Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #3588 from bunkerity/staging
Some checks failed
Automatic push (RC) / build-containers (false, false, rc) (push) Has been cancelled
Details
Automatic push (RC) / create-arm (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/386, 386, src/all-in-one/Dockerfile, all-in-one) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/386, 386, src/api/Dockerfile, api) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/386, 386, src/autoconf/Dockerfile, autoconf) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/386, 386, src/bw/Dockerfile, bunkerweb) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/386, 386, src/scheduler/Dockerfile, scheduler) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/386, 386, src/ui/Dockerfile, ui) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/amd64, amd64, src/all-in-one/Dockerfile, all-in-one) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/amd64, amd64, src/api/Dockerfile, api) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/amd64, amd64, src/autoconf/Dockerfile, autoconf) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/amd64, amd64, src/bw/Dockerfile, bunkerweb) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/amd64, amd64, src/scheduler/Dockerfile, scheduler) (push) Has been cancelled
Details
Automatic push (RC) / build-containers (linux/amd64, amd64, src/ui/Dockerfile, ui) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (false, false, rc) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm/v7, armv7, src/all-in-one/Dockerfile, all-in-one) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm/v7, armv7, src/api/Dockerfile, api) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm/v7, armv7, src/autoconf/Dockerfile, autoconf) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm/v7, armv7, src/bw/Dockerfile, bunkerweb) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm/v7, armv7, src/scheduler/Dockerfile, scheduler) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm/v7, armv7, src/ui/Dockerfile, ui) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm64, arm64, src/all-in-one/Dockerfile, all-in-one) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm64, arm64, src/api/Dockerfile, api) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm64, arm64, src/scheduler/Dockerfile, scheduler) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm64, arm64, src/ui/Dockerfile, ui) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (debian-bookworm, deb, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (debian-bookworm, deb, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm64, arm64, src/autoconf/Dockerfile, autoconf) (push) Has been cancelled
Details
Automatic push (RC) / build-containers-arm (linux/arm64, arm64, src/bw/Dockerfile, bunkerweb) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (debian-trixie, deb, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (debian-trixie, deb, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (fedora-43, rpm, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (fedora-43, rpm, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (fedora-44, rpm, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (fedora-44, rpm, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rc) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rhel-10, rpm, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rhel-10, rpm, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rhel-8, rpm, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rhel-8, rpm, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rhel-9, rpm, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (rhel-9, rpm, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (ubuntu, deb, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (ubuntu, deb, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (ubuntu-jammy, deb, linux/amd64) (push) Has been cancelled
Details
Automatic push (RC) / build-packages (ubuntu-jammy, deb, linux/arm64) (push) Has been cancelled
Details
Automatic push (RC) / wait-builds (push) Has been cancelled
Details
Automatic push (RC) / push-images (all-in-one, src/all-in-one/Dockerfile, bunkerweb-all-in-one) (push) Has been cancelled
Details
Automatic push (RC) / push-images (api, src/api/Dockerfile, bunkerweb-api) (push) Has been cancelled
Details
Automatic push (RC) / push-images (autoconf, src/autoconf/Dockerfile, bunkerweb-autoconf) (push) Has been cancelled
Details
Automatic push (RC) / push-images (bunkerweb, src/bw/Dockerfile, bunkerweb) (push) Has been cancelled
Details
Automatic push (RC) / push-images (rc) (push) Has been cancelled
Details
Automatic push (RC) / push-images (scheduler, src/scheduler/Dockerfile, bunkerweb-scheduler) (push) Has been cancelled
Details
Automatic push (RC) / push-images (ui, src/ui/Dockerfile, bunkerweb-ui) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, debian-bookworm, deb, amd64, _, , bookworm) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, debian-trixie, deb, amd64, _, , trixie) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, el-10, rpm, x86_64, -, 1., 10) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, el-8, rpm, x86_64, -, 1., 8) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, el-9, rpm, x86_64, -, 1., 9) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, fedora-43, rpm, x86_64, -, 1., 43) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, fedora-44, rpm, x86_64, -, 1., 44) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, ubuntu, deb, amd64, _, , noble) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, el-10, rpm, aarch64, -, 1., 10) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (amd64, ubuntu-jammy, deb, amd64, _, , jammy) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, debian-bookworm, deb, arm64, _, , bookworm) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, debian-trixie, deb, arm64, _, , trixie) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, el-8, rpm, aarch64, -, 1., 8) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, el-9, rpm, aarch64, -, 1., 9) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, fedora-43, rpm, aarch64, -, 1., 43) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, fedora-44, rpm, aarch64, -, 1., 44) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, ubuntu, deb, arm64, _, , noble) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (arm64, ubuntu-jammy, deb, arm64, _, , jammy) (push) Has been cancelled
Details
Automatic push (RC) / push-packages (latest, bunkerweb) (push) Has been cancelled
Details
Automatic push (RC) / doc-pdf (push) Has been cancelled
Details
Automatic push (RC) / push-gh (push) Has been cancelled
Details
Automatic push (RC) / push-doc (push) Has been cancelled
Details
Automatic push (RC) / rm-arm (push) Has been cancelled
Details

Browse source 
Road to 1.6.11~rc1 🚀
This commit is contained in:
Théophile Diot 2026-05-23 01:50:22 +02:00 committed by GitHub
commit 80fb6d58e6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
781 changed files with 268517 additions and 2931 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View file

@ -51,7 +51,7 @@ body:
label: BunkerWeb version
description: What version of BunkerWeb are you running?
placeholder: Version
value: 1.6.10~rc7
value: 1.6.11~rc1
validations:
required: true
- type: dropdown

15
.github/workflows/beta.yml vendored
View file

@ -110,7 +110,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
rhel-8,
@ -127,8 +126,6 @@ jobs:
package: deb
- linux: debian-trixie
package: deb
- linux: fedora-42
package: rpm
- linux: fedora-43
package: rpm
- linux: fedora-44
@ -232,7 +229,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
el-8,
@ -259,11 +255,6 @@ jobs:
suffix: ""
version: trixie
package: deb
- linux: fedora-42
separator: "-"
suffix: "1."
version: 42
package: rpm
- linux: fedora-43
separator: "-"
suffix: "1."
@ -303,9 +294,6 @@ jobs:
- linux: debian-trixie
arch: amd64
package_arch: amd64
- linux: fedora-42
arch: amd64
package_arch: x86_64
- linux: fedora-43
arch: amd64
package_arch: x86_64
@ -333,9 +321,6 @@ jobs:
- linux: debian-trixie
arch: arm64
package_arch: arm64
- linux: fedora-42
arch: arm64
package_arch: aarch64
- linux: fedora-43
arch: arm64
package_arch: aarch64

4
.github/workflows/codeql.yml vendored
View file

@ -36,12 +36,12 @@ jobs:
python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
setup-python-dependencies: false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
category: "/language:${{matrix.language}}"

6
.github/workflows/container-build.yml vendored
View file

@ -105,7 +105,7 @@ jobs:
# Build cached image
- name: Build image
if: inputs.CACHE == true
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -118,7 +118,7 @@ jobs:
# Build non-cached image
- name: Build image
if: inputs.CACHE != true
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -130,7 +130,7 @@ jobs:
# Check vulnerabilities with Docker Scout
- name: Docker Scout CVE Analysis
if: ${{ startsWith(inputs.CACHE_SUFFIX, 'arm') == false }}
uses: docker/scout-action@bacf462e8d090c09660de30a6ccc718035f961e3 # v1.20.4
uses: docker/scout-action@cd72f264beff1cd72735de31148b9d3244a0234a # v1.21.0
with:
command: cves,recommendations
image: local/${{ inputs.IMAGE }}

10
.github/workflows/dev.yml vendored
View file

@ -53,7 +53,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
rhel-8,
@ -70,8 +69,6 @@ jobs:
package: deb
- linux: debian-trixie
package: deb
- linux: fedora-42
package: rpm
- linux: fedora-43
package: rpm
- linux: fedora-44
@ -216,7 +213,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
el-8,
@ -246,12 +242,6 @@ jobs:
suffix: ""
version: trixie
package: deb
- linux: fedora-42
package_arch: x86_64
separator: "-"
suffix: "1."
version: 42
package: rpm
- linux: fedora-43
package_arch: x86_64
separator: "-"

6
.github/workflows/linux-build.yml vendored
View file

@ -107,7 +107,7 @@ jobs:
# Build testing package image
- name: Build package image
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' || inputs.RELEASE == '1.5'
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
load: true
@ -119,7 +119,7 @@ jobs:
# Build non-testing package image
- name: Build package image
if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev' && inputs.RELEASE != 'ui' && inputs.RELEASE != '1.5'
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
load: true
@ -157,7 +157,7 @@ jobs:
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
- name: Build test image
if: inputs.TEST == true
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
file: tests/linux/Dockerfile-${{ inputs.LINUX }}

2
.github/workflows/push-docker.yml vendored
View file

@ -87,7 +87,7 @@ jobs:
images: bunkerity/${{ inputs.IMAGE }}
# Build and push
- name: Build and push
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}

2
.github/workflows/push-packagecloud.yml vendored
View file

@ -42,7 +42,7 @@ jobs:
- name: Check out repository code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install ruby
uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: "3.0"
- name: Install packagecloud

15
.github/workflows/rc.yml vendored
View file

@ -110,7 +110,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
rhel-8,
@ -127,8 +126,6 @@ jobs:
package: deb
- linux: debian-trixie
package: deb
- linux: fedora-42
package: rpm
- linux: fedora-43
package: rpm
- linux: fedora-44
@ -236,7 +233,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
el-8,
@ -263,11 +259,6 @@ jobs:
suffix: ""
version: trixie
package: deb
- linux: fedora-42
separator: "-"
suffix: "1."
version: 42
package: rpm
- linux: fedora-43
separator: "-"
suffix: "1."
@ -307,9 +298,6 @@ jobs:
- linux: debian-trixie
arch: amd64
package_arch: amd64
- linux: fedora-42
arch: amd64
package_arch: x86_64
- linux: fedora-43
arch: amd64
package_arch: x86_64
@ -337,9 +325,6 @@ jobs:
- linux: debian-trixie
arch: arm64
package_arch: arm64
- linux: fedora-42
arch: arm64
package_arch: aarch64
- linux: fedora-43
arch: arm64
package_arch: aarch64

15
.github/workflows/release.yml vendored
View file

@ -120,7 +120,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
rhel-8,
@ -137,8 +136,6 @@ jobs:
package: deb
- linux: debian-trixie
package: deb
- linux: fedora-42
package: rpm
- linux: fedora-43
package: rpm
- linux: fedora-44
@ -242,7 +239,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
el-8,
@ -269,11 +265,6 @@ jobs:
suffix: ""
version: trixie
package: deb
- linux: fedora-42
separator: "-"
suffix: "1."
version: 42
package: rpm
- linux: fedora-43
separator: "-"
suffix: "1."
@ -313,9 +304,6 @@ jobs:
- linux: debian-trixie
arch: amd64
package_arch: amd64
- linux: fedora-42
arch: amd64
package_arch: x86_64
- linux: fedora-43
arch: amd64
package_arch: x86_64
@ -343,9 +331,6 @@ jobs:
- linux: debian-trixie
arch: arm64
package_arch: arm64
- linux: fedora-42
arch: arm64
package_arch: aarch64
- linux: fedora-43
arch: arm64
package_arch: aarch64

2
.github/workflows/scorecards-analysis.yml vendored
View file

@ -25,6 +25,6 @@ jobs:
results_format: sarif
publish_results: true
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
with:
sarif_file: results.sarif

2
.github/workflows/staging-create-infra.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install terraform
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1
- name: Install kubectl
uses: azure/setup-kubectl@829323503d1be3d00ca8346e5391ca0b07a9ab0d # v5.1.0
if: inputs.TYPE == 'k8s'

2
.github/workflows/staging-delete-infra.yml vendored
View file

@ -22,7 +22,7 @@ jobs:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install terraform
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: tf-${{ inputs.TYPE }}

11
.github/workflows/staging-tests.yml vendored
View file

@ -41,7 +41,7 @@ jobs:
- name: Install test dependencies
run: PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
- name: Install Terraform
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1
if: inputs.TYPE == 'k8s'
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
@ -81,9 +81,6 @@ jobs:
- name: Pull BW linux debian Trixie test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/debian-trixie-tests:testing && docker tag ghcr.io/bunkerity/debian-trixie-tests:testing local/debian-trixie:latest
- name: Pull BW linux fedora 42 test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/fedora-42-tests:testing && docker tag ghcr.io/bunkerity/fedora-42-tests:testing local/fedora-42:latest
- name: Pull BW linux fedora 43 test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/fedora-43-tests:testing && docker tag ghcr.io/bunkerity/fedora-43-tests:testing local/fedora-43:latest
@ -142,12 +139,6 @@ jobs:
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux fedora 42 tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && chmod +x ./tests/main.py && ./tests/main.py "linux" "fedora-42"
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux fedora 43 tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && chmod +x ./tests/main.py && ./tests/main.py "linux" "fedora-43"

10
.github/workflows/staging.yml vendored
View file

@ -53,7 +53,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
rhel-8,
@ -68,8 +67,6 @@ jobs:
package: deb
- linux: debian-trixie
package: deb
- linux: fedora-42
package: rpm
- linux: fedora-43
package: rpm
- linux: fedora-44
@ -189,7 +186,6 @@ jobs:
ubuntu,
debian-bookworm,
debian-trixie,
fedora-42,
fedora-43,
fedora-44,
el-8,
@ -219,12 +215,6 @@ jobs:
suffix: ""
version: trixie
package: deb
- linux: fedora-42
package_arch: x86_64
separator: "-"
suffix: "1."
version: 42
package: rpm
- linux: fedora-43
package_arch: x86_64
separator: "-"

1
BUILD.md
View file

@ -93,7 +93,6 @@ Linux package generation can be done directly with Docker in 2 steps:
- `ubuntu-jammy`
- `debian-bookworm`
- `debian-trixie`
- `fedora-42`
- `fedora-43`
- `fedora-44`
- `rhel-8`

20
CHANGELOG.md
View file

@ -1,12 +1,30 @@
# Changelog
## v1.6.10~rc7 - 2026/??/??
## v1.6.11~rc1 - ????/??/??
- [SECURITY] `nginx`: update nginx to 1.30.2 (except for Fedora as it is not yet available) to fix CVE-2026-9256 — a heap buffer overflow in `ngx_http_rewrite_module` with overlapping captures that could lead to worker-process arbitrary code execution.
- [SECURITY] `antibot`: Cap.js `script-src` now uses a strict per-request nonce (no more `'unsafe-inline'`); every challenge response also sends `Cache-Control: no-store`. Requires Cap.js widget `0.1.48`+.
- [SECURITY] `letsencrypt` (UI): harden delete + new heal flow — per-request scratch dir, `fcntl.flock`, `.`/`..` rejected in `cert_name`, DOMPurify + `markupsafe.escape` at every HTML sink, 500 on persistence failure; new `/letsencrypt/{orphans,accounts,cache-status,heal}` endpoints, per-row Heal button, sidebar orphan toast.
- [SECURITY] `linux`: `after-remove` hooks now preserve `/var/log/bunkerweb`, `/etc/bunkerweb`, `/var/lib/bunkerweb` and `/var/tmp` upgrade backups on plain uninstall (only purge wipes configs + DB; logs and backups always kept, disposal commands printed); upgrade backups are written via `install -m 0600 -o root -g root` (atomic) and any pre-existing world-readable backups are retro-tightened, closing a local-read window on admin credentials and the SQLite DB.
- [BUGFIX] `letsencrypt` (core): fix self-propagating cache poisoning that caused fleet-wide `certbot AccountNotFound`; add CA-agnostic consistency gate (LE + ZeroSSL paths), server-scoped `select_account_id`, auto-purge + re-register when the ACME server reports a pinned `--account` as deleted (stale-account JWS recovery), redacted-value `Configurator` WARN logs.
- [FEATURE] `scheduler`: new `SCHEDULER_MAX_WORKERS` env var caps the job-executor thread pool to bound DB-pool pressure on shared MariaDB/MySQL/PostgreSQL; auto default tightened from `min(8, cpu*4)` to `min(8, max(2, cpu*2))` and a warning is emitted when the resolved value exceeds `DATABASE_POOL_SIZE` + `DATABASE_POOL_MAX_OVERFLOW`.
- [FEATURE] `ui`: `ADMIN_PASSWORD` now also accepts a pre-hashed bcrypt value (`$2a$`/`$2b$`/`$2y$`), stored as-is so the plaintext never lands in env files or secrets (env create + `OVERRIDE_ADMIN_CREDS` paths only; wizard and profile still take plaintext). The strength policy is skipped for a hash, a cost factor below 12 logs a warning.
## v1.6.10 - 2026/05/19
- [SECURITY] `nginx` : update nginx to 1.30.1 to fix various CVEs
- [BUGFIX] `reverseproxy`: pin a `USE_UI=yes` service upstream to HTTP/1.1 so a global `REVERSE_PROXY_HTTP_VERSION=2` no longer locks out the web UI. (Fixes #3550)
- [BUGFIX] `autoconf`: fix Docker/Podman instance discovery looping on `No instance found`. Container conversion no longer assumes the inspect payload exposes `State.Health` (Podman/no-`HEALTHCHECK` may omit it): health falls back to run-state, env parsing is hardened, and the wait loop logs the exception instead of swallowing it.
- [ALL-IN-ONE] Update CrowdSec version to 1.7.8
## v1.6.10~rc7 - 2026/05/15
- [FEATURE] `installer`: `misc/install-bunkerweb.sh` interactive prompts now use a modern inline TUI via [gum](https://github.com/charmbracelet/gum) (`--tui` / `--no-tui` / `BW_INSTALL_TUI`). Three-tier dispatch — gum → whiptail (only if pre-installed) → plain `read` — keeps every host usable.
- [SECURITY] `ui`: neutralize CSV/XLSX formula injection (CWE-1236) in bans and reports exports. Server-side CSV now goes through `defusedcsv` (new pinned dep) and a shared `csv_safe()` helper escapes openpyxl XLSX cells; client-side DataTables `csv`/`excel`/`copy` buttons inherit the same rule via a global `bwCsvSafe` hook in `dataTableInit.js`. Cells whose first character is `= + - @ | %` are prefixed with `'`, and embedded `|` is backslash-escaped.
- [BUGFIX] `metrics`: bound per-worker LRU and per-key event-history arrays via new `MAX_LRU_HISTORY` setting (default `1k`) to close OSS RAM leak under high-cardinality block traffic.
- [BUGFIX] `metrics`: lower `METRICS_MAX_BLOCKED_REQUESTS_REDIS` default `100000``10k`.
- [BUGFIX] `datastore`: lower shared worker-LRU default `100000``1k`, configurable via new `DATASTORE_LRU_SIZE` global setting.
- [BUGFIX] `modsec` : fix memory leak in variables retrieval from modsecurity to lua
- [FEATURE] `metrics`/`misc`: `METRICS_MAX_BLOCKED_REQUESTS`, `METRICS_MAX_BLOCKED_REQUESTS_REDIS`, `MAX_LRU_HISTORY`, and `DATASTORE_LRU_SIZE` accept `k`/`m` shorthand.
- [UI] List pages: unrestricted `10/25/50/100` page-size dropdown, header checkbox selects current page only, with opt-in "Select all N matching" banner so bulk actions cover every page. (Fixes #3513)
- [FEATURE] `all-in-one`: embedded Redis now boots from a generated `/var/lib/bunkerweb/redis-runtime.conf` (copy of `/etc/redis.conf` + env-driven defaults for directives the conf is silent about). `.conf` always prevails; env vars `REDIS_MAXMEMORY`, `REDIS_MAXMEMORY_POLICY`, `REDIS_APPENDONLY`, `REDIS_SAVE`/`REDIS_SAVE_<N>` (BunkerWeb multi-value pattern; empty disables RDB) and `REDIS_PASSWORD` (wired to `requirepass`) only fill the gaps. Defaults follow the documented Redis Best Practices.

86
README.md
View file

@ -1,5 +1,5 @@
<p align="center">
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/misc/logo.png" height=100 width=350 />
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/misc/logo.png" height=100 width=350 />
</p>
<p align="center">
@ -40,7 +40,7 @@
&#124;
🧩 <a href="https://github.com/bunkerity/bunkerweb-templates">Templates</a>
&#124;
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/examples">Examples</a>
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/examples">Examples</a>
<br/>
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
&#124;
@ -60,14 +60,14 @@
# BunkerWeb
<p align="center">
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/intro-overview.svg" />
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/intro-overview.svg" />
</p>
BunkerWeb is a next-generation, open-source Web Application Firewall (WAF).
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default." BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) as a reverse proxy and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.6.10~rc7/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use cases. In other words, cybersecurity is no longer a hassle.
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default." BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) as a reverse proxy and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.6.11~rc1/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use cases. In other words, cybersecurity is no longer a hassle.
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.6.10~rc7/advanced/?utm_campaign=self&utm_source=github#security-tuning) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.6.10~rc7/plugins/?utm_campaign=self&utm_source=github).
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.6.11~rc1/advanced/?utm_campaign=self&utm_source=github#security-tuning) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.6.11~rc1/plugins/?utm_campaign=self&utm_source=github).
## Why BunkerWeb?
@ -94,7 +94,7 @@ A non-exhaustive list of security features:
- **Block known bad IPs** with external blacklists and DNSBL
- And much more...
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.6.10~rc7/advanced/?utm_campaign=self&utm_source=github#security-tuning) section of the documentation.
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.6.11~rc1/advanced/?utm_campaign=self&utm_source=github#security-tuning) section of the documentation.
## Demo
@ -129,13 +129,13 @@ When using BunkerWeb, you have the choice of the version you want to use: open-s
Whether it's enhanced security, an enriched user experience, or technical monitoring, the BunkerWeb PRO version allows you to fully benefit from BunkerWeb and meet your professional needs.
In the documentation or the user interface, PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.6.10~rc7/assets/img/pro-icon.svg" alt="crown pro icon" height="32px" width="32px"> to distinguish them from those integrated into the open-source version.
In the documentation or the user interface, PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.6.11~rc1/assets/img/pro-icon.svg" alt="crown pro icon" height="32px" width="32px"> to distinguish them from those integrated into the open-source version.
You can upgrade from the open-source version to the PRO one easily and at any time. The process is straightforward:
- Claim your [free trial on the BunkerWeb panel](https://panel.bunkerweb.io/store/bunkerweb-pro?utm_campaign=self&utm_source=doc) by using the `freetrial` promo code at checkout
- Once connected to the client area, copy your PRO license key
- Paste your license key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.6.10~rc7/web-ui/#upgrade-to-pro) or a [specific setting](https://docs.bunkerweb.io/1.6.10~rc7/features/#pro)
- Paste your license key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.6.11~rc1/web-ui/#upgrade-to-pro) or a [specific setting](https://docs.bunkerweb.io/1.6.11~rc1/features/#pro)
Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any questions regarding the PRO version.
@ -168,10 +168,10 @@ Community and social networks:
# Concepts
<p align="center">
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/concepts.svg" />
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/concepts.svg" />
</p>
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.6.10~rc7/concepts/?utm_campaign=self&utm_source=github).
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.6.11~rc1/concepts/?utm_campaign=self&utm_source=github).
## Integrations
@ -179,12 +179,12 @@ The first concept is the integration of BunkerWeb into the target environment. W
The following integrations are officially supported:
- [Docker](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#docker)
- [Linux](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#linux)
- [Docker autoconf](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Kubernetes](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Swarm](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Microsoft Azure](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#microsoft-azure)
- [Docker](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#docker)
- [Linux](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#linux)
- [Docker autoconf](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Kubernetes](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Swarm](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Microsoft Azure](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#microsoft-azure)
## Settings
@ -214,7 +214,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap
## Custom configurations
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.6.10~rc7/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.6.11~rc1/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
@ -223,7 +223,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall:
## Database
<p align="center">
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/bunkerweb_db.svg" />
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/bunkerweb_db.svg" />
</p>
The state of the current configuration of BunkerWeb is stored in a backend database which contains the following data:
@ -252,7 +252,7 @@ In other words, the scheduler is the brain of BunkerWeb.
<!--## BunkerWeb Cloud
<p align="center">
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/bunkerweb-cloud.webp" />
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/bunkerweb-cloud.webp" />
</p>
BunkerWeb Cloud is the easiest way to get started with BunkerWeb. It offers you a fully managed BunkerWeb service with no hassle. Think of it like a BunkerWeb-as-a-Service!
@ -262,7 +262,7 @@ You will find more information about BunkerWeb Cloud beta [here](https://www.bun
## Linux
<p align="center">
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/integration-linux.svg" />
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/integration-linux.svg" />
</p>
List of supported Linux distros:
@ -283,7 +283,7 @@ You will find more information in the [Linux section](https://docs.bunkerweb.io/
## Docker
<p align="center">
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/integration-docker.svg" />
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/integration-docker.svg" />
</p>
We provide ready-to-use prebuilt images for x64, x86, armv7, and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
@ -294,63 +294,63 @@ Docker integration key concepts are:
- **Scheduler** container to store configuration and execute jobs
- **Networks** to expose ports for clients and connect to upstream web services
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
## Docker autoconf
<p align="center">
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/integration-autoconf.svg" />
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/integration-autoconf.svg" />
</p>
The downside of using environment variables is that the container needs to be recreated each time there is an update, which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
## Kubernetes
<p align="center">
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/integration-kubernetes.svg" />
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/integration-kubernetes.svg" />
</p>
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
The official [Helm chart](https://helm.sh/) for BunkerWeb is available in the [bunkerity/bunkerweb-helm repository](https://github.com/bunkerity/bunkerweb-helm).
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
## Microsoft Azure
<p align="center">
<img alt="Azure banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/integration-azure.webp" />
<img alt="Azure banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/integration-azure.webp" />
</p>
BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and an ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/misc/integrations/azure-arm-template.json).
BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and an ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/misc/integrations/azure-arm-template.json).
You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation.
You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation.
## Swarm
<p align="center">
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/docs/assets/img/integration-swarm.svg" />
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/docs/assets/img/integration-swarm.svg" />
</p>
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.6.10~rc7/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.6.11~rc1/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
# Quickstart guide
Once you have set up BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.6.10~rc7/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the installation and first configuration to protect a web service.
Once you have set up BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.6.11~rc1/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the installation and first configuration to protect a web service.
# Security tuning
BunkerWeb offers many security features that you can configure with [features](https://docs.bunkerweb.io/1.6.10~rc7/features/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default," we strongly recommend you to tune them. By doing so, you will be able to ensure a security level of your choice but also manage false positives.
BunkerWeb offers many security features that you can configure with [features](https://docs.bunkerweb.io/1.6.11~rc1/features/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default," we strongly recommend you to tune them. By doing so, you will be able to ensure a security level of your choice but also manage false positives.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.6.10~rc7/advanced/?utm_campaign=self&utm_source=github#security-tuning) of the documentation.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.6.11~rc1/advanced/?utm_campaign=self&utm_source=github#security-tuning) of the documentation.
# Settings
@ -358,7 +358,7 @@ As a general rule, when multisite mode is enabled, if you want to apply settings
When settings are considered as "multiple," it means that you can have multiple groups of settings for the same feature by adding numbers as suffixes like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
Check the [features section](https://docs.bunkerweb.io/1.6.10~rc7/features/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
Check the [features section](https://docs.bunkerweb.io/1.6.11~rc1/features/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
# Web UI
@ -377,7 +377,7 @@ Here is the list of features offered by the web UI:
- Monitor job execution and restart them when needed
- View the logs and search patterns
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.6.10~rc7/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.6.11~rc1/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
# Plugins
@ -394,7 +394,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| **VirusTotal** | 1.9 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.9 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.6.10~rc7/plugins/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.6.11~rc1/plugins/?utm_campaign=self&utm_source=github) of the documentation.
# Language Support & Localization
@ -418,7 +418,7 @@ BunkerWeb UI supports multiple languages. Translations are managed in the `src/u
- Urdu (ur)
- Simplified Chinese (zh)
See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/src/ui/app/static/locales/README.md) for details on translation provenance and review status.
See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/src/ui/app/static/locales/README.md) for details on translation provenance and review status.
## Contributing Translations
@ -434,7 +434,7 @@ We welcome contributions to improve or add new locale files!
For updates, edit the relevant file and update the provenance table as needed.
See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/src/ui/app/static/locales/README.md) for full guidelines.
See the [locales/README.md](https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/src/ui/app/static/locales/README.md) for full guidelines.
# Support
@ -457,15 +457,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues)
# License
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/LICENSE.md).
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/LICENSE.md).
# Contribute
If you would like to contribute to the plugins, you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/CONTRIBUTING.md) to get started.
If you would like to contribute to the plugins, you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/CONTRIBUTING.md) to get started.
# Security policy
We take security bugs as serious issues and encourage responsible disclosure; see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.6.10-rc7/SECURITY.md) for more information.
We take security bugs as serious issues and encourage responsible disclosure; see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.6.11-rc1/SECURITY.md) for more information.
# Star History

