.
NFS traffic is unencrypted and can be tampered. Only use NFS mounts on secure private networks.
Install NFS Server
Run the following command on the Cloudron server:
sudo apt install nfs-kernel-server
Disable NFSv3
By default, the NFS server supports v3 and v4. NFSv3 has security implications and should be disabled.
- Edit
/etc/nfs.conf(Ubuntu 22.04+) or/etc/default/nfs-kernel-server(older systems) and add:
RPCNFSDOPTS="-N 2 -N 3"
-
Restart the server:
systemctl restart nfs-kernel-server -
Verify NFSv3 is disabled:
cat /proc/fs/nfsd/versions
-2 -3 +4 +4.1 +4.2
- Disable the
rpcbindservice (only required for NFSv3):
systemctl disable rpcbind.socket rpcbind.service
systemctl stop rpcbind.socket rpcbind.service
Exposing a directory
Edit /etc/exports and add a line:
# this exposes data of the app with id appid to the Client IP address client_ip
/home/yellowtent/appsdata/app_id/data client_ip(rw,sync,no_subtree_check,no_root_squash)
Options:
rw- read and write accesssync- server replies after changes are committed to stable storageno_subtree_check- skip checking if file access remains in the exported filesystemno_root_squash- client root user maps to server root user
Export the directory
Export the configured NFS directory:
exportfs -a
systemctl restart nfs-kernel-server
Expose NFS port
NFS uses port 2049 (TCP/UDP). Add it to the Cloudron Firewall by editing /home/yellowtent/platformdata/firewall/ports.json:
{
"allowed_tcp_ports": [ 2049 ],
"allowed_udp_ports": [ 2049 ]
}
Restart the firewall:
systemctl restart cloudron-firewall
Mounting on client
Add the following entry to /etc/fstab on your laptop/PC:
cloudron_ip:/home/yellowtent/appsdata/app_id/data /mounts/app nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0