static-web-server VS gixy

In here, we will fetch the OIDC configuration from the Kubernetes API server and expose them to the internet on HTTPS using the newly acquired TLS certificate with the help of static web server.

I swapped to static-web-server for exclusively static files, it's only 4MB and its envvars are much easier than nginx's config files

I use https://static-web-server.net/

Cross-platform, written in Rust, straightforward configuration, secure defaults, also has a hardened container image and a hardened NixOS module.

I wouldn't recommend Caddy. Their official docker image runs as root unnecessarily (and the reasoning suggests a lack of understanding) [1], and they don't provide a properly sandboxed systemd unit file [2].

[1]: https://github.com/caddyserver/caddy-docker/issues/104

but for security, maybe something rust (like this )would do.

I like rust binaries because they are cross-platform. I've found cool ones like

- https://github.com/static-web-server/static-web-server/

- https://github.com/Qovery/Replibyte

If you know any repos where I may find compilation of tools I'll be thankful!

I use static web server to host the image.

https://github.com/yandex/gixy/blob/master/docs/en/plugins/a...

(and nixos automatically runs gixy on a configuration generated through it, so the system refuses to build <3)

* [alias_traversal] Path traversal via misconfigured alias

The alias traversal gotcha is one of the most pernicious I've seen. A single, seemingly innocuous '/' is the difference between a path traversal vulnerability or not.

[0]: https://github.com/yandex/gixy#what-it-can-do

not sure what is the exact reason but, nginx has vulnerability of of misconfigured ngnix.conf, I recommend using https://github.com/yandex/gixy and check if your nginx config files any sort of misconfig or not.