Don't use local Docker Volumes

Brilliant! I was just looking at something like this today, but instead I was trying mounting my synology as a cifs volume, nfs is so much easier and this video helped me set it up under 5mins. Thank you!

This was awesome. Perfect timing as exactly the next step I wanted to make with my volumes on Portainer.

Great walkthrough and howto. Thanks for that. Nevertheless, small criticism at this point. NFS volumes and snapshot backups on the target NAS IMHO do not replace an application-based backup. Of course (for example in the event of a power failure but also due to other technical and organizational problems) the volumes on the NFS can be destroyed and become inconsistent in the same way as those on the local machine. This is even more likely because the writing process on the NFS relies on more technical components. That's why I also do and highly reccomend application-based backups with at least the same frequency. If the application's backup algorithm is written sensibly, it will only complete the backup after a consistency check and then it is clear that at least this backup is not corrupted and can be restored without data loss.

I followed this for my WindowsNAS to share to docker and this is so much easier then doing host level mounts. Thank you soo much

Thank you. A great tutorial for NFS.

I wish I found this video last week. It would have saved me hours trying to mount a NFS share on my Ubuntu server. I ran into the user permission issue also and it took a lot of searching to find the answer.

this is great to know -i am currently looking into how to back up my more info sensitive docker containers -like vaultwarden or nextcloud -great video

I have been stuck for weeks with an nsf volume not mounting right inside my containers. First I couldnt edit the created files. Then I could but couldn't create new ones. This fixed both my issues thanks going to set up my shares like this moving forward.

Nice video, looking forward to true nas content!

Hey! Thank you very much for this.
Can you also give an example on how to use an NFS mount in docker-compose / Stacks in Portainer? I've spent the last couple of hours trying and googling but wasn't able to find a real answer or constant examples on how to do it.

Great explanation. Thanks!

Some food for thought...
Most NAS systems have 2 network interface. You could attach the NAS directly to the server on a separate VLAN and optimize that network for I/O, enabling jumbo frames etc. That basically makes it a SAN without the redundancy.
Using iSCSI instead of NFS is also an option and might be preferred for database workloads I assume.

Btw, one point I need to add here: doesn’t mean you don’t need to have backups. Having redundant storage over NFS is nice. But do ensure you still have restorable backups in addition to this.
There can be many things that can go wrong here, your FS might get corrupt in case there was a network problem while writing a bit or the raid fails etc etc.

I read somewhere the NFS is not secure when used with container as it also open access to container processes to get into the main OS processes when we expose server file system to docker container. What's your thoughts on this? Any one.

Love your videos. Question how would I use portainer to add new volume to existing container? I found how to add the volume but after that I don't know if anything needs to be copied over.

How do you replicate into docker compose? I get these steps and its graat for me to understand manually the steps. I'm not convinced my compose is working correctly for NFS. Love to see this explanation converted into a docker compose example.

When migrating cp -ar maybe better as it copies permissons, too. Nice video! Need to figure out how to do this in docker-compose.

You can also run docker containers in TrueNas itself and connecting to the NFS locally. If I'm right the writes can then handled synchroniously. This gurantees the data integrity.

What if you need to perform an update on TrueNas that needs to reboot the NFS service or the TrueNas system ?
Will the Docker container wait for the NFS service to come back without having trouble with data consistency ?
I have myself that setup but when I want to restard my NAS it's a real pain to stop everything that depends on it...

Awesome video, thank you for explaining this. I am doing the exact same with all my pods in k3s ;)

Thank you, it really helps

I have a docker user and group on both docker and Nas machines. I use the same UID and guid on the container using env variables.

I am having issues installing a stack in a Volume. the volume is already added in portainer and I see it and Tested it but my yml I cant figure out how to add nextcloud to the volume I want it.

What happens when you need to reboot or shutoff the storage server. Can the docker containers stay running or do they need to be stopped first?

