this post was submitted on 18 Jun 2025
45 points (92.5% liked)

Selfhosted

59976 readers
504 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
45
Encrypting without full disk encryption question (piefed.ca)
submitted 1 year ago* (last edited 1 year ago) by teppa@piefed.ca to c/selfhosted@lemmy.world
23 comments fedilink hide all child comments
 

I use a headless server connected to nothing but an ethernet cable in my basement, and I'd prefer to allow the thing to boot by itself and start up without me needing to unlock the disk encryption every single time I do an update or power back on. Its a Dell 9500t NUC that I'm using it as a server and am wondering whether its possible to encrypt everything still.

I do generally use docker containers, so could I potentially encrypt just the containers themselves, assuming I'm worried about a smash and grab rather than someone keeping the machine powered up and reading my ram?

you are viewing a single comment's thread
view the rest of the comments
[–] Passerby6497@lemmy.world 4 points 1 year ago (1 children)

On my TODO list I also have to implement some sort of notification to get an alert when the decryption key is fetched from internet.

Why is it fetchable by arbitrary IPs from the internet? I'd think you'd lock it down to an IP/only make it available locally.

[–] lorentz@feddit.it 2 points 1 year ago (1 children)

The decryption key is more than 20 random character, so if you get only half of it is not a biggie and it doesn't look like anything interesting.

It is on the internet mostly because I don't have anything else to host it locally. But I see some benefit: I wanted for the server to be available immediately after a power failure. If it fetches the key from internet I just need for the router to be online, if it fetches it from the local network I need another server running unencrypted disk.

[–] shroomato@lemmy.world 1 points 1 year ago (1 children)

Most cloud providers have some kind of firewall that allows to configure a resource being accessible only from certain IP addresses. Worth it to set to your home IP address, as long as it's static.

[–] lorentz@feddit.it 1 points 1 year ago

Good point, I'll add it on my TODO list