Storage Backend Encryption on Seafile Docker Image


#1

I have successfully deployed the Seafile Pro Docker Image on my Kubernetes deployment, and before releasing it into production, I wanted to encrypt the current data on it following the https://manual.seafile.com/deploy_pro/seaf_encrypt.html document.

Unfortunately, to be able to run the seaf-encrypt.sh script, I need to stop seahub.sh and seafile.sh, which when I do, the container is automatically restarted or destroyed since it goes in error state. Are there any suggested methods to circumvent this issue?


#3

You can run bash within your container, run the script and run it as usual afterwards.

e.g. docker run --name container-name -it docker.seadrive.org/seafileltd/seafile-pro bash


#4

The seaf-encrypt.sh script cannot run as long as seafile.sh and seahub.sh are running.
I have no issues running bash in my container, but as soon as seafile.sh and seahub.sh services are stopped, the container is killed.


#5

You could tell the container to start with a different entrypoint using --entrypoint on docker run


#6

You haven’t tried my answer. If you do docker run … bash bash is pid 1 and seafile won’t start automatically in the container. The container exits when pid 1 exits.


#7

It’s better if you can use the encryption provided by the file system instead of Seafile backend encryption. As far as we know, there is no much production use of this feature. So it’s not quite polished.


#8

Sorry for crashing this topic, but

Now I want to switch from Storage Backend Encryption to file system encryption.
Is it possible to decrypt the storage?

Thanks.