How to encrypt proxy cache

Maxim Dounin mdounin at mdounin.ru
Mon Apr 3 14:04:21 UTC 2017


Hello!

On Mon, Apr 03, 2017 at 09:21:10AM -0400, sachin.shetty at gmail.com wrote:

> We are testing using nginx as a file cache  in front of our app, but the
> contents of the proxy cache directory are readable to any body who has
> access to the machine. Is there a way to encrypt the files stored in the
> proxy cache folder so that it' not exposed to the naked eye but nginx
> decrypts it on the fly before serving it to the user. 

Files in the proxy cache folder are protected using normal access 
control, nginx uses 0600 access mask for all cache files and 
directories.  They aren't expected to be readable by anyone except 
nginx itself.  This is believed to be enough to prevent any 
unauthorized access on software level.

If you also want to protect data from attackers with physical 
access to the server, consider using disk encryption and/or 
filesystem-level encryption.  It is not likely to solve the 
problem completely, but may help in some simple cases.

-- 
Maxim Dounin
http://nginx.org/


More information about the nginx mailing list