Leaking Bitwarden's Vault with a Nginx vulnerability

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
HTTP Server HacktoberFest TLS Linux HTTPS

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • nixpkgs

    Nix Packages collection & NixOS

  • gixy

    Nginx configuration static analyzer

    • https://github.com/yandex/gixy/blob/master/docs/en/plugins/a...

    (and nixos automatically runs gixy on a configuration generated through it, so the system refuses to build <3)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • merecat

    Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd

  • caddy-docker

    Source for the official Caddy v2 Docker Image

    • I use https://static-web-server.net/

    Cross-platform, written in Rust, straightforward configuration, secure defaults, also has a hardened container image and a hardened NixOS module.

    I wouldn't recommend Caddy. Their official docker image runs as root unnecessarily (and the reasoning suggests a lack of understanding) [1], and they don't provide a properly sandboxed systemd unit file [2].

    [1]: https://github.com/caddyserver/caddy-docker/issues/104

  • static-web-server

    A cross-platform, high-performance and asynchronous web server for static files-serving. ⚡

    • I use https://static-web-server.net/

    Cross-platform, written in Rust, straightforward configuration, secure defaults, also has a hardened container image and a hardened NixOS module.

    I wouldn't recommend Caddy. Their official docker image runs as root unnecessarily (and the reasoning suggests a lack of understanding) [1], and they don't provide a properly sandboxed systemd unit file [2].

    [1]: https://github.com/caddyserver/caddy-docker/issues/104

  • dist

    Resources for packaging and distributing Caddy

  • vaultwarden

    Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

    • I have nginx-proxy docker container on top of vaultwarden - there aren't any alias directives there. Vaultwarden itself appears to use rust with some http framework called "rocket" [1]. Sorry I'm not familiar with rust world.

    But anyways, said vuln doesn't apply to vaultwarden.

    [1] https://github.com/dani-garcia/vaultwarden/blob/19e671ff25bf...

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • manix

    A fast CLI documentation searcher for Nix.

    • I found this a few weeks ago: https://github.com/mlvzk/manix

  • Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    • Caddy has been my default choice recently: https://caddyserver.com

    Among other things, it features automatic TLS via ACME and dead-simple configuration for my most common use cases: namely, serving a directory of static files and reverse-proxying to an app server.

    I'm also a fan of Traefik but it's strictly a reverse proxy, there's not even built-in support for serving static files. But it's great if you have e.g. a bunch of containers on a single host and you want to front them all with a single load balancer.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts