The Encrypted Session dynamic module provides encryption and decryption support for NGINX variables based on AES-256 with MAC. It is usually used with the Set-Misc dynamic module and the NGINX rewrite module.


  1. Check the Technical Specifications page to verify that the module is supported by your operating system.

  2. Prior to installing the module, verify that the NDK module is already installed.


  1. Install the Encrypted Session module package nginx-plus-module-encrypted-session.

    For Amazon Linux 2, CentOS, Oracle Linux, and RHEL:

    yum install nginx-plus-module-encrypted-session

    for Amazon Linux 2023, AlmaLinux, Rocky Linux:

    dnf install nginx-plus-module-encrypted-session

    For Debian and Ubuntu:

    apt-get install nginx-plus-module-encrypted-session

    For SLES:

    zypper install nginx-plus-module-encrypted-session

    For Alpine:

    apk add nginx-plus-module-encrypted-session

    For FreeBSD:

    pkg install nginx-plus-module-encrypted-session


After installation you will need to enable and configure the module in NGINX Plus configuration file nginx.conf.

  1. Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:

    load_module modules/ndk_http_module.so;
    load_module modules/ngx_http_encrypted_session_module.so;
    The directives must be in this order.
  2. Perform additional configuration as required by the module.

  3. Test the configuration and reload NGINX Plus to enable the module:

    nginx -t && nginx -s reload

More Info