110
docs/advanced.md
View file

@ -1,8 +1,8 @@
# Advanced usages
Many real-world use case examples are available in the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) folder of the GitHub repository.
Many real-world use case examples are available in the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) folder of the GitHub repository.
We also provide numerous boilerplates, such as YAML files for various integrations and database types. These are available in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) folder.
We also provide numerous boilerplates, such as YAML files for various integrations and database types. These are available in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) folder.
This section only focuses on advanced usages and security tuning, see the [features section](features.md) of the documentation to see all the available settings.
@ -85,7 +85,7 @@ You will find more settings about real IP in the [features section](features.md#
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Please note that if your container is already created, you will need to delete it and recreate it so the new environment variables will be updated.
@ -96,7 +96,7 @@ You will find more settings about real IP in the [features section](features.md#
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -104,7 +104,7 @@ You will find more settings about real IP in the [features section](features.md#
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -121,7 +121,7 @@ You will find more settings about real IP in the [features section](features.md#
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -129,7 +129,7 @@ You will find more settings about real IP in the [features section](features.md#
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -176,7 +176,7 @@ You will find more settings about real IP in the [features section](features.md#
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -184,7 +184,7 @@ You will find more settings about real IP in the [features section](features.md#
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -249,7 +249,7 @@ You will find more settings about real IP in the [features section](features.md#
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Please note that if your container is already created, you will need to delete it and recreate it so the new environment variables will be updated.
@ -260,7 +260,7 @@ You will find more settings about real IP in the [features section](features.md#
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -270,7 +270,7 @@ You will find more settings about real IP in the [features section](features.md#
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -288,7 +288,7 @@ You will find more settings about real IP in the [features section](features.md#
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -298,7 +298,7 @@ You will find more settings about real IP in the [features section](features.md#
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -350,7 +350,7 @@ You will find more settings about real IP in the [features section](features.md#
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -360,7 +360,7 @@ You will find more settings about real IP in the [features section](features.md#
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -485,8 +485,8 @@ The Manager is the brain of the cluster. It runs the Scheduler, Database, and op
```bash
# Download script and checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verify checksum
sha256sum -c install-bunkerweb.sh.sha256
@ -590,7 +590,7 @@ The Manager is the brain of the cluster. It runs the Scheduler, Database, and op
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: "192.168.1.11 192.168.1.12" # Replace with your worker IPs
@ -609,7 +609,7 @@ The Manager is the brain of the cluster. It runs the Scheduler, Database, and op
- bw-redis
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
ports:
- "7000:7000" # Expose the Web UI port
environment:
@ -692,7 +692,7 @@ Workers are the nodes that process incoming traffic.
```yaml title="docker-compose.yml"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -997,7 +997,7 @@ To enable systemd-resolved as your DNS resolver in BunkerWeb, set the `DNS_RESOL
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1025,7 +1025,7 @@ To enable systemd-resolved as your DNS resolver in BunkerWeb, set the `DNS_RESOL
- bw-dns
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1036,7 +1036,7 @@ To enable systemd-resolved as your DNS resolver in BunkerWeb, set the `DNS_RESOL
- bw-dns
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1150,7 +1150,7 @@ Some integrations provide more convenient ways to apply configurations, such as
}" \
-p 80:8080/tcp \
-p 443:8443/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Please note that if your container is already created, you will need to delete it and recreate it for the new environment variables to be applied.
@ -1190,7 +1190,7 @@ Some integrations provide more convenient ways to apply configurations, such as
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1213,7 +1213,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1256,7 +1256,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1326,7 +1326,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1556,7 +1556,7 @@ For complete list of settings regarding `stream` mode, please refer to the [feat
-p 443:8443/udp \
-p 10000:10000/tcp \
-p 20000:20000/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Please note that if your container is already created, you will need to delete it and recreate it for the new environment variables to be applied.
@ -1579,7 +1579,7 @@ For complete list of settings regarding `stream` mode, please refer to the [feat
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Keep it if you want to use Let's Encrypt automation when using http challenge type
- "10000:10000" # app1
@ -1594,7 +1594,7 @@ For complete list of settings regarding `stream` mode, please refer to the [feat
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance
@ -1645,7 +1645,7 @@ For complete list of settings regarding `stream` mode, please refer to the [feat
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Keep it if you want to use Let's Encrypt automation when using http challenge type
- "10000:10000" # app1
@ -1875,7 +1875,7 @@ For complete list of settings regarding `stream` mode, please refer to the [feat
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
# Keep it if you want to use Let's Encrypt automation when using http challenge type
- published: 80
@ -2005,7 +2005,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Please note that if your container is already created, you will need to delete it and recreate it for the new environment variables to be applied.
@ -2049,7 +2049,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2064,7 +2064,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance
@ -2158,7 +2158,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -2171,7 +2171,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service
@ -2186,7 +2186,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2426,7 +2426,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
volumes:
- /shared/www:/var/www/html
...
@ -2525,7 +2525,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for
```yaml
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
USE_IPv6: "yes"
@ -2668,7 +2668,7 @@ LOG_LEVEL_1=error
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2681,7 +2681,7 @@ LOG_LEVEL_1=error
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -2698,7 +2698,7 @@ LOG_LEVEL_1=error
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
volumes:
@ -2862,7 +2862,7 @@ You can configure the logging driver for your services in your `docker-compose.y
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
logging:
driver: "json-file"
options:
@ -2971,7 +2971,7 @@ The commonly used variables are:
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
If the container already exists, recreate it to apply the new environment.
@ -2982,7 +2982,7 @@ The commonly used variables are:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3001,7 +3001,7 @@ The commonly used variables are:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3044,7 +3044,7 @@ The commonly used variables are:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3343,12 +3343,12 @@ The **BunkerWeb MCP server** enables AI assistants like **Claude Code** and **Cl
### Docker Compose Example
A complete example is available in [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples/mcp-stack):
A complete example is available in [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples/mcp-stack):
```yaml
services:
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
API_TOKEN: "my-bearer-token-for-mcp"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db"
@ -4199,11 +4199,11 @@ Templates use Lua template syntax with the following delimiters:
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
# ... other settings (no environment variables needed here for custom pages)
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./templates:/custom_templates:ro
environment:
@ -4286,7 +4286,7 @@ Templates use Lua template syntax with the following delimiters:
spec:
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
env:
- name: CUSTOM_ERROR_PAGE
value: "/custom_templates/error.html"

8
docs/api.md
View file

@ -41,7 +41,7 @@ Choose the flavor that matches your environment.
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -54,7 +54,7 @@ Choose the flavor that matches your environment.
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -76,7 +76,7 @@ Choose the flavor that matches your environment.
- bw-db
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
<<: *bw-env
API_USERNAME: "admin"
@ -143,7 +143,7 @@ Choose the flavor that matches your environment.
-e SERVICE_API=yes \
-e API_WHITELIST_IPS="127.0.0.0/8" \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Linux"

4
docs/concepts.md
View file

@ -105,7 +105,7 @@ Please note that multisite mode is implicit when using the web User Interface. Y
!!! info "Going further"
You will find concrete examples of multisite mode in the [advanced usages](advanced.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) directory of the repository.
You will find concrete examples of multisite mode in the [advanced usages](advanced.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) directory of the repository.
## Custom configurations {#custom-configurations}
@ -126,7 +126,7 @@ Managing custom configurations from the web User Interface is done through the *
!!! info "Going further"
You will find concrete examples of custom configurations in the [advanced usages](advanced.md#custom-configurations) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) directory of the repository.
You will find concrete examples of custom configurations in the [advanced usages](advanced.md#custom-configurations) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) directory of the repository.
## Database

110
docs/de/advanced.md
View file

@ -1,8 +1,8 @@
# Fortgeschrittene Nutzungen
Viele Beispiele für reale Anwendungsfälle sind im Ordner [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) des GitHub-Repositorys verfügbar.
Viele Beispiele für reale Anwendungsfälle sind im Ordner [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) des GitHub-Repositorys verfügbar.
Wir stellen auch zahlreiche Boilerplates zur Verfügung, wie z. B. YAML-Dateien für verschiedene Integrationen und Datenbanktypen. Diese sind im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) verfügbar.
Wir stellen auch zahlreiche Boilerplates zur Verfügung, wie z. B. YAML-Dateien für verschiedene Integrationen und Datenbanktypen. Diese sind im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) verfügbar.
Dieser Abschnitt konzentriert sich nur auf fortgeschrittene Nutzungen und Sicherheits-Tuning. Informationen zu allen verfügbaren Einstellungen finden Sie im [Features-Abschnitt](features.md) der Dokumentation.
@ -85,7 +85,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Bitte beachten Sie, dass Sie, wenn Ihr Container bereits erstellt wurde, ihn löschen und neu erstellen müssen, damit die neuen Umgebungsvariablen aktualisiert werden.
@ -96,7 +96,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -104,7 +104,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -121,7 +121,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -129,7 +129,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -176,7 +176,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -184,7 +184,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -249,7 +249,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Bitte beachten Sie, dass Sie, wenn Ihr Container bereits erstellt wurde, ihn löschen und neu erstellen müssen, damit die neuen Umgebungsvariablen aktualisiert werden.
@ -260,7 +260,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -270,7 +270,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -288,7 +288,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -298,7 +298,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -350,7 +350,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -360,7 +360,7 @@ Weitere Einstellungen zur echten IP finden Sie im [Features-Abschnitt](features.
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -485,8 +485,8 @@ Der Manager ist das Gehirn des Clusters. Er führt den Scheduler, die Datenbank
```bash
# Skript und Checksumme laden
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Prüfsumme verifizieren
sha256sum -c install-bunkerweb.sh.sha256
@ -588,7 +588,7 @@ Der Manager ist das Gehirn des Clusters. Er führt den Scheduler, die Datenbank
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: "192.168.1.11 192.168.1.12" # Ersetzen durch die IPs Ihrer Worker
@ -607,7 +607,7 @@ Der Manager ist das Gehirn des Clusters. Er führt den Scheduler, die Datenbank
- bw-redis
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
ports:
- "7000:7000" # UI-Port veröffentlichen
environment:
@ -690,7 +690,7 @@ Worker sind die Knoten, die den eingehenden Verkehr verarbeiten.
```yaml title="docker-compose.yml"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -995,7 +995,7 @@ Um systemd-resolved als Ihren DNS-Resolver in BunkerWeb zu aktivieren, setzen Si
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1023,7 +1023,7 @@ Um systemd-resolved als Ihren DNS-Resolver in BunkerWeb zu aktivieren, setzen Si
- bw-dns
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1034,7 +1034,7 @@ Um systemd-resolved als Ihren DNS-Resolver in BunkerWeb zu aktivieren, setzen Si
- bw-dns
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1148,7 +1148,7 @@ Einige Integrationen bieten bequemere Möglichkeiten zum Anwenden von Konfigurat
}" \
-p 80:8080/tcp \
-p 443:8443/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Bitte beachten Sie, dass Sie, wenn Ihr Container bereits erstellt wurde, ihn löschen und neu erstellen müssen, damit die neuen Umgebungsvariablen angewendet werden.
@ -1188,7 +1188,7 @@ Einige Integrationen bieten bequemere Möglichkeiten zum Anwenden von Konfigurat
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1211,7 +1211,7 @@ Einige Integrationen bieten bequemere Möglichkeiten zum Anwenden von Konfigurat
```yaml
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1254,7 +1254,7 @@ Einige Integrationen bieten bequemere Möglichkeiten zum Anwenden von Konfigurat
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1324,7 +1324,7 @@ Einige Integrationen bieten bequemere Möglichkeiten zum Anwenden von Konfigurat
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1555,7 +1555,7 @@ Eine vollständige Liste der Einstellungen für den `stream`-Modus finden Sie im
-p 443:8443/udp \
-p 10000:10000/tcp \
-p 20000:20000/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Bitte beachten Sie, dass Sie, wenn Ihr Container bereits erstellt wurde, ihn löschen und neu erstellen müssen, damit die neuen Umgebungsvariablen angewendet werden.
@ -1578,7 +1578,7 @@ Eine vollständige Liste der Einstellungen für den `stream`-Modus finden Sie im
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Behalten, wenn Sie die Let's Encrypt-Automatisierung mit dem http-Challenge-Typ verwenden möchten
- "10000:10000" # app1
@ -1593,7 +1593,7 @@ Eine vollständige Liste der Einstellungen für den `stream`-Modus finden Sie im
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # Diese Einstellung ist obligatorisch, um die BunkerWeb-Instanz anzugeben
@ -1644,7 +1644,7 @@ Eine vollständige Liste der Einstellungen für den `stream`-Modus finden Sie im
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Behalten, wenn Sie die Let's Encrypt-Automatisierung mit dem http-Challenge-Typ verwenden möchten
- "10000:10000" # app1
@ -1874,7 +1874,7 @@ Eine vollständige Liste der Einstellungen für den `stream`-Modus finden Sie im
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
# Behalten, wenn Sie die Let's Encrypt-Automatisierung mit dem http-Challenge-Typ verwenden möchten
- published: 80
@ -2004,7 +2004,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Bitte beachten Sie, dass Sie, wenn Ihr Container bereits erstellt wurde, ihn löschen und neu erstellen müssen, damit die neuen Umgebungsvariablen angewendet werden.
@ -2048,7 +2048,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2063,7 +2063,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # Diese Einstellung ist obligatorisch, um die BunkerWeb-Instanz anzugeben
@ -2157,7 +2157,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -2170,7 +2170,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "" # Wir müssen die BunkerWeb-Instanz hier nicht angeben, da sie automatisch vom Autoconf-Dienst erkannt werden
@ -2185,7 +2185,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2425,7 +2425,7 @@ BunkerWeb unterstützt PHP über externe oder entfernte [PHP-FPM](https://www.ph
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
volumes:
- /shared/www:/var/www/html
...
@ -2524,7 +2524,7 @@ Standardmäßig lauscht BunkerWeb nur auf IPv4-Adressen und verwendet kein IPv6
```yaml
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
USE_IPv6: "yes"
@ -2667,7 +2667,7 @@ LOG_LEVEL_1=error
services:
bunkerweb:
# Dies ist der Name, der zur Identifikation der Instanz im Scheduler verwendet wird
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2680,7 +2680,7 @@ LOG_LEVEL_1=error
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Stellen Sie sicher, dass Sie den richtigen Instanznamen setzen
@ -2697,7 +2697,7 @@ LOG_LEVEL_1=error
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
volumes:
@ -2861,7 +2861,7 @@ Sie können den Protokollierungstreiber für Ihre Dienste in Ihrer `docker-compo
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
logging:
driver: "json-file"
options:
@ -2970,7 +2970,7 @@ Die üblichen Variablen sind:
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Wenn der Container bereits existiert, erstellen Sie ihn neu, um die neue Umgebung anzuwenden.
@ -2981,7 +2981,7 @@ Die üblichen Variablen sind:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3000,7 +3000,7 @@ Die üblichen Variablen sind:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3043,7 +3043,7 @@ Die üblichen Variablen sind:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3342,12 +3342,12 @@ Der **BunkerWeb MCP-Server** ermöglicht es KI-Assistenten wie **Claude Code** u
### Docker Compose Beispiel
Ein vollständiges Beispiel ist in [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples/mcp-stack) verfügbar:
Ein vollständiges Beispiel ist in [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples/mcp-stack) verfügbar:
```yaml
services:
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
API_TOKEN: "my-bearer-token-for-mcp"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db"
@ -4209,11 +4209,11 @@ Vorlagen verwenden Lua-Vorlagensyntax mit den folgenden Trennzeichen:
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
# ... andere Einstellungen (keine Umgebungsvariablen für Custom Pages hier benötigt)
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./templates:/custom_templates:ro
environment:
@ -4296,7 +4296,7 @@ Vorlagen verwenden Lua-Vorlagensyntax mit den folgenden Trennzeichen:
spec:
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
env:
- name: CUSTOM_ERROR_PAGE
value: "/custom_templates/error.html"

8
docs/de/api.md
View file

@ -41,7 +41,7 @@ Wählen Sie die Variante, die zu Ihrer Umgebung passt.
services:
bunkerweb:
# Name, unter dem die Instanz im Scheduler erscheint
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -54,7 +54,7 @@ Wählen Sie die Variante, die zu Ihrer Umgebung passt.
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Instanznamen korrekt setzen
@ -76,7 +76,7 @@ Wählen Sie die Variante, die zu Ihrer Umgebung passt.
- bw-db
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
<<: *bw-env
API_USERNAME: "admin"
@ -143,7 +143,7 @@ Wählen Sie die Variante, die zu Ihrer Umgebung passt.
-e SERVICE_API=yes \
-e API_WHITELIST_IPS="127.0.0.0/8" \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Linux"

4
docs/de/concepts.md
View file

@ -105,7 +105,7 @@ Bitte beachten Sie, dass der Multisite-Modus bei Verwendung der Web-Benutzerober
!!! info "Weiterführende Informationen"
Konkrete Beispiele für den Multisite-Modus finden Sie in den [fortgeschrittenen Nutzungen](advanced.md) der Dokumentation und im [Beispiele](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples)-Verzeichnis des Repositorys.
Konkrete Beispiele für den Multisite-Modus finden Sie in den [fortgeschrittenen Nutzungen](advanced.md) der Dokumentation und im [Beispiele](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples)-Verzeichnis des Repositorys.
## Benutzerdefinierte Konfigurationen {#custom-configurations}
@ -126,7 +126,7 @@ Die Verwaltung benutzerdefinierter Konfigurationen über die Web-Benutzeroberfl
!!! info "Weiterführende Informationen"
Konkrete Beispiele für benutzerdefinierte Konfigurationen finden Sie in den [fortgeschrittenen Nutzungen](advanced.md#custom-configurations) der Dokumentation und im [Beispiele](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples)-Verzeichnis des Repositorys.
Konkrete Beispiele für benutzerdefinierte Konfigurationen finden Sie in den [fortgeschrittenen Nutzungen](advanced.md#custom-configurations) der Dokumentation und im [Beispiele](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples)-Verzeichnis des Repositorys.
## Datenbank

40
docs/de/features.md
View file

@ -574,6 +574,7 @@ Beispiele:
- Verwenden Sie in Produktion HTTPS für `ANTIBOT_CAPJS_FRONTEND_URL`. Der Browser-Worker benötigt `crypto.subtle` in einem sicheren Kontext, und HTTPS verhindert MITM-Manipulationen am Widget.
- Konfigurieren Sie CORS für den Cap.js-Site-Schlüssel, damit der geschützte Origin erlaubt ist.
- Setzen Sie `ANTIBOT_CAPJS_FRONTEND_URL` und `ANTIBOT_CAPJS_BACKEND_URL` nur auf den Origin: Schema, Host und optionaler Port, ohne Pfad.
- Verwenden Sie das Cap.js-Widget **0.1.48 oder neuer**. BunkerWeb liefert eine strikte, nonce-basierte CSP aus; ältere Widgets brechen Instrumentierungs-Challenges, weil das eingebettete `<script>` im isolierten `srcdoc`-iframe den Nonce nicht weitergibt. Wenn Sie `tiago2/cap` selbst hosten, pinnen Sie ein aktuelles Tag (z. B. `tiago2/cap:3.1.2` oder neuer) oder setzen Sie `WIDGET_VERSION` auf `0.1.48` oder neuer.
Weitere Optionen finden Sie in den [Allgemeinen Parametern](#allgemeine-parameter).
@ -1831,7 +1832,7 @@ Die folgenden Abschnitte führen diese Schritte im Detail durch.
services:
bunkerweb:
# Dies ist der Name, der zur Identifizierung der Instanz im Scheduler verwendet wird
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1848,7 +1849,7 @@ Die folgenden Abschnitte führen diese Schritte im Detail durch.
syslog-address: "udp://10.20.30.254:514" # Die IP-Adresse des syslog-Dienstes
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Stellen Sie sicher, dass Sie den richtigen Instanznamen festlegen
@ -1882,7 +1883,7 @@ Die folgenden Abschnitte führen diese Schritte im Detail durch.
- bw-db
crowdsec:
image: crowdsecurity/crowdsec:v1.7.7 # Verwenden Sie die neueste Version, aber pinnen Sie immer die Version für bessere Stabilität/Sicherheit
image: crowdsecurity/crowdsec:v1.7.8 # Verwenden Sie die neueste Version, aber pinnen Sie immer die Version für bessere Stabilität/Sicherheit
volumes:
- cs-data:/var/lib/crowdsec/data # Zum Persistieren der CrowdSec-Daten
- bw-logs:/var/log:ro # Die BunkerWeb-Protokolle, die von CrowdSec analysiert werden sollen
@ -3444,6 +3445,39 @@ Das Limit-Plugin in BunkerWeb bietet robuste Funktionen zur Durchsetzung von Beg
LIMIT_CONN_MAX_STREAM: "20"
```
## Load Balancer <img src='../../assets/img/pro-icon.svg' alt='crown pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
<p align='center'><iframe style='display: block;' width='560' height='315' data-src='https://www.youtube-nocookie.com/embed/cOVp0rAt5nw?si=iVhDio8o8S4F_uag' title='Load Balancer' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture' allowfullscreen></iframe></p>
Eine ausführlichere Anleitung finden Sie in der Dokumentation zur [erweiterten Nutzung](advanced.md#load-balancer-pro).
STREAM-Unterstützung :x:
Provides load balancing feature to group of upstreams with optional healthchecks.
| Einstellung | Standardwert | Kontext | Mehrfach | Beschreibung |
| ----------------------------------------- | ------------- | ------- | -------- | ------------------------------------------------------------------ |
| `LOADBALANCER_HEALTHCHECK_DICT_SIZE` | `10m` | global | nein | Shared dict size (datastore for all healthchecks). |
| `LOADBALANCER_UPSTREAM_NAME` | | global | ja | Name of the upstream (used in REVERSE_PROXY_HOST). |
| `LOADBALANCER_UPSTREAM_SERVERS` | | global | ja | List of servers/IPs in the server group. |
| `LOADBALANCER_UPSTREAM_MODE` | `round-robin` | global | ja | Load balancing mode (round-robin or sticky). |
| `LOADBALANCER_UPSTREAM_STICKY_METHOD` | `ip` | global | ja | Sticky session method (ip or cookie). |
| `LOADBALANCER_UPSTREAM_RESOLVE` | `no` | global | ja | Dynamically resolve upstream hostnames. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE` | | global | ja | Number of keepalive connections to cache per worker. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIMEOUT` | `60s` | global | ja | Keepalive timeout for upstream connections. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIME` | `1h` | global | ja | Keepalive time for upstream connections. |
| `LOADBALANCER_HEALTHCHECK_URL` | `/status` | global | ja | The healthcheck URL. |
| `LOADBALANCER_HEALTHCHECK_INTERVAL` | `2000` | global | ja | Healthcheck interval in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_TIMEOUT` | `1000` | global | ja | Healthcheck timeout in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_FALL` | `3` | global | ja | Number of failed healthchecks before marking the server as down. |
| `LOADBALANCER_HEALTHCHECK_RISE` | `1` | global | ja | Number of successful healthchecks before marking the server as up. |
| `LOADBALANCER_HEALTHCHECK_VALID_STATUSES` | `200` | global | ja | HTTP status considered valid in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_CONCURRENCY` | `10` | global | ja | Maximum number of concurrent healthchecks. |
| `LOADBALANCER_HEALTHCHECK_TYPE` | `http` | global | ja | Type of healthcheck (http or https). |
| `LOADBALANCER_HEALTHCHECK_SSL_VERIFY` | `yes` | global | ja | Verify SSL certificate in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_HOST` | | global | ja | Host header for healthchecks (useful for HTTPS). |
## Metrics
STREAM-Unterstützung :warning:

