Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dev' into staging

Browse source
This commit is contained in:
florian 2024-03-25 15:34:22 +01:00
commit 6ca7b9ded2
No known key found for this signature in database
GPG key ID: 93EE47CC3D061500
5 changed files with 65 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -90,7 +90,7 @@ When using BunkerWeb you have the choice of the version you want to use : open-s
Whether it's enhanced security, an enriched user experience, or technical supervision, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs.
Be it in the documentation or the user interface, the PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.5.6/assets/img/pro-icon.svg" alt="crow pro icon" height="32px" width="32px"> to distinguish them from those integrated into the open-source version.
Be it in the documentation or the user interface, the PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.5.6/assets/img/pro-icon.svg" alt="crow pro icon" height="24px" width="24px"> to distinguish them from those integrated into the open-source version.
You can upgrade from the open-source version to the PRO one easily and at any time you want. The process is pretty straightforward :

4
docs/json2md.py
View file

@ -40,7 +40,7 @@ def stream_support(support) -> str:
def pro_title(title: str) -> str:
return f"## {title} <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'>\n"
return f"## {title} <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'>\n"
doc = StringIO()
@ -105,7 +105,7 @@ for pro in glob(f"v{version}/*/plugin.json"):
for data in dict(sorted(core_settings.items())).values():
pro_crown = ""
if "is_pro" in data:
pro_crown = " <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)\n"
pro_crown = " <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)\n"
print(f"## {data['name']}{pro_crown}\n", file=doc)
print(f"{stream_support(data['stream'])}\n", file=doc)
print(f"{data['description']}\n", file=doc)

