Encrypt data traffic
-
Hello community,
Is there a way / option to encrypt my traffic going to and from Cloudron? I am planning to host some "family" stuff like videos, pictures ... and don't want anyone to be able to "intercept" my traffic and see what data is going to and from the Cloudron server.
Regards
Lukas -
@lukas as long as you have certificates for apps, everything is already encrypted via TLS. Nobody can intercept Cloudron traffic. Even if they did, we use perfect forward secrecy ciphers (ECDHE) which prevents replay attacks (if someone 'recorded' your traffic).
-
You can actually test your domain/site here - https://www.ssllabs.com/ssltest/analyze.html . You will see a line like below in the report:
-
G girish marked this topic as a question on
-
@lukas yes
-
@lukas that is more a server/OS level feature called FDE. See https://forum.cloudron.io/topic/2939/optional-full-disc-encryption . You can always setup FDE on your server and install Cloudron on top of that.
-
G girish has marked this topic as solved on
-
@lukas you can attach an external disk which has encryption and move the Cloudron App Data (https://docs.cloudron.io/apps/#data-directory) to that volume.
It's not possible to enable encryption at the per app level when the underlying disk is not encrypted. I think this requires creating loopback mounts (which should not be used for production) and setting up encryption. All this goes against best practices.