129
docs/de/integrations.md
View file

@ -1268,7 +1268,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Standardmäßig stellt der Container Folgendes bereit:
@ -1284,7 +1284,7 @@ Ein benanntes Volume (oder Bind-Mount) ist erforderlich, um die unter `/data` ge
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1362,7 +1362,7 @@ docker run -d \
-e API_PASSWORD=StrongP@ssw0rd \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
-p 8888:8888/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Empfohlen (hinter BunkerWeb) — veröffentlichen Sie `8888` nicht; verwenden Sie stattdessen einen Reverse-Proxy:
@ -1370,7 +1370,7 @@ Empfohlen (hinter BunkerWeb) — veröffentlichen Sie `8888` nicht; verwenden Si
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
ports:
- "80:8080/tcp"
@ -1446,7 +1446,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7```
bunkerity/bunkerweb-all-in-one:1.6.11-rc1```
* Wenn `USE_CROWDSEC=yes`, wird das Einstiegsskript:
@ -1500,7 +1500,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
!!! info "Wie es intern funktioniert"
@ -1522,7 +1522,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Hinweise:
@ -1558,7 +1558,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* Die **lokale Registrierung** wird übersprungen, wenn `CROWDSEC_API` nicht `127.0.0.1` oder `localhost` ist.
@ -1590,13 +1590,13 @@ Um Ihre Docker-Bereitstellung zu erleichtern, stellen wir auf [Docker Hub](https
Durch den Zugriff auf diese vorgefertigten Images von Docker Hub können Sie BunkerWeb schnell in Ihrer Docker-Umgebung ziehen und ausführen, wodurch umfangreiche Konfigurations- oder Einrichtungsprozesse entfallen. Dieser optimierte Ansatz ermöglicht es Ihnen, sich auf die Nutzung der Funktionen von BunkerWeb zu konzentrieren, ohne unnötige Komplexität.
```shell
docker pull bunkerity/bunkerweb:1.6.10-rc7
docker pull bunkerity/bunkerweb:1.6.11-rc1
```
Docker-Images sind auch auf [GitHub-Paketen](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) verfügbar und können über die Repository-Adresse `ghcr.io` heruntergeladen werden:
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.6.10-rc7
docker pull ghcr.io/bunkerity/bunkerweb:1.6.11-rc1
```
Schlüsselkonzepte für die Docker-Integration sind:
@ -1606,7 +1606,7 @@ Schlüsselkonzepte für die Docker-Integration sind:
- **Netzwerke**: Docker-Netzwerke spielen eine wichtige Rolle bei der Integration von BunkerWeb. Diese Netzwerke dienen zwei Hauptzwecken: dem Bereitstellen von Ports für Clients und dem Verbinden mit Upstream-Webdiensten. Durch das Bereitstellen von Ports kann BunkerWeb eingehende Anfragen von Clients annehmen und ihnen den Zugriff auf die geschützten Webdienste ermöglichen. Darüber hinaus kann BunkerWeb durch die Verbindung mit Upstream-Webdiensten den Datenverkehr effizient weiterleiten und verwalten und so eine verbesserte Sicherheit und Leistung bieten.
!!! info "Datenbank-Backend"
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie SQLite als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Es werden jedoch auch andere Datenbank-Backends unterstützt. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) des Repositorys.
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie SQLite als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Es werden jedoch auch andere Datenbank-Backends unterstützt. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) des Repositorys.
### Umgebungsvariablen
@ -1616,7 +1616,7 @@ Einstellungen werden dem Scheduler über Docker-Umgebungsvariablen übergeben:
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- MY_SETTING=value
- ANOTHER_SETTING=another value
@ -1660,7 +1660,7 @@ Dadurch wird sichergestellt, dass sensible Einstellungen aus der Umgebung und de
Der [Scheduler](concepts.md#scheduler) läuft in seinem eigenen Container, der auch auf Docker Hub verfügbar ist:
```shell
docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
docker pull bunkerity/bunkerweb-scheduler:1.6.11-rc1
```
!!! info "BunkerWeb-Einstellungen"
@ -1681,7 +1681,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
environment:
# Dies setzt die API-Einstellungen für den BunkerWeb-Container
<<: *bw-api-env
@ -1690,7 +1690,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
- bw-universe
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
# Dies setzt die API-Einstellungen für den Scheduler-Container
<<: *bw-api-env
@ -1708,7 +1708,7 @@ Ein Volume wird benötigt, um die vom Scheduler verwendete SQLite-Datenbank und
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1777,6 +1777,7 @@ Der Scheduler ist der Control-Plane-Worker, der Einstellungen liest, Konfigurati
| `DISABLE_CONFIGURATION_TESTING` | Konfigtests vor dem Anwenden überspringen | `yes` oder `no` | `no` |
| `IGNORE_FAIL_SENDING_CONFIG` | Fortfahren, auch wenn einige Instanzen keine Konfig erhalten | `yes` oder `no` | `no` |
| `IGNORE_REGEX_CHECK` | Regex-Validierung für Einstellungen überspringen (geteilt mit Autoconf) | `yes` oder `no` | `no` |
| `SCHEDULER_MAX_WORKERS` | Maximale Anzahl an Worker-Threads im Job-Executor des Schedulers. Jeder laufende Thread kann eine DB-Verbindung halten, was die DB-Pool-Belastung auf Scheduler-Seite begrenzt. Beim Start wird eine Warnung ausgegeben, wenn der ermittelte Wert `DATABASE_POOL_SIZE` + `DATABASE_POOL_MAX_OVERFLOW` überschreitet. | Positive Ganzzahl | `min(8, max(2, cpu_count*2))` |
| `TZ` | Zeitzone für Scheduler-Logs, Cron-ähnliche Jobs, Backups und Zeitstempel | TZ-Datenbank-Name (z. B. `UTC`, `Europe/Paris`) | unset (Container-Standard, meist UTC) |
##### Datenbank
@ -1854,7 +1855,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1867,7 +1868,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # Diese Einstellung ist obligatorisch, um die BunkerWeb-Instanz anzugeben
@ -1900,7 +1901,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1913,7 +1914,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
depends_on:
- bunkerweb
environment:
@ -1979,8 +1980,8 @@ Um zu beginnen, laden Sie das Installationsskript und seine Prüfsumme herunter
```bash
# Skript und Prüfsumme herunterladen
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Prüfsumme überprüfen
sha256sum -c install-bunkerweb.sh.sha256
@ -2056,7 +2057,7 @@ Für nicht-interaktive oder automatisierte Setups kann das Skript mit Befehlszei
| Option | Beschreibung |
| ----------------------- | ------------------------------------------------------------------------------------------- |
| `-v, --version VERSION` | Gibt die zu installierende BunkerWeb-Version an (z. B. `1.6.10~rc7`). |
| `-v, --version VERSION` | Gibt die zu installierende BunkerWeb-Version an (z. B. `1.6.11~rc1`). |
| `-w, --enable-wizard` | Aktiviert den Einrichtungsassistenten. |
| `-n, --no-wizard` | Deaktiviert den Einrichtungsassistenten. |
| `-y, --yes` | Führt im nicht-interaktiven Modus mit Standardantworten für alle Eingabeaufforderungen aus. |
@ -2123,7 +2124,7 @@ sudo ./install-bunkerweb.sh --yes
sudo ./install-bunkerweb.sh --worker --no-wizard
# Eine bestimmte Version installieren
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Manager-Setup mit entfernten Worker-Instanzen (Instanzen erforderlich)
sudo ./install-bunkerweb.sh --manager --instances "192.168.1.10 192.168.1.11"
@ -2231,7 +2232,7 @@ Abhängig von Ihren Entscheidungen während der Installation:
### Installation mit dem Paketmanager
Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie BunkerWeb installieren**. Für alle Distributionen ist es zwingend erforderlich, vorgefertigte Pakete aus dem [offiziellen NGINX-Repository](https://nginx.org/en/linux_packages.html) zu verwenden. Das Kompilieren von NGINX aus dem Quellcode oder die Verwendung von Paketen aus verschiedenen Repositories funktioniert nicht mit den offiziellen vorgefertigten Paketen von BunkerWeb. Sie haben jedoch die Möglichkeit, BunkerWeb aus dem Quellcode zu erstellen.
Bitte stellen Sie sicher, dass Sie **NGINX 1.30.2 installiert haben, bevor Sie BunkerWeb installieren**. Für alle Distributionen ist es zwingend erforderlich, vorgefertigte Pakete aus dem [offiziellen NGINX-Repository](https://nginx.org/en/linux_packages.html) zu verwenden. Das Kompilieren von NGINX aus dem Quellcode oder die Verwendung von Paketen aus verschiedenen Repositories funktioniert nicht mit den offiziellen vorgefertigten Paketen von BunkerWeb. Sie haben jedoch die Möglichkeit, BunkerWeb aus dem Quellcode zu erstellen.
=== "Debian Bookworm/Trixie"
@ -2246,11 +2247,11 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
| sudo tee /etc/apt/sources.list.d/nginx.list
```
Sie sollten jetzt NGINX 1.30.0 installieren können:
Sie sollten jetzt NGINX 1.30.2 installieren können:
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Testing/dev-Version"
@ -2267,12 +2268,12 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
export UI_WIZARD=no
```
Und installieren Sie schließlich BunkerWeb 1.6.10~rc7:
Und installieren Sie schließlich BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Um ein Upgrade der NGINX- und/oder BunkerWeb-Pakete bei der Ausführung von `apt upgrade` zu verhindern, können Sie den folgenden Befehl verwenden:
@ -2294,11 +2295,11 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
| sudo tee /etc/apt/sources.list.d/nginx.list
```
Sie sollten jetzt NGINX 1.30.0 installieren können:
Sie sollten jetzt NGINX 1.30.2 installieren können:
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Testing/dev-Version"
@ -2315,12 +2316,12 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
export UI_WIZARD=no
```
Und installieren Sie schließlich BunkerWeb 1.6.10~rc7:
Und installieren Sie schließlich BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Um ein Upgrade der NGINX- und/oder BunkerWeb-Pakete bei der Ausführung von `apt upgrade` zu verhindern, können Sie den folgenden Befehl verwenden:
@ -2338,10 +2339,10 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
sudo dnf config-manager setopt updates-testing.enabled=1
```
Fedora stellt bereits NGINX 1.30.0 zur Verfügung, das wir unterstützen
Fedora stellt bereits NGINX 1.30.1 zur Verfügung, das wir unterstützen
```shell
sudo dnf install -y --allowerasing nginx-1.30.0
sudo dnf install -y --allowerasing nginx-1.30.1
```
!!! example "Einrichtungsassistenten deaktivieren"
@ -2351,12 +2352,12 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
export UI_WIZARD=no
```
Und installieren Sie schließlich BunkerWeb 1.6.10~rc7:
Und installieren Sie schließlich BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf makecache && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Um ein Upgrade der NGINX- und/oder BunkerWeb-Pakete bei der Ausführung von `dnf upgrade` zu verhindern, können Sie den folgenden Befehl verwenden:
@ -2388,10 +2389,10 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
module_hotfixes=true
```
Sie sollten jetzt NGINX 1.30.0 installieren können:
Sie sollten jetzt NGINX 1.30.2 installieren können:
```shell
sudo dnf install --allowerasing nginx-1.30.0
sudo dnf install --allowerasing nginx-1.30.2
```
!!! example "Einrichtungsassistenten deaktivieren"
@ -2401,12 +2402,12 @@ Bitte stellen Sie sicher, dass Sie **NGINX 1.30.0 installiert haben, bevor Sie B
export UI_WIZARD=no
```
Und installieren Sie schließlich BunkerWeb 1.6.10~rc7:
Und installieren Sie schließlich BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Um ein Upgrade der NGINX- und/oder BunkerWeb-Pakete bei der Ausführung von `dnf upgrade` zu verhindern, können Sie den folgenden Befehl verwenden:
@ -2498,7 +2499,7 @@ Durch die Übernahme dieses Ansatzes können Sie eine Echtzeit-Rekonfiguration v
Die Docker Autoconf-Integration impliziert die Verwendung des **Multisite-Modus**. Weitere Informationen finden Sie im [Multisite-Abschnitt](concepts.md#multisite-mode) der Dokumentation.
!!! info "Datenbank-Backend"
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie MariaDB als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Wir verstehen jedoch, dass Sie möglicherweise alternative Backends für Ihre Docker-Integration bevorzugen. In diesem Fall können Sie sicher sein, dass auch andere Datenbank-Backends möglich sind. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) des Repositorys.
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie MariaDB als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Wir verstehen jedoch, dass Sie möglicherweise alternative Backends für Ihre Docker-Integration bevorzugen. In diesem Fall können Sie sicher sein, dass auch andere Datenbank-Backends möglich sind. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) des Repositorys.
Um automatisierte Konfigurationsupdates zu ermöglichen, fügen Sie einen zusätzlichen Container namens `bw-autoconf` zum Stack hinzu. Dieser Container hostet den Autoconf-Dienst, der dynamische Konfigurationsänderungen für BunkerWeb verwaltet.
@ -2512,7 +2513,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2527,7 +2528,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # Wir müssen die BunkerWeb-Instanz hier nicht angeben, da sie automatisch vom Autoconf-Dienst erkannt werden
@ -2542,7 +2543,7 @@ services:
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2711,7 +2712,7 @@ Wenn `AUTOCONF_DISABLE_CLEANUP=yes` am `bw-autoconf`-Container gesetzt ist:
```yaml
services:
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
AUTOCONF_MODE: "yes"
AUTOCONF_DISABLE_CLEANUP: "yes" # entfernte Dienste als Entwürfe beibehalten
@ -2747,13 +2748,13 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
- "bunkerweb.NAMESPACE=my-namespace" # Setzen Sie den Namespace für die BunkerWeb-Instanz, damit der Autoconf-Dienst sie erkennen kann
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
...
NAMESPACES: "my-namespace my-other-namespace" # Lauschen Sie nur auf diese Namespaces
@ -2805,7 +2806,7 @@ Für eine optimale Einrichtung wird empfohlen, BunkerWeb als **[DaemonSet](https
Angesichts des Vorhandenseins mehrerer BunkerWeb-Instanzen ist es erforderlich, einen gemeinsamen Datenspeicher zu implementieren, der als [Redis](https://redis.io/)- oder [Valkey](https://valkey.io/)-Dienst realisiert wird. Dieser Dienst wird von den Instanzen genutzt, um Daten zwischen ihnen zu cachen und zu teilen. Weitere Informationen zu den Redis/Valkey-Einstellungen finden Sie [hier](features.md#redis).
!!! info "Datenbank-Backend"
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie MariaDB als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Wir verstehen jedoch, dass Sie möglicherweise alternative Backends für Ihre Docker-Integration bevorzugen. In diesem Fall können Sie sicher sein, dass auch andere Datenbank-Backends möglich sind. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) des Repositorys.
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie MariaDB als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Wir verstehen jedoch, dass Sie möglicherweise alternative Backends für Ihre Docker-Integration bevorzugen. In diesem Fall können Sie sicher sein, dass auch andere Datenbank-Backends möglich sind. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) des Repositorys.
Die Einrichtung von geclusterten Datenbank-Backends liegt außerhalb des Geltungsbereichs dieser Dokumentation.
@ -2920,7 +2921,7 @@ The **BunkerWeb controller** automatically discovers pods with BunkerWeb sidecar
```yaml
controller:
enabled: true
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
```
2. For each sidecar, add:
@ -3013,7 +3014,7 @@ In your BunkerWeb chart `values.yaml`, configure the `BUNKERWEB_INSTANCES` envir
```yaml
scheduler:
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
extraEnvs:
- name: BUNKERWEB_INSTANCES
value: "http://app1-bunkerweb-workers.namespace.svc.cluster.local:5000 http://app2-bunkerweb-workers.namespace.svc.cluster.local:5000"
@ -3057,7 +3058,7 @@ spec:
# BunkerWeb Sidecar
- name: bunkerweb
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- containerPort: 8080 # Exposed HTTP port
- containerPort: 5000 # Internal API (mandatory)
@ -3328,7 +3329,7 @@ To add a new application protected by BunkerWeb:
#### Vollständige YAML-Dateien
Anstatt das Helm-Chart zu verwenden, können Sie auch die YAML-Vorlagen im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) des GitHub-Repositorys verwenden. Bitte beachten Sie, dass wir dringend empfehlen, stattdessen das Helm-Chart zu verwenden.
Anstatt das Helm-Chart zu verwenden, können Sie auch die YAML-Vorlagen im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) des GitHub-Repositorys verwenden. Bitte beachten Sie, dass wir dringend empfehlen, stattdessen das Helm-Chart zu verwenden.
### Ingress-Ressourcen
@ -3476,7 +3477,7 @@ metadata:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
imagePullPolicy: Always
env:
- name: NAMESPACES
@ -3650,11 +3651,11 @@ service:
# BunkerWeb-Einstellungen
bunkerweb:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# Scheduler-Einstellungen
scheduler:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
extraEnvs:
# Aktivieren Sie das Real-IP-Modul, um die echte IP der Clients zu erhalten
- name: USE_REAL_IP
@ -3662,11 +3663,11 @@ scheduler:
# Controller-Einstellungen
controller:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# UI-Einstellungen
ui:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
```
Installieren Sie BunkerWeb mit benutzerdefinierten Werten:
@ -4288,7 +4289,7 @@ Da mehrere Instanzen von BunkerWeb ausgeführt werden, muss ein gemeinsamer Date
Was das Datenbank-Volume betrifft, so gibt die Dokumentation keinen spezifischen Ansatz vor. Die Wahl eines freigegebenen Ordners oder eines bestimmten Treibers für das Datenbank-Volume hängt von Ihrem einzigartigen Anwendungsfall ab und bleibt dem Leser als Übung überlassen.
!!! info "Datenbank-Backend"
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie MariaDB als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Wir verstehen jedoch, dass Sie möglicherweise alternative Backends für Ihre Docker-Integration bevorzugen. In diesem Fall können Sie sicher sein, dass auch andere Datenbank-Backends möglich sind. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) des Repositorys.
Bitte beachten Sie, dass unsere Anweisungen davon ausgehen, dass Sie MariaDB als Standard-Datenbank-Backend verwenden, wie durch die Einstellung `DATABASE_URI` konfiguriert. Wir verstehen jedoch, dass Sie möglicherweise alternative Backends für Ihre Docker-Integration bevorzugen. In diesem Fall können Sie sicher sein, dass auch andere Datenbank-Backends möglich sind. Weitere Informationen finden Sie in den docker-compose-Dateien im Ordner [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) des Repositorys.
Die Einrichtung von geclusterten Datenbank-Backends liegt außerhalb des Geltungsbereichs dieser Dokumentation.
@ -4302,7 +4303,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -4331,7 +4332,7 @@ services:
- "bunkerweb.INSTANCE=yes" # Obligatorisches Label für den Autoconf-Dienst, um die BunkerWeb-Instanz zu identifizieren
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # Wir müssen die BunkerWeb-Instanz hier nicht angeben, da sie automatisch vom Autoconf-Dienst erkannt werden
@ -4352,7 +4353,7 @@ services:
- "node.role == worker"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
SWARM_MODE: "yes"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Denken Sie daran, ein stärkeres Passwort für die Datenbank festzulegen
@ -4504,7 +4505,7 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
deploy:
mode: global
@ -4516,7 +4517,7 @@ networks:
- "bunkerweb.NAMESPACE=my-namespace" # Setzen Sie den Namespace für die BunkerWeb-Instanz
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
NAMESPACES: "my-namespace my-other-namespace" # Lauschen Sie nur auf diese Namespaces
...

14
docs/de/plugins.md
View file

@ -89,7 +89,7 @@ Der erste Schritt besteht darin, das Plugin zu installieren, indem Sie seine Dat
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -124,7 +124,7 @@ Der erste Schritt besteht darin, das Plugin zu installieren, indem Sie seine Dat
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -167,7 +167,7 @@ Der erste Schritt besteht darin, das Plugin zu installieren, indem Sie seine Dat
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -214,7 +214,7 @@ Der erste Schritt besteht darin, das Plugin zu installieren, indem Sie seine Dat
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -254,7 +254,7 @@ Der erste Schritt besteht darin, das Plugin zu installieren, indem Sie seine Dat
!!! tip "Bestehende Plugins"
Wenn die Dokumentation nicht ausreicht, können Sie sich den bestehenden Quellcode der [offiziellen Plugins](https://github.com/bunkerity/bunkerweb-plugins) und der [Kern-Plugins](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/common/core) ansehen (bereits in BunkerWeb enthalten, aber technisch gesehen sind es Plugins).
Wenn die Dokumentation nicht ausreicht, können Sie sich den bestehenden Quellcode der [offiziellen Plugins](https://github.com/bunkerity/bunkerweb-plugins) und der [Kern-Plugins](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/common/core) ansehen (bereits in BunkerWeb enthalten, aber technisch gesehen sind es Plugins).
Wie eine Plugin-Struktur aussieht:
```
@ -478,7 +478,7 @@ Die deklarierten Funktionen werden automatisch in bestimmten Kontexten aufgerufe
#### Bibliotheken
Alle Direktiven aus dem [NGINX LUA-Modul](https://github.com/openresty/lua-nginx-module) und dem [NGINX Stream LUA-Modul](https://github.com/openresty/stream-lua-nginx-module) sind verfügbar. Darüber hinaus können Sie die in BunkerWeb enthaltenen LUA-Bibliotheken verwenden: siehe [dieses Skript](https://github.com/bunkerity/bunkerweb/blob/v1.6.10-rc7/src/deps/clone.sh) für die vollständige Liste.
Alle Direktiven aus dem [NGINX LUA-Modul](https://github.com/openresty/lua-nginx-module) und dem [NGINX Stream LUA-Modul](https://github.com/openresty/stream-lua-nginx-module) sind verfügbar. Darüber hinaus können Sie die in BunkerWeb enthaltenen LUA-Bibliotheken verwenden: siehe [dieses Skript](https://github.com/bunkerity/bunkerweb/blob/v1.6.11-rc1/src/deps/clone.sh) für die vollständige Liste.
Wenn Sie zusätzliche Bibliotheken benötigen, können Sie diese in den Stammordner des Plugins legen und darauf zugreifen, indem Sie ihnen Ihre Plugin-ID voranstellen. Hier ist ein Beispiel für eine Datei namens **mylibrary.lua**:
@ -559,7 +559,7 @@ end
!!! tip "Weitere Beispiele"
Wenn Sie die vollständige Liste der verfügbaren Funktionen sehen möchten, können Sie sich die Dateien im [lua-Verzeichnis](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/bw/lua/bunkerweb) des Repositorys ansehen.
Wenn Sie die vollständige Liste der verfügbaren Funktionen sehen möchten, können Sie sich die Dateien im [lua-Verzeichnis](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/bw/lua/bunkerweb) des Repositorys ansehen.
### Jobs