60
docs/security-tuning.md
View file

@ -153,18 +153,22 @@ Here is the list of related settings :
Full Let's Encrypt automation is fully working with stream mode as long as you open the `80/tcp` port from the outside. Please note that you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
### Let's Encrypt DNS <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
### Let's Encrypt DNS <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style="transform : translateY(3px);"> (PRO)
STREAM support :white_check_mark:
The Let's Encrypt DNS plugin facilitates the automatic creation, renewal, and configuration of Let's Encrypt certificates using DNS challenges. This plugin offers seamless integration with various DNS providers for streamlined certificate management.
The Let's Encrypt DNS plugin facilitates the automatic creation, renewal, and configuration of Let's Encrypt certificates using DNS challenges.
This plugin offers seamless integration with various DNS providers for streamlined certificate management.
**List of features**
- Automatic creation and renewal of Let's Encrypt certificates
- Integration with DNS providers for DNS challenges
- Generate wildcard certificates
- Configuration options for customization and flexibility
Settings of the Let's Encrypt DNS plugin :
**Settings of the Let's Encrypt DNS plugin**
| Setting | Default | Context | Multiple | Description |
| ---------------------------------- | --------- | --------- | -------- | --------------------------------------------------------------------------------------- |
@ -176,12 +180,12 @@ Settings of the Let's Encrypt DNS plugin :
| `LETS_ENCRYPT_DNS_PROPAGATION` | `default` | multisite | no | Time in seconds to wait for DNS propagation. |
| `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` | | multisite | yes | Credential item for Let's Encrypt DNS provider that contains required credentials. |
Info :
!!! info "Information and behavior"
- The `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` setting is a multiple setting and can be used to set multiple items for the DNS provider. The items will be saved as a cache file and Certbot will read the credentials from it.
- If no `LETS_ENCRYPT_DNS_PROPAGATION` setting is set, the provider's default propagation time will be used.
- The `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` setting is a multiple setting and can be used to set multiple items for the DNS provider. The items will be saved as a cache file and Certbot will read the credentials from it.
- If no `LETS_ENCRYPT_DNS_PROPAGATION` setting is set, the provider's default propagation time will be used.
Available DNS Providers :
**Available DNS Providers**
| Provider | Description | Mandatory Settings | Link(s) |
| -------------- | ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- |
@ -545,25 +549,25 @@ You can deploy complex authentication (e.g. SSO), by using the auth request sett
## Monitoring and reporting
### Monitoring <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
### Monitoring <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style="transform : translateY(3px);"> (PRO)
The monitoring plugin lets you collect and retrieve metrics about BunkerWeb. By enabling it, your instance(s) will start collecting various data related to attacks, requests and performance. You can then retrieve them by calling the `/monitoring` API endpoint on regular basis or by using other plugins like the Prometheus exporter one.
List of features :
**List of features**
- Enable collection of various BunkerWeb metrics
- Retrieve metrics from the API
- Use in combination with other plugins (e.g. Prometheus exporter)
- Dedicate UI page to monitor your instance(s)
List of settings :
**List of settings**
| Setting |Default|Context|Multiple| Description |
|------------------------------|-------|-------|--------|---------------------------------------------|
|`USE_MONITORING` |`yes` |global |no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics.|
### Prometheus exporter <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
### Prometheus exporter <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style="transform : translateY(3px);"> (PRO)
The Prometheus exporter plugin adds a [Prometheus exporter](https://prometheus.io/docs/instrumenting/exporters/) on your BunkerWeb instance(s). When enabled, you can configure your Prometheus instance(s) to scrape a specific endpoint on Bunkerweb and gather internal metrics.
@ -571,13 +575,13 @@ We also provide a [Grafana dashboard](https://grafana.com/grafana/dashboards/207
**Please note that the use of Prometheus exporter plugin requires to enable the Monitoring plugin (`USE_MONITORING=yes`)**
List of features :
**List of features**
- Prometheus exporter providing internal BunkerWeb metrics
- Dedicated and configurable port, listen IP and URL
- Whitelist IP/network for maximum security
List of settings :
**List of settings**
| Setting | Default |Context|Multiple| Description |
|------------------------------|-----------------------------------------------------|-------|--------|------------------------------------------------------------------------|
@ -587,11 +591,15 @@ List of settings :
|`PROMETHEUS_EXPORTER_URL` |`/metrics` |global |no |HTTP URL of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_ALLOW_IP`|`127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16`|global |no |List of IP/networks allowed to contact the Prometheus exporter endpoint.|
### Reporting <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
### Reporting <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style="transform : translateY(3px);"> (PRO)
!!! warning "Monitoring plugin needed"
This plugins requires the Monitoring Pro plugin to be installed and enabled with the `USE_MONITORING` setting set to `yes`.
The Reporting plugin provides a comprehensive solution for regular reporting of important data from BunkerWeb, including global statistics, attacks, bans, requests, reasons, and AS information. It offers a wide range of features, including automatic report creation, customization options, and seamless integration with monitoring pro plugin. With the Reporting plugin, you can easily generate and manage reports to monitor the performance and security of your application.
List of features :
**List of features**
- Regular reporting of important data from BunkerWeb, including global statistics, attacks, bans, requests, reasons, and AS information.
- Integration with Monitoring Pro plugin for seamless integration and enhanced reporting capabilities.
@ -599,7 +607,7 @@ List of features :
- Support for SMTP for email notifications.
- Configuration options for customization and flexibility.
List of settings :
**List of settings**
| Setting | Default | Context | Description |
| ------------------------------ | -------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------- |
@ -615,15 +623,11 @@ List of settings :
| `REPORTING_SMTP_FROM_PASSWORD` | | `global` | The password authentication value for sending via the from email address. |
| `REPORTING_SMTP_SSL` | `SSL` | `global` | Determine whether or not to use a secure connection for SMTP. |
**Warning:**
- This plugins requires the Monitoring Pro plugin to be installed and enabled with the `USE_MONITORING` setting set to `yes`.
**Info:**
- If `USE_REPORTING_SMTP` is set to `yes`, the setting `REPORTING_SMTP_EMAILS` must be set.
- If `USE_REPORTING_WEBHOOK` is set to `yes`, the setting `REPORTING_WEBHOOK_URLS` must be set.
- Accepted values for `REPORTING_SCHEDULE` are `daily`, `weekly`and `monthly`.
- If no `REPORTING_SMTP_FROM_USER` and `REPORTING_SMTP_FROM_PASSWORD` are set, the plugin will try to send the email without authentication.
- If `REPORTING_SMTP_FROM_USER` isn't set but `REPORTING_SMTP_FROM_PASSWORD` is set, the plugin will use the `REPORTING_SMTP_FROM_EMAIL` as the username.
- If the job fails, the plugin will retry sending the report in the next execution.
!!! info "Information and behavior"
- case `USE_REPORTING_SMTP` is set to `yes`, the setting `REPORTING_SMTP_EMAILS` must be set.
- case `USE_REPORTING_WEBHOOK` is set to `yes`, the setting `REPORTING_WEBHOOK_URLS` must be set.
- Accepted values for `REPORTING_SCHEDULE` are `daily`, `weekly`and `monthly`.
- case no `REPORTING_SMTP_FROM_USER` and `REPORTING_SMTP_FROM_PASSWORD` are set, the plugin will try to send the email without authentication.
- case `REPORTING_SMTP_FROM_USER` isn't set but `REPORTING_SMTP_FROM_PASSWORD` is set, the plugin will use the `REPORTING_SMTP_FROM_EMAIL` as the username.
- case the job fails, the plugin will retry sending the report in the next execution.

