Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Optional full-disc encryption

Optional full-disc encryption

Scheduled Pinned Locked Moved Feature Requests
encryptionsecurity
19 Posts 6 Posters 2.4k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcusquinnM Offline
      marcusquinnM Offline
      marcusquinn
      wrote on last edited by girish
      #1

      It would be an additional layer of protection for GDPR compliance expectations — to protect somewhat further against any attack vector directly from a host via a bad-actor or social-engineering.

      (If it can happen to Twitter, I'm sure it's more common than perviously suspected, and as software systems are hardened and the vectors decreasing, the next best alternative target, as we have seen is simply bribery, phishing or manipulation for privileged access)

      Respecting that this may mean re-entering the key on each reboot - but having a Cloudron approved and standardised method for this would be an additional reassurance when using any host that doesn't offer this by default, or in preferring to doing it in a way so the host could possibly not have a copy of the key to unlock.

      I realise this isn't for everyone, so should be opt-in - but having used FileVault on Mac without issue for a decade, and a good multi-location backup strategy with regular restoration testing throughout the community, I think any concerns would be outweighed but the advantages of peace of mind for admins, users, audiences and authorities.

      Web Design https://www.evergreen.je
      Development https://brandlight.org
      Life https://marcusquinn.com

      W murgeroM 2 Replies Last reply
      1
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        I've always wondered what the benefits of server disk encryption is, given at least my idea of a server is to be always powered-on and online. Is this only a protection for data-at-rest? Also I would assume this requires support from the VPS vendor as such to somehow inject/prompt for the key during bootloader.
        I probably miss some obvious upsides of this though.

        necrevistonnezrN 1 Reply Last reply
        3
        • mehdiM Offline
          mehdiM Offline
          mehdi
          App Dev
          wrote on last edited by
          #3

          @marcusquinn You can probably already configure this on the Ubuntu level, without cloudron support.

          However, I am very skeptical of server-side FDE... It is either very unpractical and asks you for a password on each boot, or pretty much useless and just stores a key somehow.

          1 Reply Last reply
          2
          • nebulonN nebulon

            I've always wondered what the benefits of server disk encryption is, given at least my idea of a server is to be always powered-on and online. Is this only a protection for data-at-rest? Also I would assume this requires support from the VPS vendor as such to somehow inject/prompt for the key during bootloader.
            I probably miss some obvious upsides of this though.

            necrevistonnezrN Offline
            necrevistonnezrN Offline
            necrevistonnezr
            wrote on last edited by necrevistonnezr
            #4

            @nebulon some servers are not in datacenters but offices, law firms, private homes, etc. FDE can possibly mitigate data access if someone just takes / confiscates the whole server, see e.g. https://www.cosmolex.com/resource-center/what-encryption-do-law-firms-need/

            mehdiM 1 Reply Last reply
            3
            • necrevistonnezrN necrevistonnezr

              @nebulon some servers are not in datacenters but offices, law firms, private homes, etc. FDE can possibly mitigate data access if someone just takes / confiscates the whole server, see e.g. https://www.cosmolex.com/resource-center/what-encryption-do-law-firms-need/

              mehdiM Offline
              mehdiM Offline
              mehdi
              App Dev
              wrote on last edited by
              #5

              @necrevistonnezr Totally, but the need to enter a password upon reboot for a server is often totally unacceptable in these use-cases. If the server needs to reboot and the person who know the password is not immediately available, it would mean downtime, which is not acceptable.

              FDE for the client devices however is another story, and everyone should use it!

              marcusquinnM 1 Reply Last reply
              1
              • mehdiM mehdi

                @necrevistonnezr Totally, but the need to enter a password upon reboot for a server is often totally unacceptable in these use-cases. If the server needs to reboot and the person who know the password is not immediately available, it would mean downtime, which is not acceptable.

                FDE for the client devices however is another story, and everyone should use it!

                marcusquinnM Offline
                marcusquinnM Offline
                marcusquinn
                wrote on last edited by marcusquinn
                #6

                @mehdi We use Bitwarden to share mission-critical keys between very trusted Sys Admins so we have redundancy from single keyholders.

                The important points to note about this are:

                1. This is an Optional feature - caveat emptor - buyer beware!
                2. This is for GDPR compliance and is an expectation.
                3. There is a backup system - any good Sys Admin with a mission-critical server should have at least plans for a hot-swap standby server ready to restore the latest backup to in the event of any unrecoverable reboot.

