{"id":13635834,"url":"https://github.com/openresty/encrypted-session-nginx-module","last_synced_at":"2025-04-19T04:31:29.380Z","repository":{"id":45495064,"uuid":"669625","full_name":"openresty/encrypted-session-nginx-module","owner":"openresty","description":"encrypt and decrypt nginx variable values","archived":false,"fork":false,"pushed_at":"2023-11-23T11:36:37.000Z","size":152,"stargazers_count":195,"open_issues_count":17,"forks_count":52,"subscribers_count":35,"default_branch":"master","last_synced_at":"2024-02-13T09:11:01.759Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://openresty.org","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openresty.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2010-05-16T15:36:54.000Z","updated_at":"2024-06-19T19:16:05.429Z","dependencies_parsed_at":"2023-11-23T11:34:42.347Z","dependency_job_id":"e6effeac-1010-41bd-a563-e1a1288724b9","html_url":"https://github.com/openresty/encrypted-session-nginx-module","commit_stats":{"total_commits":87,"total_committers":8,"mean_commits":10.875,"dds":"0.13793103448275867","last_synced_commit":"5ab56cebe8771081942b85066ebad05c2017a6f3"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openresty%2Fencrypted-session-nginx-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openresty%2Fencrypted-session-nginx-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openresty%2Fencrypted-session-nginx-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openresty%2Fencrypted-session-nginx-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openresty","download_url":"https://codeload.github.com/openresty/encrypted-session-nginx-module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249606354,"owners_count":21298851,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T00:00:52.719Z","updated_at":"2025-04-19T04:31:29.102Z","avatar_url":"https://github.com/openresty.png","language":"C","funding_links":[],"categories":["Modules","Third Modules","Third Party Modules"],"sub_categories":["C Modules"],"readme":"Name\n====\n\nencrypted-session-nginx-module - encrypt and decrypt nginx variable values\n\n*This module is not distributed with the Nginx source.* See the\ninstallation instructions.\n\nTable of Contents\n=================\n\n* [Name](#name)\n* [Status](#status)\n* [Synopsis](#synopsis)\n* [Description](#description)\n* [Directives](#directives)\n    * [encrypted_session_key](#encrypted_session_key)\n    * [encrypted_session_iv](#encrypted_session_iv)\n    * [encrypted_session_expires](#encrypted_session_expires)\n    * [set_encrypt_session](#set_encrypt_session)\n    * [set_decrypt_session](#set_decrypt_session)\n* [Installation](#installation)\n    * [Building as a dynamic module](#building-as-a-dynamic-module)\n* [Compatibility](#compatibility)\n* [Report Bugs](#report-bugs)\n* [Source Repository](#source-repository)\n* [Getting involved](#getting-involved)\n* [Author](#author)\n* [Copyright \u0026 License](#copyright--license)\n* [See Also](#see-also)\n\nStatus\n======\n\nThis module is production ready.\n\nSynopsis\n========\n\n```nginx\n# key must be of 32 bytes long\nencrypted_session_key \"abcdefghijklmnopqrstuvwxyz123456\";\n\n# iv must not be longer than 16 bytes\n#   default: \"deadbeefdeadbeef\" (w/o quotes)\nencrypted_session_iv \"1234567812345678\";\n\n# default: 1d (1 day)\nencrypted_session_expires 3600; # in sec\n\nlocation /encrypt {\n    set $raw 'text to encrypted'; # from the ngx_rewrite module\n    set_encrypt_session $session $raw;\n    set_encode_base32 $session; # from the ngx_set_misc module\n\n    add_header Set-Cookie 'my_login=$session';  # from the ngx_headers module\n\n    # your content handler goes here...\n}\n\nlocation /decrypt {\n    set_decode_base32 $session $cookie_my_login; # from the ngx_set_misc module\n    set_decrypt_session $raw $session;\n\n    if ($raw = '') {\n        # bad session\n    }\n\n    # your content handler goes here...\n}\n```\n\nDescription\n===========\n\nThis module provides encryption and decryption support for\nnginx variables based on AES-256 with Mac.\n\nThis module is usually used with the [ngx_set_misc module](http://github.com/agentzh/set-misc-nginx-module)\nand the standard rewrite module's directives.\n\nThis module can be used to implement simple user login and ACL.