How to Set a Raspberry Pi NFS server at home.

Set a Raspberry Pi NFS server 

If you need to share files on your home network, setting up an NFS server using a Raspberry Pi and an external hard drive or SSD is a quick and easy way to do just that. If you've been following my Kubernetes on Raspberry Pi series, the server setup we will create in this article can act as your persistent storage provider as well. 

Let's build it! you will need a RaspberryPi with Raspbian installed and the Pi set to a static IP. You will also need an external hard drive or SSD with a USB interface. For performance reasons, I suggest using a Raspberry Pi 4 and a drive with USB 3.1. Also, the drive used in this video is formatted with the `ext4` file system. You are free to use other file systems if you prefer. With those materials gathered, let's get started.

 First, we shell into the Pi with `ssh`. My Pi's static IP is `192.168.0.3` so that the IP I'll be using in the article. We need to make a directory to mount the drive on.

Let's use `/opt/NFS`. Next, we want to drive to be automatically mounted when the Pi boots. So we need to add it's information to `/etc/fstab`. Let's get its partition identifier. Copy the `PARTUUID`. Now edit `/etc/fstab` and add in a line to mount the drive. Save and quit. We could reboot and the drive would be mounted, but we can also mount manually just this once. Let's do that to save a bit of time.

 Ok. Looks good. Let's install the NFS server. Easy enough. Now we need some things to export. Let's make a few sample export directories and files. Ok, now we need to tell NFS that we want these directories exported.

We do that by putting entries in `/etc/exports`. The asterisk means that we want to export the `everyone` directory to, well, everyone. The `rw` flag means we want the export to be readable and writable. We could have used `ro` to make it read-only. The `sync` and `no_subtree_check` flags are defaults, but at some point, NFS switched the default values for these flags, so it'll gripe at us if we don't specify them.

 Let's add one more export. By specifying the host address for this export, we are limiting access through NFS to a particular host. We could also have used hostnames and/or CIDR notation to limit access to a particular network or network subsection.

 If you are interested in the types of restrictions, run `man exports` on your NFS server Pi. Ok, let's save and quit. Now we need to tell NFS that we've changed the export file and that it needs to re-evaluate what it's exporting. That's all there is to it! Let's switch back to our PC and test the exports.

 In order to mount NFS file systems (at least on Ubuntu-based systems) you need to install the `NFS-common` package. Without it, you'll get an error suggesting that you need a helper program when you try to mount. With that installed, we can temporarily mount the `everyone` export. We can now see the files from the export! We mounted the directory read/write, so let's try to write a file. Hmm, that didn't work. So what's going on here?

 This is where things get a little complicated. By default, the NFS permissions are the standard Linux file access permission that limits access by user and group ids. So, in order to allow a write, the directory on the NFS server has to be writable by the user ID from the client. In other words, users and groups between the server and client must match. So what can we do?

 Well, one option is to just make the directory on the NFS server world-writable with something like`chmod 777`. That would work. If that trips your internal security senses, if you are managing mostly single-user systems, we can take advantage of the fact that many distributions start userIDs off at 1000. Notice that the pi user's id is 1000. On my computer, my carpie id is 1000 as well. This is because pi and carpie are the first end-user ids created and both Raspbian and Ubuntu start users in 1000. So, we can just make the `everyone` directory owned by the `pi` user on the server. Now we can write. If you are managing multiple users, you have a couple of options.

 A world-writable thing is an option. Also, you could create a group on the NFS server and on each client machine with the same id. You would then set the directory you wanted writeable to be group writeable and owned by the new group. On the client machines, you'd create the same group, with the same id, and add any users with access to the group. That would work too. If you wanted to get real fancy, you could make the server use something like LDAP to manage users. I'm going to leave those options as exercises to the viewers. Ok, that's the unrestricted export. 

Let's unmount that and then try the restricted one. Good. It was restricted to an IP that is not myIP so it won't let me mount it. Let's update the export to use my IP. And now try that again. Cool, now I have access, so the restrictions are working. So that's how we can mount the export temporarily. What if we want it mounted all the time. We just need to put an entry in `/etc/fstab`for that case. So we mount the everyone export on `/srv`this time, just to change things up. You can mount on almost and directory you want. We use type `nfs`... We want to mount read/write, we specify `user` so that a normal non-root user can mount or unmount the share. And we'll specify `soft` so that our connections don't hang if the server crashes or we lose connection. 

Finally, we don't want to dump the file system and we don't need `fsck` to check it, so we use 0 and 0 for the final two parameters. Ok, save and exit. Now we can mount as a normal user just by saying `mount /SRV`. Also, the share will be mounted automatically when we reboot. If we wanted the easy `mount /SRV` mounting but didn't want to mount automatically on boot, we could add the `no auto option in the `fstab` line. If you want to know more about the available options, try running `man NFS`. There we go! We have a working NFS server.

If you want to Double up internet speed then check out this article CLICK HERE

If you want to build your own VPN Check out this article CLICK HERE