Encrypt data traffic
-
wrote on Apr 17, 2024, 8:04 AM last edited by girish Apr 17, 2024, 8:34 AM
Hello community,
Is there a way / option to encrypt my traffic going to and from Cloudron? I am planning to host some "family" stuff like videos, pictures ... and don't want anyone to be able to "intercept" my traffic and see what data is going to and from the Cloudron server.
Regards
Lukas -
@lukas as long as you have certificates for apps, everything is already encrypted via TLS. Nobody can intercept Cloudron traffic. Even if they did, we use perfect forward secrecy ciphers (ECDHE) which prevents replay attacks (if someone 'recorded' your traffic).
-
You can actually test your domain/site here - https://www.ssllabs.com/ssltest/analyze.html . You will see a line like below in the report:
-
-
wrote on Apr 17, 2024, 8:43 AM last edited by
So does this mean that if I have SSL active for my applications, the data traffic cannot be intercepted and decrypted, i.e. nobody can read it?
-
@lukas yes
-
@lukas that is more a server/OS level feature called FDE. See https://forum.cloudron.io/topic/2939/optional-full-disc-encryption . You can always setup FDE on your server and install Cloudron on top of that.
-
-
wrote on Apr 17, 2024, 9:15 AM last edited by
thank you, so per App "data encryption" is not on the roadmap?
-
@lukas you can attach an external disk which has encryption and move the Cloudron App Data (https://docs.cloudron.io/apps/#data-directory) to that volume.
It's not possible to enable encryption at the per app level when the underlying disk is not encrypted. I think this requires creating loopback mounts (which should not be used for production) and setting up encryption. All this goes against best practices.