We noticed there's an easier way to install Hetzner dedicated servers with encrypted HDDs/SSDs, using Hetzner's own installimage system. Basically it is described in https://community.hetzner.com/tutorials/install-ubuntu-2004-with-full-disk-encryption with Ubuntu instead of Debian :)
These instructions use only a single disk, if your server has multiple ones, you can use something like
DRIVE1 /dev/sda
DRIVE2 /dev/sdb
SWRAID 1
SWRAIDLEVEL 1
in /tmp/setup.conf.
The image for debian is
IMAGE /root/images/Debian-1101-bullseye-amd64-base.tar.gz
(also change that in /tmp/setup.conf).
The /tmp/post-install.sh script shown in that blog post works fine for Debian as well.
The only caveat is that the SSH keys you put into /tmp/authorized_keys will afterwards be both used for unlocking and for regular login on the server. I put the unlocking SSH key in there and used it to first login into the real system, and then changed the SSH key for that one to another.
We noticed there's an easier way to install Hetzner dedicated servers with encrypted HDDs/SSDs, using Hetzner's own installimage system. Basically it is described in https://community.hetzner.com/tutorials/install-ubuntu-2004-with-full-disk-encryption with Ubuntu instead of Debian :)
These instructions use only a single disk, if your server has multiple ones, you can use something like
in
/tmp/setup.conf.The image for debian is
(also change that in
/tmp/setup.conf).The
/tmp/post-install.shscript shown in that blog post works fine for Debian as well.The only caveat is that the SSH keys you put into /tmp/authorized_keys will afterwards be both used for unlocking and for regular login on the server. I put the unlocking SSH key in there and used it to first login into the real system, and then changed the SSH key for that one to another.