apt-get install ecryptfs-utils
Mount /usr/local/encrypted directory and create mdf directory for MySQL data files (you will be prompted for passphrase and other options):
mkdir /usr/local/encrypted mount -t ecryptfs /usr/local/encrypted /usr/local/encrypted cd /usr/local/encrypted mkdir mdf chug.sh mysql mdf chmod og-rwx mdf
chug.sh is a bash script that changes user and group by calling chown and chgrp:
chown -R $1 $2 chgrp -R $1 $2
Copy all MySQL data files to encrypted directory:
service mysql stop cp -R -p /var/lib/mysql /usr/local/encrypted/mdf
Then change datadir in /etc/mysql/my.cnf:
#datadir = /var/lib/mysql datadir = /usr/local/encrypted/mdf
and start MySQL:
service mysql start
The final step is encrypting of the swap.
All database backups should be placed in /usr/local/encrypted/backup directory.
Disabling MySQL and Nginx autostart:
update-rc.d -f mysql disable update-rc.d -f nginx disable