I use a headless server connected to nothing but an ethernet cable in my basement, and I’d prefer to allow the thing to boot by itself and start up without me needing to unlock the disk encryption every single time I do an update or power back on. Its a Dell 9500t NUC that I’m using it as a server and am wondering whether its possible to encrypt everything still.
I do generally use docker containers, so could I potentially encrypt just the containers themselves, assuming I’m worried about a smash and grab rather than someone keeping the machine powered up and reading my ram?
Why is it fetchable by arbitrary IPs from the internet? I’d think you’d lock it down to an IP/only make it available locally.
The decryption key is more than 20 random character, so if you get only half of it is not a biggie and it doesn’t look like anything interesting.
It is on the internet mostly because I don’t have anything else to host it locally. But I see some benefit: I wanted for the server to be available immediately after a power failure. If it fetches the key from internet I just need for the router to be online, if it fetches it from the local network I need another server running unencrypted disk.