Encrypted partition on a Soft RAID device using mdadm and cryptsetup(LUKS)

Hello Everyone, 

I have been meaning to setup my backup server with an encrypted partition on a mirrored RAID1 device.
Ill be giving you guys a quick walk through on how to set this up under Debian/Ubuntu. (Other distros will be similar)

First you need 2 same size disks, I have 2x 2TB Seagate ST2000DL003

mdadm manpage

Installing mdadm & cryptsetup:

sudo apt-get update

sudo apt-get install mdadm cryptsetup

Find which disks we will be using:

sudo fdisk -l

note which drives you will be using, for me it was /dev/sdd and /dev/sde

Creating the raid device:

sudo mdadm --create /dev/md0 --chunk=4 --level=1 --raid-devices=2 /dev/sdd /dev/sde

In my case I used a chunk size of 4 bytes, raid level 1(mirroring)


Creating the cryptFS

sudo cryptsetup luksFormat /dev/md0

sudo cryptsetup luksOpen /dev/md0 secure

Creating the filesystem within your LUKS disk:

sudo mkfs.ext4 /dev/mapper/secure


Now all thats left is to mount the newly created disk:

sudo mkdir /media/secure

sudo mount /dev/mapper/secure /media/secure


Everyday use:

Opening and mounting

sudo cryptsetup luksOpen /dev/md0 secure

sudo mount /dev/mapper/secure /media/secure


Unmounting and closinng

sudo umount /media/secure

sudo cryptsetup luksClose secure


I have put both of these into scripts so i can ./open_sec and ./close_sec


Find any errors or have a better way? let me know in the comments