Hello.
My question is basically the title. Can a jellyfin installed with rootles docker access media that is stored on a encrypted hard drive?
I have almost zero docker experience since i just started using it and I just want to know if it’s possible.
You must log in or register to comment.
Decryption is not related to root permission.
If the ENCRYPTED drive is mounted to the container, then the container can decrypt it.
If the DECRYPTED drive is mounted to the container, then the container never knows it was encrypted in the first place.
Second case is easier BTW. Just mount the drive on your host, type in the encryption password and you get a new, unencrypted drive. Specify this new drive in your docker compose/docker file.
Oh sorry seems i explained it poorly.
That encrypted drive drive is set to automount on boot since I added it to /etc/fstatb and /etc/crypttab.
This makes things easier. Thank you for clarifying.
That encrypted drive drive is set to automount on boot…
This makes things easier.…
But weakens your security posture. If you’re worried enough to encrypt the drive, you shouldn’t be auto mounting it.
If you’re worried enough to encrypt the drive, you shouldn’t be auto mounting it.
This really depends on your threat model. If you are only concerned about the drive getting stolen, or wanting to keep the data on it private if you need to RMA the drive, mounting it automatically on boot with a key stored on the rootfs can be perfectly fine. If you are a journalist in a hostile country and protecting your sources from state level actors is a matter of life and death, then yeah, this would be woefully insufficient.
Yes. But the main ssd where the OS is installed is also encrypted with different password. So you must first unlock the ssd anyway to automount the hdd.
The drive will be mounted by the host and you can use that to also decrypt it. This way Jellyfin in the docker container doesn’t know that the media is stored on an encrypted hard drive.
And if I make docker compose file for jellyfin and specify that path to encrypted hdd example( /media/user/sda1/jellyfin-media) will it be able to read that media?
I’m not 100% on the paths regarding the mounts and where the containing files are accessible, but it looks correct to at the moment. One way to test this is to check if the user you are using to run the Jellyfin container is able to access the files without additional input/steps.
If your user can access it, then Jellyfin will be able to do that as well as soon as you have mounted it in the container.
In theory yes but your host is will be doing the decrypt. Have a look a saltbox https://docs.saltbox.dev/ might give you some guidance and framework
