How to encrypt proxy cache

Maxim Dounin mdounin at
Mon Apr 3 14:04:21 UTC 2017


On Mon, Apr 03, 2017 at 09:21:10AM -0400, sachin.shetty at wrote:

> We are testing using nginx as a file cache  in front of our app, but the
> contents of the proxy cache directory are readable to any body who has
> access to the machine. Is there a way to encrypt the files stored in the
> proxy cache folder so that it' not exposed to the naked eye but nginx
> decrypts it on the fly before serving it to the user. 

Files in the proxy cache folder are protected using normal access 
control, nginx uses 0600 access mask for all cache files and 
directories.  They aren't expected to be readable by anyone except 
nginx itself.  This is believed to be enough to prevent any 
unauthorized access on software level.

If you also want to protect data from attackers with physical 
access to the server, consider using disk encryption and/or 
filesystem-level encryption.  It is not likely to solve the 
problem completely, but may help in some simple cases.

Maxim Dounin

More information about the nginx mailing list