Hi Christian, thanks for the informative video. I have two questions though:
1. What is the correct way of setting user with same id, group id on nfs server and client? I have rpi with user 1000:1000. Such user doesnt exist on my Synology. Should I add new user to synology? Or should I pick one of synology user ids and create such user on raspi? If so, how do you create user with specific ids?
2. What about file locking through nfs? I had issues with network stored (samba cifs) data containing sqlite database, for example homeassistant, baikal. I couldnt network store mariadb, mysql either due to some "file locking issues".

wow dude when you typed root in that box you solved all of my problems
crazy how ur the best source of information i have found over all of the internet

Many of the big datacenter also use Fibre channel based storage, network attached can be slow and subject to tcp congestion and package loss, whereas fc is guaranteed delivery.

Oh my gosh!!! You are a crack !!! Thank you very much, mater

Great Video! I have a question, so , if I have mounted the volume to the NFS in /etc/fstab. Do I still need to create the nfs volume? couldn't I just point to the mounted NFS on the host? What's the advantage of creating a new nfs volume in portainer? Is it just for easier to migrate from nfs to nfs? Thx!

The folder/volume I created inside the container is user 568 so I can't access the /nfs folder in my container. Why did it use that user id over root?

Another AWESOME video!! But, I saw in the video that you have a portainer_data volume on the nfs share, how was that done? I have been trying to get this to work but getting docker error while trying to mount the volume.

@christianlempa Thanks Christian! Could install portainer on a Debian VM within TrueNAS scale, and then communicate with that? Or are you using a separate machine entirely for your Portainer/Server?

Hi Christian, great Videos. I would love to see how to use this NFS (or maybe iSCSI) Setup with a Kibernetes Cluster. This is what I am trying to setup right now ;-)

I have read around some people complaining of database corruption using NFS as their cluster storage, didin't tried it personally and I am currently using CIFS mounts for my docker swarm. I was wondering if you have tried Glusterfs as it seems it is recommended for cluster volumes in general ,

And how do I use NFS to mount the initial portainer data volume, before configuring portainer?

I tried this some time ago. Sadly my pi4 with 3 HDD's in raid5, using mdadm was not fast enough.
So i decided to have my deployment files on the nfs, but volumes locally.
And i wrote backup scripts for the rest.

@christianlempa is the activation of NFS4 that simple?? I've tried exactly what you deed and the mount fails returning "permission denied", always. I tried to dig on the subject and looks like that NFS4 requires a lot of effort to get working.

I usually do a cron job to copy volumes and database exports to an AWS S3, and then another cron job to delete files older than 1 month!

Event with the "wheel" user added to TrueNAS, NFS refused to work for deluge /sonarr / radarr (CentOS using docker compose). I ended up making an SMB share (yes, Microsoft, blasphemy!) and it works perfectly. So much less of a headache than NFS, PLUS it's actually secure (authenticated with a password and ACL (Access Control). SO, yeah. Unexpected but I would just recommend making a fricking SMB share.

isnt it better to map the NFS volume in a /mnt/NFS on the host running docker so you have 1 connection open instead of hunderds for every container picking its own connection? Or is that not possible when you go docker swarm?

it's the same thing. a storage server can also crash. and you have a complicated setup with a NAS storage. either methods you select, a proper backup is best.

Could use iscsi targets perhaps worked well with VMWARE esx years ago when i didnt have a san

Any plans to do a tutorial for Kubernetes Persistent Volume to TrueNAS NFS ?

Hi . Created nfs volume on server. Can connect with the synology. But in portainer. The nfs volume appears empty .. The server volume is nobody;nogroup.

Glusterfs works really well for small files or small file transfers as well.
Edit: I've since been told databases don't scale well on glusterfs. IDK how much experience that person has with glusterfs but they have enough experience with k8s for me to accept it until I can test it. Works great for the really small stuff I do in my home lab though.

This is nice, but. Is there a way to use a local directory on the host instead? I have docker installed on my Ubuntu 22.04 and it would be nice to use local directories.

On my NAS, CIFS is enabled for the Windows computers connected to it. NFS is disabled.
Is there any reason not to use CIFS instead of NFS for storing Docker volumes on my NAS?

