Mounting a file system over the internet

28,700

Solution 1

No one has mentioned sshfs yet. If you're on a modern linux distro and have ssh access to the remote host, it's as simple as:

sshfs user@hostname:/remote/directory /local/directory

Performance is quite acceptable (but not nearly as fast as a streamed sync like rsync if you require the whole directory).

Solution 2

NFS is inherently insecure. It would be a very poor choice for connecting over the internet.

I like the post that mentions rsync. Instead of using cron to fire the transfer, I would hope that you could simply run the rsync job from your code that handles the file upload.

When the upload completes, rsync the file to their server, done.

You would need to set up a secure connection to their server for the transfer, I would expect.

If you wanted to, you could put the incoming files into a list for transfer, removing the names after successful copy, and give yourself some fail over capability, in case something happens to the connection.

As someone else already pointed out, rsync is designed to handle groups of files, or a hierarchy (thanks, spell check) , so this wouldn't be that hard to accomplish.

Solution 3

NFS may be inherently insecure but that is not the fault of the service. Telnet and FTP are also inherently insecure but both have been used for decades on the open Internet. If an encrypted VPN tunnel is established, then the lack of NFS encryption is irrelevant.

Also if a firewall is configured to only allow a specific remote host address to connect to the NFS mountpoint, then a bare NFS connection is mostly secure from hacking, except from Three Letter Agencies that sniff Internet traffic, and which have access to powerful decryption to crack your encrypted remote connections anyway.

I see that some versions of NFS use UDP by default, which is likely where the Internet reliability problems come from. UDP packets can get lost if the connection is congested, and no retransmission is automatically attempted. If you want a reliable connection, make sure your NFS is using (or is forced to use only) TCP packets over the Internet.

Share:
28,700

Related videos on Youtube

Ben Holness
Author by

Ben Holness

Updated on September 18, 2022

Comments

  • Ben Holness
    Ben Holness over 1 year

    I built a web application that runs on a virtual server for one of my customers. It includes the facility for them to upload files, but they now want to store those files on a server in their office.

    The easiest way to do this would be to mount their file system over the internet directly onto the virtual server. I have experience of mounting NFS over an internal network, but I am not clear if it would work in this scenario.

    Any thoughts? I can always write new software to transfer the files, but this would be an easy fix!

    Note: The server in the office is Ubuntu 12 server running on a virtual server in a windows hyper-v environment. The VPS with the web app is Ubuntu 11.04

    • Adrian Cornish
      Adrian Cornish almost 12 years
      Is security an issue for these files?
    • Ignacio Vazquez-Abrams
      Ignacio Vazquez-Abrams almost 12 years
      rsync via cron job.
    • Admin
      Admin almost 12 years
      @AdrianCornish - not really, although a secure solution would be preferred.
  • Admin
    Admin almost 12 years
    I understand the alternatives, mounting the filesystem would be the easiest solution, I just don't know how stable NFS is over the internet as opposed to over an internal network. What happens if the connection drops etc., or if there is a newer alternative designed to be robust to this.
  • Ignacio Vazquez-Abrams
    Ignacio Vazquez-Abrams almost 12 years
    rsync has no problems using SSH as transport.
  • Admin
    Admin almost 12 years
    The web app already saves the files on the local server and references them there. There will be no space on the local server, so they will have to be removed once transferred, which means writing new code, hence I am looking for a mounted solution first, if possible.
  • Admin
    Admin almost 12 years
    This seems like the best solution so far, the FAQ even says "Resources can be mounted over slow and unreliable (distant) connections." Another webpage tells me that "sshfs -o reconnect server:/path/to/mount" will have it automatically reconnect if the connection drops.
  • Ian D. Scott
    Ian D. Scott over 6 years
    > Telnet and FTP are also inherently insecure but both have been used for decades on the open Internet Although true, I don't think this is a good point, because generally it is considered a (very) bad practice to use these over the internet now. Mozilla even suggests deprecating unencrypted http.