                To me the whole point of Cloudron is freedom from reliance on any one host or company to rely on one's own resources, the community here that you have built, and standardisation in that if one of us has an issue, lots of us have the same system working in the same way to cross-pollinate assistance.

                Looking at your App Wishlist for example, fantastic experience and research in there that is teamwork from many, many people's experience, research and testing - and a standard path to making a wish become an app.

                If the only way to have FDE is only to choose hosts that provide it or to have it implemented in a variety of ways by a variety of Sys Admins.

                If not a standard on-button (with a warning) feature to enable and encrypt the full drives in Cloudron - then perhaps we can collaborate on a standard document here so that everyone that would do it will have in the same way, have the same best-practices, warnings and troubleshooting in the event of an issue.

                It will also certainly sharpen attention for being very sure backups systems are good because they would be the only way to recover from a lost key. But a lost key is no different from a mechanical or provider failure.

                Honestly, I wouldn't be so interested if it wasn't for GDPR compliance awareness, that actually is a very good aspiration for all personal data handling - and that it's just so seamlessly never caused me any issues in nearly a decade of having it on dozens of Mac OS devices.

                Now you have the situation whereby if there was a breach that could have been avoided from full disk encryption - there's a thread here for the record where we discussed the merits but didn't do it.

                We can all rush to do these things independently - but you guys are brilliant standard setters, with clearly so much experience, I'm asking for a standard method or guide, and accepting that is with a warning of responsibilities and need to make that possible.

                Web Design https://www.evergreen.je
                Development https://brandlight.org
                Life https://marcusquinn.com

                1 Reply Last reply
                3
                • marcusquinnM Offline
                  marcusquinnM Offline
                  marcusquinn
                  wrote on last edited by
                  #7

                  And, as anyone that has ever completed a PCI compliance questionnaire will know, these questions always come up at the wrong time and can cause things to get done in a rush.

                  Just trying to get ahead of the game here as I see the pros & cons - but pros seem to be the direction we and the world needs to go to make online data safer, and cons are mostly a matter for mitigating with documentation, education and policy.

                  Web Design https://www.evergreen.je
                  Development https://brandlight.org
                  Life https://marcusquinn.com

                  1 Reply Last reply
                  1
                  • nebulonN Offline
                    nebulonN Offline
                    nebulon
                    Staff
                    wrote on last edited by
                    #8

                    I think the question really is if this is the scope of Cloudron or if it is sufficient to be able to use the built-in default FDE from ubuntu server. Choosing the latter already shows heavy dependency on server vendor, since a quick search for how one would do this with only DigitalOcean reveals a host of issues and seemingly half-hearted solutions.
                    If one installs Ubuntu on a hardware server in say the office, then the FDE coming with Ubuntu during the installation process works well and already solves this issue. This is way before Cloudron comes to the party as far as I can tell.

                    W murgeroM 2 Replies Last reply
                    5
                    • marcusquinnM marcusquinn

                      It would be an additional layer of protection for GDPR compliance expectations — to protect somewhat further against any attack vector directly from a host via a bad-actor or social-engineering.

                      (If it can happen to Twitter, I'm sure it's more common than perviously suspected, and as software systems are hardened and the vectors decreasing, the next best alternative target, as we have seen is simply bribery, phishing or manipulation for privileged access)

                      Respecting that this may mean re-entering the key on each reboot - but having a Cloudron approved and standardised method for this would be an additional reassurance when using any host that doesn't offer this by default, or in preferring to doing it in a way so the host could possibly not have a copy of the key to unlock.

                      I realise this isn't for everyone, so should be opt-in - but having used FileVault on Mac without issue for a decade, and a good multi-location backup strategy with regular restoration testing throughout the community, I think any concerns would be outweighed but the advantages of peace of mind for admins, users, audiences and authorities.

                      W Offline
                      W Offline
                      will
                      wrote on last edited by
                      #9

                      @marcusquinn I have my disk fully encrypted for data at rest.
                      Its a pain on reboots, but I don't reboot often.

                      1 Reply Last reply
                      2
                      • nebulonN nebulon

                        I think the question really is if this is the scope of Cloudron or if it is sufficient to be able to use the built-in default FDE from ubuntu server. Choosing the latter already shows heavy dependency on server vendor, since a quick search for how one would do this with only DigitalOcean reveals a host of issues and seemingly half-hearted solutions.
                        If one installs Ubuntu on a hardware server in say the office, then the FDE coming with Ubuntu during the installation process works well and already solves this issue. This is way before Cloudron comes to the party as far as I can tell.

