Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

LUKS/encryption on top of /mnt/user

Featured Replies

Hi all,

 

I can see from searching that a number of times the question of securing either shares or the pool itself has come up, but I can't find any definitive answers on whether it is possible or how to achieve it. This is all about reducing the risk if a thief walks off with the disks.

 

At the moment, should somebody walk off with my disks they have access to:

 - some private ssh keys

 - rclone config containing the keys for my encrypted offsite cloud backup

 - plex usernames (and passwords?)

 - backups of the various people that use my server as a target

 - and so on.

 

I could solve each of those individually, by using VMs that encrypt the boot disk for example, but that means losing the [fantastic] benefit of the rclone plugins and dockers. At which point unRAID simply becomes a storage pool and disk health notifier (although it has my gmail one-time password in it!). I don't actually have any shares other than those used by the docker and VMs.

 

My server is in the house so entering the crypt key on boot up is perfect for my needs.

 

How do you all handle this?

unRAID 6.4.0-rc8 will introduce encryption per individual disk based on LUKS. If you have a little patience, try out this latest RC release, it should become available shortly.

  • Author

Thanks for the reply. I guess I will hold off running to vanilla debian or openmediavault then :-). Any ETA on the rc?

Edited by coliny

Limetech never gives firm commitment on release dates, it will be available when it's available :)

 

RC8 is in its last testing phase and baring any unforeseen issues ready for release, you just need to ... wait.

 

  • Author

Okeydokes - I appreciate the sentiment (software engineer myself) :-).

  • Author
33 minutes ago, bonienl said:

unRAID 6.4.0-rc8 will introduce encryption per individual disk based on LUKS. If you have a little patience, try out this latest RC release, it should become available shortly.

For clarity, will this protect passwords specified in the _configuration_ of a docker. So, for example, the seafile docker requires the administrator's password as a parameter to the docker, so it is entered in plaintext in the docker configuration screen? I understand (assume) I will be able to mount a volume on a share backed by an encrypted drive.

 

I can't figure out where the a docker's configuration is stored. If it is on the usb key itself then I guess it won't be protected.

 

Same question for things like the Community Application plugins (specifically the rclone one).

 

 

  • Community Expert

Depends on what exactly you mean by the docker's configuration.

 

When you setup a docker, you fill in a form in the unRAID webUI. That information is stored on flash.

 

Many dockers have application data. That data is typically stored in an appdata user share, which will be on whichever disks that share uses.

  • Author

Ah OK, so the docker config is stored on flash - and yes, a grep in /boot shows my password in all its plain text glory :-).

 

The obvious question then is, will 6.4 support the flash drive itself being encrypted?

  • Community Expert
5 hours ago, coliny said:

Ah OK, so the docker config is stored on flash - and yes, a grep in /boot shows my password in all its plain text glory :-).

 

The obvious question then is, will 6.4 support the flash drive itself being encrypted?

I seriously doubt it since it has to boot from flash.

You can boot from unencrytped but then decrypt config files ... or even a second encrypted volume on flash. Just ask for the PW on boot to decrypt [shrug]

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.