How to encrypt proxy cache
mdounin at mdounin.ru
Mon Apr 3 14:04:21 UTC 2017
On Mon, Apr 03, 2017 at 09:21:10AM -0400, sachin.shetty at gmail.com wrote:
> We are testing using nginx as a file cache in front of our app, but the
> contents of the proxy cache directory are readable to any body who has
> access to the machine. Is there a way to encrypt the files stored in the
> proxy cache folder so that it' not exposed to the naked eye but nginx
> decrypts it on the fly before serving it to the user.
Files in the proxy cache folder are protected using normal access
control, nginx uses 0600 access mask for all cache files and
directories. They aren't expected to be readable by anyone except
nginx itself. This is believed to be enough to prevent any
unauthorized access on software level.
If you also want to protect data from attackers with physical
access to the server, consider using disk encryption and/or
filesystem-level encryption. It is not likely to solve the
problem completely, but may help in some simple cases.
More information about the nginx