How to encrypt /var/www?

server encryption

I want encrypt my /var/www folder so I and apache had access.
How can I done this?
I tried use ecryptfs, but my sites does not work.

Please write example, or link for manual.


You could use eCryptfs to do this.

You'd need to do this as the root user, though. Here's some instructions that would work:

root@server-59314:~# ecryptfs-setup-private
Enter your login passphrase:
Enter your mount passphrase [leave blank to generate one]:
************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
Done configuring.
Testing mount/write/umount/read...
Inserted auth tok with sig [37d1d7fcf453d9d0] into the user session keyring
Inserted auth tok with sig [974bb07127cbe922] into the user session keyring
Inserted auth tok with sig [37d1d7fcf453d9d0] into the user session keyring
Inserted auth tok with sig [974bb07127cbe922] into the user session keyring
Testing succeeded.
Logout, and log back in to begin using your encrypted directory.

And then you would need to login as root, and run ecryptfs-mount-private. Note that you will probably want to ensure that /var/www is not unmounted when root logs out. To do this, just rm -f /root/.ecryptfs/auto-umount.

Full disclosure: I am one of the maintainers of the eCryptfs project.


See http://ubuntuforums.org/showthread.php?t=1655933

However, since the key is unlocked on boot you still won't gain anything unless ofc if someone enters your serverhall, removes your disk and then tries to gain access to it w/o testing to put the disk into any other computer (of the same architecture) and tries to boot it up.

You COULD possibly do a full-disk encryption (bad idea since you won't be able to decrypt your computer via SSH) or so that you'll have to unlock the encryption, but then you've ended up with a server that cannot be rebooted without having to worry about maintenance afterwards.

Related

Black screen after upgrading from 13.04 to 13.10 [closed]
How to count the total number of files/folders on a system?
How can I prevent Unity from grabbing keybindings (allowing an application to handle them first)?
Restore Ubuntu 16.04 without losing files and settings
Building multiple packages for deployment on different Ubuntu versions
Failed to fetch ... Hash Sum mismatch. tried rm apt/list but didn't work [duplicate]
How to install sopcast-player?
using ufw to block outgoing traffic to website
Booting 64-bit Ubuntu Images on a First-Generation Mac Pro 1,1
Using three finger swipe
What is the correct way to ensure `mongod` starts on system startup in 16.04?
Keyboard shortcut to switch user accounts