Linux FS Secure Exporting

Hey All,

I have a public web server (1) that clients periodically upload files to. I have a second server (2) located in a private network where said clients create documents and test. Server 2 exports a samba share through which clients browse via their windows machines. Currently, I migrate files from 2 to 1 for production. I would like to discuss possible solutions where I no longer need to migrate the files.

I was thinking of exporting server 1 to server 2 which customers could then browse via samba. What are my options. I know I could use NFS with Kerberos, SSHFS, NFS with VPN, I could theoretically put up a Nextcloud instance on server 1 where they upload their files.

I understand there are is no file locking with mulitple users on SSHFS and that this is beyond it’s intended purpose, and that it can be slow. I would ideally like to authenticate and integrate with our AD domain, which is already implemented on the server 2, so it would be nice to simply export 1 to 2. However, I am not sure if I am overlooking any other solutions or problems. Any other ideas? I am thinking Kerberos or the VPN solution might be best.

Well you could potentially accomplish this with SELinux, having the server daemons confined in their respective domains, all you’d need to do to push files to the public server would be to either relabel the files as public, or move them to a public directory.

That’s just one more alternative for you, can’t really comment on the other solutions.