Optional full-disc encryption

will

@marcusquinn I have my disk fully encrypted for data at rest.
Its a pain on reboots, but I don't reboot often.

will

@nebulon On the scope question, do you view the Cloudron server as an appliance? If so, FDE during setup my be good, or an optional switch or something.

murgero

@marcusquinn This can be done in linux and can be done with or without Cloudron. Luks can be enabled on any server you own running any modern linux flavor. You enable it during server install.

Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

If cloudron and ubuntu are already installed you can encrypt the home folder with Luks but not the disk.

Good luck

murgero

@nebulon I do not believe this is a cloudron related question as full-disk encryption is not possible to do after installing ubuntu, but only during install.

Home folder encryption IS possible though

marcusquinn

@will I can see it becoming so - especially if my suggestion here gets traction: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

marcusquinn

@murgero Yeah - but I can see that becoming something Cloudron could do too if terraforming new instances were added: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

necrevistonnezr

@murgero said in Optional full-disc encryption:

@marcusquinn This can be done in linux and can be done with or without Cloudron. Lux can be enabled on any server you own running any modern linux flavor. You enable it during server install.

Essentially what I mean is - it cannot encrypt the drive completely after installing linux. While installing Ubuntu server, enable disk encryption via the disk menu, then install ubuntu as normal. Reboot, install cloudron - boom full disc encrytion.

If cloudron and ubuntu are already installed you can encrypt the home folder with lux but not the disk.

Good luck

I was wandering was "lux" was, until I realized you probably meant Luks, right?

murgero

@necrevistonnezr oh shit I always misspell it, yes Luks LMAO

murgero

@marcusquinn said in Optional full-disc encryption:

@murgero Yeah - but I can see that becoming something Cloudron could do too if terraforming new instances were added: https://forum.cloudron.io/topic/2952/terraform-new-cloudron-vps-instances

You misunderstand - There is no possible way to fully encrypt EXT3/4 partitions AFTER linux is installed. AFAIK - there is no work around.

What you are asking for can only be done during OS install.

The only solution I can see here is "Home Folder Encryption" which would be enough here as Cloudron stores most of it's data in it's home folder right @girish ?

marcusquinn

@necrevistonnezr Not even sure I remember now - PBKAC

marcusquinn

@murgero Yeah, makes sense.