Prior to Virtualmin, my sites used Akeeba Backup to make backups, which were then FTP’ed down to my TrueNAS at home. So far, so good.
Now that I’ve moved a majority of my sites onto Virtualmin, they’re still doing the same thing, but the FTP connection is from the Virtualmin VM to its host NAS. It works, but I would like to change it for a variety of reasons (I’ll detail why in a reply to this question).
Looking at TrueNAS documentation, the recommended method of mounting a dataset on the NAS inside the VM is to make the dataset an NFS share, and then mount that share inside the VM. I should then be able to point all my backups to that path, which will dump the backups onto the NAS filesystem, outside of the VM’s storage.
What’s the proper way to mount an NFS share from inside Virtualmin, so that the NAS share is visible to the Virtual Servers to back up to?
Reasons for going this path - I want to limit what ports I am forwarding to my NAS from the outside. The Virtualmin VM is already exposed to the internet (DMZ on the Router), so I can just let FTP connect to it directly instead of forwarding port 21 to my NAS. Virtualmin’s firewall and controls are much more granular, and easier to work with, than the ones on the TrueNAS GUI.
The intent is to set all incoming FTP connections to hit the Virtualmin VM, then disable FTP altogether on the NAS. If anyone does get into the VM using FTP, they’ll only be able to access the various Virtual Servers, and not the NAS itself.
Webmin has a module for the fstab, and it also has a module for NFS exports (but that’s not the problem you need to solve, that’s for serving files via NFS, not mounting remote NFS filesystems…I just want to be complete in case anyone is searching for NFS in the future).
I do understand that - TrueNAS is the host, Rocky is the VM OS. I was wondering if there was a way, using the Virtualmin GUI, to mount the TrueNAS NFS share to the Rocky VM’s file system.
If using Kerberos authentication, that happens outside of the fstab. I’m not sure if the Webmin Kerberos module supports the client-side stuff, it’s been years since I’ve looked at it.
OK, I got the NFS mount working. Servers inside Virtualmin now can back up to the NFS share, and the files are places on the NAS’ storage, where it’s visible from the NAS side (meaning I can see them from my laptop by browsing the NAS, which is what I wanted). The backups are also not visible to the public web, which is good.
Next trick - I want to set up an FTP user on the Virtualmin server, so someone outside can connect via FTP, and send files into the same share. I tried setting up an FTP user on one of the Virtual servers, but it looks like this limits their home to be in one of the Web visible folders, meaning their backups would be exposed via the Web. What’s the best way to create an FTP only user, that would be able to access the NFS mounted file system?