Great video.

Awesome!!
Is this a good solution for a docker swarm volume sharing with the different nodes?

I am triggered into high gear learning mode by all of this. The aim is to set up a home assistant server. ha runs in docker and stores its data in local volumes. I am no fan on having my data all over the place so this video solves that problem. So next step is to get my hands dirty and hope i do not get to many errors that exceed my domain of knowledge. Thanks!!

Hello guys ,... I had a power failure and all my docker volumes have gone. Is this a predictable behavior ? Are they still there in disk ? Thanks

First of all, I don't have much knowledge about Infrastructure... T,T
Can the NFS of truenas VM be delivered to a container volume without 1Gb Network bottlenecks?
Both truenas and container (ubuntu VM) are operated on proxmox.

Christian, How to make a disaster recovery of the entire system ? could you simulate an example?

Btw, one point i need to add here: why share all of your files as root? You could just make a new group and user(s), specifically for accessing your files, and map your NFS shares to them. It is belt and suspenders since you only expose NFS to a specific IP, however not using root whenever possible is the way forwards. Probably why it got removed as a default in the new release.

When I try to deploy I keep getting a "Request failed with status code 500." error message.

LOL I spent a week on figuring this exact thing out - wanted to use Photoprism to use pictures from Backup server rather than Import files into Docker. Just got it working last night.😂

I'm trying to do this for hours now and always run into permission issues. My User on the docker host and the NAS are exactly the same (same username, pw, UID GID) and I get permission denied when I just try to cd into the NAS folder from the ubuntu test container. Anyone an idea?

Will this work with a backup solution as PCloud?

Hi!
what tool for drawing and marking via mouse directly on screen are you using ?

I'm far from an expert on linux and there is something I'm missing on permissions: When you say that we need to have the same user that use the same permissions between the NFS server and the docker image, how does it work? I though that just having the same user id or the same user name isn't enough, no? I mean, they could have different password ?
Also, what about the performance implications? I'm thinking to move my plex server in a docker container, with its storage on a NFS volume, could this be an issue?

What about storing portainers volumes on a NFS share too?

if i ever go crazy and have to setup a dirty docker system i'll try to remember this. it seems really helpful and imo any improvement possible is a god's gift with docker (i really hate it, ngl kubernetes. also not a big fan)

Don't you need higher-tier networking to make sure you're not suffering any performance penalties? I can imagine that the additional latencies can make certain applications run slower when all file system access has to go through 2 network stacks and the network itself.

how do i do this with wsl2 and synology nas?

7:48 After many hours I finally figured out that I needed NFS4 enabled on TrueNAS to get this to work on my setup. I kept getting Error 500 from Portainer when attempting this with the default NFS / NFS3. 😅

once installing nfs-common things just worked !! nfs-common was the missing piece

how do you draw this stuff like @2:30 ?

Hmm seems based on the comments iscsi might be the way to go which is block storage vs nfs which is file storage. I don't know however but I do know when I've had two linux system sharing via nfs the nfs connection has crapped out in the past causing problems. I'm not sure this is a better option than keeping bind mounted volumes and just having a backup solution for the volumes that runs periodically to backup the volumes to remote source. Lastly I'm wondering if you run an ldap server since this would synchronize users on vms and the NAS. I'm curious if you would get nfs errors in this scenario

In this case I assume NAS server must always be started before docker server and shutdown in reverse order. Otherwise I assume containers will just fail to start. How do you guys handle this?

There was a permission problem when I started the container, user and group exist on both server and client, but when executing the chown command in dockerfile, it shows no permissions error, maybe I have to use root user instead. Is there any other ways to work around with using the root user?

Would you please do a video about using Ceph Docker RBD volume plugin?

I don't think this is working anymore. It used to work, but now on TrueNAs 13, I keep getting this error with new volumes I create (both via stack editor and in portainer):
failed to copy file info for /var/lib/docker/volumes/watchyourlan_wyl-data/_data: failed to chown /var/lib/docker/volumes/watchyourlan_wyl-data/_data: lchown /var/lib/docker/volumes/watchyourlan_wyl-data/_data: invalid argument

is it possible to use zfs pools?

