Hi folks, I am playing with Nextcloud some more and wanted to move an app to an encrypted volume without the root volume being encrypted. Please see my other post on how to encrypt the entire Cloudron. I'm sharing this with you in case you find it useful and look forward to your comments.
*** This guide comes without warranties and is not supported by Cloudron - Caveat emptor! ***
Step 1: Install cryFS
See https://www.cryfs.org/tutorial for more details on this awesome Open Source project. I have chosen it because of how easy and lightweight it is. Let me know which other ways you have tried or can recommend.
sudo apt update && sudo apt install cryfs
Step 2: Create a folder and mount it
In this example, I am creating the place where the data is actually stored in /root/baseDir and mount it to /mnt/nextcloud
You can choose what ever suits your needs and if the baseDir folder is not already in existence it will prompt you to have it created.
sudo cryfs /root/baseDir /mnt/nextcloud -o allow_other
Step 3: Create a sub-folder to store your data in
The reason for this is because we cannot set permissions the way we need to on the mount's root folder.
sudo mkdir /mnt/nextcloud/data && sudo chown -R yellowtent:yellowtent /mnt/nextcloud/data
Step 4: Add the volume to Cloudron
Then add your volume using the 'Filesystem' mount type and full path to /mnt/nextcloud/data
Step 5: Move your Nextcloud app's data directory
Go to Settings, then Storage for your app and select the volume we created from the dropdown. Hit move and get yourself a cup of tea
- Content will be included in your backups
- You will manually need to mount this volume using the same command as in Step 2 when you restart your Cloudron!
- This will not protect you from anyone who has root access to your server or to your Nextcloud app. It just encrypts data at rest.
- Make sure to stop the Nextcloud app before you reboot and disable automatic reboots
Let me know what you think about this approach and how you keep your Nextcloud secure
@3246 right, then it's more about key management than convenience, and what you're actually preventing.
If the idea is to protect from offline data theft and disk imaging, then it's less relevant if it's (auto)mounted or not.
As long as it's online & mounted, it's readable.
Thanks for the great guide!
@robi you are welcome, glad you found it useful and thanks for your feedback.
I want to prevent unauthorised access to the volume when the server is offline as well as somebody who might take the server out of its rack and boot it. If the volume automatically mounts, they have full access to the data if they can circumnavigate the login cough recovery mode cough
That's covering for physical access to the machine, in what likely would be a read-only, forensic access scenario by a 'bad' actor. In my case, it's a virtualised server, so not as likely to matter, unless they move the VM to a dedicated slice to get busy with it.
Granted, this is somewhat unlikely but being paranoid is better than being sorry
I am in the UK and storing professional data abroad (in nasty Europe no less - just kidding!) means encryption can cover the requirements nicely (as far as I know - I am not an expert in that field, so somebody please correct me if I'm wrong).