                        W Offline
                        W Offline
                        will
                        wrote on last edited by
                        #10

                        @nebulon On the scope question, do you view the Cloudron server as an appliance? If so, FDE during setup my be good, or an optional switch or something.

                        marcusquinnM 1 Reply Last reply
                        1
                        • marcusquinnM marcusquinn

                          It would be an additional layer of protection for GDPR compliance expectations — to protect somewhat further against any attack vector directly from a host via a bad-actor or social-engineering.

                          (If it can happen to Twitter, I'm sure it's more common than perviously suspected, and as software systems are hardened and the vectors decreasing, the next best alternative target, as we have seen is simply bribery, phishing or manipulation for privileged access)

                          Respecting that this may mean re-entering the key on each reboot - but having a Cloudron approved and standardised method for this would be an additional reassurance when using any host that doesn't offer this by default, or in preferring to doing it in a way so the host could possibly not have a copy of the key to unlock.

                          I realise this isn't for everyone, so should be opt-in - but having used FileVault on Mac without issue for a decade, and a good multi-location backup strategy with regular restoration testing throughout the community, I think any concerns would be outweighed but the advantages of peace of mind for admins, users, audiences and authorities.

                          murgeroM Offline
                          murgeroM Offline
                          murgero
                          App Dev
                          wrote on last edited by murgero
                          #11

                          @marcusquinn This can be done in linux and can be done with or without Cloudron. Luks can be enabled on any server you own running any modern linux flavor. You enable it during server install.

                          Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

                          If cloudron and ubuntu are already installed you can encrypt the home folder with Luks but not the disk.

                          Good luck

                          --
                          https://urgero.org
                          ~ Professional Nerd. Freelance Programmer. ~

                          necrevistonnezrN 1 Reply Last reply
                          2
                          • nebulonN nebulon

                            I think the question really is if this is the scope of Cloudron or if it is sufficient to be able to use the built-in default FDE from ubuntu server. Choosing the latter already shows heavy dependency on server vendor, since a quick search for how one would do this with only DigitalOcean reveals a host of issues and seemingly half-hearted solutions.
                            If one installs Ubuntu on a hardware server in say the office, then the FDE coming with Ubuntu during the installation process works well and already solves this issue. This is way before Cloudron comes to the party as far as I can tell.

                            murgeroM Offline
                            murgeroM Offline
                            murgero
                            App Dev
                            wrote on last edited by
                            #12

                            @nebulon I do not believe this is a cloudron related question as full-disk encryption is not possible to do after installing ubuntu, but only during install.

                            Home folder encryption IS possible though

                            --
                            https://urgero.org
                            ~ Professional Nerd. Freelance Programmer. ~

                            marcusquinnM 1 Reply Last reply
                            2
                            • W will

                              @nebulon On the scope question, do you view the Cloudron server as an appliance? If so, FDE during setup my be good, or an optional switch or something.

                              marcusquinnM Offline
                              marcusquinnM Offline
                              marcusquinn
                              wrote on last edited by
                              #13

                              @will I can see it becoming so - especially if my suggestion here gets traction: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

                              Web Design https://www.evergreen.je
                              Development https://brandlight.org
                              Life https://marcusquinn.com

                              1 Reply Last reply
                              0
                              • murgeroM murgero

                                @nebulon I do not believe this is a cloudron related question as full-disk encryption is not possible to do after installing ubuntu, but only during install.

                                Home folder encryption IS possible though

                                marcusquinnM Offline
                                marcusquinnM Offline
                                marcusquinn
                                wrote on last edited by
                                #14

                                @murgero Yeah - but I can see that becoming something Cloudron could do too if terraforming new instances were added: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

                                Web Design https://www.evergreen.je
                                Development https://brandlight.org
                                Life https://marcusquinn.com

                                murgeroM 1 Reply Last reply
                                0
                                • murgeroM murgero

                                  @marcusquinn This can be done in linux and can be done with or without Cloudron. Luks can be enabled on any server you own running any modern linux flavor. You enable it during server install.

                                  Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

                                  If cloudron and ubuntu are already installed you can encrypt the home folder with Luks but not the disk.