\n\nUsually, you just decrypt data in nginx level, and pass the unencrypted\ndata to your FastCGI/HTTP backend, as in\n\n```nginx\nlocation /blah {\n    set_decrypt_session $raw_text $encrypted;\n\n    # this directive is from the ngx_set_misc module\n    set_escape_uri $escaped_raw_text $raw_text;\n\n    fastcgi_param QUERY_STRING \"uid=$uid\";\n    fastcgi_pass unix:/path/to/my/php/or/python/fastcgi.sock;\n}\n```\n\nLua web applications running directly on [ngx_lua](https://github.com/openresty/lua-nginx-module) can call\nthis module's directives directly from within Lua code:\n\n```lua\nlocal raw_text = ndk.set_var.set_decrypt_session(encrypted_text)\n```\n\n[Back to TOC](#table-of-contents)\n\nDirectives\n==========\n\n[Back to TOC](#table-of-contents)\n\nencrypted_session_key\n---------------------\n**syntax:** *encrypted_session_key \u0026lt;key\u0026gt;*\n\n**default:** *no*\n\n**context:** *http, server, server if, location, location if*\n\nSets the key for the cipher (must be 32 bytes long). For example,\n\n```nginx\nencrypted_session_key \"abcdefghijklmnopqrstuvwxyz123456\";\n```\n\n[Back to TOC](#table-of-contents)\n\nencrypted_session_iv\n--------------------\n**syntax:** *encrypted_session_iv \u0026lt;iv\u0026gt;*\n\n**default:** *encrypted_session_iv \"deadbeefdeadbeef\";*\n\n**context:** *http, server, server if, location, location if*\n\nSets the initial vector used for the cipher (must be *no longer* than 16 bytes).\n\nFor example,\n\n```nginx\nencrypted_session_iv \"12345678\";\n```\n\n[Back to TOC](#table-of-contents)\n\nencrypted_session_expires\n-------------------------\n**syntax:** *encrypted_session_expires \u0026lt;time\u0026gt;*\n\n**default:** *encrypted_session_expires 1d;*\n\n**context:** *http, server, server if, location, location if*\n\nSets expiration time difference (in seconds by default).\n\nFor example, consider the following configuration:\n\n```nginx\nencypted_session_expires 1d;\n```\n\nWhen your session is being generated, ngx_encrypted_session will plant\nan expiration time (1 day in the future in this example) into the\nencrypted session string, such that when the session is being decrypted\nlater, the server can pull the expiration time out of the session and\ncompare it with the server's current system time. No matter how you\ntransfer and store your session, like using cookies, or URI query arguments,\nor whatever.\n\nPeople may confuse this setting with the expiration date of HTTP\ncookies. This directive simply controls when the session gets expired;\nit knows nothing about HTTP cookies. Even if the end user intercepted\nthis session from cookie by himself and uses it later manually, the\nserver will still reject it when the expiration time gets passed.\n\n[Back to TOC](#table-of-contents)\n\nset_encrypt_session\n-------------------\n**syntax:** *set_encrypt_session $target \u0026lt;value\u0026gt;*\n\n**default:** *no*\n\n**context:** *http, server, server if, location, location if*\n\nEncrypts the string value specified by the `value` argument and saves the result into\nthe variable specified by `$target`.\n\nFor example,\n\n```nginx\nset_encrypt_session $res $value;\n```\n\nwill encrypts the value in the variable $value into the target variable `$res`.\n\nThe `value` argument can also be an nginx string value, for example,\n\n```nginx\nset_encrypt_session $res \"my value = $value\";\n```\n\nThe resulting data can later be decrypted via the [set_decrypt_session](#set_decrypt_session) directive.\n\n[Back to TOC](#table-of-contents)\n\nset_decrypt_session\n-------------------\n**syntax:** *set_decrypt_session $target \u0026lt;value\u0026gt;*\n\n**default:** *no*\n\n**context:** *http, server, server if, location, location if*\n\nSimilar to [set_encrypt_session](#set_encrypt_session), but performs the inverse operation, that is,\nto decrypt things.\n\n[Back to TOC](#table-of-contents)\n\nInstallation\n============\n\nYou're recommended to install this module (as well as the Nginx core and many other goodies) via the [ngx_openresty bundle](http://openresty.org). See [the detailed instructions](http://openresty.org/#Installation) for downloading and installing ngx_openresty into your system. This is the easiest and most safe way to set things up.\n\nAlternatively, you can install this module manually with the Nginx source:\n\nGrab the nginx source code from [nginx.org](http://nginx.org/), for example,\nthe version 1.13.6 (see [nginx compatibility](#compatibility)), and then build the source with this module:\n\n```bash\nwget 'http://nginx.org/download/nginx-1.13.6.tar.gz'\ntar -xzvf nginx-1.13.6.tar.gz\ncd nginx-1.13.6/\n\nHere we assume you would install you nginx under /opt/nginx/.