[SOLVED] NFS server in LXC

The steps here to get it to work should be considered obsolete; you can just use a debian 12 ct and enable the nesting and nfs features of the ct then install nfs-kernel-server as usual as well as your other services. I had re-done my ct a while back with that method (debian 12 ct, nesting, nfs on proxmox 8) and I did not have to do any fiddling with other files.
Thank you for the original and these new instructions.
 
After reading this thread, I wonder if it's worth the hassle to configure an LXC container to share ZFS datasets from the host via Samba and NFS rather than sharing from the host directly?
I think you are 100% correct, unless you use nfs-ganesha you are probably worse off by using a container because you are providing a server that ties in to your kernel on the host so all "benefits" of containers/vms go out the window.
 
I had made numerous attempts before I got the result. I tried with Turnkey File server and Cockpit.
Finally, I chose Turnkey File server because it has 3 main options for me — Samba, NFS and WebDAV in one package.
But this is offtop, of course.

My solution is simple.

At first, I set up nfs-kernel-server on the HOST machine. Not LXC container — HOST! This is essential. The issue is here.

Create a privileged LXC container (uncheck `Unprivileged container`).

The second part. I came across it in some videos on YouTube and you can read it here.

Edit the container file:
code_language.shell:
sudo nano /etc/pve/lxc/lxcid.conf
where lxcid is ID of your container.

And add at the end of the file:
Code:
lxc.apparmor.profile: unconfined

Start your container.
If speaking about Turnkey File server, it has an internal firewall and in the test goals I added the first rule to accept all connections from eth0.
Go to NFS settings. Remove default shares if they exist. Create a new share without any restrictions and — BINGO!
Everything works as expected!
 
Last edited:
If you have to install the nfs-kernel-server on the host why even bother to add a container?
Did you follow the links in my message?

LXC containers leverage the host's kernel - so for any service which requires a kernel module (such as NFS), the host must have the required module installed and enabled. In the case of NFS, simply installing the nfs-kernel-server package should be sufficient.
 
If you have to install the nfs-kernel-server on the host why even bother to add a container?
Do you see any security downsides to this? I agree there's no advantage in creating a privileged container to host an NFS server.

I'm planning my setup to provide local storage via NFS (to Unix) and SMB (to Apple). Remote access outside my network will be enabled through Tailscale VPN. I want to avoid the overhead of TrueNAS and stick to just the packages.

I’m considering running the NFS server in a container or VM since I'll soon add a second node, making the setup easier to reproduce. Here are the options I see:

  1. Unprivileged LXC:
    • Bind-mount local folders to the container
    • Use NFS Ganesha alongside SMB
  2. VM:
    • NFS server on the host, restricted to the VM
    • Standard NFS and SMB setup in the VM
  3. Host-based:
    • Run both NFS and SMB servers directly on the host
I’m leaning towards option 1, but it’s just a gut feeling.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!