52
docs/settings.md
View file

@ -325,7 +325,7 @@ Automatic creation, renewal and configuration of Let's Encrypt certificates.
|`EMAIL_LETS_ENCRYPT` | |multisite|no |Email used for Let's Encrypt notification and in certificate. |
|`USE_LETS_ENCRYPT_STAGING`|`no` |multisite|no |Use the staging environment for Lets Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.|
## Let's Encrypt DNS <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
## Let's Encrypt DNS <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :white_check_mark:
@ -412,17 +412,17 @@ Management of the ModSecurity WAF.
|`MODSECURITY_SEC_RULE_ENGINE` |`On` |multisite|no |SecRuleEngine directive of ModSecurity. |
|`MODSECURITY_SEC_AUDIT_LOG_PARTS`|`ABCFHZ` |multisite|no |SecAuditLogParts directive of ModSecurity.|
## Monitoring <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
## Monitoring <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :x:
BunkerWeb monitoring pro system. This plugin is a prerequisite for some other plugins.
| Setting |Default| Context |Multiple| Description |
|------------------------------|-------|---------|--------|---------------------------------------------|
|`USE_MONITORING` |`yes` |multisite|no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics.|
| Setting |Default|Context|Multiple| Description |
|------------------------------|-------|-------|--------|---------------------------------------------|
|`USE_MONITORING` |`yes` |global |no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics.|
## PHP
@ -447,21 +447,20 @@ Pro settings for the Pro version of BunkerWeb.
|-----------------|-------|-------|--------|-------------------------------------------------|
|`PRO_LICENSE_KEY`| |global |no |The License Key for the Pro version of BunkerWeb.|
## Prometheus exporter <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
## Prometheus exporter <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :x:
Prometheus exporter for BunkerWeb
Prometheus exporter for BunkerWeb internal metrics.
| Setting | Default |Context|Multiple| Description |
|-------------------------------|-----------------------------------------------------|-------|--------|------------------------------------------------------------------------|
|`USE_PROMETHEUS_EXPORTER` |`no` |global |no |Enable the Prometheus export. |
|`PROMETHEUS_EXPORTER_IP` |`0.0.0.0` |global |no |Listening IP of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_PORT` |`9113` |global |no |Listening port of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_DICT_SIZE`|`10M` |global |no |Size of the dict to store Prometheus metrics. |
|`PROMETHEUS_EXPORTER_ALLOW_IP` |`127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16`|global |no |List of IP/networks allowed to contact the Prometheus exporter endpoint.|
|`PROMETHEUS_EXPORTER_URL` |`/metrics` |global |no |HTTP URL of the Prometheus exporter. |
| Setting | Default |Context|Multiple| Description |
|------------------------------|-----------------------------------------------------|-------|--------|------------------------------------------------------------------------|
|`USE_PROMETHEUS_EXPORTER` |`no` |global |no |Enable the Prometheus export. |
|`PROMETHEUS_EXPORTER_IP` |`0.0.0.0` |global |no |Listening IP of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_PORT` |`9113` |global |no |Listening port of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_URL` |`/metrics` |global |no |HTTP URL of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_ALLOW_IP`|`127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16`|global |no |List of IP/networks allowed to contact the Prometheus exporter endpoint.|
## Real IP
@ -514,7 +513,7 @@ Redis server configuration when using BunkerWeb in cluster mode.
|`REDIS_SENTINEL_PASSWORD`| |global |no |Redis sentinel password. |
|`REDIS_SENTINEL_MASTER` | |global |no |Redis sentinel master name. |
## Reporting <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='32px' width='32px'> (PRO)
## Reporting <img src='/assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :x:
@ -523,18 +522,17 @@ Regular reporting of important data from BunkerWeb (global, attacks, bans, reque
| Setting |Default |Context|Multiple| Description |
|------------------------------|--------|-------|--------|----------------------------------------------------------------------------------------------------------------------------------|
|`USE_REPORTING` |`no` |global |no |Enable the reporting feature. |
|`REPORTING_USE_SMTP` |`no` |global |no |Enable the send report with email(s). |
|`REPORTING_USE_WEBHOOK` |`no` |global |no |Enable the send report with webhook. |
|`REPORTING_SCHEDULE` |`weekly`|global |no |The time between sending two reports. |
|`REPORTING_WEBHOOK_URLS` | |global |no |List of webhooks URLs to receive the report in PDF format (separated by spaces) |
|`REPORTING_SMTP_EMAILS` | |global |no |List of emails to receive the report in HTML format (separated by spaces) |
|`REPORTING_SMTP_HOST` | |global |no |Host server used for SMTP sending. |
|`REPORTING_SMTP_FROM_EMAIL` | |global |no |The email address used to send the message. Notice that 2FA must be disabled for this email address. |
|`USE_REPORTING_SMTP` |`no` |global |no |Enable sending the report via email. |
|`USE_REPORTING_WEBHOOK` |`no` |global |no |Enable sending the report via webhook. |
|`REPORTING_SCHEDULE` |`weekly`|global |no |The frequency at which reports are sent. |
|`REPORTING_WEBHOOK_URLS` | |global |no |List of webhook URLs to receive the report in Markdown (separated by spaces). |
|`REPORTING_SMTP_EMAILS` | |global |no |List of email addresses to receive the report in HTML format (separated by spaces). |
|`REPORTING_SMTP_HOST` | |global |no |The host server used for SMTP sending. |
|`REPORTING_SMTP_PORT` |`465` |global |no |The port used for SMTP. Please note that there are different standards depending on the type of connection (SSL = 465, TLS = 587).|
|`REPORTING_SMTP_FROM_EMAIL` | |global |no |The email address used as the sender. Note that 2FA must be disabled for this email address. |
|`REPORTING_SMTP_FROM_USER` | |global |no |The user authentication value for sending via the from email address. |
|`REPORTING_SMTP_FROM_PASSWORD`| |global |no |The password authentication value for sending via the from email address. |
|`REPORTING_SMTP_PORT` |`465` |global |no |The port used for SMTP. Please note that there are different standards depending on the type of connection (SSL = 465, TLS = 587).|
|`REPORTING_SMTP_SSL` |`SSL` |global |no |Determine whether or not you want a secure connection for SMTP. |
|`REPORTING_SMTP_SSL` |`SSL` |global |no |Determine whether or not to use a secure connection for SMTP. |
## Reverse proxy

