Encrypted-Session

The Encrypted Session dynamic module provides encryption and decryption support for NGINX variables based on AES-256 with MAC. It is usually used with the Set-Misc dynamic module and the NGINX rewrite module.

Prerequisites

  1. Check the Technical Specifications page to verify that the module is supported by your operating system.

  2. Prior to installing the module, verify that the NDK module is already installed.

Installation

  1. Install the Encrypted Session module package nginx-plus-module-encrypted-session.

    For Amazon Linux 2, CentOS, Oracle Linux, and RHEL:

    sudo yum update && \
    sudo yum install nginx-plus-module-encrypted-session

    for Amazon Linux 2023, AlmaLinux, Rocky Linux:

    sudo dnf update && \
    sudo dnf install nginx-plus-module-encrypted-session

    For Debian and Ubuntu:

    sudo apt update && \
    sudo apt install nginx-plus-module-encrypted-session

    For SLES:

    sudo zypper refresh && \
    sudo zypper install nginx-plus-module-encrypted-session

    For Alpine:

    apk add nginx-plus-module-encrypted-session

    For FreeBSD:

    sudo pkg update && \
    sudo pkg install nginx-plus-module-encrypted-session

Configuration

After installation you will need to enable and configure the module in F5 NGINX Plus configuration file nginx.conf.

  1. Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:

    load_module modules/ndk_http_module.so;
    load_module modules/ngx_http_encrypted_session_module.so;
    
    http {
        # ...
    }
    Note:
    The directives must be in this order.
  2. Perform additional configuration as required by the module.

  3. Test the NGINX Plus configuration. In a terminal, type-in the command:

    nginx -t

    Expected output of the command:

    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf is successful
  4. Reload the NGINX Plus configuration to enable the module:

    nginx -s reload

More Info