34
docs/de/quickstart-guide.md
View file

@ -18,7 +18,7 @@ Diese Schnellstart-Anleitung hilft Ihnen, BunkerWeb schnell zu installieren und
Der Schutz bestehender Webanwendungen, die bereits über das HTTP(S)-Protokoll erreichbar sind, ist das Hauptziel von BunkerWeb: Es fungiert als klassischer [Reverse-Proxy](https://de.wikipedia.org/wiki/Reverse_Proxy) mit zusätzlichen Sicherheitsfunktionen.
Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) des Repositorys finden Sie Beispiele aus der Praxis.
Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) des Repositorys finden Sie Beispiele aus der Praxis.
## Grundlegende Einrichtung
@ -33,7 +33,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Standardmäßig stellt der Container Folgendes bereit:
@ -51,8 +51,8 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
```bash
# Laden Sie das Skript und seine Prüfsumme herunter
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Überprüfen Sie die Prüfsumme
sha256sum -c install-bunkerweb.sh.sha256
@ -93,7 +93,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
services:
bunkerweb:
# Dies ist der Name, der zur Identifizierung der Instanz im Scheduler verwendet wird
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -106,7 +106,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Stellen Sie sicher, dass Sie den richtigen Instanznamen festlegen
@ -123,7 +123,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
restart: "unless-stopped"
@ -190,7 +190,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -206,7 +206,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -224,7 +224,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bw-docker
environment:
@ -247,7 +247,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Denken Sie daran, einen stärkeren geheimen Schlüssel festzulegen (siehe Abschnitt Voraussetzungen)
@ -342,7 +342,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -372,7 +372,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- "bunkerweb.INSTANCE=yes"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -390,7 +390,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
<<: *bw-ui-env
DOCKER_HOST: "tcp://bw-docker:2375"
@ -419,7 +419,7 @@ Im [Beispielordner](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/exam
- "node.role == manager"
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Denken Sie daran, einen stärkeren geheimen Schlüssel festzulegen (siehe Abschnitt Voraussetzungen)
@ -640,7 +640,7 @@ Sie können sich nun mit dem während des Einrichtungsassistenten erstellten Adm
-e "www.example.com_REVERSE_PROXY_HOST=http://myapp:8080" \
-e "www.example.com_REVERSE_PROXY_URL=/" \
# --- Fügen Sie alle anderen vorhandenen Umgebungsvariablen für UI, Redis, CrowdSec usw. hinzu ---
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Ihr Anwendungscontainer (`myapp`) und der `bunkerweb-aio`-Container müssen sich im selben Docker-Netzwerk befinden, damit BunkerWeb ihn über den Hostnamen `myapp` erreichen kann.
@ -662,7 +662,7 @@ Sie können sich nun mit dem während des Einrichtungsassistenten erstellten Adm
-p 443:8443/tcp \
-p 443:8443/udp \
# ... (alle anderen relevanten Umgebungsvariablen wie im Hauptbeispiel oben gezeigt) ...
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Stellen Sie sicher, dass Sie `myapp` durch den tatsächlichen Namen oder die IP Ihres Anwendungscontainers und `http://myapp:8080` durch dessen korrekte Adresse und Port ersetzen.

36
docs/de/upgrading.md
View file

@ -25,16 +25,16 @@
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -142,20 +142,20 @@
Beispiele:
```bash
# Interaktiv auf 1.6.10~rc7 aktualisieren (fragt nach Sicherung)
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
# Interaktiv auf 1.6.11~rc1 aktualisieren (fragt nach Sicherung)
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Nicht-interaktives Upgrade mit automatischer Sicherung in ein benutzerdefiniertes Verzeichnis
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --backup-dir /var/backups/bw-2025-01 -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --backup-dir /var/backups/bw-2025-01 -y
# Stilles unbeaufsichtigtes Upgrade (Protokolle unterdrückt) verlässt sich auf die standardmäßige automatische Sicherung
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 -y -q
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 -y -q
# Einen Probelauf (Plan) durchführen, ohne Änderungen anzuwenden
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --dry-run
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --dry-run
# Upgrade unter Überspringen der automatischen Sicherung (NICHT empfohlen)
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --no-auto-backup -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --no-auto-backup -y
```
!!! warning "Überspringen von Sicherungen"
@ -235,7 +235,7 @@
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Um zu verhindern, dass das BunkerWeb-Paket bei der Ausführung von `apt upgrade` aktualisiert wird, können Sie den folgenden Befehl verwenden:
@ -261,7 +261,7 @@
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Um zu verhindern, dass das BunkerWeb-Paket bei der Ausführung von `dnf upgrade` aktualisiert wird, können Sie den folgenden Befehl verwenden:
@ -658,16 +658,16 @@ Wir haben eine **Namespace**-Funktion zu den Autoconf-Integrationen hinzugefügt
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -702,7 +702,7 @@ Wir haben eine **Namespace**-Funktion zu den Autoconf-Integrationen hinzugefügt
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Um zu verhindern, dass das BunkerWeb-Paket bei der Ausführung von `apt upgrade` aktualisiert wird, können Sie den folgenden Befehl verwenden:
@ -728,7 +728,7 @@ Wir haben eine **Namespace**-Funktion zu den Autoconf-Integrationen hinzugefügt
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Um zu verhindern, dass das BunkerWeb-Paket bei der Ausführung von `dnf upgrade` aktualisiert wird, können Sie den folgenden Befehl verwenden:

22
docs/de/web-ui.md
View file

@ -35,7 +35,7 @@ Die UI erwartet, dass Scheduler/(BunkerWeb-)API/Redis/DB erreichbar sind.
Verwenden Sie die veröffentlichten Images und das Layout aus dem [Quickstart-Guide](quickstart-guide.md#__tabbed_1_3). Stack starten, dann den Wizard im Browser abschließen.
```bash
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.10~rc7-rc1/misc/integrations/docker-compose.yml up -d
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.11~rc1-rc1/misc/integrations/docker-compose.yml up -d
```
Öffnen Sie den Scheduler-Host (z.B. `https://www.example.com/changeme`) und führen Sie den `/setup`-Wizard aus, um UI, Scheduler und Instanz zu konfigurieren.
@ -52,7 +52,7 @@ Die UI erwartet, dass Scheduler/(BunkerWeb-)API/Redis/DB erreichbar sind.
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -63,7 +63,7 @@ Die UI erwartet, dass Scheduler/(BunkerWeb-)API/Redis/DB erreichbar sind.
networks: [bw-universe, bw-services]
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *service-env
BUNKERWEB_INSTANCES: "bunkerweb"
@ -83,7 +83,7 @@ Die UI erwartet, dass Scheduler/(BunkerWeb-)API/Redis/DB erreichbar sind.
networks: [bw-universe, bw-db]
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *service-env
ADMIN_USERNAME: "admin"
@ -168,6 +168,18 @@ Die UI erwartet, dass Scheduler/(BunkerWeb-)API/Redis/DB erreichbar sind.
- Sessions: Standard-Leerlauf-Lebensdauer 12 h (`SESSION_LIFETIME_HOURS`), bei jeder Anfrage erneuert. Ein hartes Absolutlimit gilt über `SESSION_ABSOLUTE_HOURS` (Standard `168` = 7 Tage) — danach werden Nutzer unabhängig von Aktivität ausgeloggt. Optionale Session-ID-Rotation (`SESSION_ROLLING_HOURS`, Standard `0` = deaktiviert) erzeugt in diesem Intervall eine neue Session-ID. Sessions an IP und User-Agent gebunden; `CHECK_PRIVATE_IP=no` lockert die IP-Prüfung nur für private Netze. `ALWAYS_REMEMBER=yes` erzwingt persistente Cookies.
- `PROXY_NUMBERS` setzen, wenn mehrere Proxies `X-Forwarded-*` anhängen.
!!! tip "Vorgehashtes Admin-Passwort"
`ADMIN_PASSWORD` akzeptiert einen **bcrypt-Hash** (`$2a$`/`$2b$`/`$2y$`) und speichert ihn unverändert, sodass der Klartext aus Env-Dateien und Secrets bleibt. Die Stärke-Richtlinie entfällt (Sie verantworten das Quell-Passwort); Kosten unter 12 erzeugen eine Warnung. Nur env-Erstellung und `OVERRIDE_ADMIN_CREDS`; Wizard und Profilseite brauchen weiter Klartext.
Hash generieren:
```bash
python3 -c "import bcrypt; print(bcrypt.hashpw(b'Str0ng&P@ss!', bcrypt.gensalt(rounds=13)).decode())"
```
!!! warning "Ein falscher Hash sperrt Sie aus"
Verwenden Sie einen Hash nur, wenn Sie dessen Klartext kennen. Ein gültiger, aber falscher Hash bei der Erst-Erstellung ist nicht umkehrbar und ein Neustart behebt das nicht. Wiederherstellung über ein anderes `ADMIN_PASSWORD` mit `OVERRIDE_ADMIN_CREDS=yes`.
## Konfigurationsquellen und Priorität
1. Umgebungsvariablen (inkl. Docker/Compose `environment:`)
@ -200,7 +212,7 @@ Die UI erwartet, dass Scheduler/(BunkerWeb-)API/Redis/DB erreichbar sind.
| Setting | Beschreibung | Erlaubte Werte | Standard |
| ------------------------------------------- | -------------------------------------------------------------------------- | ----------------- | ---------------------------- |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Admin-Konto initial befüllen (Passwortrichtlinie) | Strings | unset |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Admin-Konto initial befüllen (Passwortrichtlinie; `ADMIN_PASSWORD` akzeptiert auch einen bcrypt-Hash, unverändert gespeichert) | Strings / bcrypt-Hash | unset |
| `OVERRIDE_ADMIN_CREDS` | Admin-Zugang aus Env erzwingen | `yes` oder `no` | `no` |
| `FLASK_SECRET` | Session-Signing-Secret (persistiert in `/var/lib/bunkerweb/.flask_secret`) | Hex/Base64/opaque | auto-generiert |
| `TOTP_ENCRYPTION_KEYS` (`TOTP_SECRETS`) | Verschlüsselungs-Keys für TOTP (Leerzeichen oder JSON) | Strings / JSON | auto-generiert falls fehlend |

110
docs/es/advanced.md
View file

@ -1,8 +1,8 @@
# Usos avanzados
Muchos ejemplos de casos de uso del mundo real están disponibles en la carpeta [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) del repositorio de GitHub.
Muchos ejemplos de casos de uso del mundo real están disponibles en la carpeta [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) del repositorio de GitHub.
También proporcionamos numerosos boilerplates, como archivos YAML para diversas integraciones y tipos de bases de datos. Estos están disponibles en la carpeta [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations).
También proporcionamos numerosos boilerplates, como archivos YAML para diversas integraciones y tipos de bases de datos. Estos están disponibles en la carpeta [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations).
Esta sección solo se enfoca en usos avanzados y ajustes de seguridad, consulta la [sección de características](features.md) de la documentación para ver todas las configuraciones disponibles.
@ -85,7 +85,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Ten en cuenta que si tu contenedor ya está creado, necesitarás eliminarlo y recrearlo para que se actualicen las nuevas variables de entorno.
@ -96,7 +96,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -104,7 +104,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -121,7 +121,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -129,7 +129,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -176,7 +176,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -184,7 +184,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -249,7 +249,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Ten en cuenta que si tu contenedor ya está creado, necesitarás eliminarlo y recrearlo para que se actualicen las nuevas variables de entorno.
@ -260,7 +260,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -270,7 +270,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -288,7 +288,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -298,7 +298,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -350,7 +350,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -360,7 +360,7 @@ Encontrarás más configuraciones sobre la IP real en la [sección de caracterí
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -485,8 +485,8 @@ El Manager es el cerebro del clúster. Ejecuta el Scheduler, la base de datos y,
```bash
# Descargar script y checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verificar checksum
sha256sum -c install-bunkerweb.sh.sha256
@ -588,7 +588,7 @@ El Manager es el cerebro del clúster. Ejecuta el Scheduler, la base de datos y,
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: \"192.168.1.11 192.168.1.12\" # Sustituye por las IP de tus workers
@ -607,7 +607,7 @@ El Manager es el cerebro del clúster. Ejecuta el Scheduler, la base de datos y,
- bw-redis
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
ports:
- \"7000:7000\" # Exponer el puerto de la UI
environment:
@ -690,7 +690,7 @@ Los workers son los nodos que procesan el tráfico entrante.
```yaml title="docker-compose.yml"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- \"80:8080/tcp\"
- \"443:8443/tcp\"
@ -995,7 +995,7 @@ Para habilitar systemd-resolved como tu resolutor de DNS en BunkerWeb, establece
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1023,7 +1023,7 @@ Para habilitar systemd-resolved como tu resolutor de DNS en BunkerWeb, establece
- bw-dns
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1034,7 +1034,7 @@ Para habilitar systemd-resolved como tu resolutor de DNS en BunkerWeb, establece
- bw-dns
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1148,7 +1148,7 @@ Algunas integraciones proporcionan formas más convenientes de aplicar configura
}" \
-p 80:8080/tcp \
-p 443:8443/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Ten en cuenta que si tu contenedor ya está creado, necesitarás eliminarlo y recrearlo para que se apliquen las nuevas variables de entorno.
@ -1188,7 +1188,7 @@ Algunas integraciones proporcionan formas más convenientes de aplicar configura
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1211,7 +1211,7 @@ Algunas integraciones proporcionan formas más convenientes de aplicar configura
```yaml
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1254,7 +1254,7 @@ Algunas integraciones proporcionan formas más convenientes de aplicar configura
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1324,7 +1324,7 @@ Algunas integraciones proporcionan formas más convenientes de aplicar configura
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1555,7 +1555,7 @@ Para obtener una lista completa de las configuraciones relacionadas con el modo
-p 443:8443/udp \
-p 10000:10000/tcp \
-p 20000:20000/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Ten en cuenta que si tu contenedor ya está creado, necesitarás eliminarlo y recrearlo para que se apliquen las nuevas variables de entorno.
@ -1578,7 +1578,7 @@ Para obtener una lista completa de las configuraciones relacionadas con el modo
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Mantenlo si quieres usar la automatización de Let's Encrypt al usar el tipo de desafío http
- "10000:10000" # app1
@ -1593,7 +1593,7 @@ Para obtener una lista completa de las configuraciones relacionadas con el modo
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # Esta configuración es obligatoria para especificar la instancia de BunkerWeb
@ -1644,7 +1644,7 @@ Para obtener una lista completa de las configuraciones relacionadas con el modo
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Mantenlo si quieres usar la automatización de Let's Encrypt cuando usas el tipo de desafío http
- "10000:10000" # app1
@ -1874,7 +1874,7 @@ Para obtener una lista completa de las configuraciones relacionadas con el modo
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
# Mantenlo si quieres usar la automatización de Let's Encrypt cuando usas el tipo de desafío http
- published: 80
@ -2004,7 +2004,7 @@ Se pueden usar las siguientes configuraciones:
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Ten en cuenta que si tu contenedor ya está creado, necesitarás eliminarlo y recrearlo para que se apliquen las nuevas variables de entorno.
@ -2048,7 +2048,7 @@ Se pueden usar las siguientes configuraciones:
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2063,7 +2063,7 @@ Se pueden usar las siguientes configuraciones:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # Esta configuración es obligatoria para especificar la instancia de BunkerWeb
@ -2157,7 +2157,7 @@ Se pueden usar las siguientes configuraciones:
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -2170,7 +2170,7 @@ Se pueden usar las siguientes configuraciones:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "" # No necesitamos especificar la instancia de BunkerWeb aquí, ya que son detectadas automáticamente por el servicio de autoconfiguración
@ -2185,7 +2185,7 @@ Se pueden usar las siguientes configuraciones:
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2425,7 +2425,7 @@ Se pueden usar las siguientes configuraciones:
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
volumes:
- /shared/www:/var/www/html
...
@ -2524,7 +2524,7 @@ Por defecto, BunkerWeb solo escuchará en direcciones IPv4 y no usará IPv6 para
```yaml
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
USE_IPv6: "yes"
@ -2667,7 +2667,7 @@ LOG_LEVEL_1=error
services:
bunkerweb:
# Este es el nombre que se usará para identificar la instancia en el Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2680,7 +2680,7 @@ LOG_LEVEL_1=error
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Asegúrate de establecer el nombre correcto de la instancia
@ -2697,7 +2697,7 @@ LOG_LEVEL_1=error
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
volumes:
@ -2861,7 +2861,7 @@ Puede configurar el controlador de registro para sus servicios en su archivo `do
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
logging:
driver: "json-file"
options:
@ -2970,7 +2970,7 @@ Las variables habituales son:
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Si el contenedor ya existe, recréalo para aplicar el nuevo entorno.
@ -2981,7 +2981,7 @@ Las variables habituales son:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3000,7 +3000,7 @@ Las variables habituales son:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3043,7 +3043,7 @@ Las variables habituales son:
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3342,12 +3342,12 @@ El **servidor MCP de BunkerWeb** permite que asistentes de IA como **Claude Code
### Ejemplo de Docker Compose
Un ejemplo completo está disponible en [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples/mcp-stack):
Un ejemplo completo está disponible en [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples/mcp-stack):
```yaml
services:
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
API_TOKEN: "my-bearer-token-for-mcp"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db"
@ -4209,11 +4209,11 @@ Las plantillas usan sintaxis de plantilla Lua con los siguientes delimitadores:
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
# ... otras configuraciones (no se necesitan variables de entorno aquí para páginas personalizadas)
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./templates:/custom_templates:ro
environment:
@ -4296,7 +4296,7 @@ Las plantillas usan sintaxis de plantilla Lua con los siguientes delimitadores:
spec:
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
env:
- name: CUSTOM_ERROR_PAGE
value: "/custom_templates/error.html"

8
docs/es/api.md
View file

@ -41,7 +41,7 @@ Elige el sabor que encaje con tu entorno.
services:
bunkerweb:
# Nombre que usará el scheduler para identificar la instancia
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -54,7 +54,7 @@ Elige el sabor que encaje con tu entorno.
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Asegúrate de poner el nombre de instancia correcto
@ -76,7 +76,7 @@ Elige el sabor que encaje con tu entorno.
- bw-db
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
<<: *bw-env
API_USERNAME: "admin"
@ -143,7 +143,7 @@ Elige el sabor que encaje con tu entorno.
-e SERVICE_API=yes \
-e API_WHITELIST_IPS="127.0.0.0/8" \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Linux"

4
docs/es/concepts.md
View file

@ -105,7 +105,7 @@ Ten en cuenta que el modo multisitio es implícito cuando se utiliza la interfaz
!!! info "Para saber más"
Encontrarás ejemplos concretos del modo multisitio en los [usos avanzados](advanced.md) de la documentación y en el directorio de [ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) del repositorio.
Encontrarás ejemplos concretos del modo multisitio en los [usos avanzados](advanced.md) de la documentación y en el directorio de [ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) del repositorio.
## Configuraciones personalizadas {#custom-configurations}
@ -126,7 +126,7 @@ La gestión de configuraciones personalizadas desde la interfaz de usuario web s
!!! info "Para saber más"
Encontrarás ejemplos concretos de configuraciones personalizadas en los [usos avanzados](advanced.md#custom-configurations) de la documentación y en el directorio de [ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) del repositorio.
Encontrarás ejemplos concretos de configuraciones personalizadas en los [usos avanzados](advanced.md#custom-configurations) de la documentación y en el directorio de [ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) del repositorio.
## Base de datos

40
docs/es/features.md
View file

@ -569,6 +569,7 @@ BunkerWeb le permite especificar ciertos usuarios, IP o solicitudes que deben om
- Use HTTPS para `ANTIBOT_CAPJS_FRONTEND_URL` en producción. El worker del navegador requiere `crypto.subtle` en un contexto seguro, y HTTPS evita cambios MITM en el widget.
- Configure CORS en la clave de sitio de Cap.js para permitir el origen protegido.
- Defina `ANTIBOT_CAPJS_FRONTEND_URL` y `ANTIBOT_CAPJS_BACKEND_URL` solo como orígenes: esquema, host y puerto opcional, sin ruta.
- Use el widget de Cap.js **0.1.48 o posterior**. BunkerWeb sirve una CSP estricta basada en nonce; los widgets anteriores rompen los desafíos de instrumentación porque el `<script>` inline del iframe `srcdoc` aislado no propaga el nonce. Si autoaloja `tiago2/cap`, fije una etiqueta reciente (p. ej. `tiago2/cap:3.1.2` o posterior) o establezca `WIDGET_VERSION` en `0.1.48` o posterior.
Consulte los [Ajustes comunes](#configuraciones-comunes) para opciones de configuración adicionales.
@ -1854,7 +1855,7 @@ Las siguientes secciones desarrollan cada paso.
services:
bunkerweb:
# Este es el nombre que se utilizará para identificar la instancia en el Planificador
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1871,7 +1872,7 @@ Las siguientes secciones desarrollan cada paso.
syslog-address: "udp://10.20.30.254:514" # La dirección IP del servicio syslog
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Asegúrese de establecer el nombre de instancia correcto
@ -1905,7 +1906,7 @@ Las siguientes secciones desarrollan cada paso.
- bw-db
crowdsec:
image: crowdsecurity/crowdsec:v1.7.7 # Use la última versión pero siempre fije la versión para una mejor estabilidad/seguridad
image: crowdsecurity/crowdsec:v1.7.8 # Use la última versión pero siempre fije la versión para una mejor estabilidad/seguridad
volumes:
- cs-data:/var/lib/crowdsec/data # Para persistir los datos de CrowdSec
- bw-logs:/var/log:ro # Los registros de BunkerWeb para que CrowdSec los analice
@ -3496,6 +3497,39 @@ El complemento de Límite en BunkerWeb proporciona capacidades robustas para apl
LIMIT_CONN_MAX_STREAM: "20"
```
## Load Balancer <img src='../../assets/img/pro-icon.svg' alt='crown pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
<p align='center'><iframe style='display: block;' width='560' height='315' data-src='https://www.youtube-nocookie.com/embed/cOVp0rAt5nw?si=iVhDio8o8S4F_uag' title='Load Balancer' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture' allowfullscreen></iframe></p>
Para una guía más detallada, consulta la documentación de [usos avanzados](advanced.md#load-balancer-pro).
Compatibilidad con STREAM :x:
Provides load balancing feature to group of upstreams with optional healthchecks.
| Parámetro | Valor predeterminado | Contexto | Múltiple | Descripción |
| ----------------------------------------- | -------------------- | -------- | -------- | ------------------------------------------------------------------ |
| `LOADBALANCER_HEALTHCHECK_DICT_SIZE` | `10m` | global | no | Shared dict size (datastore for all healthchecks). |
| `LOADBALANCER_UPSTREAM_NAME` | | global | sí | Name of the upstream (used in REVERSE_PROXY_HOST). |
| `LOADBALANCER_UPSTREAM_SERVERS` | | global | sí | List of servers/IPs in the server group. |
| `LOADBALANCER_UPSTREAM_MODE` | `round-robin` | global | sí | Load balancing mode (round-robin or sticky). |
| `LOADBALANCER_UPSTREAM_STICKY_METHOD` | `ip` | global | sí | Sticky session method (ip or cookie). |
| `LOADBALANCER_UPSTREAM_RESOLVE` | `no` | global | sí | Dynamically resolve upstream hostnames. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE` | | global | sí | Number of keepalive connections to cache per worker. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIMEOUT` | `60s` | global | sí | Keepalive timeout for upstream connections. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIME` | `1h` | global | sí | Keepalive time for upstream connections. |
| `LOADBALANCER_HEALTHCHECK_URL` | `/status` | global | sí | The healthcheck URL. |
| `LOADBALANCER_HEALTHCHECK_INTERVAL` | `2000` | global | sí | Healthcheck interval in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_TIMEOUT` | `1000` | global | sí | Healthcheck timeout in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_FALL` | `3` | global | sí | Number of failed healthchecks before marking the server as down. |
| `LOADBALANCER_HEALTHCHECK_RISE` | `1` | global | sí | Number of successful healthchecks before marking the server as up. |
| `LOADBALANCER_HEALTHCHECK_VALID_STATUSES` | `200` | global | sí | HTTP status considered valid in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_CONCURRENCY` | `10` | global | sí | Maximum number of concurrent healthchecks. |
| `LOADBALANCER_HEALTHCHECK_TYPE` | `http` | global | sí | Type of healthcheck (http or https). |
| `LOADBALANCER_HEALTHCHECK_SSL_VERIFY` | `yes` | global | sí | Verify SSL certificate in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_HOST` | | global | sí | Host header for healthchecks (useful for HTTPS). |
## Metrics
Compatibilidad con STREAM :warning:

129
docs/es/integrations.md
View file

@ -1268,7 +1268,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Por defecto, el contenedor expone:
@ -1284,7 +1284,7 @@ Se requiere un volumen nombrado (o un bind mount) para persistir la base de dato
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1362,7 +1362,7 @@ docker run -d \
-e API_PASSWORD=StrongP@ssw0rd \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
-p 8888:8888/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Recomendado (detrás de BunkerWeb) — no publiques el `8888`; en su lugar, haz un proxy inverso:
@ -1370,7 +1370,7 @@ Recomendado (detrás de BunkerWeb) — no publiques el `8888`; en su lugar, haz
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
ports:
- "80:8080/tcp"
@ -1446,7 +1446,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* Cuando `USE_CROWDSEC=yes`, el punto de entrada hará lo siguiente:
@ -1501,7 +1501,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
!!! info "Cómo funciona internamente"
@ -1523,7 +1523,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Notas:
@ -1559,7 +1559,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* El **registro local** se omite cuando `CROWDSEC_API` no es `127.0.0.1` o `localhost`.
@ -1591,13 +1591,13 @@ Al acceder a estas imágenes preconstruidas desde Docker Hub, puedes obtener y e
Ya sea que estés realizando pruebas, desarrollando aplicaciones o desplegando BunkerWeb en producción, la opción de contenedorización de Docker proporciona flexibilidad y facilidad de uso. Adoptar este método te permite aprovechar al máximo las características de BunkerWeb mientras te beneficias de las ventajas de la tecnología Docker.
```shell
docker pull bunkerity/bunkerweb:1.6.10-rc7
docker pull bunkerity/bunkerweb:1.6.11-rc1
```
Las imágenes de Docker también están disponibles en [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) y se pueden descargar usando la dirección del repositorio `ghcr.io`:
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.6.10-rc7
docker pull ghcr.io/bunkerity/bunkerweb:1.6.11-rc1
```
Los conceptos clave para la integración con Docker incluyen:
@ -1607,7 +1607,7 @@ Los conceptos clave para la integración con Docker incluyen:
- **Redes**: Las redes de Docker desempeñan un papel vital en la integración de BunkerWeb. Estas redes tienen dos propósitos principales: exponer puertos a los clientes y conectarse a los servicios web ascendentes. Al exponer los puertos, BunkerWeb puede aceptar solicitudes entrantes de los clientes, permitiéndoles acceder a los servicios web protegidos. Además, al conectarse a los servicios web ascendentes, BunkerWeb puede enrutar y gestionar el tráfico de manera eficiente, proporcionando una mayor seguridad y rendimiento.
!!! info "Backend de la base de datos"
Ten en cuenta que nuestras instrucciones asumen que estás utilizando SQLite como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, también se admiten otros backends de bases de datos. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) del repositorio para obtener más información.
Ten en cuenta que nuestras instrucciones asumen que estás utilizando SQLite como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, también se admiten otros backends de bases de datos. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) del repositorio para obtener más información.
### Variables de entorno
@ -1617,7 +1617,7 @@ Las configuraciones se pasan al Programador usando las variables de entorno de D
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- MY_SETTING=value
- ANOTHER_SETTING=another value
@ -1661,7 +1661,7 @@ Esto asegura que las configuraciones sensibles se mantengan fuera del entorno y
El [programador](concepts.md#scheduler) se ejecuta en su propio contenedor, que también está disponible en Docker Hub:
```shell
docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
docker pull bunkerity/bunkerweb-scheduler:1.6.11-rc1
```
!!! info "Configuraciones de BunkerWeb"
@ -1682,7 +1682,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
environment:
# Esto establecerá las configuraciones de la API para el contenedor de BunkerWeb
<<: *bw-api-env
@ -1691,7 +1691,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
- bw-universe
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
# Esto establecerá las configuraciones de la API para el contenedor del Programador
<<: *bw-api-env
@ -1709,7 +1709,7 @@ Se necesita un volumen para almacenar la base de datos SQLite y las copias de se
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1778,6 +1778,7 @@ El programador es el worker del plano de control que lee configuraciones, genera
| `DISABLE_CONFIGURATION_TESTING` | Saltar pruebas de configuración antes de aplicar | `yes` o `no` | `no` |
| `IGNORE_FAIL_SENDING_CONFIG` | Continuar incluso si algunas instancias no reciben la configuración | `yes` o `no` | `no` |
| `IGNORE_REGEX_CHECK` | Omitir validación regex de configuraciones (compartido con autoconf) | `yes` o `no` | `no` |
| `SCHEDULER_MAX_WORKERS` | Número máximo de hilos en el ejecutor de jobs del Scheduler. Cada hilo activo puede mantener una conexión a la BD, limitando la presión sobre el pool desde el Scheduler. Al iniciar se emite una advertencia si el valor resuelto supera `DATABASE_POOL_SIZE` + `DATABASE_POOL_MAX_OVERFLOW`. | Entero positivo | `min(8, max(2, cpu_count*2))` |
| `TZ` | Zona horaria para logs del programador, jobs tipo cron, backups y marcas de tiempo | Nombre en base TZ (ej. `UTC`, `Europe/Paris`) | unset (default de contenedor, suele ser UTC) |
##### Base de datos
@ -1855,7 +1856,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1868,7 +1869,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # Esta configuración es obligatoria para especificar la instancia de BunkerWeb
@ -1901,7 +1902,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1914,7 +1915,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
depends_on:
- bunkerweb
environment:
@ -1980,8 +1981,8 @@ Para empezar, descarga el script de instalación y su suma de verificación, lue
```bash
# Descargar el script y su suma de verificación
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verificar la suma de verificación
sha256sum -c install-bunkerweb.sh.sha256
@ -2057,7 +2058,7 @@ Para configuraciones no interactivas o automatizadas, el script se puede control
| Opción | Descripción |
| :---------------------- | :------------------------------------------------------------------------------------------------ |
| `-v, --version VERSION` | Especifica la versión de BunkerWeb a instalar (p. ej., `1.6.10~rc7`). |
| `-v, --version VERSION` | Especifica la versión de BunkerWeb a instalar (p. ej., `1.6.11~rc1`). |
| `-w, --enable-wizard` | Habilita el asistente de configuración. |
| `-n, --no-wizard` | Deshabilita el asistente de configuración. |
| `-y, --yes` | Se ejecuta en modo no interactivo usando las respuestas predeterminadas para todas las preguntas. |
@ -2124,7 +2125,7 @@ sudo ./install-bunkerweb.sh --yes
sudo ./install-bunkerweb.sh --worker --no-wizard
# Instalar una versión específica
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Configuración del Gestor con instancias de trabajador remotas (se requieren instancias)
sudo ./install-bunkerweb.sh --manager --instances "192.168.1.10 192.168.1.11"
@ -2232,7 +2233,7 @@ Dependiendo de tus elecciones durante la instalación:
### Instalación mediante el gestor de paquetes
Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para todas las distribuciones, es obligatorio usar los paquetes precompilados del [repositorio oficial de NGINX](https://nginx.org/en/linux_packages.html). Compilar NGINX desde el código fuente o usar paquetes de diferentes repositorios no funcionará con los paquetes precompilados oficiales de BunkerWeb. Sin embargo, tienes la opción de compilar BunkerWeb desde el código fuente.
Asegúrate de tener **NGINX 1.30.2 instalado antes de instalar BunkerWeb**. Para todas las distribuciones, es obligatorio usar los paquetes precompilados del [repositorio oficial de NGINX](https://nginx.org/en/linux_packages.html). Compilar NGINX desde el código fuente o usar paquetes de diferentes repositorios no funcionará con los paquetes precompilados oficiales de BunkerWeb. Sin embargo, tienes la opción de compilar BunkerWeb desde el código fuente.
=== "Debian Bookworm/Trixie"
@ -2247,11 +2248,11 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
| sudo tee /etc/apt/sources.list.d/nginx.list
```
Ahora deberías poder instalar NGINX 1.30.0:
Ahora deberías poder instalar NGINX 1.30.2:
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Versión de prueba/desarrollo"
@ -2268,12 +2269,12 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
export UI_WIZARD=no
```
Y finalmente instala BunkerWeb 1.6.10~rc7:
Y finalmente instala BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Para evitar la actualización de los paquetes de NGINX y/o BunkerWeb al ejecutar `apt upgrade`, puedes usar el siguiente comando:
@ -2295,11 +2296,11 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
| sudo tee /etc/apt/sources.list.d/nginx.list
```
Ahora deberías poder instalar NGINX 1.30.0:
Ahora deberías poder instalar NGINX 1.30.2:
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Versión de prueba/desarrollo"
@ -2316,12 +2317,12 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
export UI_WIZARD=no
```
Y finalmente instala BunkerWeb 1.6.10~rc7:
Y finalmente instala BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Para evitar la actualización de los paquetes de NGINX y/o BunkerWeb al ejecutar `apt upgrade`, puedes usar el siguiente comando:
@ -2339,10 +2340,10 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
sudo dnf config-manager setopt updates-testing.enabled=1
```
Fedora ya proporciona NGINX 1.30.0 que soportamos
Fedora ya proporciona NGINX 1.30.1 que soportamos
```shell
sudo dnf install -y --allowerasing nginx-1.30.0
sudo dnf install -y --allowerasing nginx-1.30.1
```
!!! example "Deshabilitar el asistente de configuración"
@ -2352,12 +2353,12 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
export UI_WIZARD=no
```
Y finalmente instala BunkerWeb 1.6.10~rc7:
Y finalmente instala BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf makecache && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Para evitar la actualización de los paquetes de NGINX y/o BunkerWeb al ejecutar `dnf upgrade`, puedes usar el siguiente comando:
@ -2389,10 +2390,10 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
module_hotfixes=true
```
Ahora deberías poder instalar NGINX 1.30.0:
Ahora deberías poder instalar NGINX 1.30.2:
```shell
sudo dnf install --allowerasing nginx-1.30.0
sudo dnf install --allowerasing nginx-1.30.2
```
!!! example "Deshabilitar el asistente de configuración"
@ -2402,12 +2403,12 @@ Asegúrate de tener **NGINX 1.30.0 instalado antes de instalar BunkerWeb**. Para
export UI_WIZARD=no
```
Y finalmente instala BunkerWeb 1.6.10~rc7:
Y finalmente instala BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Para evitar la actualización de los paquetes de NGINX y/o BunkerWeb al ejecutar `dnf upgrade`, puedes usar el siguiente comando:
@ -2500,7 +2501,7 @@ Al adoptar este enfoque, puedes disfrutar de la reconfiguración en tiempo real
La integración de autoconfiguración de Docker implica el uso del **modo multisitio**. Por favor, consulta la [sección de multisitio](concepts.md#multisite-mode) de la documentación para obtener más información.
!!! info "Backend de la base de datos"
Ten en cuenta que nuestras instrucciones asumen que estás utilizando MariaDB como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, entendemos que puedes preferir utilizar backends alternativos para tu integración con Docker. Si ese es el caso, ten la seguridad de que otros backends de bases de datos también son posibles. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) del repositorio para obtener más información.
Ten en cuenta que nuestras instrucciones asumen que estás utilizando MariaDB como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, entendemos que puedes preferir utilizar backends alternativos para tu integración con Docker. Si ese es el caso, ten la seguridad de que otros backends de bases de datos también son posibles. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) del repositorio para obtener más información.
Para habilitar las actualizaciones de configuración automatizadas, incluye un contenedor adicional llamado `bw-autoconf` en la pila. Este contenedor aloja el servicio de autoconfiguración, que gestiona los cambios de configuración dinámicos para BunkerWeb.
@ -2514,7 +2515,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2529,7 +2530,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # No necesitamos especificar la instancia de BunkerWeb aquí, ya que son detectadas automáticamente por el servicio de autoconfiguración
@ -2544,7 +2545,7 @@ services:
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2713,7 +2714,7 @@ Si se establece `AUTOCONF_DISABLE_CLEANUP=yes` en el contenedor `bw-autoconf`:
```yaml
services:
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
AUTOCONF_MODE: "yes"
AUTOCONF_DISABLE_CLEANUP: "yes" # conservar como borradores los servicios eliminados
@ -2749,13 +2750,13 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
- "bunkerweb.NAMESPACE=my-namespace" # Establece el espacio de nombres para la instancia de BunkerWeb para que el servicio de autoconfiguración pueda detectarla
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
...
NAMESPACES: "my-namespace my-other-namespace" # Solo escucha a estos espacios de nombres
@ -2807,7 +2808,7 @@ Para una configuración óptima, se recomienda definir BunkerWeb como un **[Daem
Dada la presencia de múltiples instancias de BunkerWeb, es necesario establecer un almacén de datos compartido implementado como un servicio de [Redis](https://redis.io/) o [Valkey](https://valkey.io/). Este servicio será utilizado por las instancias para almacenar en caché y compartir datos entre ellas. Se puede encontrar más información sobre la configuración de Redis/Valkey [aquí](features.md#redis).
!!! info "Backend de la base de datos"
Ten en cuenta que nuestras instrucciones asumen que estás utilizando MariaDB como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, entendemos que puedes preferir utilizar backends alternativos para tu integración con Docker. Si ese es el caso, ten la seguridad de que otros backends de bases de datos también son posibles. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) del repositorio para obtener más información.
Ten en cuenta que nuestras instrucciones asumen que estás utilizando MariaDB como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, entendemos que puedes preferir utilizar backends alternativos para tu integración con Docker. Si ese es el caso, ten la seguridad de que otros backends de bases de datos también son posibles. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) del repositorio para obtener más información.
La configuración de backends de bases de datos en clúster está fuera del alcance de esta documentación.
@ -2922,7 +2923,7 @@ The **BunkerWeb controller** automatically discovers pods with BunkerWeb sidecar
```yaml
controller:
enabled: true
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
```
2. For each sidecar, add:
@ -3015,7 +3016,7 @@ In your BunkerWeb chart `values.yaml`, configure the `BUNKERWEB_INSTANCES` envir
```yaml
scheduler:
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
extraEnvs:
- name: BUNKERWEB_INSTANCES
value: "http://app1-bunkerweb-workers.namespace.svc.cluster.local:5000 http://app2-bunkerweb-workers.namespace.svc.cluster.local:5000"
@ -3059,7 +3060,7 @@ spec:
# BunkerWeb Sidecar
- name: bunkerweb
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- containerPort: 8080 # Exposed HTTP port
- containerPort: 5000 # Internal API (mandatory)
@ -3330,7 +3331,7 @@ To add a new application protected by BunkerWeb:
#### Archivos YAML completos
En lugar de usar el chart de Helm, también puedes usar las plantillas YAML dentro de la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) del repositorio de GitHub. Ten en cuenta que recomendamos encarecidamente usar el chart de Helm en su lugar.
En lugar de usar el chart de Helm, también puedes usar las plantillas YAML dentro de la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) del repositorio de GitHub. Ten en cuenta que recomendamos encarecidamente usar el chart de Helm en su lugar.
### Recursos de Ingress
@ -3478,7 +3479,7 @@ metadata:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
imagePullPolicy: Always
env:
- name: NAMESPACES
@ -3651,11 +3652,11 @@ service:
# Configuraciones de BunkerWeb
bunkerweb:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# Configuraciones del programador
scheduler:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
extraEnvs:
# Habilita el módulo de IP real para obtener la IP real de los clientes
- name: USE_REAL_IP
@ -3663,11 +3664,11 @@ scheduler:
# Configuraciones del controlador
controller:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# Configuraciones de la UI
ui:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
```
Instala BunkerWeb con valores personalizados:
@ -4289,7 +4290,7 @@ Dado que se están ejecutando múltiples instancias de BunkerWeb, se debe crear
En cuanto al volumen de la base de datos, la documentación no especifica un enfoque concreto. La elección de una carpeta compartida o un controlador específico para el volumen de la base de datos depende de tu caso de uso particular y se deja como ejercicio para el lector.
!!! info "Backend de la base de datos"
Ten en cuenta que nuestras instrucciones asumen que estás utilizando MariaDB como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, entendemos que puedes preferir utilizar backends alternativos para tu integración con Docker. Si ese es el caso, ten la seguridad de que otros backends de bases de datos también son posibles. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) del repositorio para obtener más información.
Ten en cuenta que nuestras instrucciones asumen que estás utilizando MariaDB como el backend de base de datos predeterminado, según lo configurado por el ajuste `DATABASE_URI`. Sin embargo, entendemos que puedes preferir utilizar backends alternativos para tu integración con Docker. Si ese es el caso, ten la seguridad de que otros backends de bases de datos también son posibles. Consulta los archivos docker-compose en la [carpeta misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) del repositorio para obtener más información.
La configuración de backends de bases de datos en clúster está fuera del alcance de esta documentación.
@ -4303,7 +4304,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -4332,7 +4333,7 @@ services:
- "bunkerweb.INSTANCE=yes" # Etiqueta obligatoria para que el servicio de autoconfiguración identifique la instancia de BunkerWeb
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # No necesitamos especificar la instancia de BunkerWeb aquí, ya que son detectadas automáticamente por el servicio de autoconfiguración
@ -4353,7 +4354,7 @@ services:
- "node.role == worker"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
SWARM_MODE: "yes"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Recuerda establecer una contraseña más segura para la base de datos
@ -4505,7 +4506,7 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
deploy:
mode: global
@ -4517,7 +4518,7 @@ networks:
- "bunkerweb.NAMESPACE=my-namespace" # Establece el espacio de nombres para la instancia de BunkerWeb
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
NAMESPACES: "my-namespace my-other-namespace" # Solo escucha a estos espacios de nombres
...

