Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. (Question) How can I stop Cloudron from starting automatically?

(Question) How can I stop Cloudron from starting automatically?

Scheduled Pinned Locked Moved Solved Support
ubuntuencryption
11 Posts 4 Posters 1.5k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 32463 Offline
      32463 Offline
      3246
      wrote on last edited by girish
      #1

      For context, I am planning to manually mount encrypted volumes (/home, /backups) and would like to prevent Cloudron from starting until I have done so. I am unsure if there is a service to disable or anything else?

      Related: https://forum.cloudron.io/topic/2939/optional-full-disc-encryption/19?_=1650817812249, https://forum.cloudron.io/post/21878

      👉 Find our more www.bebraver.online

      fbartelsF girishG 2 Replies Last reply
      0
      • 32463 3246

        For context, I am planning to manually mount encrypted volumes (/home, /backups) and would like to prevent Cloudron from starting until I have done so. I am unsure if there is a service to disable or anything else?

        Related: https://forum.cloudron.io/topic/2939/optional-full-disc-encryption/19?_=1650817812249, https://forum.cloudron.io/post/21878

        fbartelsF Offline
        fbartelsF Offline
        fbartels
        App Dev
        wrote on last edited by
        #2

        Hi @3246,

        I have not tested it, but the heart of cloudron is as far as I know the "box" service. So I'd suggest disabling this service through systemd. Or even better mount your volumes as a systemd unit and make the box service dependent on it.

        1 Reply Last reply
        0
        • 32463 3246

          For context, I am planning to manually mount encrypted volumes (/home, /backups) and would like to prevent Cloudron from starting until I have done so. I am unsure if there is a service to disable or anything else?

          Related: https://forum.cloudron.io/topic/2939/optional-full-disc-encryption/19?_=1650817812249, https://forum.cloudron.io/post/21878

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #3

          @3246 Interesting question!

          Doesn't ubuntu ask for some password in the boot sequence when trying to decrypt home already? If so, we should try to latch on to that ideally. As @fbartels said, there's a whole bunch of things here - docker, box, unbound, nginx, log service etc which all depend on "home".

          1 Reply Last reply
          1
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #4

            Apparently, ubuntu does not support encrypting part of a disk anymore per https://www.linuxuprising.com/2018/04/how-to-encrypt-home-folder-in-ubuntu.html since eCryptfs is buggy, under-maintained and they recommend full disk encryption. Of course, if you use full disk encryption, you don't need to worry about systemd service ordering since it will ask you the password on boot.

            Can you tell me how you have setup the encryption ?

            32463 1 Reply Last reply
            0
            • girishG girish

              Apparently, ubuntu does not support encrypting part of a disk anymore per https://www.linuxuprising.com/2018/04/how-to-encrypt-home-folder-in-ubuntu.html since eCryptfs is buggy, under-maintained and they recommend full disk encryption. Of course, if you use full disk encryption, you don't need to worry about systemd service ordering since it will ask you the password on boot.

              Can you tell me how you have setup the encryption ?

              32463 Offline
              32463 Offline
              3246
              wrote on last edited by
              #5

              @fbartels @girish thank you. I have not build it yet but am planning to next week if time permits 🙂

              That's a bummer to hear that encrypting just /home is no longer recommended. I am not sure how I will be able to enter my password at boot, although I will give it a try using Scaleway's(1) console.

              I also need to see if I can install Ubuntu using an ISO.

              (1) I am planning to give their new "Elastic Metal" a try

              👉 Find our more www.bebraver.online

              girishG 1 Reply Last reply
              0
              • 32463 3246

                @fbartels @girish thank you. I have not build it yet but am planning to next week if time permits 🙂

                That's a bummer to hear that encrypting just /home is no longer recommended. I am not sure how I will be able to enter my password at boot, although I will give it a try using Scaleway's(1) console.

                I also need to see if I can install Ubuntu using an ISO.

                (1) I am planning to give their new "Elastic Metal" a try

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #6

                @3246 linode can do this apparently - https://www.linode.com/docs/guides/use-luks-for-full-disk-encryption/ . You enter password in the "console". Not sure if scaleway has a web console.

                32463 1 Reply Last reply
                0
                • girishG girish

                  @3246 linode can do this apparently - https://www.linode.com/docs/guides/use-luks-for-full-disk-encryption/ . You enter password in the "console". Not sure if scaleway has a web console.

                  32463 Offline
                  32463 Offline
                  3246
                  wrote on last edited by
                  #7

                  @girish it does, yes. They also have a KVM style one for their "elastic metal" service. I'll give this a try and report back. My main question is whether I can install the OS from an image or if I have to use one of theirs. Otherwise, I may have to find another host 🙂

                  👉 Find our more www.bebraver.online

                  1 Reply Last reply
                  0
                  • B Offline
                    B Offline
                    bwag
                    wrote on last edited by
                    #8

                    I had the same question and a very similar motivation. In my case, the boot disk is not encrypted, but an external disk where I store some of the apps' data, like my photos, is encrypted. (By the way, one nice benefit of encrypting a disk is that when it fails, you can just get rid of it without as much worry that personal information can be recovered.)

                    In my experience, the apps don't handle it gracefully when the server boots first and the external drive is mounted second. I have to manually go through and restart each app after that.

                    It sounds like a good solution is to set box.service to not start automatically, and to start it manually once I decrypt and mount the external drive?

                    1 Reply Last reply
                    0
                    • girishG Offline
                      girishG Offline
                      girish
                      Staff
                      wrote on last edited by girish
                      #9

                      @bwag the apps run separately from the box service. So, you have to disable docker.service as well .

                      I haven't tried this but I would try something like this:

                      • systemd has a concept of drop-ins. these unit files overwrite the existing ones. So, I would create a /etc/systemd/system/box.service.d/custom.service and the same for docker as well.
                      • In the custom service files, add a After=my-disk-mounter.service (there is also Wants and Requires). my-disk-mounter can be a Type=oneshot , which you start manually only after you mount things.
                      • Then, systemctl start my-disk-mounter would automatically start docker and box

                      The above solution should also be update safe in general.

                      1 Reply Last reply
                      0
                      • B Offline
                        B Offline
                        bwag
                        wrote on last edited by
                        #10

                        Thank you, @girish !

                        1 Reply Last reply
                        0
                        • B Offline
                          B Offline
                          bwag
                          wrote on last edited by bwag
                          #11

                          Edit: fixed. I found docker.service inside /etc/systemd/system/multi-user.target.wants/

                          I didn't get this to happen: "Then, systemctl start my-disk-mounter would automatically start docker and box." But that's ok. I run a manual startup script that prompts for the encryption password, mounts the disk, then starts all the systemd services. Instead of my-disk-mounter.service, I have check-that-all-disks-are-properly-mounted.service which is Required by box and docker. Thanks again.

                          1 Reply Last reply
                          1
                          • J joseph marked this topic as a question on
                          • J joseph has marked this topic as solved on
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                            • Login

                            • Don't have an account? Register

                            • Login or register to search.
                            • First post
                              Last post
                            0
                            • Categories
                            • Recent
                            • Tags
                            • Popular
                            • Bookmarks
                            • Search