How to encrypt /var/www?

I want encrypt my /var/www folder so I and apache had access.
How can I done this?
I tried use ecryptfs, but my sites does not work.

Please write example, or link for manual.


You could use eCryptfs to do this.

You'd need to do this as the root user, though. Here's some instructions that would work:

root@server-59314:~# ecryptfs-setup-private
Enter your login passphrase:
Enter your mount passphrase [leave blank to generate one]:
************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
Done configuring.
Testing mount/write/umount/read...
Inserted auth tok with sig [37d1d7fcf453d9d0] into the user session keyring
Inserted auth tok with sig [974bb07127cbe922] into the user session keyring
Inserted auth tok with sig [37d1d7fcf453d9d0] into the user session keyring
Inserted auth tok with sig [974bb07127cbe922] into the user session keyring
Testing succeeded.
Logout, and log back in to begin using your encrypted directory.

And then you would need to login as root, and run ecryptfs-mount-private. Note that you will probably want to ensure that /var/www is not unmounted when root logs out. To do this, just rm -f /root/.ecryptfs/auto-umount.

Full disclosure: I am one of the maintainers of the eCryptfs project.


See http://ubuntuforums.org/showthread.php?t=1655933

However, since the key is unlocked on boot you still won't gain anything unless ofc if someone enters your serverhall, removes your disk and then tries to gain access to it w/o testing to put the disk into any other computer (of the same architecture) and tries to boot it up.

You COULD possibly do a full-disk encryption (bad idea since you won't be able to decrypt your computer via SSH) or so that you'll have to unlock the encryption, but then you've ended up with a server that cannot be rebooted without having to worry about maintenance afterwards.