Gluster FS will be even better option to manage data inside Docker swarm.

I'm running my docker inside a LXC on proxmox. Which has MP mount to the host. Which has NFS mounts to the storage server. I'm using bind mounts inside of portainer, is that wrong?

Great topic. One question. What is going to happen to the docker container if the connection between the NFS server and docker server is lost?

Wouldn’t raidz2 be more safe especially with a 12 drive arrays? Good video tho! Docker volume management is something very important and you made some very good points!

I did this a few days ago and it corrupted several of my containers. Please be carful and have backups if you do this.

you are so deep in the weeds here, not accessible to people who are still finding their way... the level this is at is for people who don't actually need this.

Did you experience problems with containers using NFS mounts after a reboot?
Until now I used nfs only via mounting it to the host and bind mounting docker volumes to the host
Since I now switched to the "direct mount" of nfs to docker host, specified in the stack code, after rebooting my CoreOS server, all these containers fail
After restarting them they start fine
Seems like a not available nfs service at boot time where the containers try to start but are not able to be mounted yet

Is the same thing posible using the CIFS/SMB mounts originating in windows or it does have to be NFS?

Everytime I try to bind my NAS volume to a container the container doesn't deploy with error code 500 (deploys fine without binding the volume so I'm sure that is the issue). I tried it with 2 different Truenas scale instances now with the same result. Anyone got an idea what I'm doing wrong?

Hi!
Would it also be possible to do something similar for the "stacks" that are created with portainer???
Or maybe this is stupid... images are not downloaded over and over again when there is an update for example (like a local cache system).
Great video, as usual!

How about HACS without OS?

How about volumes where performance matters? Like tmp or cache folders or source files in local development?

Could you use cifs/samba to do the same thing?

I have 3 rpis on a docker swarm. One of the. Is my nfs server and doing exactly this. But worry if my docker drive dies so any idea on making backups.

You could just simply push your builds to a remote server running a private docker registry and have that server run daily backups.
Out the box docker on overlay2 doesn't like nfs *at all*. Better off using the cache to and cache from flags on buildkit if you are looking for any advantages of sharing layers across multiple machines provided you do have the cache target mounted on a shared fs. And even with that the time it costs to import and export to cache puts question marks on the absolute performance gains for builds.

Could we just have mounted a nfs share on the local docker volumes directory?
I suppose that because such docker native nfs mecanism exists then the answer would be no, but i'm curious of why.

Hey, thanks for the video, unfortunately i have an error "500 request failed" when trying to deploy the container.
I have no issues adding the NFS on other machines, but on container it doesn't work unfortunately.

Cool danke

Not running docker because I couldn't manage to run one single "package" on my qnap in station container (had some network problems)..
That's why I'm using native running installations all the way without some voodoo in a package.

have you seen any issues with DB’s specifically SQLite? I tried to move my containers to an NFS share… some work just fine but anything using SQL seems to just break.

Do you stop your containers when you backup your storage server?

i can't seem to create volume from qnap to the docker. can you help?

I run my local storage lofs across several zpools. Not sure why anyone would do anything as complicated as docker when there are open solaris zones on zfs. In essence I run the server application part on a zpool that is in RAM and NVMe, and storage in RAM and spinning drives. ZIL, L2ARC, and all...
I use NFS between the Mac and the media servers.

Can someone help me where I'm going wrong? I've created the volume, but when trying to save the volume in the container, I always get a "request failed with status code 500" error when clicking deploy.

One concern of using NFS in a home lab is that NFS needs the user to ensure the local network is safe, otherwise the security is compromised since the only auth is the ip address (of course you can use kerberos, but it’s too hard to configure). Besides, an malicious docker container could connect the NFS by using the host ip.

I'm about to do an Unraid server for hosting my NAS and so many docker containers, I can't use NFS in Unraid on my nas though right? I'm watching the video now ...

Next level: Longhorn :)