12
docs/es/plugins.md
View file

@ -89,7 +89,7 @@ El primer paso es instalar el plugin colocando sus archivos dentro de la carpeta
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -125,7 +125,7 @@ El primer paso es instalar el plugin colocando sus archivos dentro de la carpeta
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -168,7 +168,7 @@ El primer paso es instalar el plugin colocando sus archivos dentro de la carpeta
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -215,7 +215,7 @@ El primer paso es instalar el plugin colocando sus archivos dentro de la carpeta
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -255,7 +255,7 @@ El primer paso es instalar el plugin colocando sus archivos dentro de la carpeta
!!! tip "Plugins existentes"
Si la documentación no es suficiente, puedes echar un vistazo al código fuente existente de los [plugins oficiales](https://github.com/bunkerity/bunkerweb-plugins) y los [plugins del núcleo](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/common/core) (ya incluidos en BunkerWeb, pero técnicamente son plugins).
Si la documentación no es suficiente, puedes echar un vistazo al código fuente existente de los [plugins oficiales](https://github.com/bunkerity/bunkerweb-plugins) y los [plugins del núcleo](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/common/core) (ya incluidos en BunkerWeb, pero técnicamente son plugins).
Así es como se ve la estructura de un plugin:
```
@ -560,7 +560,7 @@ end
!!! tip "Más ejemplos"
Si quieres ver la lista completa de funciones disponibles, puedes echar un vistazo a los archivos presentes en el [directorio lua](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/bw/lua/bunkerweb) del repositorio.
Si quieres ver la lista completa de funciones disponibles, puedes echar un vistazo a los archivos presentes en el [directorio lua](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/bw/lua/bunkerweb) del repositorio.
### Trabajos

34
docs/es/quickstart-guide.md
View file

@ -18,7 +18,7 @@ Esta guía de inicio rápido te ayudará a instalar rápidamente BunkerWeb y a p
Proteger las aplicaciones web existentes que ya son accesibles con el protocolo HTTP(S) es el objetivo principal de BunkerWeb: actuará como un [proxy inverso](https://es.wikipedia.org/wiki/Proxy_inverso) clásico con características de seguridad adicionales.
Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) del repositorio para obtener ejemplos del mundo real.
Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) del repositorio para obtener ejemplos del mundo real.
## Configuración básica
@ -33,7 +33,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Por defecto, el contenedor expone:
@ -52,8 +52,8 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
```bash
```bash
# Download the script and its checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verify the checksum
sha256sum -c install-bunkerweb.sh.sha256 # Si la comprobación es exitosa, ejecuta el script
@ -92,7 +92,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
services:
bunkerweb:
# Este es el nombre que se usará para identificar la instancia en el Programador
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -105,7 +105,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Asegúrate de establecer el nombre de instancia correcto
@ -122,7 +122,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
restart: "unless-stopped"
@ -189,7 +189,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -205,7 +205,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -223,7 +223,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bw-docker
environment:
@ -246,7 +246,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Recuerda establecer una clave secreta más segura (consulta la sección de Requisitos previos)
@ -341,7 +341,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -371,7 +371,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- "bunkerweb.INSTANCE=yes"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -389,7 +389,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
<<: *bw-ui-env
DOCKER_HOST: "tcp://bw-docker:2375"
@ -418,7 +418,7 @@ Consulta la [carpeta de ejemplos](https://github.com/bunkerity/bunkerweb/tree/v1
- "node.role == manager"
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Recuerda establecer una clave secreta más segura (consulta la sección de Requisitos previos)
@ -640,7 +640,7 @@ Ahora puedes iniciar sesión con la cuenta de administrador que creaste durante
-e "www.example.com_REVERSE_PROXY_HOST=http://myapp:8080" \
-e "www.example.com_REVERSE_PROXY_URL=/" \
# --- Incluye cualquier otra variable de entorno existente para la UI, Redis, CrowdSec, etc. ---
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Tu contenedor de aplicación (`myapp`) y el contenedor `bunkerweb-aio` deben estar en la misma red de Docker para que BunkerWeb pueda alcanzarlo usando el nombre de host `myapp`.
@ -662,7 +662,7 @@ Ahora puedes iniciar sesión con la cuenta de administrador que creaste durante
-p 443:8443/tcp \
-p 443:8443/udp \
# ... (todas las demás variables de entorno relevantes como se muestra en el ejemplo principal anterior) ...
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Asegúrate de reemplazar `myapp` con el nombre o IP real de tu contenedor de aplicación y `http://myapp:8080` con su dirección y puerto correctos.

36
docs/es/upgrading.md
View file

@ -25,16 +25,16 @@
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -146,20 +146,20 @@
Ejemplos:
```bash
# Actualizar a 1.6.10~rc7 interactivamente (pedirá confirmación para la copia de seguridad)
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
# Actualizar a 1.6.11~rc1 interactivamente (pedirá confirmación para la copia de seguridad)
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Actualización no interactiva con copia de seguridad automática a un directorio personalizado
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --backup-dir /var/backups/bw-2025-01 -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --backup-dir /var/backups/bw-2025-01 -y
# Actualización desatendida silenciosa (salida suprimida) depende de la copia de seguridad automática predeterminada
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 -y -q
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 -y -q
# Realizar una ejecución de prueba (plan) sin aplicar cambios
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --dry-run
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --dry-run
# Actualizar omitiendo la copia de seguridad automática (NO recomendado)
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --no-auto-backup -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --no-auto-backup -y
```
!!! warning "Omitir copias de seguridad"
@ -239,7 +239,7 @@
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Para evitar que el paquete de BunkerWeb se actualice al ejecutar `apt upgrade`, puedes usar el siguiente comando:
@ -265,7 +265,7 @@
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Para evitar que el paquete de BunkerWeb se actualice al ejecutar `dnf upgrade`, puedes usar el siguiente comando:
@ -662,16 +662,16 @@ Hemos añadido una característica de **espacio de nombres** a las integraciones
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -706,7 +706,7 @@ Hemos añadido una característica de **espacio de nombres** a las integraciones
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Para evitar que el paquete de BunkerWeb se actualice al ejecutar `apt upgrade`, puedes usar el siguiente comando:
@ -732,7 +732,7 @@ Hemos añadido una característica de **espacio de nombres** a las integraciones
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Para evitar que el paquete de BunkerWeb se actualice al ejecutar `dnf upgrade`, puedes usar el siguiente comando:

22
docs/es/web-ui.md
View file

@ -35,7 +35,7 @@ La UI requiere scheduler/API de BunkerWeb/redis/base de datos accesibles.
Usa las imágenes publicadas y el layout del [guía rápida](quickstart-guide.md#__tabbed_1_3) para levantar el stack, luego completa el asistente en el navegador.
```bash
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.10~rc7-rc1/misc/integrations/docker-compose.yml up -d
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.11~rc1-rc1/misc/integrations/docker-compose.yml up -d
```
Visita el hostname del scheduler (ej. `https://www.example.com/changeme`) y ejecuta el asistente `/setup` para configurar la UI, el scheduler y la instancia.
@ -52,7 +52,7 @@ La UI requiere scheduler/API de BunkerWeb/redis/base de datos accesibles.
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -63,7 +63,7 @@ La UI requiere scheduler/API de BunkerWeb/redis/base de datos accesibles.
networks: [bw-universe, bw-services]
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *service-env
BUNKERWEB_INSTANCES: "bunkerweb"
@ -83,7 +83,7 @@ La UI requiere scheduler/API de BunkerWeb/redis/base de datos accesibles.
networks: [bw-universe, bw-db]
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *service-env
ADMIN_USERNAME: "admin"
@ -168,6 +168,18 @@ La UI requiere scheduler/API de BunkerWeb/redis/base de datos accesibles.
- Sesiones: duración de inactividad por defecto 12 h (`SESSION_LIFETIME_HOURS`), refrescada en cada petición. Se aplica un límite absoluto vía `SESSION_ABSOLUTE_HOURS` (por defecto `168` = 7 días) — superado ese tiempo, los usuarios son desconectados aunque sigan activos. Rotación opcional del identificador de sesión (`SESSION_ROLLING_HOURS`, por defecto `0` = deshabilitada) regenera el ID de sesión en ese intervalo. Sesiones fijadas a IP y User-Agent; `CHECK_PRIVATE_IP=no` relaja el control de IP solo en rangos privados. `ALWAYS_REMEMBER=yes` fuerza cookies persistentes.
- Ajusta `PROXY_NUMBERS` si varios proxies añaden `X-Forwarded-*`.
!!! tip "Contraseña de administrador pre-hasheada"
`ADMIN_PASSWORD` acepta un **hash bcrypt** (`$2a$`/`$2b$`/`$2y$`) y lo almacena tal cual, manteniendo el texto plano fuera de tus archivos de entorno y secretos. Se omite la política de fortaleza (tú eres responsable de la contraseña de origen); un coste inferior a 12 registra una advertencia. Solo en creación por entorno y `OVERRIDE_ADMIN_CREDS`: el asistente y el perfil siguen requiriendo texto plano.
Genera un hash:
```bash
python3 -c "import bcrypt; print(bcrypt.hashpw(b'Str0ng&P@ss!', bcrypt.gensalt(rounds=13)).decode())"
```
!!! warning "Un hash incorrecto te bloquea"
Usa un hash solo si conoces su texto plano. Un hash válido pero incorrecto en la primera creación no se puede revertir y un reinicio no lo arregla. Recupera con un `ADMIN_PASSWORD` distinto y `OVERRIDE_ADMIN_CREDS=yes`.
## Fuentes de configuración y prioridad
1. Variables de entorno (incl. `environment:` de Docker/Compose)
@ -200,7 +212,7 @@ La UI requiere scheduler/API de BunkerWeb/redis/base de datos accesibles.
| Ajuste | Descripción | Valores aceptados | Predeterminado |
| ------------------------------------------- | ----------------------------------------------------------------------------- | ----------------------- | ------------------------- |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Inicializar cuenta admin (política de contraseña) | Cadenas | sin definir |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Inicializar cuenta admin (política de contraseña; `ADMIN_PASSWORD` también acepta un hash bcrypt, almacenado tal cual) | Cadenas / hash bcrypt | sin definir |
| `OVERRIDE_ADMIN_CREDS` | Forzar actualización de credenciales admin desde env | `yes` o `no` | `no` |
| `FLASK_SECRET` | Secreto de firma de sesión (persistido en `/var/lib/bunkerweb/.flask_secret`) | Cadena hex/base64/opaca | generado automáticamente |
| `TOTP_ENCRYPTION_KEYS` (`TOTP_SECRETS`) | Claves para cifrar TOTP (espacio o JSON) | Cadenas / JSON | generadas si faltan |

40
docs/features.md
View file

@ -573,6 +573,7 @@ BunkerWeb allows you to specify certain users, IPs, or requests that should bypa
- Use HTTPS for `ANTIBOT_CAPJS_FRONTEND_URL` in production. The browser worker requires `crypto.subtle` in a secure context, and HTTPS prevents MITM changes to the widget.
- Configure CORS on the Cap.js sitekey to allow the protected origin.
- Set both `ANTIBOT_CAPJS_FRONTEND_URL` and `ANTIBOT_CAPJS_BACKEND_URL` to origins only: scheme, host, and optional port, with no path.
- Use the Cap.js widget **0.1.48 or later**. BunkerWeb serves a strict nonce-based CSP; earlier widgets break instrumentation challenges because the sandboxed `srcdoc` iframe's inline script does not propagate the nonce. If you self-host `tiago2/cap`, pin a recent tag (e.g. `tiago2/cap:3.1.2` or newer) or set `WIDGET_VERSION` to `0.1.48` or later.
Refer to the [Common Settings](#common-settings) for additional configuration options.
@ -1866,7 +1867,7 @@ Follow one of the environment-specific guides below so the CrowdSec agent ingest
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1883,7 +1884,7 @@ Follow one of the environment-specific guides below so the CrowdSec agent ingest
syslog-address: "udp://10.20.30.254:514" # The IP address of the syslog service
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -1917,7 +1918,7 @@ Follow one of the environment-specific guides below so the CrowdSec agent ingest
- bw-db
crowdsec:
image: crowdsecurity/crowdsec:v1.7.7 # Use the latest version but always pin the version for a better stability/security
image: crowdsecurity/crowdsec:v1.7.8 # Use the latest version but always pin the version for a better stability/security
volumes:
- cs-data:/var/lib/crowdsec/data # To persist the CrowdSec data
- bw-logs:/var/log:ro # The logs of BunkerWeb for CrowdSec to parse
@ -3511,6 +3512,39 @@ The Limit plugin in BunkerWeb provides robust capabilities to enforce limiting p
LIMIT_CONN_MAX_STREAM: "20"
```
## Load Balancer <img src='../assets/img/pro-icon.svg' alt='crown pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
<p align='center'><iframe style='display: block;' width='560' height='315' data-src='https://www.youtube-nocookie.com/embed/cOVp0rAt5nw?si=iVhDio8o8S4F_uag' title='Load Balancer' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture' allowfullscreen></iframe></p>
For a more detailed guide, see the [advanced usages](advanced.md#load-balancer-pro) documentation.
STREAM support :x:
Provides load balancing feature to group of upstreams with optional healthchecks.
| Setting | Default | Context | Multiple | Description |
| ----------------------------------------- | ------------- | ------- | -------- | ------------------------------------------------------------------ |
| `LOADBALANCER_HEALTHCHECK_DICT_SIZE` | `10m` | global | no | Shared dict size (datastore for all healthchecks). |
| `LOADBALANCER_UPSTREAM_NAME` | | global | yes | Name of the upstream (used in REVERSE_PROXY_HOST). |
| `LOADBALANCER_UPSTREAM_SERVERS` | | global | yes | List of servers/IPs in the server group. |
| `LOADBALANCER_UPSTREAM_MODE` | `round-robin` | global | yes | Load balancing mode (round-robin or sticky). |
| `LOADBALANCER_UPSTREAM_STICKY_METHOD` | `ip` | global | yes | Sticky session method (ip or cookie). |
| `LOADBALANCER_UPSTREAM_RESOLVE` | `no` | global | yes | Dynamically resolve upstream hostnames. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE` | | global | yes | Number of keepalive connections to cache per worker. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIMEOUT` | `60s` | global | yes | Keepalive timeout for upstream connections. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIME` | `1h` | global | yes | Keepalive time for upstream connections. |
| `LOADBALANCER_HEALTHCHECK_URL` | `/status` | global | yes | The healthcheck URL. |
| `LOADBALANCER_HEALTHCHECK_INTERVAL` | `2000` | global | yes | Healthcheck interval in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_TIMEOUT` | `1000` | global | yes | Healthcheck timeout in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_FALL` | `3` | global | yes | Number of failed healthchecks before marking the server as down. |
| `LOADBALANCER_HEALTHCHECK_RISE` | `1` | global | yes | Number of successful healthchecks before marking the server as up. |
| `LOADBALANCER_HEALTHCHECK_VALID_STATUSES` | `200` | global | yes | HTTP status considered valid in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_CONCURRENCY` | `10` | global | yes | Maximum number of concurrent healthchecks. |
| `LOADBALANCER_HEALTHCHECK_TYPE` | `http` | global | yes | Type of healthcheck (http or https). |
| `LOADBALANCER_HEALTHCHECK_SSL_VERIFY` | `yes` | global | yes | Verify SSL certificate in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_HOST` | | global | yes | Host header for healthchecks (useful for HTTPS). |
## Metrics
STREAM support :warning:

