Hello, you may know that linux root password can be resetted (example from rescue mode), so this means linux server offers no protection against access of data when you get somehow remote or physical access to server?

So my question is how i can full encrypt linux webserver disk so no one can read disk data even he got physical access to the server? the best way, links? thank you

There's a gazillion HOWTOs that detail how to encrypt disks. Please do a search for those. What you should be a ware of is that there's basically three states for data (at rest, in flight and in use) and that data needs to be accessible (decrypted) for any process to work. So full disk encryption itself won't shield data that is in flight or in use. More than that access to the infrastructure and the machine means all bets are off: if a machine is running any sane investigator will want to seize all network traffic, volatile memory and decrypted disk contents.

Hi,

im having an linux webserver located in another country and i have just SSH access.

My aim is to protect (by encryption) /home partition on which are located website files and mysql database data.

So i found "LUKS" SW which can encrypt partition, but the thing i dont understand is how not to cause failures when apps like apache, mysql cals files from /home while its still encrypted after server boot, and how im able to enter decryption password after /during boot over SSH? What is the process, any tutorial, or you have better idea on webserver disk encryption? thx

Since your questions are closely related and the second one follows the first too soon after I've merged your threads.

Yes, LUKS is what I would recommend to use.

And to answer your question: You need to set the /home partition as noauto in crypttab and unlock and mount it manually using ssh. Of course, until you do, any processes/services trying to access files in /home will fail so you need to have a process in place do this as quickly as possible every time the system (re)boots.