We want to be able to securely sync between the cloudbox and back on-prem (for a local plex server). As a result we'll configure a wireguard
VPN link between the two and then setup a rsync
daemon on the cloudbox.
See Wireguard vs OpenVPN on a local Gigabit Network for a performance comparison. I've gone with Wireguard over OpenVPN based on it being incorporated into the Linux Kernel and increased performance versus OpenVPN. In addition, there's a useful walkthrough on How to setup your own VPN server using WireGuard on Ubuntu that I leaned on during this process. It's not quite right though and had some errors in.
Install wireguard pre-reqs on both boxes
sudo apt-get -y install software-properties-common; \
sudo add-apt-repository -y ppa:wireguard/wireguard; \
sudo apt-get install -y wireguard; \