                                  Good luck

                                  necrevistonnezrN Offline
                                  necrevistonnezrN Offline
                                  necrevistonnezr
                                  wrote on last edited by necrevistonnezr
                                  #15

                                  @murgero said in Optional full-disc encryption:

                                  @marcusquinn This can be done in linux and can be done with or without Cloudron. Lux can be enabled on any server you own running any modern linux flavor. You enable it during server install.

                                  Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

                                  If cloudron and ubuntu are already installed you can encrypt the home folder with lux but not the disk.

                                  Good luck

                                  I was wandering was "lux" was, until I realized you probably meant Luks, right?

                                  murgeroM marcusquinnM 2 Replies Last reply
                                  0
                                  • necrevistonnezrN necrevistonnezr

                                    @murgero said in Optional full-disc encryption:

                                    @marcusquinn This can be done in linux and can be done with or without Cloudron. Lux can be enabled on any server you own running any modern linux flavor. You enable it during server install.

                                    Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

                                    If cloudron and ubuntu are already installed you can encrypt the home folder with lux but not the disk.

                                    Good luck

                                    I was wandering was "lux" was, until I realized you probably meant Luks, right?

                                    murgeroM Offline
                                    murgeroM Offline
                                    murgero
                                    App Dev
                                    wrote on last edited by
                                    #16

                                    @necrevistonnezr oh shit I always misspell it, yes Luks LMAO

                                    --
                                    https://urgero.org
                                    ~ Professional Nerd. Freelance Programmer. ~

                                    1 Reply Last reply
                                    0
                                    • marcusquinnM marcusquinn

                                      @murgero Yeah - but I can see that becoming something Cloudron could do too if terraforming new instances were added: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

                                      murgeroM Offline
                                      murgeroM Offline
                                      murgero
                                      App Dev
                                      wrote on last edited by
                                      #17

                                      @marcusquinn said in Optional full-disc encryption:

                                      @murgero Yeah - but I can see that becoming something Cloudron could do too if terraforming new instances were added: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

                                      You misunderstand - There is no possible way to fully encrypt EXT3/4 partitions AFTER linux is installed. AFAIK - there is no work around.

                                      What you are asking for can only be done during OS install.

                                      The only solution I can see here is "Home Folder Encryption" which would be enough here as Cloudron stores most of it's data in it's home folder right @girish ?

                                      --
                                      https://urgero.org
                                      ~ Professional Nerd. Freelance Programmer. ~

                                      marcusquinnM 1 Reply Last reply
                                      2
                                      • necrevistonnezrN necrevistonnezr

                                        @murgero said in Optional full-disc encryption:

                                        @marcusquinn This can be done in linux and can be done with or without Cloudron. Lux can be enabled on any server you own running any modern linux flavor. You enable it during server install.

                                        Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

                                        If cloudron and ubuntu are already installed you can encrypt the home folder with lux but not the disk.

                                        Good luck

                                        I was wandering was "lux" was, until I realized you probably meant Luks, right?

                                        marcusquinnM Offline
                                        marcusquinnM Offline
                                        marcusquinn
                                        wrote on last edited by
                                        #18

                                        @necrevistonnezr Not even sure I remember now - PBKAC 😂

                                        Web Design https://www.evergreen.je
                                        Development https://brandlight.org
                                        Life https://marcusquinn.com

                                        1 Reply Last reply
                                        0
                                        • murgeroM murgero

                                          @marcusquinn said in Optional full-disc encryption:

                                          @murgero Yeah - but I can see that becoming something Cloudron could do too if terraforming new instances were added: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

                                          You misunderstand - There is no possible way to fully encrypt EXT3/4 partitions AFTER linux is installed. AFAIK - there is no work around.

                                          What you are asking for can only be done during OS install.

                                          The only solution I can see here is "Home Folder Encryption" which would be enough here as Cloudron stores most of it's data in it's home folder right @girish ?

                                          marcusquinnM Offline
                                          marcusquinnM Offline
                                          marcusquinn
                                          wrote on last edited by
                                          #19

                                          @murgero Yeah, makes sense.

                                          Web Design https://www.evergreen.je
                                          Development https://brandlight.org
                                          Life https://marcusquinn.com

                                          1 Reply Last reply
                                          0
                                          • 32463 3246 referenced this topic on
                                          • girishG girish referenced this topic on
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                            • Login

                                            • Don't have an account? Register

                                            • Login or register to search.
                                            • First post
                                              Last post
                                            0
                                            • Categories
                                            • Recent
                                            • Tags
                                            • Popular
                                            • Bookmarks
                                            • Search