Encrypt data traffic

lukas

Hello community,

Is there a way / option to encrypt my traffic going to and from Cloudron? I am planning to host some "family" stuff like videos, pictures ... and don't want anyone to be able to "intercept" my traffic and see what data is going to and from the Cloudron server.

Regards
Lukas

girish

@lukas as long as you have certificates for apps, everything is already encrypted via TLS. Nobody can intercept Cloudron traffic. Even if they did, we use perfect forward secrecy ciphers (ECDHE) which prevents replay attacks (if someone 'recorded' your traffic).

girish

You can actually test your domain/site here - https://www.ssllabs.com/ssltest/analyze.html . You will see a line like below in the report:

lukas

So does this mean that if I have SSL active for my applications, the data traffic cannot be intercepted and decrypted, i.e. nobody can read it?

girish

@lukas yes

lukas

@girish great! which would be very cool if the application data could be encrypted

girish

@lukas that is more a server/OS level feature called FDE. See https://forum.cloudron.io/topic/2939/optional-full-disc-encryption . You can always setup FDE on your server and install Cloudron on top of that.

lukas

thank you, so per App "data encryption" is not on the roadmap?

girish

@lukas you can attach an external disk which has encryption and move the Cloudron App Data (https://docs.cloudron.io/apps/#data-directory) to that volume.

It's not possible to enable encryption at the per app level when the underlying disk is not encrypted. I think this requires creating loopback mounts (which should not be used for production) and setting up encryption. All this goes against best practices.