28
src/ui/static/js/account.js
View file

@ -45,7 +45,7 @@ class SubmitAccount {
"focus:valid:!ring-red-500",
"active:!border-red-500",
"active:valid:!border-red-500",
"valid:!border-red-500",
"valid:!border-red-500"
);
this.pwAlertEl.classList.add("opacity-0");
this.pwAlertEl.setAttribute("aria-hidden", "true");
@ -59,7 +59,7 @@ class SubmitAccount {
"focus:valid:!ring-red-500",
"active:!border-red-500",
"active:valid:!border-red-500",
"valid:!border-red-500",
"valid:!border-red-500"
);
this.pwAlertEl.classList.remove("opacity-0");
this.pwAlertEl.setAttribute("aria-hidden", "false");
@ -77,14 +77,14 @@ class PwBtn {
const passwordContainer = e.target.closest("[data-input-group]");
const inpEl = passwordContainer.querySelector("input");
const invBtn = passwordContainer.querySelector(
'[data-setting-password="invisible"]',
'[data-setting-password="invisible"]'
);
const visBtn = passwordContainer.querySelector(
'[data-setting-password="visible"]',
'[data-setting-password="visible"]'
);
inpEl.setAttribute(
"type",
inpEl.getAttribute("type") === "password" ? "text" : "password",
inpEl.getAttribute("type") === "password" ? "text" : "password"
);
if (inpEl.getAttribute("type") === "password") {
@ -128,26 +128,8 @@ class SwitchTabForm {
}
}
class FormatExpire {
constructor() {
this.init();
}
init() {
window.addEventListener("DOMContentLoaded", () => {
const expireEl = document.querySelector("[data-expire]");
if (!expireEl) return;
expireEl.textContent = expireEl.textContent
.replaceAll("-", "/")
.split(" ")[0];
});
}
}
const setPWBtn = new PwBtn();
const setSubmit = new SubmitAccount();
const setTabs = new Tabs();
const setPopover = new Popover();
const setSwitchTabForm = new SwitchTabForm();
const setFormatExpire = new FormatExpire();