I understand that enabling compression over TLS is not recommended, so I gave up this idea. Maybe serving the static resources over HTTP on a different domain would be an interesting alternative, but I’m not sure how I could do that without messing with Bitwarden_RS.
Any idea?
Oh, and FYI, I’m using the Docker image and Nginx is acting as a reverse-proxy here.
TLS-level compression was never common, but HTTP-level (Content-Encoding) compression is widely used. The main attack on that is BREACH, but it’s only practical in limited cases (requires attacker to be able to inject traffic into your requests and read the corresponding responses), and bitwarden_rs doesn’t really meet the conditions for viability anyway (doesn’t tend to reflect user input, and doesn’t output cleartext secrets – only encrypted secrets that will be decrypted within the client). So enabling HTTP-level compression should be fine.
You can also put your instance behind Cloudflare or similar, which will cache large static assets like the .js files.
Thanks for the explanations. I’ll try to enable compression via Content-Encoding then. Using Cloudflare is not a viable option here at my level I think.
