Mounting a file system over the internet
Solution 1
No one has mentioned sshfs yet. If you're on a modern linux distro and have ssh access to the remote host, it's as simple as:
sshfs user@hostname:/remote/directory /local/directory
Performance is quite acceptable (but not nearly as fast as a streamed sync like rsync if you require the whole directory).
Solution 2
NFS is inherently insecure. It would be a very poor choice for connecting over the internet.
I like the post that mentions rsync. Instead of using cron to fire the transfer, I would hope that you could simply run the rsync job from your code that handles the file upload.
When the upload completes, rsync the file to their server, done.
You would need to set up a secure connection to their server for the transfer, I would expect.
If you wanted to, you could put the incoming files into a list for transfer, removing the names after successful copy, and give yourself some fail over capability, in case something happens to the connection.
As someone else already pointed out, rsync is designed to handle groups of files, or a hierarchy (thanks, spell check) , so this wouldn't be that hard to accomplish.
Solution 3
NFS may be inherently insecure but that is not the fault of the service. Telnet and FTP are also inherently insecure but both have been used for decades on the open Internet. If an encrypted VPN tunnel is established, then the lack of NFS encryption is irrelevant.
Also if a firewall is configured to only allow a specific remote host address to connect to the NFS mountpoint, then a bare NFS connection is mostly secure from hacking, except from Three Letter Agencies that sniff Internet traffic, and which have access to powerful decryption to crack your encrypted remote connections anyway.
I see that some versions of NFS use UDP by default, which is likely where the Internet reliability problems come from. UDP packets can get lost if the connection is congested, and no retransmission is automatically attempted. If you want a reliable connection, make sure your NFS is using (or is forced to use only) TCP packets over the Internet.
Related videos on Youtube
Ben Holness
Updated on September 18, 2022Comments
-
Ben Holness over 1 year
I built a web application that runs on a virtual server for one of my customers. It includes the facility for them to upload files, but they now want to store those files on a server in their office.
The easiest way to do this would be to mount their file system over the internet directly onto the virtual server. I have experience of mounting NFS over an internal network, but I am not clear if it would work in this scenario.
Any thoughts? I can always write new software to transfer the files, but this would be an easy fix!
Note: The server in the office is Ubuntu 12 server running on a virtual server in a windows hyper-v environment. The VPS with the web app is Ubuntu 11.04
-
Adrian Cornish almost 12 yearsIs security an issue for these files?
-
Ignacio Vazquez-Abrams almost 12 yearsrsync via cron job.
-
Admin almost 12 years@AdrianCornish - not really, although a secure solution would be preferred.
-
-
Admin almost 12 yearsI understand the alternatives, mounting the filesystem would be the easiest solution, I just don't know how stable NFS is over the internet as opposed to over an internal network. What happens if the connection drops etc., or if there is a newer alternative designed to be robust to this.
-
Ignacio Vazquez-Abrams almost 12 yearsrsync has no problems using SSH as transport.
-
Admin almost 12 yearsThe web app already saves the files on the local server and references them there. There will be no space on the local server, so they will have to be removed once transferred, which means writing new code, hence I am looking for a mounted solution first, if possible.
-
Admin almost 12 yearsThis seems like the best solution so far, the FAQ even says "Resources can be mounted over slow and unreliable (distant) connections." Another webpage tells me that "sshfs -o reconnect server:/path/to/mount" will have it automatically reconnect if the connection drops.
-
Ian D. Scott over 6 years> Telnet and FTP are also inherently insecure but both have been used for decades on the open Internet Although true, I don't think this is a good point, because generally it is considered a (very) bad practice to use these over the internet now. Mozilla even suggests deprecating unencrypted http.