mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
Start adding documentation about SECURITY_MODE
This commit is contained in:
Théophile Diot
parent
99f1190dfd
commit
7e83f180c1
1 changed files with 43 additions and 42 deletions
|
|
@ -15,44 +15,45 @@ When settings are considered as "multiple", it means that you can have multiple
|
|||
|
||||
STREAM support :warning:
|
||||
|
||||
| Setting | Default | Context | Multiple | Description |
|
||||
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | --------- | -------- | --------------------------------------------------------------------------------------------------- |
|
||||
| `IS_LOADING` | `no` | global | no | Internal use : set to yes when BW is loading. |
|
||||
| `NGINX_PREFIX` | `/etc/nginx/` | global | no | Where nginx will search for configurations. |
|
||||
| `HTTP_PORT` | `8080` | global | no | HTTP port number which bunkerweb binds to. |
|
||||
| `HTTPS_PORT` | `8443` | global | no | HTTPS port number which bunkerweb binds to. |
|
||||
| `MULTISITE` | `no` | global | no | Multi site activation. |
|
||||
| `SERVER_NAME` | `www.example.com` | multisite | no | List of the virtual hosts served by bunkerweb. |
|
||||
| `WORKER_PROCESSES` | `auto` | global | no | Number of worker processes. |
|
||||
| `WORKER_RLIMIT_NOFILE` | `2048` | global | no | Maximum number of open files for worker processes. |
|
||||
| `WORKER_CONNECTIONS` | `1024` | global | no | Maximum number of connections per worker. |
|
||||
| `LOG_FORMAT` | `$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"` | global | no | The format to use for access logs. |
|
||||
| `LOG_LEVEL` | `notice` | global | no | The level to use for error logs. |
|
||||
| `DNS_RESOLVERS` | `127.0.0.11` | global | no | DNS addresses of resolvers to use. |
|
||||
| `WORKERLOCK_MEMORY_SIZE` | `48k` | global | no | Size of lua_shared_dict for initialization workers |
|
||||
| `DATASTORE_MEMORY_SIZE` | `64m` | global | no | Size of the internal datastore. |
|
||||
| `CACHESTORE_MEMORY_SIZE` | `64m` | global | no | Size of the internal cachestore. |
|
||||
| `CACHESTORE_IPC_MEMORY_SIZE` | `16m` | global | no | Size of the internal cachestore (ipc). |
|
||||
| `CACHESTORE_MISS_MEMORY_SIZE` | `16m` | global | no | Size of the internal cachestore (miss). |
|
||||
| `CACHESTORE_LOCKS_MEMORY_SIZE` | `16m` | global | no | Size of the internal cachestore (locks). |
|
||||
| `USE_API` | `yes` | global | no | Activate the API to control BunkerWeb. |
|
||||
| `API_HTTP_PORT` | `5000` | global | no | Listen port number for the API. |
|
||||
| `API_LISTEN_IP` | `0.0.0.0` | global | no | Listen IP address for the API. |
|
||||
| `API_SERVER_NAME` | `bwapi` | global | no | Server name (virtual host) for the API. |
|
||||
| `API_WHITELIST_IP` | `127.0.0.0/8` | global | no | List of IP/network allowed to contact the API. |
|
||||
| `AUTOCONF_MODE` | `no` | global | no | Enable Autoconf Docker integration. |
|
||||
| `SWARM_MODE` | `no` | global | no | Enable Docker Swarm integration. |
|
||||
| `KUBERNETES_MODE` | `no` | global | no | Enable Kubernetes integration. |
|
||||
| `SERVER_TYPE` | `http` | multisite | no | Server type : http or stream. |
|
||||
| `LISTEN_STREAM` | `yes` | multisite | no | Enable listening for non-ssl (passthrough). |
|
||||
| `LISTEN_STREAM_PORT` | `1337` | multisite | no | Listening port for non-ssl (passthrough). |
|
||||
| `LISTEN_STREAM_PORT_SSL` | `4242` | multisite | no | Listening port for ssl (passthrough). |
|
||||
| `USE_UDP` | `no` | multisite | no | UDP listen instead of TCP (stream). |
|
||||
| `USE_IPV6` | `no` | global | no | Enable IPv6 connectivity. |
|
||||
| `IS_DRAFT` | `no` | multisite | no | Internal use : set to yes when the service is in draft mode. |
|
||||
| `TIMERS_LOG_LEVEL` | `debug` | global | no | Log level for timers. |
|
||||
| `BUNKERWEB_INSTANCES` | `127.0.0.1` | global | no | List of BunkerWeb instances separated with spaces (format : fqdn-or-ip:5000 http://fqdn-or-ip:5000) |
|
||||
| `USE_TEMPLATE` | | multisite | no | Config template to use that will override the default values of specific settings. |
|
||||
| Setting | Default | Context | Multiple | Description |
|
||||
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | --------- | -------- | ------------------------------------------------------------------------------------------------------------- |
|
||||
| `IS_LOADING` | `no` | global | no | Internal use : set to yes when BW is loading. |
|
||||
| `NGINX_PREFIX` | `/etc/nginx/` | global | no | Where nginx will search for configurations. |
