Should have encrypted the database backup already, finally changed it.
[crontab time] /usr/bin/tar czf - -C /etc/nginx . | /usr/local/bin/openssl enc -aes-256-cbc -pbkdf2 -k [password] > /backup/nginx.tar.gz.enc
[crontab time] /usr/bin/mysqldump -u root --all-databases | /usr/local/bin/openssl enc -aes-256-cbc -pbkdf2 -k [password] > /backup/all-databases.sql.enc
This is pretty cool.
mmproxy is the first daemon to do just one thing: unwrap the PROXY protocol and spoof the client IP address on locally running connections going to the application process. While it requires some firewall and routing setup, it’s small enough to make an mmproxy deployment acceptable in many situations.