How to encrypt proxy cache

Steve Wilson lists-nginx at
Mon Apr 3 16:14:59 UTC 2017

On 03/04/2017 16:50, sachin.shetty at wrote:
> Thanks Maxim for the reply. We have evaluated disk based encryption 
> etc, but
> that does not prevent sysadmins from viewing user data which is a 
> problem
> for us.
> Do you think we could build something using lua and intercept read and
> wriite call from cache?
> Posted at Nginx Forum:
> _______________________________________________
> nginx mailing list
> nginx at

With root level access I doubt you'll be able to meet your requirements. 
There's tools like ssldump which can be used to decrypt the network 
traffic, even implementing something via a module/lua would require the 
encryption key to be read and available for the sysadmins to use.

Personally I'd look at avoiding caching if it's got sensitive data by 
identifying common request data (paths/cookies etc) and excluding from 
the cache.

Alternatively, as Maxim has said, review and restrict access to the 


More information about the nginx mailing list