110
docs/fr/advanced.md
View file

@ -1,8 +1,8 @@
# Utilisations avancées
De nombreux exemples de cas d'utilisation concrets sont disponibles dans le dossier [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) du dépôt GitHub.
De nombreux exemples de cas d'utilisation concrets sont disponibles dans le dossier [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) du dépôt GitHub.
Nous fournissons également de nombreux modèles standard, tels que des fichiers YAML pour diverses intégrations et types de bases de données. Ceux-ci sont disponibles dans le dossier [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations).
Nous fournissons également de nombreux modèles standard, tels que des fichiers YAML pour diverses intégrations et types de bases de données. Ceux-ci sont disponibles dans le dossier [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations).
Cette section se concentre uniquement sur les utilisations avancées et le réglage de la sécurité, consultez la [section fonctionnalités](features.md) de la documentation pour voir tous les paramètres disponibles.
@ -85,7 +85,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Veuillez noter que si votre conteneur existe déjà, vous devrez le supprimer et le recréer afin que les nouvelles variables d'environnement soient prises en compte.
@ -96,7 +96,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -104,7 +104,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -121,7 +121,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -129,7 +129,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -176,7 +176,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -184,7 +184,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -249,7 +249,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Veuillez noter que si votre conteneur existe déjà, vous devrez le supprimer et le recréer afin que les nouvelles variables d'environnement soient prises en compte.
@ -260,7 +260,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -270,7 +270,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -288,7 +288,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -298,7 +298,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -350,7 +350,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -360,7 +360,7 @@ Vous trouverez plus de paramètres sur l'IP réelle dans la [section des fonctio
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -485,8 +485,8 @@ Le Manager est le cerveau du cluster. Il exécute le Scheduler, la base de donn
```bash
# Télécharger le script et sa somme
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Vérifier l'empreinte
sha256sum -c install-bunkerweb.sh.sha256
@ -588,7 +588,7 @@ Le Manager est le cerveau du cluster. Il exécute le Scheduler, la base de donn
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: "192.168.1.11 192.168.1.12" # Remplacez par les IPs de vos workers
@ -607,7 +607,7 @@ Le Manager est le cerveau du cluster. Il exécute le Scheduler, la base de donn
- bw-redis
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
ports:
- "7000:7000" # Exposer le port de l'UI
environment:
@ -690,7 +690,7 @@ Les workers sont les nœuds qui traitent le trafic entrant.
```yaml title="docker-compose.yml"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -995,7 +995,7 @@ Pour activer systemd-resolved comme résolveur DNS dans BunkerWeb, définissez l
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1023,7 +1023,7 @@ Pour activer systemd-resolved comme résolveur DNS dans BunkerWeb, définissez l
- bw-dns
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1034,7 +1034,7 @@ Pour activer systemd-resolved comme résolveur DNS dans BunkerWeb, définissez l
- bw-dns
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1148,7 +1148,7 @@ Certaines intégrations offrent des moyens plus pratiques d'appliquer des config
}" \
-p 80:8080/tcp \
-p 443:8443/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Veuillez noter que si votre conteneur est déjà créé, vous devrez le supprimer et le recréer pour que les nouvelles variables d'environnement soient appliquées.
@ -1188,7 +1188,7 @@ Certaines intégrations offrent des moyens plus pratiques d'appliquer des config
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1211,7 +1211,7 @@ Certaines intégrations offrent des moyens plus pratiques d'appliquer des config
```yaml
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1254,7 +1254,7 @@ Certaines intégrations offrent des moyens plus pratiques d'appliquer des config
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1324,7 +1324,7 @@ Certaines intégrations offrent des moyens plus pratiques d'appliquer des config
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1554,7 +1554,7 @@ Pour la liste complète des paramètres concernant `stream` le mode, veuillez v
-p 443:8443/udp \
-p 10000:10000/tcp \
-p 20000:20000/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Veuillez noter que si votre conteneur existe déjà, vous devrez le supprimer et le recréer afin que les nouvelles variables d'environnement soient prises en compte.
@ -1577,7 +1577,7 @@ Pour la liste complète des paramètres concernant `stream` le mode, veuillez v
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Keep it if you want to use Let's Encrypt automation when using http challenge type
- "10000:10000" # app1
@ -1592,7 +1592,7 @@ Pour la liste complète des paramètres concernant `stream` le mode, veuillez v
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance
@ -1643,7 +1643,7 @@ Pour la liste complète des paramètres concernant `stream` le mode, veuillez v
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # Keep it if you want to use Let's Encrypt automation when using http challenge type
- "10000:10000" # app1
@ -1873,7 +1873,7 @@ Pour la liste complète des paramètres concernant `stream` le mode, veuillez v
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
# Keep it if you want to use Let's Encrypt automation when using http challenge type
- published: 80
@ -2003,7 +2003,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Veuillez noter que si votre conteneur est déjà créé, vous devrez le supprimer et le recréer pour que les nouvelles variables d'environnement soient appliquées.
@ -2047,7 +2047,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2062,7 +2062,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance
@ -2156,7 +2156,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -2169,7 +2169,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service
@ -2184,7 +2184,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2424,7 +2424,7 @@ BunkerWeb prend en charge PHP en utilisant des instances [PHP-FPM externes ou ]
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
volumes:
- /shared/www:/var/www/html
...
@ -2523,7 +2523,7 @@ Par défaut, BunkerWeb n'écoutera que les adresses IPv4 et n'utilisera pas IPv6
```yaml
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
USE_IPv6: "yes"
@ -2666,7 +2666,7 @@ LOG_LEVEL_1=error
services:
bunkerweb:
# Ceci est le nom qui sera utilisé pour identifier l'instance dans le Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2679,7 +2679,7 @@ LOG_LEVEL_1=error
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Assurez-vous de définir le nom d'instance correct
@ -2696,7 +2696,7 @@ LOG_LEVEL_1=error
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
volumes:
@ -2860,7 +2860,7 @@ Vous pouvez configurer le pilote de journalisation pour vos services dans votre
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
logging:
driver: "json-file"
options:
@ -2969,7 +2969,7 @@ Les variables couramment utilisées sont :
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Si le conteneur existe déjà, recréez-le pour appliquer le nouvel environnement.
@ -2980,7 +2980,7 @@ Les variables couramment utilisées sont :
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -2999,7 +2999,7 @@ Les variables couramment utilisées sont :
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3042,7 +3042,7 @@ Les variables couramment utilisées sont :
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3341,12 +3341,12 @@ Le **serveur MCP BunkerWeb** permet aux assistants IA comme **Claude Code** et *
### Exemple Docker Compose
Un exemple complet est disponible dans [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples/mcp-stack) :
Un exemple complet est disponible dans [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples/mcp-stack) :
```yaml
services:
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
API_TOKEN: "my-bearer-token-for-mcp"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db"
@ -4208,11 +4208,11 @@ Les modèles utilisent la syntaxe de modèle Lua avec les délimiteurs suivants
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
# ... autres paramètres (pas de variables d'environnement nécessaires ici pour les pages personnalisées)
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./templates:/custom_templates:ro
environment:
@ -4295,7 +4295,7 @@ Les modèles utilisent la syntaxe de modèle Lua avec les délimiteurs suivants
spec:
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
env:
- name: CUSTOM_ERROR_PAGE
value: "/custom_templates/error.html"

8
docs/fr/api.md
View file

@ -41,7 +41,7 @@ Choisissez la saveur adaptée à votre environnement.
services:
bunkerweb:
# Nom utilisé par le scheduler pour identifier linstance
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -54,7 +54,7 @@ Choisissez la saveur adaptée à votre environnement.
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Assurez-vous de mettre le bon nom dinstance
@ -76,7 +76,7 @@ Choisissez la saveur adaptée à votre environnement.
- bw-db
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
<<: *bw-env
API_USERNAME: "admin"
@ -143,7 +143,7 @@ Choisissez la saveur adaptée à votre environnement.
-e SERVICE_API=yes \
-e API_WHITELIST_IPS="127.0.0.0/8" \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Linux"

4
docs/fr/concepts.md
View file

@ -105,7 +105,7 @@ Veuillez noter que le mode multisite est implicite lors de l'utilisation de l'in
!!! info "Aller plus loin"
Vous trouverez des exemples concrets du mode multisite dans la section [Utilisations avancées](advanced.md) de la documentation et dans le répertoire [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) du dépôt.
Vous trouverez des exemples concrets du mode multisite dans la section [Utilisations avancées](advanced.md) de la documentation et dans le répertoire [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) du dépôt.
## Configurations personnalisées {#custom-configurations}
@ -126,7 +126,7 @@ La gestion des configurations personnalisées à partir de l'interface utilisate
!!! info "Aller plus loin"
Vous trouverez des exemples concrets de configurations personnalisées dans la section [Utilisations avancées](advanced.md#custom-configurations) de la documentation et dans le répertoire [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) du dépôt.
Vous trouverez des exemples concrets de configurations personnalisées dans la section [Utilisations avancées](advanced.md#custom-configurations) de la documentation et dans le répertoire [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) du dépôt.
## Base de données

40
docs/fr/features.md
View file

@ -573,6 +573,7 @@ Exemples :
- Utilisez HTTPS pour `ANTIBOT_CAPJS_FRONTEND_URL` en production. Le worker du navigateur exige `crypto.subtle` dans un contexte sécurisé, et HTTPS empêche les modifications MITM du widget.
- Configurez CORS sur la clé de site Cap.js pour autoriser lorigine protégée.
- Définissez `ANTIBOT_CAPJS_FRONTEND_URL` et `ANTIBOT_CAPJS_BACKEND_URL` uniquement sur des origines : schéma, hôte et port optionnel, sans chemin.
- Utilisez le widget Cap.js **0.1.48 ou ultérieur**. BunkerWeb diffuse une CSP stricte basée sur un nonce ; les widgets antérieurs cassent les défis dinstrumentation parce que le `<script>` inline injecté dans liframe `srcdoc` isolée ne propage pas le nonce. Si vous auto-hébergez `tiago2/cap`, épinglez une version récente (par ex. `tiago2/cap:3.1.2` ou plus récente) ou définissez `WIDGET_VERSION` à `0.1.48` ou plus.
Reportezvous aux [Paramètres communs](#paramètres-communs) pour les options supplémentaires.
@ -1791,7 +1792,7 @@ Les sections suivantes détaillent chacune de ces étapes.
services:
bunkerweb:
# C'est le nom qui sera utilisé pour identifier l'instance dans le planificateur
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1808,7 +1809,7 @@ Les sections suivantes détaillent chacune de ces étapes.
syslog-address: "udp://10.20.30.254:514" # L'adresse IP du service syslog
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Assurez-vous de définir le nom correct de l'instance
@ -1842,7 +1843,7 @@ Les sections suivantes détaillent chacune de ces étapes.
- bw-db
crowdsec:
image: crowdsecurity/crowdsec:v1.7.7 # Utilisez la dernière version mais épinglez toujours la version pour une meilleure stabilité/sécurité
image: crowdsecurity/crowdsec:v1.7.8 # Utilisez la dernière version mais épinglez toujours la version pour une meilleure stabilité/sécurité
volumes:
- cs-data:/var/lib/crowdsec/data # Pour persister les données de CrowdSec
- bw-logs:/var/log:ro # Les journaux de BunkerWeb à analyser par CrowdSec
@ -3396,6 +3397,39 @@ Le plugin Limit permet dappliquer des politiques de limitation pour garantir
LIMIT_CONN_MAX_STREAM: "20"
```
## Load Balancer <img src='../../assets/img/pro-icon.svg' alt='crown pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
<p align='center'><iframe style='display: block;' width='560' height='315' data-src='https://www.youtube-nocookie.com/embed/cOVp0rAt5nw?si=iVhDio8o8S4F_uag' title='Load Balancer' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture' allowfullscreen></iframe></p>
Pour un guide plus détaillé, consultez la documentation des [utilisations avancées](advanced.md#load-balancer-pro).
Prise en charge STREAM :x:
Provides load balancing feature to group of upstreams with optional healthchecks.
| Paramètre | Valeur par défaut | Contexte | Multiple | Description |
| ----------------------------------------- | ----------------- | -------- | -------- | ------------------------------------------------------------------ |
| `LOADBALANCER_HEALTHCHECK_DICT_SIZE` | `10m` | global | non | Shared dict size (datastore for all healthchecks). |
| `LOADBALANCER_UPSTREAM_NAME` | | global | oui | Name of the upstream (used in REVERSE_PROXY_HOST). |
| `LOADBALANCER_UPSTREAM_SERVERS` | | global | oui | List of servers/IPs in the server group. |
| `LOADBALANCER_UPSTREAM_MODE` | `round-robin` | global | oui | Load balancing mode (round-robin or sticky). |
| `LOADBALANCER_UPSTREAM_STICKY_METHOD` | `ip` | global | oui | Sticky session method (ip or cookie). |
| `LOADBALANCER_UPSTREAM_RESOLVE` | `no` | global | oui | Dynamically resolve upstream hostnames. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE` | | global | oui | Number of keepalive connections to cache per worker. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIMEOUT` | `60s` | global | oui | Keepalive timeout for upstream connections. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIME` | `1h` | global | oui | Keepalive time for upstream connections. |
| `LOADBALANCER_HEALTHCHECK_URL` | `/status` | global | oui | The healthcheck URL. |
| `LOADBALANCER_HEALTHCHECK_INTERVAL` | `2000` | global | oui | Healthcheck interval in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_TIMEOUT` | `1000` | global | oui | Healthcheck timeout in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_FALL` | `3` | global | oui | Number of failed healthchecks before marking the server as down. |
| `LOADBALANCER_HEALTHCHECK_RISE` | `1` | global | oui | Number of successful healthchecks before marking the server as up. |
| `LOADBALANCER_HEALTHCHECK_VALID_STATUSES` | `200` | global | oui | HTTP status considered valid in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_CONCURRENCY` | `10` | global | oui | Maximum number of concurrent healthchecks. |
| `LOADBALANCER_HEALTHCHECK_TYPE` | `http` | global | oui | Type of healthcheck (http or https). |
| `LOADBALANCER_HEALTHCHECK_SSL_VERIFY` | `yes` | global | oui | Verify SSL certificate in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_HOST` | | global | oui | Host header for healthchecks (useful for HTTPS). |
## Metrics
Prise en charge STREAM :warning:

129
docs/fr/integrations.md
View file

@ -1275,7 +1275,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Par défaut, le conteneur expose :
@ -1290,7 +1290,7 @@ Un volume nommé (ou un bind mount) est nécessaire pour conserver la base SQLit
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
volumes:
- bw-storage:/data
@ -1369,7 +1369,7 @@ docker run -d \
-e API_PASSWORD=StrongP@ssw0rd \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
-p 8888:8888/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Configuration recommandée (derrière BunkerWeb) — ne publiez pas `8888`; utilisez plutôt un proxy inverse :
@ -1377,7 +1377,7 @@ Configuration recommandée (derrière BunkerWeb) — ne publiez pas `8888`; u
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
ports:
- "80:8080/tcp"
@ -1453,7 +1453,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* Lorsque `USE_CROWDSEC=yes`, le point d'entrée :
@ -1508,7 +1508,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
!!! info "Comment ça marche en interne"
@ -1529,7 +1529,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Notes :
@ -1565,7 +1565,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* **L'enregistrement local** est ignoré lorsque n' `CROWDSEC_API` est pas `127.0.0.1` ou `localhost`.
@ -1599,13 +1599,13 @@ En accédant à ces images prédéfinies à partir de Docker Hub, vous pouvez ra
Que vous effectuiez des tests, développiez des applications ou déployiez BunkerWeb en production, l'option de conteneurisation Docker offre flexibilité et facilité d'utilisation. L'adoption de cette méthode vous permet de tirer pleinement parti des fonctionnalités de BunkerWeb tout en tirant parti des avantages de la technologie Docker.
```shell
docker pull bunkerity/bunkerweb:1.6.10-rc7
docker pull bunkerity/bunkerweb:1.6.11-rc1
```
Les images Docker sont également disponibles sur [les packages GitHub](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) et peuvent être téléchargées à l'aide de l'adresse du `ghcr.io` dépôt :
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.6.10-rc7
docker pull ghcr.io/bunkerity/bunkerweb:1.6.11-rc1
```
Les concepts clés de l'intégration Docker sont les suivants :
@ -1615,7 +1615,7 @@ Les concepts clés de l'intégration Docker sont les suivants :
- **Réseaux**: Les réseaux Docker jouent un rôle essentiel dans l'intégration de BunkerWeb. Ces réseaux ont deux objectifs principaux : exposer les ports aux clients et se connecter aux services Web en amont. En exposant les ports, BunkerWeb peut accepter les demandes entrantes des clients, leur permettant d'accéder aux services Web protégés. De plus, en se connectant aux services Web en amont, BunkerWeb peut acheminer et gérer efficacement le trafic, offrant ainsi une sécurité et des performances améliorées.
!!! info "Backend de base de données"
Veuillez noter que nos instructions supposent que vous utilisez SQLite comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, d'autres backends de base de données sont également pris en charge. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) du dépôt.
Veuillez noter que nos instructions supposent que vous utilisez SQLite comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, d'autres backends de base de données sont également pris en charge. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) du dépôt.
### Variables d'environnement
@ -1625,7 +1625,7 @@ Les paramètres sont transmis au Scheduler à l'aide de variables d'environnemen
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- MY_SETTING=value
- ANOTHER_SETTING=another value
@ -1669,7 +1669,7 @@ Cela garantit que les paramètres sensibles sont tenus à l'écart de l'environn
Le [Scheduler](concepts.md#scheduler) s'exécute dans son propre conteneur, qui est également disponible sur Docker Hub :
```shell
docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
docker pull bunkerity/bunkerweb-scheduler:1.6.11-rc1
```
!!! info "Paramètres BunkerWeb"
@ -1690,7 +1690,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
environment:
# Paramètres API pour le conteneur BunkerWeb
<<: *bw-api-env
@ -1699,7 +1699,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
- bw-universe
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
# Paramètres API pour le conteneur Scheduler
<<: *bw-api-env
@ -1717,7 +1717,7 @@ Un volume est nécessaire pour stocker la base de données SQLite et les sauvega
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1786,6 +1786,7 @@ Le Scheduler est le worker du plan de contrôle qui lit les paramètres, rend le
| `DISABLE_CONFIGURATION_TESTING` | Sauter les tests de configuration avant application | `yes` ou `no` | `no` |
| `IGNORE_FAIL_SENDING_CONFIG` | Continuer même si certaines instances ne reçoivent pas la config | `yes` ou `no` | `no` |
| `IGNORE_REGEX_CHECK` | Ignorer la validation regex des paramètres (partagé avec autoconf) | `yes` ou `no` | `no` |
| `SCHEDULER_MAX_WORKERS` | Nombre maximal de threads dans l'exécuteur de jobs du Scheduler. Chaque thread peut détenir une connexion DB, ce qui borne la pression sur le pool côté Scheduler. Un avertissement est émis au démarrage si la valeur résolue dépasse `DATABASE_POOL_SIZE` + `DATABASE_POOL_MAX_OVERFLOW`. | Entier positif | `min(8, max(2, cpu_count*2))` |
| `TZ` | Fuseau horaire pour les logs du Scheduler, tâches type cron, sauvegardes et dates | Nom de base TZ (ex. `UTC`, `Europe/Paris`) | unset (défaut conteneur, généralement UTC) |
##### Base de données
@ -1863,7 +1864,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1876,7 +1877,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance
@ -1909,7 +1910,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1922,7 +1923,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
depends_on:
- bunkerweb
environment:
@ -1988,8 +1989,8 @@ Pour commencer, téléchargez le script d'installation et sa somme de contrôle,
```bash
# Download the script and its checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verify the checksum
sha256sum -c install-bunkerweb.sh.sha256
@ -2062,7 +2063,7 @@ Pour les configurations non interactives ou automatisées, le script peut être
| Option | Description |
| ----------------------- | -------------------------------------------------------------------------------------------------------- |
| `-v, --version VERSION` | Spécifie la version de BunkerWeb à installer (par exemple, `1.6.10~rc7`). |
| `-v, --version VERSION` | Spécifie la version de BunkerWeb à installer (par exemple, `1.6.11~rc1`). |
| `-w, --enable-wizard` | Active l'assistant de configuration. |
| `-n, --no-wizard` | Désactive l'assistant d'installation. |
| `--api`, `--enable-api` | Active le service API (FastAPI) systemd (désactivé par défaut). |
@ -2129,7 +2130,7 @@ sudo ./install-bunkerweb.sh --yes
sudo ./install-bunkerweb.sh --worker --no-wizard
# Install a specific version
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Manager setup with remote worker instances (instances required)
sudo ./install-bunkerweb.sh --manager --instances "192.168.1.10 192.168.1.11"
@ -2234,7 +2235,7 @@ En fonction de vos choix lors de l'installation :
### Installation à l'aide du gestionnaire de paquets
Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerWeb**. Pour toutes les distributions, il est obligatoire d'utiliser des paquets préconstruits à partir du [dépôt officiel NGINX](https://nginx.org/en/linux_packages.html). La compilation de NGINX à partir des sources ou l'utilisation de paquets provenant de différents dépôts ne fonctionnera pas avec les paquets officiels préconstruits de BunkerWeb. Cependant, vous avez la possibilité de construire BunkerWeb à partir des sources.
Veuillez vous assurer que **NGINX 1.30.2 est installé avant d'installer BunkerWeb**. Pour toutes les distributions, il est obligatoire d'utiliser des paquets préconstruits à partir du [dépôt officiel NGINX](https://nginx.org/en/linux_packages.html). La compilation de NGINX à partir des sources ou l'utilisation de paquets provenant de différents dépôts ne fonctionnera pas avec les paquets officiels préconstruits de BunkerWeb. Cependant, vous avez la possibilité de construire BunkerWeb à partir des sources.
=== "Debian Bookworm/Trixie"
@ -2249,11 +2250,11 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
| sudo tee /etc/apt/sources.list.d/nginx.list
```
Vous devriez maintenant pouvoir installer NGINX 1.30.0 :
Vous devriez maintenant pouvoir installer NGINX 1.30.2 :
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Version testing/dev"
@ -2270,12 +2271,12 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
export UI_WIZARD=no
```
Et enfin, installez BunkerWeb 1.6.10~rc7 :
Et enfin, installez BunkerWeb 1.6.11~rc1 :
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Pour empêcher la mise à jour des paquets NGINX et/ou BunkerWeb lors de l'exécution de `apt upgrade`, vous pouvez utiliser la commande suivante :
@ -2297,11 +2298,11 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
| sudo tee /etc/apt/sources.list.d/nginx.list
```
Vous devriez maintenant pouvoir installer NGINX 1.30.0 :
Vous devriez maintenant pouvoir installer NGINX 1.30.2 :
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Version testing/dev"
@ -2318,12 +2319,12 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
export UI_WIZARD=no
```
Et enfin, installez BunkerWeb 1.6.10~rc7 :
Et enfin, installez BunkerWeb 1.6.11~rc1 :
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Pour empêcher la mise à jour des paquets NGINX et/ou BunkerWeb lors de l'exécution de `apt upgrade`, vous pouvez utiliser la commande suivante :
@ -2341,10 +2342,10 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
sudo dnf config-manager setopt updates-testing.enabled=1
```
Fedora fournit déjà NGINX 1.30.0, que nous prenons en charge
Fedora fournit déjà NGINX 1.30.1, que nous prenons en charge
```shell
sudo dnf install -y --allowerasing nginx-1.30.0
sudo dnf install -y --allowerasing nginx-1.30.1
```
!!! example "Désactiver l'assistant d'installation"
@ -2354,12 +2355,12 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
export UI_WIZARD=no
```
Et enfin, installez BunkerWeb 1.6.10~rc7 :
Et enfin, installez BunkerWeb 1.6.11~rc1 :
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf makecache && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Pour empêcher la mise à jour des paquets NGINX et/ou BunkerWeb lors de l'exécution de `dnf upgrade`, vous pouvez utiliser la commande suivante :
@ -2391,10 +2392,10 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
module_hotfixes=true
```
Vous devriez maintenant pouvoir installer NGINX 1.30.0 :
Vous devriez maintenant pouvoir installer NGINX 1.30.2 :
```shell
sudo dnf install --allowerasing nginx-1.30.0
sudo dnf install --allowerasing nginx-1.30.2
```
!!! example "Désactiver l'assistant d'installation"
@ -2404,12 +2405,12 @@ Veuillez vous assurer que **NGINX 1.30.0 est installé avant d'installer BunkerW
export UI_WIZARD=no
```
Enfin, installez BunkerWeb 1.6.10~rc7 :
Enfin, installez BunkerWeb 1.6.11~rc1 :
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Pour empêcher la mise à jour des paquets NGINX et/ou BunkerWeb lors de l'exécution de `dnf upgrade`, vous pouvez utiliser la commande suivante :
@ -2502,7 +2503,7 @@ En adoptant cette approche, vous pouvez profiter d'une reconfiguration en temps
L'intégration de Docker autoconf implique l'utilisation du **mode multisite**. Pour plus d'informations, reportez-vous à la [section multisite](concepts.md#multisite-mode) de la documentation.
!!! info "Backend de base de données"
Veuillez noter que nos instructions supposent que vous utilisez MariaDB comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, nous comprenons que vous préférerez peut-être utiliser d'autres backends pour votre intégration Docker. Si c'est le cas, soyez assuré que d'autres backends de base de données sont toujours possibles. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) du dépôt.
Veuillez noter que nos instructions supposent que vous utilisez MariaDB comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, nous comprenons que vous préférerez peut-être utiliser d'autres backends pour votre intégration Docker. Si c'est le cas, soyez assuré que d'autres backends de base de données sont toujours possibles. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) du dépôt.
Pour activer les mises à jour automatiques de la configuration, incluez un conteneur supplémentaire appelé `bw-autoconf` dans la pile. Ce conteneur héberge le service autoconf, qui gère les modifications de configuration dynamiques pour BunkerWeb.
@ -2516,7 +2517,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2531,7 +2532,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service
@ -2546,7 +2547,7 @@ services:
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2715,7 +2716,7 @@ Définir `AUTOCONF_DISABLE_CLEANUP=yes` sur le conteneur `bw-autoconf` modifie c
```yaml
services:
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
AUTOCONF_MODE: "yes"
AUTOCONF_DISABLE_CLEANUP: "yes" # garder les services supprimés en brouillon
@ -2751,13 +2752,13 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
- "bunkerweb.NAMESPACE=my-namespace" # Définir l'espace de noms pour l'instance BunkerWeb afin que le service autoconf puisse la détecter
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
...
NAMESPACES: "my-namespace my-other-namespace" # Écouter uniquement ces espaces de noms
@ -2808,7 +2809,7 @@ Pour une configuration optimale, il est recommandé de définir BunkerWeb en tan
Compte tenu de la présence de plusieurs instances BunkerWeb, il est nécessaire d'établir un magasin de données partagé implémenté en tant que [ service Redis](https://redis.io/) ou [Valkey](https://valkey.io/). Ce service sera utilisé par les instances pour mettre en cache et partager des données entre elles. Vous trouverez de plus amples informations sur les paramètres Redis/Valkey [ici](features.md#redis).
!!! info "Backend de base de données"
Veuillez noter que nos instructions supposent que vous utilisez MariaDB comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, nous comprenons que vous préférerez peut-être utiliser d'autres backends pour votre intégration Docker. Si c'est le cas, soyez assuré que d'autres backends de base de données sont toujours possibles. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) du dépôt.
Veuillez noter que nos instructions supposent que vous utilisez MariaDB comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, nous comprenons que vous préférerez peut-être utiliser d'autres backends pour votre intégration Docker. Si c'est le cas, soyez assuré que d'autres backends de base de données sont toujours possibles. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) du dépôt.
La configuration des backends de base de données en cluster est hors du périmètre de cette documentation.
@ -2923,7 +2924,7 @@ Le **controller BunkerWeb** découvre automatiquement les pods avec sidecars Bun
```yaml
controller:
enabled: true
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
```
2. Pour chaque sidecar, ajoutez :
@ -3016,7 +3017,7 @@ Dans votre fichier `values.yaml` du chart BunkerWeb, configurez la variable d'en
```yaml
scheduler:
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
extraEnvs:
- name: BUNKERWEB_INSTANCES
value: "http://app1-bunkerweb-workers.namespace.svc.cluster.local:5000 http://app2-bunkerweb-workers.namespace.svc.cluster.local:5000"
@ -3058,7 +3059,7 @@ spec:
# Sidecar BunkerWeb
- name: bunkerweb
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- containerPort: 8080 # Port HTTP exposé
- containerPort: 5000 # API interne (obligatoire)
@ -3302,7 +3303,7 @@ Pour ajouter une nouvelle application protégée par BunkerWeb :
#### Fichiers YAML complets
Au lieu d'utiliser la charte Helm, vous pouvez également utiliser les modèles YAML dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) du référentiel GitHub. Veuillez noter que nous vous recommandons vivement d'utiliser le tableau de barre à la place.
Au lieu d'utiliser la charte Helm, vous pouvez également utiliser les modèles YAML dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) du référentiel GitHub. Veuillez noter que nous vous recommandons vivement d'utiliser le tableau de barre à la place.
### Ressources d'entrée
@ -3450,7 +3451,7 @@ metadata:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
imagePullPolicy: Always
env:
- name: NAMESPACES
@ -3624,11 +3625,11 @@ service:
# BunkerWeb settings
bunkerweb:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# Scheduler settings
scheduler:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
extraEnvs:
# Enable real IP module to get real IP of clients
- name: USE_REAL_IP
@ -3636,11 +3637,11 @@ scheduler:
# Controller settings
controller:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# UI settings
ui:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
```
Installez BunkerWeb avec des valeurs personnalisées :
@ -4261,7 +4262,7 @@ Pour une configuration optimale, il est recommandé de planifier le **service Bu
En ce qui concerne le volume de la base de données, la documentation ne spécifie pas d'approche spécifique. Le choix d'un dossier partagé ou d'un pilote spécifique pour le volume de base de données dépend de votre cas d'utilisation unique et est laissé à la disposition du lecteur.
!!! info "Backend de base de données"
Veuillez noter que nos instructions supposent que vous utilisez MariaDB comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, nous comprenons que vous préférerez peut-être utiliser d'autres backends pour votre intégration Docker. Si c'est le cas, soyez assuré que d'autres backends de base de données sont toujours possibles. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) du dépôt.
Veuillez noter que nos instructions supposent que vous utilisez MariaDB comme backend de base de données par défaut, tel que configuré par le `DATABASE_URI` paramètre. Cependant, nous comprenons que vous préférerez peut-être utiliser d'autres backends pour votre intégration Docker. Si c'est le cas, soyez assuré que d'autres backends de base de données sont toujours possibles. Pour plus d'informations, consultez les fichiers docker-compose dans le [dossier misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) du dépôt.
La configuration des backends de base de données en cluster est hors du périmètre de cette documentation.
@ -4275,7 +4276,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -4304,7 +4305,7 @@ services:
- "bunkerweb.INSTANCE=yes" # Mandatory label for the autoconf service to identify the BunkerWeb instance
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service
@ -4325,7 +4326,7 @@ services:
- "node.role == worker"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
SWARM_MODE: "yes"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database
@ -4477,7 +4478,7 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
deploy:
mode: global
@ -4489,7 +4490,7 @@ networks:
- "bunkerweb.NAMESPACE=my-namespace" # Set the namespace for the BunkerWeb instance
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
NAMESPACES: "my-namespace my-other-namespace" # Only listen to these namespaces
...

12
docs/fr/plugins.md
View file

@ -89,7 +89,7 @@ La première étape consiste à installer le plugin en plaçant ses fichiers dan
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -125,7 +125,7 @@ La première étape consiste à installer le plugin en plaçant ses fichiers dan
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -168,7 +168,7 @@ La première étape consiste à installer le plugin en plaçant ses fichiers dan
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -215,7 +215,7 @@ La première étape consiste à installer le plugin en plaçant ses fichiers dan
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -255,7 +255,7 @@ La première étape consiste à installer le plugin en plaçant ses fichiers dan
!!! tip "Plugins existants"
Si la documentation n'est pas suffisante, vous pouvez consulter le code source existant des [plugins officiels](https://github.com/bunkerity/bunkerweb-plugins) et des [plugins core](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/common/core) (déjà inclus dans BunkerWeb mais ce sont des plugins, techniquement parlant).
Si la documentation n'est pas suffisante, vous pouvez consulter le code source existant des [plugins officiels](https://github.com/bunkerity/bunkerweb-plugins) et des [plugins core](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/common/core) (déjà inclus dans BunkerWeb mais ce sont des plugins, techniquement parlant).
À quoi ressemble la structure d'un plugin :
```
@ -560,7 +560,7 @@ end
!!! tip "Plus d'exemples"
Si vous souhaitez voir la liste complète des fonctions disponibles, vous pouvez consulter les fichiers présents dans le [répertoire lua](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/bw/lua/bunkerweb) du dépôt.
Si vous souhaitez voir la liste complète des fonctions disponibles, vous pouvez consulter les fichiers présents dans le [répertoire lua](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/bw/lua/bunkerweb) du dépôt.
### Emplois

