Share storage over a network
This shares some storage from one computer with another.
The data written by the client goes through an encryption layer before being transferred, so the server never sees the unencrypted data.
data -> encrypted -> nbd-client -> network -> nbd-server -> block device
Warning - some of these commands can delete data - be really careful with the device names
SERVER
# This toy example uses a 1GB file for the block device. You can substitute it with /dev/sda2 or whatever if you want to use a real disk partition
apt-get install nbd-server
dd if=/dev/zero of=/home/nbd-test bs=1G count=1 # Destructive command - be careful
sync; sync
chown nbd:nbd /home/nbd-test
chmod 600 /home/nbd-test
cat /etc/nbd-server/conf.d/test.conf
[test]
exportname = /home/nbd-test
authfile = /etc/nbd-server/allow
cat /etc/nbd-server/allow
<your client IP address>
/etc/init.d/nbd-server start
CLIENT
apt-get install nbd-client cryptsetup
mkdir /offsite
nbd-client --name test --persist <server ip>
cryptsetup -v luksFormat /dev/nbd0 # Destructive command - be careful
cryptsetup open /dev/nbd0 offsite
mkfs.ext4 -m 0 /dev/mapper/offsite # Destructive command - be careful
mount /dev/mapper/offsite /offsite/
Now whatever you copy to and from /offsite will be encrypted and sent over the network to be stored on the remote block device.
When you copy a file to it, it might return the command prompt before the file is actually transferred. Run the sync command twice to ensure data is flushed fully.
Remember the storage is running over a network, so it will be a lot slower than locally attached disks. Also, network slowness/packet loss may cause strange issues.
Rather than copy files, perhaps use Rsync or Rclone to sync the files there.
You should probably use a VPN to protect the traffic between the two endpoints (although the data is encrypted before leaving the client)