# OpenVZ vps disk encryption



## corpus (Oct 30, 2013)

Hello,

i have a small OpenVZ vps and i want to use it as a personall mail server.

Is there a way to encrypt my disk so my mails will be encrypted? If not are there other options to use ?

Thanks


----------



## 5n1p (Oct 30, 2013)

I don't think you can encrypt disk in ovz but you could try this: 

http://www.howtoforge.com/how-to-encrypt-directories-partitions-with-ecryptfs-on-debian-squeeze

to encrypt directories.


----------



## Damian (Oct 30, 2013)

I don't think you'll be able to effect _disk _encryption with OpenVZ, as OpenVZ doesn't really expose that layer of hardware to the VM container.

KVM would be a better fit for what you're trying to effect.

You might not be able to encrypt _directories _with the process mentioned above as you probably won't be able to re-mount anything. But it wouldn't hurt to try it.


----------



## KuJoe (Oct 30, 2013)

Last I read encryptfs depends on the kernel which is not supported in the OpenVZ kernels. Correct me if I'm wrong though because we've had some requests for this but have been unsuccessful so I might just be doing something wrong.


----------



## peterw (Oct 30, 2013)

Disk encryption? No.

File encryption with mail server? No. Because the mail service needs the key for crypt and decrypt the mail folder. So there must be a file containing the key. It is like lock the door but keeping the key in the lock.


----------



## WebSearchingPro (Oct 30, 2013)

You can do encrypted files, but not an encrypted file system. That is just how OpenVZ works (by default). However, there has been a "OpenVZ Addon" if you will, that allows KVM like disk functionality with the CPU / Memory overhead of OpenVZ.

http://openvz.org/Ploop/Why

This *should* allow your customers to do full disk encryption. (Not end user software)


----------



## peterw (Oct 30, 2013)

WebSearchingPro said:


> You can do encrypted files, but not an encrypted file system. That is just how OpenVZ works (by default). However, there has been a "OpenVZ Addon" if you will, that allows KVM like disk functionality with the CPU / Memory overhead of OpenVZ.
> 
> http://openvz.org/Ploop/Why
> 
> This *should* allow your customers to do full disk encryption. (Not end user software)


Thank you for introducing ploop.



> Benefits
> 
> File system journal is not bottleneck anymore
> Large-size image files I/O instead of lots of small-size files I/O on management operations
> ...


Does any vps provider support Ploop yet?


----------



## WebSearchingPro (Oct 30, 2013)

peterw said:


> Thank you for introducing ploop.
> 
> Does any vps provider support Ploop yet?


Afaik, no providers support Ploop.


----------



## kaniini (Oct 30, 2013)

Ploop removes the ability to overcommit disk.  Why would any OpenVZ provider want that?


----------



## Francisco (Oct 30, 2013)

kaniini said:


> Ploop removes the ability to overcommit disk.  Why would any OpenVZ provider want that?


Not really. It does on the fly growing but you take a performance hit while it grows.

I wanted to use ploop for its snapshot support but it's ehhhh...

Is there no encryption via FUSE you can do? Or is there tons of overhead?

Francisco


----------



## BuyCPanel-Kevin (Oct 30, 2013)

You can't really encrypt your mail on the drive, you can install ssl to have your sent mail encrypted though. You can try trucrypt so if someone physically try's to take the data they won't be able to.


----------

