this post was submitted on 22 Sep 2023
17 points (90.5% liked)

Selfhosted

39251 readers
376 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
17
what are you all doing for secure DMS? (lemmy.world)
submitted 1 year ago by pianoplant@lemmy.world to c/selfhosted@lemmy.world
8 comments fedilink hide all child comments
 

What the title says. I was looking into paperless-ngx but it seems to offer no built-in security. I'd ideally want some kind of encryption and if i enable remote access have some control over sensitive documents

you are viewing a single comment's thread
view the rest of the comments
[–] sloppy_diffuser@sh.itjust.works 2 points 1 year ago (1 children)

Not sure what your environment is. I can tell you what I do in linux/android.

I use backblaze b2 for my cloud storage.

I use rclone to create two encrypted "remotes": one on my local file system and one for b2. Rclone supports a bunch of cloud providers, so you don't have to use b2.

I mount the encrypted local file system and use whatever app (e.g., paperless) to access the files like it was any other directory.

When I'm done I unmount it and sync it with the b2 encrypted remote.

I use Round Sync on android which is rclone with a mobile GUI to access the same files. Also works great for backing up my phone.

For docker access to the mount point, either run the docker daemon as your current user, enable root access to rclone's fuse mounts, or my preferred is to remount (with root access) a scoped directory for that docker container using something like bindfs.

Just be aware if using the vfs-cache (needed for seek or append), that cache is stored decrypted in your home folder. I've been meaning to look into locking it down with apparmor or something.

[–] pianoplant@lemmy.world 1 points 1 year ago

Thank you! This really helps