Hello everyone, I’m new to this community. I’ve just subscribed to Linode to delve into the realm of cloud computing. I’ve successfully configured SSH, but I have a few queries. Firstly, I’m interested in centralizing storage for multiple desktops, similar to an office setup. I want each desktop to have its own distinct credentials, ensuring individual access to their respective workstation portals. Could someone explain the concepts of client and server setups in the context of an NFS server? Does this involve using separate Linodes or dividing resources within a single Linode? Lastly, considering my requirements, is setting up an NFS server the appropriate choice? Your insights would be much appreciated.
Welcome to the forum!
The setup depends on the clients mostly, but I wouldn’t use NFS over the internet. And then there’s the question what the clients are running. If Windows is used, you should be using SMB (Samba). NFSv4 has credentials handling, but the easier (and probably more secure) way would be to set up wireguard, grab a key from each user, then have them connect to the linode server and finally to the internal wireguard IP of the linode host in order to access NFS or SMB.
I mentioned that I wouldn’t be running NFS over the internet and that’s because of reliability concerns. Unless you are really close to the Linode datacenter, you’re probably better off using something like NextCloud with a desktop client to sync the files, no VPN involved (it’s slightly more involved, but a better fit typically with remote servers).
For NFSv4 with authentication, I think you need to set up kerberos. If no authentication via the protocol is involved, NFS is the easiest, followed by Samba. Samba has authentication built-in, making it easier for shares access management. With wireguard and private keys, you can skip the authentication part on NFS and Samba, but you can restrict the mounting from specific IPs, which you define in the wireguard config, making it a pseudo-credential based on the wg keys used to connect. And wireguard secures the traffic on the internet as well. But if you go with the vpn route, make sure that you only do a split-tunnel (only allow subnets from wg to pass through the tunnel, this basically ensures that the only traffic going to linode is for nfs or samba, instead of having all the traffic appearing to originate from linode). Not hard to do, just a matter of not using “allow 0.0.0.0/0” on the client side and that’s it.
With nextcloud, you have to configure the web server, reverse proxy, https certificates and the desktop sync clients. But if you setup an online workflow (if possible), like for spreadsheets or text documents, your users can collaborate on files in the browser, helping with getting work done, instead of locking the files for edit.
remember, NFS has no user authentication mechanism. The most you can do to secure it is limit the share to specific IP addresses. If you are doing this is the cloud, I would use object stores. I am not familiar with Linode, but in AWS you could do this with S3. I am sure Linode has something similar.
Thanks bro. I will check that out.
Thanks bro. I gets some idea. I am just a beginner. I understand even not fully but i have some idea now.
This is really easy. What I would do is create a different cloud user account for each person (or less optimally, each PC). Then within the object storage you can create policies by bucket, or by folder or even by file as to who can read or write to that object. If you do it by user, then each user can access their stuff whichever workstation they are on. There are software packages that are like windows explorer that you can use to access your files from the cloud right on the desktop. Cloudberry explorer comes to mind. CloudBerry Explorer Freeware | Cloud File Manager I am sure there are others.
Bro can i have your Email ID. So that it easy to contact incase of any assisstance.