New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Both vps are Host Hatch?
how to know if other providers aside Hosthatch supports this?
Both are with HostHatch, yes. I was testing via the internal network (even though it's internal, it's not isolated and is shared between other hosthatch customers at the same location, so encryption is still beneficial).
You'd need to ask the provider whether they support "jumbo frames". If they don't support jumbo frames and you increase the MTU, it'll actually hurt performance quite a bit, as each frame will need to be fragmented (or rejected altogether)
Another tip: Create a drop-in service configuration file
/etc/systemd/system/nfs-server.service.d/after-wireguard.conf
to make nfs server start after WireGuard is up. This can reduce chance of errors/problems during server reboot
Thank you for the tutorial. I will use this now on my flimsy HostSolutions 2TB server.
I always end up with a Read Only file system when I try NFS via Wireguard tutorials ๐
Makes me lose my shit ๐ค
Using AUTH_SYS and Export Controls can securely share storage
Make sure you have
rw
in the export and that the clients user id (id
command) is one that has access the exported folder.This is a great tip! Thank you
I think AUTH_SYS is what's used by default. The connection is unencrypted so you'll want to use encryption (eg. WireGuard) for it to be secure, unless you're on an isolated private network. Not sure which provider isolate their private network... BuyVM definitely do.
What error are you getting? You likely need to
chown
the directory to the correct uid, or useidmap
to map it across to the right ID.I think i got same write permission issue as well with ubuntu at the client side. so i changed folder to chmod -r 777 and it solved my issue. Kindly let me know if there's a better solution to this. This are the small things that are missing in the guide
It may be worth looking at a Requires= line as well if you don't want it to come up if that interface doesn't.
Tnx
You should mention that in --append-only mode you cannot prune backups in Borg.
You sending prune command from another server as cronjob or sth like this?
Hope that Borg will work as server > client mode in future OOTB
That's a good point. I use
--append-only
mode so that if someone gains access to any of the backed up servers, they can't just delete all the backupsI'm currently not pruning at all. My backups are going to a storage VPS with 2TB space, and less than 400 GB space is used at the moment. I'll figure out the best way to prune them when I get closer to running out of space
One approach is to have two SSH keys: One key for regular backups in
--append-only
mode, and one key for management that does not run in--append-only
mode and thus gets full access (which I'd keep more secure). This is what is documented in Borg's docs: https://borgbackup.readthedocs.io/en/stable/usage/notes.html#append-only-mode.Using AUTH_SYS and Export Controls can securely share storage
Thank you for publishing such a nice tutorial.
I'm having some issues with the cache part explained in your tutorial. After adding "fsc" to my fstab file, I'm facing, whilst the remounting, the following problem:
"mount.nfs4: an incorrect mount option was specified"
I have strictly followed your tutorial to achieve similar conditions and a more likely success, but it didn't really work out.
Could you help me with this issue? I'm running a fresh Ubuntu 20.04 LTS installation on the client and Debian 10 on the host & went strictly with your tutorial.
My mount works fine without having "fsc" in my fstab file.
cachefilesd is installed, the "RUN=yes" is uncommented.