34
docs/fr/quickstart-guide.md
View file

@ -18,7 +18,7 @@ Ce guide de démarrage rapide vous aidera à installer rapidement BunkerWeb et
Protéger les applications web existantes déjà accessibles avec le protocole HTTP(S) est l'objectif principal de BunkerWeb : il agira comme un [proxy inverse classique](https://en.wikipedia.org/wiki/Reverse_proxy) avec des fonctionnalités de sécurité supplémentaires.
Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) du dépôt pour obtenir des exemples concrets.
Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) du dépôt pour obtenir des exemples concrets.
## Configuration de base
@ -33,7 +33,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Par défaut, le conteneur expose :
@ -51,8 +51,8 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
```bash
# Download the script and its checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verify the checksum
sha256sum -c install-bunkerweb.sh.sha256
@ -93,7 +93,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -106,7 +106,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -123,7 +123,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
restart: "unless-stopped"
@ -190,7 +190,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -206,7 +206,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -224,7 +224,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bw-docker
environment:
@ -247,7 +247,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section)
@ -342,7 +342,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -372,7 +372,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- "bunkerweb.INSTANCE=yes"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -390,7 +390,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
<<: *bw-ui-env
DOCKER_HOST: "tcp://bw-docker:2375"
@ -419,7 +419,7 @@ Consultez le [dossier examples](https://github.com/bunkerity/bunkerweb/tree/v1.6
- "node.role == manager"
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section)
@ -641,7 +641,7 @@ Vous pouvez maintenant vous connecter avec le compte administrateur que vous ave
-e "www.example.com_REVERSE_PROXY_HOST=http://myapp:8080" \
-e "www.example.com_REVERSE_PROXY_URL=/" \
# --- Include any other existing environment variables for UI, Redis, CrowdSec, etc. ---
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Votre conteneur d'application (`myapp`) et le conteneur `bunkerweb-aio` doivent être sur le même réseau Docker pour que BunkerWeb puisse y accéder en utilisant le nom d'hôte `myapp`.
@ -663,7 +663,7 @@ Vous pouvez maintenant vous connecter avec le compte administrateur que vous ave
-p 443:8443/tcp \
-p 443:8443/udp \
# ... (all other relevant environment variables as shown in the main example above) ...
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Assurez-vous de remplacer `myapp` par le nom réel ou l'adresse IP de votre conteneur d'application et `http://myapp:8080` par son adresse et son port corrects.

36
docs/fr/upgrading.md
View file

@ -25,16 +25,16 @@
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -146,20 +146,20 @@
Exemples:
```bash
# Upgrade to 1.6.10~rc7 interactively (will prompt for backup)
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
# Upgrade to 1.6.11~rc1 interactively (will prompt for backup)
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Non-interactive upgrade with automatic backup to custom directory
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --backup-dir /var/backups/bw-2025-01 -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --backup-dir /var/backups/bw-2025-01 -y
# Silent unattended upgrade (logs suppressed) relies on default auto-backup
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 -y -q
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 -y -q
# Perform a dry run (plan) without applying changes
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --dry-run
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --dry-run
# Upgrade skipping automatic backup (NOT recommended)
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --no-auto-backup -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --no-auto-backup -y
```
!!! warning "Sauter les sauvegardes"
@ -239,7 +239,7 @@
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Pour empêcher le paquet BunkerWeb d'être mis à niveau lors de l'exécution de `apt upgrade`, vous pouvez utiliser la commande suivante :
@ -265,7 +265,7 @@
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Pour empêcher le paquet BunkerWeb d'être mis à niveau lors de l'exécution de `dnf upgrade`, vous pouvez utiliser la commande suivante :
@ -662,16 +662,16 @@ Nous avons ajouté une fonctionnalité d**'espace de noms** aux intégrations au
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -706,7 +706,7 @@ Nous avons ajouté une fonctionnalité d**'espace de noms** aux intégrations au
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
Pour empêcher le paquet BunkerWeb d'être mis à niveau lors de l'exécution de `apt upgrade`, vous pouvez utiliser la commande suivante :
@ -732,7 +732,7 @@ Nous avons ajouté une fonctionnalité d**'espace de noms** aux intégrations au
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
Pour empêcher le paquet BunkerWeb d'être mis à niveau lors de l'exécution de `dnf upgrade`, vous pouvez utiliser la commande suivante :

22
docs/fr/web-ui.md
View file

@ -35,7 +35,7 @@ LUI attend que le scheduler/lAPI BunkerWeb/le redis/la base soient accessi
Utilisez les images publiées et le layout du [guide de démarrage rapide](quickstart-guide.md#__tabbed_1_3) pour monter la stack, puis terminez la configuration dans le navigateur.
```bash
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.10~rc7-rc1/misc/integrations/docker-compose.yml up -d
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.11~rc1-rc1/misc/integrations/docker-compose.yml up -d
```
Ouvrez le nom dhôte du scheduler (par ex. `https://www.example.com/changeme`) et lancez lassistant `/setup` pour configurer lUI, le scheduler et linstance.
@ -52,7 +52,7 @@ LUI attend que le scheduler/lAPI BunkerWeb/le redis/la base soient accessi
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -63,7 +63,7 @@ LUI attend que le scheduler/lAPI BunkerWeb/le redis/la base soient accessi
networks: [bw-universe, bw-services]
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *service-env
BUNKERWEB_INSTANCES: "bunkerweb"
@ -83,7 +83,7 @@ LUI attend que le scheduler/lAPI BunkerWeb/le redis/la base soient accessi
networks: [bw-universe, bw-db]
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *service-env
ADMIN_USERNAME: "admin"
@ -168,6 +168,18 @@ LUI attend que le scheduler/lAPI BunkerWeb/le redis/la base soient accessi
- Sessions: durée dinactivité par défaut 12 h (`SESSION_LIFETIME_HOURS`), rafraîchie à chaque requête. Un plafond absolu est imposé par `SESSION_ABSOLUTE_HOURS` (par défaut `168` = 7 jours) — au-delà, les utilisateurs sont déconnectés quelle que soit leur activité. Rotation optionnelle de lidentifiant de session (`SESSION_ROLLING_HOURS`, par défaut `0` = désactivée) régénère le SID à cet intervalle. Sessions liées à lIP et au User-Agent ; `CHECK_PRIVATE_IP=no` relâche le contrôle dIP pour les plages privées uniquement. `ALWAYS_REMEMBER=yes` force les cookies persistants.
- Pensez à régler `PROXY_NUMBERS` si plusieurs proxies ajoutent des `X-Forwarded-*`.
!!! tip "Mot de passe administrateur pré-haché"
`ADMIN_PASSWORD` accepte un **hash bcrypt** (`$2a$`/`$2b$`/`$2y$`) et le stocke tel quel : le texte en clair ne reste pas dans vos fichiers denvironnement ni secrets. La politique de robustesse est ignorée (vous êtes responsable du mot de passe source) ; un coût inférieur à 12 émet un avertissement. Uniquement en création par environnement et `OVERRIDE_ADMIN_CREDS` ; lassistant et le profil exigent toujours du texte en clair.
Générer un hash :
```bash
python3 -c "import bcrypt; print(bcrypt.hashpw(b'Str0ng&P@ss!', bcrypt.gensalt(rounds=13)).decode())"
```
!!! warning "Un hash incorrect vous verrouille"
Nutilisez un hash que si vous connaissez son texte en clair. Un hash valide mais incorrect à la première création est irréversible et un redémarrage ne le corrige pas. Récupérez avec un `ADMIN_PASSWORD` différent et `OVERRIDE_ADMIN_CREDS=yes`.
## Sources de configuration et priorité
1. Variables denvironnement (y compris `environment:` Docker/Compose)
@ -200,7 +212,7 @@ LUI attend que le scheduler/lAPI BunkerWeb/le redis/la base soient accessi
| Paramètre | Description | Valeurs acceptées | Défaut |
| ------------------------------------------- | --------------------------------------------------------------------------------- | ------------------------- | ------------------------- |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Initialiser le compte admin (politique de mot de passe) | Chaînes | non définis |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Initialiser le compte admin (politique de mot de passe ; `ADMIN_PASSWORD` accepte aussi un hash bcrypt, stocké tel quel) | Chaînes / hash bcrypt | non définis |
| `OVERRIDE_ADMIN_CREDS` | Forcer la mise à jour des identifiants admin depuis lenv | `yes` ou `no` | `no` |
| `FLASK_SECRET` | Secret de signature de session (persisté dans `/var/lib/bunkerweb/.flask_secret`) | Chaîne hex/base64/opacité | généré automatiquement |
| `TOTP_ENCRYPTION_KEYS` (`TOTP_SECRETS`) | Clés de chiffrement TOTP (espaces ou map JSON) | Chaînes / JSON | générées si absent |

129
docs/integrations.md
View file

@ -1275,7 +1275,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
By default, the container exposes:
@ -1302,7 +1302,7 @@ A named volume (or bind mount) is required to persist the SQLite database, cache
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
ports:
- "80:8080/tcp"
@ -1374,7 +1374,7 @@ docker run -d \
-e API_PASSWORD=StrongP@ssw0rd \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
-p 8888:8888/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Recommended (behind BunkerWeb) — do not publish `8888`; reverseproxy it instead:
@ -1382,7 +1382,7 @@ Recommended (behind BunkerWeb) — do not publish `8888`; reverseproxy it ins
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
ports:
- "80:8080/tcp"
@ -1458,7 +1458,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* When `USE_CROWDSEC=yes`, the entrypoint will:
@ -1513,7 +1513,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
!!! info "How it works internally"
@ -1535,7 +1535,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Notes:
@ -1571,7 +1571,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* **Local registration** is skipped when `CROWDSEC_API` is not `127.0.0.1` or `localhost`.
@ -1605,13 +1605,13 @@ By accessing these prebuilt images from Docker Hub, you can quickly pull and run
Whether you're conducting tests, developing applications, or deploying BunkerWeb in production, the Docker containerization option provides flexibility and ease of use. Embracing this method empowers you to take full advantage of BunkerWeb's features while leveraging the benefits of Docker technology.
```shell
docker pull bunkerity/bunkerweb:1.6.10-rc7
docker pull bunkerity/bunkerweb:1.6.11-rc1
```
Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address:
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.6.10-rc7
docker pull ghcr.io/bunkerity/bunkerweb:1.6.11-rc1
```
Key concepts for Docker integration include:
@ -1621,7 +1621,7 @@ Key concepts for Docker integration include:
- **Networks**: Docker networks play a vital role in the integration of BunkerWeb. These networks serve two main purposes: exposing ports to clients and connecting to upstream web services. By exposing ports, BunkerWeb can accept incoming requests from clients, allowing them to access the protected web services. Additionally, by connecting to upstream web services, BunkerWeb can efficiently route and manage traffic, providing enhanced security and performance.
!!! info "Database backend"
Please note that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, other database backends are also supported. See the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) of the repository for more information.
Please note that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, other database backends are also supported. See the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) of the repository for more information.
### Environment variables
@ -1631,7 +1631,7 @@ Settings are passed to the Scheduler using Docker environment variables:
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- MY_SETTING=value
- ANOTHER_SETTING=another value
@ -1675,7 +1675,7 @@ This ensures sensitive settings are kept out of the environment and logs.
The [scheduler](concepts.md#scheduler) runs in its own container, which is also available on Docker Hub:
```shell
docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
docker pull bunkerity/bunkerweb-scheduler:1.6.11-rc1
```
!!! info "BunkerWeb settings"
@ -1696,7 +1696,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
environment:
# This will set the API settings for the BunkerWeb container
<<: *bw-api-env
@ -1705,7 +1705,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
- bw-universe
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
# This will set the API settings for the Scheduler container
<<: *bw-api-env
@ -1723,7 +1723,7 @@ A volume is needed to store the SQLite database and backups used by the schedule
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1792,6 +1792,7 @@ The scheduler is the control-plane worker that reads settings, renders configs,
| `DISABLE_CONFIGURATION_TESTING` | Skip config tests before applying | `yes` or `no` | `no` |
| `IGNORE_FAIL_SENDING_CONFIG` | Proceed even if some instances fail to receive a config | `yes` or `no` | `no` |
| `IGNORE_REGEX_CHECK` | Skip regex validation for settings (shared with autoconf) | `yes` or `no` | `no` |
| `SCHEDULER_MAX_WORKERS` | Max worker threads in the scheduler's job executor. Each running thread can hold one DB connection, so this caps scheduler-side DB-pool pressure. A startup warning is emitted if the resolved value exceeds `DATABASE_POOL_SIZE` + `DATABASE_POOL_MAX_OVERFLOW`. | Positive integer | `min(8, max(2, cpu_count*2))` |
| `TZ` | Time zone for scheduler logs, cron-like jobs, backups, and timestamps | TZ database name (e.g., `UTC`, `Europe/Paris`) | unset (container default, usually UTC) |
##### Database
@ -1869,7 +1870,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1882,7 +1883,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance
@ -1915,7 +1916,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1928,7 +1929,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
depends_on:
- bunkerweb
environment:
@ -1994,8 +1995,8 @@ To get started, download the installation script and its checksum, then verify t
```bash
# Download the script and its checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verify the checksum
sha256sum -c install-bunkerweb.sh.sha256
@ -2075,7 +2076,7 @@ For non-interactive or automated setups, the script can be controlled with comma
| Option | Description |
| ----------------------- | --------------------------------------------------------------------- |
| `-v, --version VERSION` | Specifies the BunkerWeb version to install (e.g., `1.6.10~rc7`). |
| `-v, --version VERSION` | Specifies the BunkerWeb version to install (e.g., `1.6.11~rc1`). |
| `-w, --enable-wizard` | Enables the setup wizard. |
| `-n, --no-wizard` | Disables the setup wizard. |
| `-y, --yes` | Runs in non-interactive mode using default answers for all prompts. |
@ -2187,7 +2188,7 @@ sudo ./install-bunkerweb.sh --yes
sudo ./install-bunkerweb.sh --worker --no-wizard
# Install a specific version
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Manager setup with remote worker instances (optional at install time)
sudo ./install-bunkerweb.sh --manager --instances "192.168.1.10 192.168.1.11"
@ -2347,7 +2348,7 @@ Depending on your installation type:
### Installation using package manager
Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb**. For all distributions, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
Please ensure that you have **NGINX 1.30.2 installed before installing BunkerWeb**. For all distributions, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
=== "Debian Bookworm/Trixie"
@ -2362,11 +2363,11 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
| sudo tee /etc/apt/sources.list.d/nginx.list
```
You should now be able to install NGINX 1.30.0:
You should now be able to install NGINX 1.30.2:
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Testing/dev version"
@ -2383,12 +2384,12 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
export UI_WIZARD=no
```
And finally install BunkerWeb 1.6.10~rc7:
And finally install BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command:
@ -2410,11 +2411,11 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
| sudo tee /etc/apt/sources.list.d/nginx.list
```
You should now be able to install NGINX 1.30.0:
You should now be able to install NGINX 1.30.2:
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "Testing/dev version"
@ -2431,12 +2432,12 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
export UI_WIZARD=no
```
And finally install BunkerWeb 1.6.10~rc7:
And finally install BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command:
@ -2454,10 +2455,10 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
sudo dnf config-manager setopt updates-testing.enabled=1
```
Fedora already provides NGINX 1.30.0 that we support
Fedora already provides NGINX 1.30.1 that we support
```shell
sudo dnf install -y --allowerasing nginx-1.30.0
sudo dnf install -y --allowerasing nginx-1.30.1
```
!!! example "Disable the setup wizard"
@ -2467,12 +2468,12 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
export UI_WIZARD=no
```
And finally install BunkerWeb 1.6.10~rc7:
And finally install BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf makecache && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command:
@ -2504,10 +2505,10 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
module_hotfixes=true
```
You should now be able to install NGINX 1.30.0:
You should now be able to install NGINX 1.30.2:
```shell
sudo dnf install --allowerasing nginx-1.30.0
sudo dnf install --allowerasing nginx-1.30.2
```
!!! example "Disable the setup wizard"
@ -2517,12 +2518,12 @@ Please ensure that you have **NGINX 1.30.0 installed before installing BunkerWeb
export UI_WIZARD=no
```
And finally install BunkerWeb 1.6.10~rc7:
And finally install BunkerWeb 1.6.11~rc1:
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command:
@ -2615,7 +2616,7 @@ By adopting this approach, you can enjoy real-time reconfiguration of BunkerWeb
The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](concepts.md#multisite-mode) of the documentation for more information.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) of the repository for more information.
To enable automated configuration updates, include an additional container called `bw-autoconf` in the stack. This container hosts the autoconf service, which manages dynamic configuration changes for BunkerWeb.
@ -2629,7 +2630,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2644,7 +2645,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service
@ -2659,7 +2660,7 @@ services:
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2827,7 +2828,7 @@ Setting `AUTOCONF_DISABLE_CLEANUP=yes` on the `bw-autoconf` container changes th
```yaml
services:
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
AUTOCONF_MODE: "yes"
AUTOCONF_DISABLE_CLEANUP: "yes" # keep removed services as drafts
@ -2863,13 +2864,13 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
- "bunkerweb.NAMESPACE=my-namespace" # Set the namespace for the BunkerWeb instance so the autoconf service can detect it
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
...
NAMESPACES: "my-namespace my-other-namespace" # Only listen to these namespaces
@ -2929,7 +2930,7 @@ Further information about the Redis/Valkey settings can be found [here](features
as configured by the `DATABASE_URI` setting.
However, we understand that you may prefer to utilize alternative backends for your Docker integration.
If that is the case, rest assured that other database backends are still possible.
See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations)
See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations)
of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
@ -3046,7 +3047,7 @@ The **BunkerWeb controller** automatically discovers pods with BunkerWeb sidecar
```yaml
controller:
enabled: true
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
```
2. For each sidecar, add:
@ -3139,7 +3140,7 @@ In your BunkerWeb chart `values.yaml`, configure the `BUNKERWEB_INSTANCES` envir
```yaml
scheduler:
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
extraEnvs:
- name: BUNKERWEB_INSTANCES
value: "http://app1-bunkerweb-workers.namespace.svc.cluster.local:5000 http://app2-bunkerweb-workers.namespace.svc.cluster.local:5000"
@ -3183,7 +3184,7 @@ spec:
# BunkerWeb Sidecar
- name: bunkerweb
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- containerPort: 8080 # Exposed HTTP port
- containerPort: 5000 # Internal API (mandatory)
@ -3454,7 +3455,7 @@ To add a new application protected by BunkerWeb:
#### Full YAML files
Instead of using the helm chart, you can also use the YAML boilerplates inside the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) of the GitHub repository. Please note that we highly recommend to use the helm chart instead.
Instead of using the helm chart, you can also use the YAML boilerplates inside the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) of the GitHub repository. Please note that we highly recommend to use the helm chart instead.
### Ingress resources
@ -3602,7 +3603,7 @@ metadata:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
imagePullPolicy: Always
env:
- name: NAMESPACES
@ -3776,11 +3777,11 @@ service:
# BunkerWeb settings
bunkerweb:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# Scheduler settings
scheduler:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
extraEnvs:
# Enable real IP module to get real IP of clients
- name: USE_REAL_IP
@ -3788,11 +3789,11 @@ scheduler:
# Controller settings
controller:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# UI settings
ui:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
```
Install BunkerWeb with custom values:
@ -4413,7 +4414,7 @@ Since multiple instances of BunkerWeb are running, a shared data store implement
As for the database volume, the documentation does not specify a specific approach. Choosing either a shared folder or a specific driver for the database volume is dependent on your unique use-case and is left as an exercise for the reader.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
@ -4427,7 +4428,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -4456,7 +4457,7 @@ services:
- "bunkerweb.INSTANCE=yes" # Mandatory label for the autoconf service to identify the BunkerWeb instance
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service
@ -4477,7 +4478,7 @@ services:
- "node.role == worker"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
SWARM_MODE: "yes"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database
@ -4629,7 +4630,7 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
deploy:
mode: global
@ -4641,7 +4642,7 @@ networks:
- "bunkerweb.NAMESPACE=my-namespace" # Set the namespace for the BunkerWeb instance
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
NAMESPACES: "my-namespace my-other-namespace" # Only listen to these namespaces
...

12
docs/plugins.md
View file

@ -89,7 +89,7 @@ The first step is to install the plugin by placing its files inside the correspo
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -125,7 +125,7 @@ The first step is to install the plugin by placing its files inside the correspo
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -168,7 +168,7 @@ The first step is to install the plugin by placing its files inside the correspo
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -215,7 +215,7 @@ The first step is to install the plugin by placing its files inside the correspo
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -255,7 +255,7 @@ The first step is to install the plugin by placing its files inside the correspo
!!! tip "Existing plugins"
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
What a plugin structure looks like:
```
@ -563,7 +563,7 @@ end
!!! tip "More examples"
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/bw/lua/bunkerweb) of the repository.
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/bw/lua/bunkerweb) of the repository.
### Jobs

34
docs/quickstart-guide.md
View file

@ -18,7 +18,7 @@ This quickstart guide will help you to quickly install BunkerWeb and secure a we
Protecting existing web applications already accessible with the HTTP(S) protocol is the main goal of BunkerWeb: it will act as a classical [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) with extra security features.
See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) of the repository to get real-world examples.
See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) of the repository to get real-world examples.
## Basic setup
@ -33,7 +33,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
By default, the container exposes:
@ -51,8 +51,8 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
```bash
# Download the script and its checksum
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# Verify the checksum
sha256sum -c install-bunkerweb.sh.sha256
@ -93,7 +93,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -106,7 +106,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -123,7 +123,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
restart: "unless-stopped"
@ -190,7 +190,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -206,7 +206,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -224,7 +224,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bw-docker
environment:
@ -247,7 +247,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section)
@ -342,7 +342,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -372,7 +372,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- "bunkerweb.INSTANCE=yes"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -390,7 +390,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
<<: *bw-ui-env
DOCKER_HOST: "tcp://bw-docker:2375"
@ -419,7 +419,7 @@ See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc
- "node.role == manager"
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section)
@ -641,7 +641,7 @@ You can now log in with the administrator account you created during the setup w
-e "www.example.com_REVERSE_PROXY_HOST=http://myapp:8080" \
-e "www.example.com_REVERSE_PROXY_URL=/" \
# --- Include any other existing environment variables for UI, Redis, CrowdSec, etc. ---
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Your application container (`myapp`) and the `bunkerweb-aio` container must be on the same Docker network for BunkerWeb to reach it using the hostname `myapp`.
@ -663,7 +663,7 @@ You can now log in with the administrator account you created during the setup w
-p 443:8443/tcp \
-p 443:8443/udp \
# ... (all other relevant environment variables as shown in the main example above) ...
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
Make sure to replace `myapp` with the actual name or IP of your application container and `http://myapp:8080` with its correct address and port.

