Skip to content

Walkthrough on setting up an encrypted Hetzner cloud server with an encrypted volume

Notifications You must be signed in to change notification settings

rinukkusu/encrypted-hetzner-cloud-with-nextcloud

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

Guide

Create Server

Add Volume

Choose Volume

Install own image

Mount

Choose Volume

Open console and restart

Choose language, country and keyboard layout

Choose language, country and keyboard layout

Skip network config

Skip network config Skip network config

Setup encrypted lvm

Setup encrypted partition Setup encrypted partition Setup encrypted partition

Rest of installation

Rest of installation Rest of installation Rest of installation Rest of installation

At this point unmount the image in the cloud control panel and then hit enter in the terminal.

Enter passphrase on boot

Rest of installation

Setup networking

Edit /etc/netplan/01-netcfg.yaml and add the following part:

network:
   version: 2
   renderer: networkd
   ethernets:
       ens3:
           addresses:
               - <ip6-address-copied-from-panel>::1/64
           dhcp4: true
           gateway6: fe80::1

After saving apply the netplan:

netplan apply

Now try to ping an ip outside of your box:

ping 1.1.1.1

Encrypt volume and setup file system

Set volume as encrypted:

cryptsetup -y -v luksFormat /dev/sdb

Encrypt volume

Create random key for your volume and set proper permissions:

dd if=/dev/urandom of=/etc/volume-secret-key bs=512 count=8
chmod 0600 /etc/volume-secret-key

Encrypt volume

Add your key file to your volume as an ecryption key:

cryptsetup -v luksAddKey /dev/sdb /etc/volume-secret-key

Encrypt volume

To be able to automatically mount your encrypted volume you first need to get the UUID of your volume:

cryptsetup luksDump /dev/sdb | grep "UUID"

Encrypt volume

Now you need to edit /etc/crypttab and add the following entry for your volume:

volume UUID=3530a1c8-9de4-4c68-b674-9d9e88ab6e0d /etc/volume-secret-key luks

After doing that you are already able to start the encrypted volume:

cryptdisks_start volume

Encrypt volume

Install pv to see progress on the next step when clearing the volume:

apt-get update && apt-get install pv

Then clear the volume (this might take a few minutes depending on the size of the volume):

pv -tpreb /dev/zero | dd of=/dev/mapper/volume bs=128M

Clear volume

Now you can create the file system on top of the encrypted volume:

mkfs.ext4 /dev/mapper/volume

Filesystem

After that create a mount folder for the volume ...:

mkdir /mnt/volume

...and add the following line to /etc/fstab:

/dev/mapper/volume  /mnt/volume ext4    defaults    0   2

Filesystem

Now mount the encrypted volume with a swift:

mount -a

Installing Nextcloud

Install nextcloud and enable removable media:

snap install nextcloud
snap enable nextcloud
snap connect nextcloud:removable-media

Create a new data folder on your volume:

mkdir /mnt/volume/nextcloud

Update the config for nextcloud to use that new folder:

    nano /var/snap/nextcloud/current/nextcloud/config/config.php

data directory

Disable nextcloud, move over all files, if there are already any and enable it again:

snap disable nextcloud
mv /var/snap/nextcloud/common/nextcloud/data/* /mnt/volume/nextcloud
snap enable nextcloud

For further configuration visit https://manandkeyboard.tk/2018/01/07/nextcloud-snap-installation/

After that you can open up your browser and navigate to your server's ip:

setup

About

Walkthrough on setting up an encrypted Hetzner cloud server with an encrypted volume

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published