|
||||
| `HTTP_PORT` | `8080` | global | no | HTTP port number which bunkerweb binds to. |
|
||||
| `HTTPS_PORT` | `8443` | global | no | HTTPS port number which bunkerweb binds to. |
|
||||
| `MULTISITE` | `no` | global | no | Multi site activation. |
|
||||
| `SERVER_NAME` | `www.example.com` | multisite | no | List of the virtual hosts served by bunkerweb. |
|
||||
| `WORKER_PROCESSES` | `auto` | global | no | Number of worker processes. |
|
||||
| `WORKER_RLIMIT_NOFILE` | `2048` | global | no | Maximum number of open files for worker processes. |
|
||||
| `WORKER_CONNECTIONS` | `1024` | global | no | Maximum number of connections per worker. |
|
||||
| `LOG_FORMAT` | `$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"` | global | no | The format to use for access logs. |
|
||||
| `LOG_LEVEL` | `notice` | global | no | The level to use for error logs. |
|
||||
| `DNS_RESOLVERS` | `127.0.0.11` | global | no | DNS addresses of resolvers to use. |
|
||||
| `WORKERLOCK_MEMORY_SIZE` | `48k` | global | no | Size of lua_shared_dict for initialization workers |
|
||||
| `DATASTORE_MEMORY_SIZE` | `64m` | global | no | Size of the internal datastore. |
|
||||
| `CACHESTORE_MEMORY_SIZE` | `64m` | global | no | Size of the internal cachestore. |
|
||||
| `CACHESTORE_IPC_MEMORY_SIZE` | `16m` | global | no | Size of the internal cachestore (ipc). |
|
||||
| `CACHESTORE_MISS_MEMORY_SIZE` | `16m` | global | no | Size of the internal cachestore (miss). |
|
||||
| `CACHESTORE_LOCKS_MEMORY_SIZE` | `16m` | global | no | Size of the internal cachestore (locks). |
|
||||
| `USE_API` | `yes` | global | no | Activate the API to control BunkerWeb. |
|
||||
| `API_HTTP_PORT` | `5000` | global | no | Listen port number for the API. |
|
||||
| `API_LISTEN_IP` | `0.0.0.0` | global | no | Listen IP address for the API. |
|
||||
| `API_SERVER_NAME` | `bwapi` | global | no | Server name (virtual host) for the API. |
|
||||
| `API_WHITELIST_IP` | `127.0.0.0/8` | global | no | List of IP/network allowed to contact the API. |
|
||||
| `AUTOCONF_MODE` | `no` | global | no | Enable Autoconf Docker integration. |
|
||||
| `SWARM_MODE` | `no` | global | no | Enable Docker Swarm integration. |
|
||||
| `KUBERNETES_MODE` | `no` | global | no | Enable Kubernetes integration. |
|
||||
| `SERVER_TYPE` | `http` | multisite | no | Server type : http or stream. |
|
||||
| `LISTEN_STREAM` | `yes` | multisite | no | Enable listening for non-ssl (passthrough). |
|
||||
| `LISTEN_STREAM_PORT` | `1337` | multisite | no | Listening port for non-ssl (passthrough). |
|
||||
| `LISTEN_STREAM_PORT_SSL` | `4242` | multisite | no | Listening port for ssl (passthrough). |
|
||||
| `USE_UDP` | `no` | multisite | no | UDP listen instead of TCP (stream). |
|
||||
| `USE_IPV6` | `no` | global | no | Enable IPv6 connectivity. |
|
||||
| `IS_DRAFT` | `no` | multisite | no | Internal use : set to yes when the service is in draft mode. |
|
||||
| `TIMERS_LOG_LEVEL` | `debug` | global | no | Log level for timers. |
|
||||
| `BUNKERWEB_INSTANCES` | `127.0.0.1` | global | no | List of BunkerWeb instances separated with spaces (format : fqdn-or-ip:5000 http://fqdn-or-ip:5000) |
|
||||
| `USE_TEMPLATE` | | multisite | no | Config template to use that will override the default values of specific settings. |
|
||||
| `SECURITY_MODE` | `block` | multisite | no | Defines the response to threats: "detect" to monitor and log, or "block" to prevent access and log incidents. |
|
||||
|
||||
|
||||
## Antibot
|
||||
|
|
@ -268,10 +269,10 @@ STREAM support :white_check_mark:
|
|||
|
||||
Deny access based on external DNSBL servers.
|
||||
|
||||
| Setting | Default | Context | Multiple | Description |
|
||||
| ------------ | ---------------------------------------------------------------------------- | --------- | -------- | ----------------------- |
|
||||
| `USE_DNSBL` | `yes` | multisite | no | Activate DNSBL feature. |
|
||||
| `DNSBL_LIST` | `bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org` | global | no | List of DNSBL servers. |
|
||||
| Setting | Default | Context | Multiple | Description |
|
||||
| ------------ | --------------------------------------------------- | --------- | -------- | ----------------------- |
|
||||
| `USE_DNSBL` | `yes` | multisite | no | Activate DNSBL feature. |
|
||||
| `DNSBL_LIST` | `bl.blocklist.de sbl.spamhaus.org xbl.spamhaus.org` | global | no | List of DNSBL servers. |
|
||||
|
||||
## Errors
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue