@JOduMonT said in How to install Cloudron/Nextcloud with LUKS full disk encryption on Hetzner cloud server:
Maybe I miss read, but, do we have the same understanding that LUKS and full-disk encryption is only useful when the system is not running; aka the drive is not mounted ?
Yep, this is covering only against scenarios where actors might gain access to the drive or volume your data resides on when the machine is offline.
Think of security as layers of an onion and this is just one layer for one(ish) attack vector.
As part of my information security policy, I need to protect data at rest (e.g. hard drives of servers, laptops, phones and backup media) and prevent unauthorised access when machines are running. So full disk encryption satisfies that requirement nicely and being able to do it from afar on a virtualised or bare-metal system like at Hetzner makes it pretty convenient too.
My concern with home/office is theft and with hosters or data centres in general, that drives may end up being replaced or recycled. Hetzer and hosters like them will have easy physical access, so LUKS protects against someone going to the machine, turning it off and passing the drive on to someone else for whatever reason.
Happy to expand and try to answer any questions, with the caveat that I am not offering professional advice nor does it come with any guarantees 😉