\n./configure --prefix=/opt/nginx \\\n    --with-http_ssl_module \\\n    --add-module=/path/to/encrypted-session-nginx-module\n\nmake -j2\nmake install\n```\n\nDownload the latest version of the release tarball of this module from [encrypted-session-nginx-module file list](https://github.com/openresty/encrypted-session-nginx-module/tags).\n\nAlso, this module is included and enabled by default in the [ngx_openresty bundle](http://openresty.org).\n\nOpenSSL should not be disabled in your Nginx build.\n\n[Back to TOC](#table-of-contents)\n\nBuilding as a dynamic module\n----------------------------\n\nStarting from NGINX 1.9.11, you can also compile this module as a dynamic module, by using the `--add-dynamic-module=PATH` option instead of `--add-module=PATH` on the\n`./configure` command line above. And then you can explicitly load the module in your `nginx.conf` via the [load_module](http://nginx.org/en/docs/ngx_core_module.html#load_module)\ndirective, for example,\n\n```nginx\nload_module /path/to/modules/ndk_http_module.so;  # assuming NDK is built as a dynamic module too\nload_module /path/to/modules/ngx_http_encrypted_session_module.so;\n```\n\n[Back to TOC](#table-of-contents)\n\nCompatibility\n=============\n\nThe following versions of Nginx should work with this module:\n\n* **1.13.x** (last tested: 1.13.6)\n* **1.12.x**\n* **1.11.x** (last tested: 1.11.2)\n* **1.10.x**\n* **1.9.x** (last tested: 1.9.15)\n* **1.8.x**\n* **1.7.x** (last tested: 1.7.10)\n* **1.6.x**\n* **1.5.x** (last tested: 1.5.12)\n* **1.4.x** (last tested: 1.4.4)\n* **1.2.x** (last tested: 1.2.9)\n* **1.1.x** (last tested: 1.1.5)\n* **1.0.x** (last tested: 1.0.11)\n* **0.9.x** (last tested: 0.9.4)\n* **0.8.x** (last tested: 0.8.54)\n* **0.7.x \u003e= 0.7.46** (last tested: 0.7.68)\n\nEarlier versions of Nginx like 0.6.x and 0.5.x will *not* work.\n\nIf you find that any particular version of Nginx above 0.7.44 does not\nwork with this module, please consider reporting a bug.\n\n[Back to TOC](#table-of-contents)\n\nReport Bugs\n===========\n\nAlthough a lot of effort has been put into testing and code tuning,\nthere must be some serious bugs lurking somewhere in this module. So\nwhenever you are bitten by any quirks, please don't hesitate to\n\n1.  send a bug report or even patches to \u003cagentzh@gmail.com\u003e,\n2.  or create a ticket on the [issue tracking interface](http://github.com/openresty/encrypted-session-nginx-module/issues)\nprovided by GitHub.\n\n[Back to TOC](#table-of-contents)\n\nSource Repository\n=================\n\nAvailable on github at [openresty/encrypted-session-nginx-module](http://github.com/openresty/encrypted-session-nginx-module).\n\n[Back to TOC](#table-of-contents)\n\nGetting involved\n================\n\nYou'll be very welcomed to submit patches to the author or just ask for\na commit bit to the source repository on GitHub.\n\n[Back to TOC](#table-of-contents)\n\nAuthor\n======\n\nYichun \"agentzh\" Zhang (章亦春) \u0026lt;agentzh@gmail.com\u0026gt;\n\n[Back to TOC](#table-of-contents)\n\nCopyright \u0026 License\n===================\n\nCopyright (c) 2009-2018, Yichun Zhang (agentzh) \u0026lt;agentzh@gmail.com\u0026gt;, OpenResty Inc.\n\nThis module is licensed under the terms of the BSD license.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n* Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n* Redistributions in binary form must reproduce the above copyright\nnotice, this list of conditions and the following disclaimer in the\ndocumentation and/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\nIS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED\nTO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\nPARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n[Back to TOC](#table-of-contents)\n\nSee Also\n=========\n* [NDK](http://github.com/simpl-it/ngx_devel_kit)\n* [ngx_set_misc module](http://github.com/agentzh/set-misc-nginx-module)\n\n[Back to TOC](#table-of-contents)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenresty%2Fencrypted-session-nginx-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenresty%2Fencrypted-session-nginx-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenresty%2Fencrypted-session-nginx-module/lists"}