30
docs/requirements.txt
View file

@ -249,9 +249,9 @@ charset-normalizer==3.4.7 \
--hash=sha256:fbccdc05410c9ee21bbf16a35f4c1d16123dcdeb8a1d38f33654fa21d0234f79 \
--hash=sha256:fea24543955a6a729c45a73fe90e08c743f0b3334bbf3201e6c4bc1b0c7fa464
# via requests
click==8.3.3 \
--hash=sha256:398329ad4837b2ff7cbe1dd166a4c0f8900c3ca3a218de04466f38f6497f18a2 \
--hash=sha256:a2bf429bb3033c89fa4936ffb35d5cb471e3719e1f3c8a7c3fff0b8314305613
click==8.4.0 \
--hash=sha256:40c50b7c6c6adac2823d411041ec84f3f103f1b280d5e9ce0d7f998995832f81 \
--hash=sha256:638f1338fe1235c8f4e008e4a8a254fb5c5fbdcbb40ece3c9142ebb78e792973
# via mkdocs
colorama==0.4.6 \
--hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
@ -275,9 +275,9 @@ ghp-import==2.1.0 \
--hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \
--hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343
# via mkdocs
idna==3.14 \
--hash=sha256:466d810d7a2cc1022bea9b037c39728d51ae7dad40d480fc9b7d7ecf98ba8ee3 \
--hash=sha256:e677eaf072e290f7b725f9acf0b3a2bd55f9fd6f7c70abe5f0e34823d0accf69
idna==3.15 \
--hash=sha256:048adeaf8c2d788c40fee287673ccaa74c24ffd8dcf09ffa555a2fbb59f10ac8 \
--hash=sha256:ca962446ea538f7092a95e057da437618e886f4d349216d2b1e294abfdb65fdc
# via requests
jinja2==3.1.6 \
--hash=sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d \
@ -557,9 +557,9 @@ pygments==2.20.0 \
--hash=sha256:6757cd03768053ff99f3039c1a36d6c0aa0b263438fcab17520b30a303a82b5f \
--hash=sha256:81a9e26dd42fd28a23a2d169d86d7ac03b46e2f8b59ed4698fb4785f946d0176
# via mkdocs-material
pymdown-extensions==10.21.2 \
--hash=sha256:5c0fd2a2bea14eb39af8ff284f1066d898ab2187d81b889b75d46d4348c01638 \
--hash=sha256:c3f55a5b8a1d0edf6699e35dcbea71d978d34ff3fa79f3d807b8a5b3fa90fbdc
pymdown-extensions==10.21.3 \
--hash=sha256:72cfcf55f07aea0d4af2c4f11dd4e52466ddfb1bb819673146398e0bd3a77354 \
--hash=sha256:d7a5d08014fc571e80ca21dd6f854e31f94c489800350564d55d15b3c41e76b6
# via mkdocs-material
pyparsing==3.3.2 \
--hash=sha256:850ba148bd908d7e2411587e247a1e4f0327839c40e2e5e6d05a007ecc69911d \
@ -665,9 +665,9 @@ pyyaml-env-tag==1.1 \
# via
# mike
# mkdocs
requests==2.33.1 \
--hash=sha256:18817f8c57c6263968bc123d237e3b8b08ac046f5456bd1e307ee8f4250d3517 \
--hash=sha256:4e6d1ef462f3626a1f0a0a9c42dd93c63bad33f9f1c1937509b8c5c8718ab56a
requests==2.34.2 \
--hash=sha256:2a0d60c172f83ac6ab31e4554906c0f3b3588d37b5cb939b1c061f4907e278e0 \
--hash=sha256:f288924cae4e29463698d6d60bc6a4da69c89185ad1e0bcc4104f584e960b9ed
# via
# cssselect2
# tinycss2
@ -681,9 +681,9 @@ six==1.17.0 \
--hash=sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 \
--hash=sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81
# via python-dateutil
tabledata==1.3.4 \
--hash=sha256:1f56e433bfdeb89f4487abfa48c4603a3b07c5d3a3c7e05ff73dd018c24bd0d4 \
--hash=sha256:e9649cab129d718f3bff4150083b77f8a78c30f6634a30caf692b10fdc60cb97
tabledata==1.3.5 \
--hash=sha256:98c64d0ad6b520846b41000fb3f5b2f42fa7ca2675c2c669e5ccab6b93082a36 \
--hash=sha256:a1e57afc4767b51bef551114c0df31f205d712dbb75e3caf9be7834a79f23136
# via pytablewriter
tcolorpy==0.1.7 \
--hash=sha256:0fbf6bf238890bbc2e32662aa25736769a29bf6d880328f310c910a327632614 \

36
docs/upgrading.md
View file

@ -25,16 +25,16 @@
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -146,20 +146,20 @@
Examples:
```bash
# Upgrade to 1.6.10~rc7 interactively (will prompt for backup)
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
# Upgrade to 1.6.11~rc1 interactively (will prompt for backup)
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# Non-interactive upgrade with automatic backup to custom directory
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --backup-dir /var/backups/bw-2025-01 -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --backup-dir /var/backups/bw-2025-01 -y
# Silent unattended upgrade (logs suppressed) relies on default auto-backup
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 -y -q
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 -y -q
# Perform a dry run (plan) without applying changes
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --dry-run
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --dry-run
# Upgrade skipping automatic backup (NOT recommended)
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --no-auto-backup -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --no-auto-backup -y
```
!!! warning "Skipping backups"
@ -239,7 +239,7 @@
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
To prevent the BunkerWeb package from upgrading when executing `apt upgrade`, you can use the following command :
@ -265,7 +265,7 @@
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
To prevent the BunkerWeb package from upgrading when executing `dnf upgrade`, you can use the following command :
@ -662,16 +662,16 @@ We added a **namespace** feature to the autoconf integrations. Namespaces allow
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -706,7 +706,7 @@ We added a **namespace** feature to the autoconf integrations. Namespaces allow
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
To prevent the BunkerWeb package from upgrading when executing `apt upgrade`, you can use the following command :
@ -732,7 +732,7 @@ We added a **namespace** feature to the autoconf integrations. Namespaces allow
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
To prevent the BunkerWeb package from upgrading when executing `dnf upgrade`, you can use the following command :

20
docs/web-ui.md
View file

@ -47,7 +47,7 @@ The UI expects the scheduler/(BunkerWeb) API/redis/database stack to be reachabl
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -62,7 +62,7 @@ The UI expects the scheduler/(BunkerWeb) API/redis/database stack to be reachabl
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *service-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -86,7 +86,7 @@ The UI expects the scheduler/(BunkerWeb) API/redis/database stack to be reachabl
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *service-env
ADMIN_USERNAME: "admin"
@ -189,6 +189,18 @@ The UI expects the scheduler/(BunkerWeb) API/redis/database stack to be reachabl
- Sessions: default idling lifetime is 12h (`SESSION_LIFETIME_HOURS`), refreshed on every request. A hard absolute cap is enforced by `SESSION_ABSOLUTE_HOURS` (default `168` = 7 days) — past it, users are logged out regardless of activity. Optional session ID rotation (`SESSION_ROLLING_HOURS`, default `0` = disabled) regenerates the session ID at that interval. Sessions are pinned to IP and User-Agent; `CHECK_PRIVATE_IP=no` relaxes the IP check for private ranges only. `ALWAYS_REMEMBER=yes` always sets persistent cookies.
- Remember to set `PROXY_NUMBERS` if multiple proxies append `X-Forwarded-*` headers.
!!! tip "Pre-hashed admin password"
`ADMIN_PASSWORD` accepts a **bcrypt hash** (`$2a$`/`$2b$`/`$2y$`) and stores it as-is, keeping the plaintext out of your env files and secrets. The strength policy is skipped (you own the source password); cost below 12 logs a warning. Env create and `OVERRIDE_ADMIN_CREDS` only; the wizard and profile page still need plaintext.
Generate a hash:
```bash
python3 -c "import bcrypt; print(bcrypt.hashpw(b'Str0ng&P@ss!', bcrypt.gensalt(rounds=13)).decode())"
```
!!! warning "A wrong hash locks you out"
Use a hash only if you know its plaintext. A valid-but-wrong hash on first creation can't be reversed and a restart won't fix it. Recover with a different `ADMIN_PASSWORD` plus `OVERRIDE_ADMIN_CREDS=yes`.
## Configuration sources and precedence
1. Environment variables (including Docker/Compose `environment:`)
@ -221,7 +233,7 @@ The UI expects the scheduler/(BunkerWeb) API/redis/database stack to be reachabl
| Setting | Description | Accepted values | Default |
| ------------------------------------------- | ------------------------------------------------------------------------ | ------------------------ | ------------------------- |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Seed admin account (password policy enforced) | Strings | unset |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | Seed admin account (password policy enforced; `ADMIN_PASSWORD` also accepts a bcrypt hash, stored as-is) | Strings / bcrypt hash | unset |
| `OVERRIDE_ADMIN_CREDS` | Force updating admin credentials from env | `yes` or `no` | `no` |
| `FLASK_SECRET` | Session signing secret (persisted to `/var/lib/bunkerweb/.flask_secret`) | Hex/base64/opaque string | auto-generated |
| `TOTP_ENCRYPTION_KEYS` (`TOTP_SECRETS`) | Encryption keys for TOTP secrets (space-separated or JSON map) | Strings / JSON | auto-generated if missing |

110
docs/zh/advanced.md
View file

@ -1,8 +1,8 @@
# 高级用法
GitHub 仓库的 [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) 文件夹中提供了许多真实世界的用例示例。
GitHub 仓库的 [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) 文件夹中提供了许多真实世界的用例示例。
我们还提供了许多样板文件,例如用于各种集成和数据库类型的 YAML 文件。这些都可以在 [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations) 文件夹中找到。
我们还提供了许多样板文件,例如用于各种集成和数据库类型的 YAML 文件。这些都可以在 [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations) 文件夹中找到。
本节仅关注高级用法和安全调整,请参阅文档的[功能部分](features.md)以查看所有可用的设置。
@ -85,7 +85,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
请注意,如果您的容器已经创建,您需要删除并重新创建它,以便更新新的环境变量。
@ -96,7 +96,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -104,7 +104,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -121,7 +121,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -129,7 +129,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -176,7 +176,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -184,7 +184,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
REAL_IP_HEADER: "X-Forwarded-For"
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -249,7 +249,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
请注意,如果您的容器已经创建,您需要删除并重新创建它,以便更新新的环境变量。
@ -260,7 +260,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -270,7 +270,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -288,7 +288,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -298,7 +298,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -350,7 +350,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
```yaml
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -360,7 +360,7 @@ BunkerWeb 实际上支持两种方法来检索客户端的真实 IP 地址:
...
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
USE_REAL_IP: "yes"
@ -485,8 +485,8 @@ Manager 是集群的大脑,运行 Scheduler、数据库以及可选的 Web 界
```bash
# 下载脚本及校验文件
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# 校验完整性
sha256sum -c install-bunkerweb.sh.sha256
@ -588,7 +588,7 @@ Manager 是集群的大脑,运行 Scheduler、数据库以及可选的 Web 界
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: "192.168.1.11 192.168.1.12" # 替换为 Worker IP
@ -607,7 +607,7 @@ Manager 是集群的大脑,运行 Scheduler、数据库以及可选的 Web 界
- bw-redis
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
ports:
- "7000:7000" # 暴露 UI 端口
environment:
@ -690,7 +690,7 @@ Worker 负责处理进入的流量。
```yaml title="docker-compose.yml"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -995,7 +995,7 @@ systemctl status systemd-resolved
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1023,7 +1023,7 @@ systemctl status systemd-resolved
- bw-dns
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1034,7 +1034,7 @@ systemctl status systemd-resolved
- bw-dns
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
DNS_RESOLVERS: "dnsmasq"
@ -1148,7 +1148,7 @@ systemctl status systemd-resolved
}" \
-p 80:8080/tcp \
-p 443:8443/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
请注意,如果您的容器已经创建,您需要删除并重新创建它,以便应用新的环境变量。
@ -1188,7 +1188,7 @@ systemctl status systemd-resolved
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Docker"
@ -1211,7 +1211,7 @@ systemctl status systemd-resolved
```yaml
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1254,7 +1254,7 @@ systemctl status systemd-resolved
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1324,7 +1324,7 @@ systemctl status systemd-resolved
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -1553,7 +1553,7 @@ BunkerWeb 能够作为**通用的 UDP/TCP 反向代理**,让您可以保护任
-p 443:8443/udp \
-p 10000:10000/tcp \
-p 20000:20000/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
请注意,如果您的容器已经创建,您需要删除并重新创建它,以便应用新的环境变量。
@ -1576,7 +1576,7 @@ BunkerWeb 能够作为**通用的 UDP/TCP 反向代理**,让您可以保护任
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # 如果您想在使用 http 挑战类型时使用 Let's Encrypt 自动化,请保留此项
- "10000:10000" # app1
@ -1591,7 +1591,7 @@ BunkerWeb 能够作为**通用的 UDP/TCP 反向代理**,让您可以保护任
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # 此设置是指定 BunkerWeb 实例所必需的
@ -1642,7 +1642,7 @@ BunkerWeb 能够作为**通用的 UDP/TCP 反向代理**,让您可以保护任
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080" # 如果您想在使用 http 挑战类型时使用 Let's Encrypt 自动化,请保留此项
- "10000:10000" # app1
@ -1872,7 +1872,7 @@ BunkerWeb 能够作为**通用的 UDP/TCP 反向代理**,让您可以保护任
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
# 如果您想在使用 http 挑战类型时使用 Let's Encrypt 自动化,请保留此项
- published: 80
@ -2002,7 +2002,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
请注意,如果您的容器已经创建,您需要删除并重新创建它,以便应用新的环境变量。
@ -2046,7 +2046,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2061,7 +2061,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # 此设置是指定 BunkerWeb 实例所必需的
@ -2155,7 +2155,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -2168,7 +2168,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "" # 我们不需要在这里指定 BunkerWeb 实例,因为它们由 autoconf 服务自动检测
@ -2183,7 +2183,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2423,7 +2423,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
volumes:
- /shared/www:/var/www/html
...
@ -2522,7 +2522,7 @@ BunkerWeb 支持使用外部或远程的 [PHP-FPM](https://www.php.net/manual/en
```yaml
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
USE_IPv6: "yes"
@ -2664,7 +2664,7 @@ LOG_LEVEL_1=error
services:
bunkerweb:
# 这将是用于在调度程序中识别实例的名称
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2677,7 +2677,7 @@ LOG_LEVEL_1=error
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # 确保设置正确的实例名称
@ -2694,7 +2694,7 @@ LOG_LEVEL_1=error
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
volumes:
@ -2858,7 +2858,7 @@ log {
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
logging:
driver: "json-file"
options:
@ -2967,7 +2967,7 @@ BunkerWeb 提供了许多安全功能,您可以通过[功能](features.md)进
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
如果容器已存在,请重新创建以应用新的环境变量。
@ -2978,7 +2978,7 @@ BunkerWeb 提供了许多安全功能,您可以通过[功能](features.md)进
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -2997,7 +2997,7 @@ BunkerWeb 提供了许多安全功能,您可以通过[功能](features.md)进
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3040,7 +3040,7 @@ BunkerWeb 提供了许多安全功能,您可以通过[功能](features.md)进
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
environment:
HTTP_PROXY: "http://proxy.example.local:3128"
@ -3339,12 +3339,12 @@ S3 备份工具可以无缝地自动化数据保护,类似于社区备份插
### Docker Compose 示例
完整示例可在 [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples/mcp-stack) 中找到:
完整示例可在 [`examples/mcp-stack/`](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples/mcp-stack) 中找到:
```yaml
services:
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
API_TOKEN: "my-bearer-token-for-mcp"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db"
@ -4206,11 +4206,11 @@ BunkerWeb 模板使用 [lua-resty-template](https://github.com/bungle/lua-resty-
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
# ... 其他设置(自定义页面无需在此处设置环境变量)
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./templates:/custom_templates:ro
environment:
@ -4293,7 +4293,7 @@ BunkerWeb 模板使用 [lua-resty-template](https://github.com/bungle/lua-resty-
spec:
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
env:
- name: CUSTOM_ERROR_PAGE
value: "/custom_templates/error.html"

8
docs/zh/api.md
View file

@ -41,7 +41,7 @@ BunkerWeb API 是用于管理实例、服务、封禁、插件、任务和自定
services:
bunkerweb:
# 调度器识别实例的名称
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -54,7 +54,7 @@ BunkerWeb API 是用于管理实例、服务、封禁、插件、任务和自定
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # 确保填写正确的实例名
@ -76,7 +76,7 @@ BunkerWeb API 是用于管理实例、服务、封禁、插件、任务和自定
- bw-db
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
<<: *bw-env
API_USERNAME: "admin"
@ -143,7 +143,7 @@ BunkerWeb API 是用于管理实例、服务、封禁、插件、任务和自定
-e SERVICE_API=yes \
-e API_WHITELIST_IPS="127.0.0.0/8" \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
=== "Linux"

4
docs/zh/concepts.md
View file

@ -105,7 +105,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no
!!! info "更进一步"
您将在文档的[高级用法](advanced.md)和仓库的 [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) 目录中找到多站点模式的具体示例。
您将在文档的[高级用法](advanced.md)和仓库的 [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) 目录中找到多站点模式的具体示例。
## 自定义配置 {#custom-configurations}
@ -126,7 +126,7 @@ BunkerWeb 的另一个不可或缺的组件是 ModSecurity Web 应用程序防
!!! info "更进一步"
您将在文档的[高级用法](advanced.md#custom-configurations)和仓库的 [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples) 目录中找到自定义配置的具体示例。
您将在文档的[高级用法](advanced.md#custom-configurations)和仓库的 [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples) 目录中找到自定义配置的具体示例。
## 数据库

40
docs/zh/features.md
View file

@ -575,6 +575,7 @@ BunkerWeb 允许您指定某些用户、IP 或请求应完全绕过 antibot 挑
- 在生产环境中为 `ANTIBOT_CAPJS_FRONTEND_URL` 使用 HTTPS。浏览器 worker 需要在安全上下文中使用 `crypto.subtle`HTTPS 也能防止小组件加载过程中的 MITM 篡改。
- 在 Cap.js 站点密钥上配置 CORS以允许受保护的来源。
- 将 `ANTIBOT_CAPJS_FRONTEND_URL``ANTIBOT_CAPJS_BACKEND_URL` 都设置为仅 originscheme、host 和可选端口,不包含路径。
- 请使用 Cap.js 小组件 **0.1.48 或更高版本**。BunkerWeb 下发严格的基于 nonce 的 CSP较旧的小组件会破坏 instrumentation 挑战,因为隔离 `srcdoc` iframe 内注入的内联 `<script>` 不会传递 nonce。如果您自托管 `tiago2/cap`,请固定到较新的标签(如 `tiago2/cap:3.1.2` 或更高),或将 `WIDGET_VERSION` 设置为 `0.1.48` 或更高。
有关其他配置选项,请参阅[通用设置](#通用设置)。
@ -1864,7 +1865,7 @@ CrowdSec 是一种现代的开源安全引擎,它基于行为分析和社区
services:
bunkerweb:
# 这是将用于在调度器中识别实例的名称
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1881,7 +1882,7 @@ CrowdSec 是一种现代的开源安全引擎,它基于行为分析和社区
syslog-address: "udp://10.20.30.254:514" # syslog 服务的 IP 地址
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # 确保设置正确的实例名称
@ -1915,7 +1916,7 @@ CrowdSec 是一种现代的开源安全引擎,它基于行为分析和社区
- bw-db
crowdsec:
image: crowdsecurity/crowdsec:v1.7.7 # 使用最新版本,但为了更好的稳定性和安全性,请始终固定版本
image: crowdsecurity/crowdsec:v1.7.8 # 使用最新版本,但为了更好的稳定性和安全性,请始终固定版本
volumes:
- cs-data:/var/lib/crowdsec/data # 持久化 CrowdSec 数据
- bw-logs:/var/log:ro # BunkerWeb 的日志,供 CrowdSec 解析
@ -3506,6 +3507,39 @@ BunkerWeb 中的限制插件提供了强大的功能来对您的网站强制执
LIMIT_CONN_MAX_STREAM: "20"
```
## Load Balancer <img src='../../assets/img/pro-icon.svg' alt='crown pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
<p align='center'><iframe style='display: block;' width='560' height='315' data-src='https://www.youtube-nocookie.com/embed/cOVp0rAt5nw?si=iVhDio8o8S4F_uag' title='Load Balancer' frameborder='0' allow='accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture' allowfullscreen></iframe></p>
如需更详细的指南,请参阅[高级用法](advanced.md#load-balancer-pro)文档。
STREAM 支持 :x:
Provides load balancing feature to group of upstreams with optional healthchecks.
| 参数 | 默认值 | 上下文 | 可重复 | 描述 |
| ----------------------------------------- | ------------- | ------ | ------ | ------------------------------------------------------------------ |
| `LOADBALANCER_HEALTHCHECK_DICT_SIZE` | `10m` | global | 否 | Shared dict size (datastore for all healthchecks). |
| `LOADBALANCER_UPSTREAM_NAME` | | global | 是 | Name of the upstream (used in REVERSE_PROXY_HOST). |
| `LOADBALANCER_UPSTREAM_SERVERS` | | global | 是 | List of servers/IPs in the server group. |
| `LOADBALANCER_UPSTREAM_MODE` | `round-robin` | global | 是 | Load balancing mode (round-robin or sticky). |
| `LOADBALANCER_UPSTREAM_STICKY_METHOD` | `ip` | global | 是 | Sticky session method (ip or cookie). |
| `LOADBALANCER_UPSTREAM_RESOLVE` | `no` | global | 是 | Dynamically resolve upstream hostnames. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE` | | global | 是 | Number of keepalive connections to cache per worker. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIMEOUT` | `60s` | global | 是 | Keepalive timeout for upstream connections. |
| `LOADBALANCER_UPSTREAM_KEEPALIVE_TIME` | `1h` | global | 是 | Keepalive time for upstream connections. |
| `LOADBALANCER_HEALTHCHECK_URL` | `/status` | global | 是 | The healthcheck URL. |
| `LOADBALANCER_HEALTHCHECK_INTERVAL` | `2000` | global | 是 | Healthcheck interval in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_TIMEOUT` | `1000` | global | 是 | Healthcheck timeout in milliseconds. |
| `LOADBALANCER_HEALTHCHECK_FALL` | `3` | global | 是 | Number of failed healthchecks before marking the server as down. |
| `LOADBALANCER_HEALTHCHECK_RISE` | `1` | global | 是 | Number of successful healthchecks before marking the server as up. |
| `LOADBALANCER_HEALTHCHECK_VALID_STATUSES` | `200` | global | 是 | HTTP status considered valid in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_CONCURRENCY` | `10` | global | 是 | Maximum number of concurrent healthchecks. |
| `LOADBALANCER_HEALTHCHECK_TYPE` | `http` | global | 是 | Type of healthcheck (http or https). |
| `LOADBALANCER_HEALTHCHECK_SSL_VERIFY` | `yes` | global | 是 | Verify SSL certificate in healthchecks. |
| `LOADBALANCER_HEALTHCHECK_HOST` | | global | 是 | Host header for healthchecks (useful for HTTPS). |
## Metrics
STREAM 支持 :warning:

129
docs/zh/integrations.md
View file

@ -1268,7 +1268,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
默认情况下,容器暴露:
@ -1284,7 +1284,7 @@ docker run -d \
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1362,7 +1362,7 @@ docker run -d \
-e API_PASSWORD=StrongP@ssw0rd \
-p 80:8080/tcp -p 443:8443/tcp -p 443:8443/udp \
-p 8888:8888/tcp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
推荐(在 BunkerWeb 之后)— 不要发布 `8888`;而是反向代理它:
@ -1370,7 +1370,7 @@ docker run -d \
```yaml
services:
bunkerweb-aio:
image: bunkerity/bunkerweb-all-in-one:1.6.10-rc7
image: bunkerity/bunkerweb-all-in-one:1.6.11-rc1
container_name: bunkerweb-aio
ports:
- "80:8080/tcp"
@ -1446,7 +1446,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* 当 `USE_CROWDSEC=yes` 时,入口点将:
@ -1501,7 +1501,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
!!! info "内部工作原理"
@ -1523,7 +1523,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
注意:
@ -1559,7 +1559,7 @@ docker run -d \
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
* 当 `CROWDSEC_API` 不是 `127.0.0.1``localhost` 时,将跳过**本地注册**。
@ -1593,13 +1593,13 @@ docker run -d \
无论您是进行测试、开发应用程序还是在生产中部署 BunkerWebDocker 容器化选项都提供了灵活性和易用性。采用这种方法使您能够充分利用 BunkerWeb 的功能,同时利用 Docker 技术的优势。
```shell
docker pull bunkerity/bunkerweb:1.6.10-rc7
docker pull bunkerity/bunkerweb:1.6.11-rc1
```
Docker 镜像也可在 [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) 上找到,可以使用 `ghcr.io` 仓库地址下载:
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.6.10-rc7
docker pull ghcr.io/bunkerity/bunkerweb:1.6.11-rc1
```
Docker 集成的关键概念包括:
@ -1609,7 +1609,7 @@ Docker 集成的关键概念包括:
- **网络**Docker 网络在 BunkerWeb 的集成中扮演着至关重要的角色。这些网络有两个主要目的:向客户端公开端口以及连接到上游 Web 服务。通过公开端口BunkerWeb 可以接受来自客户端的传入请求,允许他们访问受保护的 Web 服务。此外,通过连接到上游 Web 服务BunkerWeb 可以高效地路由和管理流量,提供增强的安全性和性能。
!!! info "数据库后端"
请注意,我们的说明假设您正在使用 SQLite 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,也支持其他数据库后端。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations)中的 docker-compose 文件。
请注意,我们的说明假设您正在使用 SQLite 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,也支持其他数据库后端。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations)中的 docker-compose 文件。
### 环境变量
@ -1619,7 +1619,7 @@ Docker 集成的关键概念包括:
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
- MY_SETTING=value
- ANOTHER_SETTING=another value
@ -1660,7 +1660,7 @@ secrets:
[调度器](concepts.md#scheduler) 在其自己的容器中运行,该容器也可在 Docker Hub 上找到:
```shell
docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
docker pull bunkerity/bunkerweb-scheduler:1.6.11-rc1
```
!!! info "BunkerWeb 设置"
@ -1681,7 +1681,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
environment:
# 这将为 BunkerWeb 容器设置 API
<<: *bw-api-env
@ -1690,7 +1690,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
- bw-universe
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
# 这将为调度器容器设置 API
<<: *bw-api-env
@ -1708,7 +1708,7 @@ docker pull bunkerity/bunkerweb-scheduler:1.6.10-rc7
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- bw-storage:/data
...
@ -1777,6 +1777,7 @@ volumes:
| `DISABLE_CONFIGURATION_TESTING` | 应用前跳过配置测试 | `yes``no` | `no` |
| `IGNORE_FAIL_SENDING_CONFIG` | 即便部分实例未收到配置也继续 | `yes``no` | `no` |
| `IGNORE_REGEX_CHECK` | 跳过设置的正则校验(与 autoconf 共享) | `yes``no` | `no` |
| `SCHEDULER_MAX_WORKERS` | 调度器作业执行器的最大工作线程数。每个运行线程可占用一个数据库连接,从而限制调度器侧的连接池压力。若解析值超过 `DATABASE_POOL_SIZE` + `DATABASE_POOL_MAX_OVERFLOW`,启动时会输出警告。 | 正整数 | `min(8, max(2, cpu_count*2))` |
| `TZ` | 调度器日志、类 cron 任务、备份和时间戳使用的时区 | TZ 数据库名(如 `UTC`、`Europe/Paris` | unset容器默认通常为 UTC |
##### 数据库
@ -1854,7 +1855,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1867,7 +1868,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-api-env
BUNKERWEB_INSTANCES: "bunkerweb" # 这个设置是强制性的,用来指定 BunkerWeb 实例
@ -1900,7 +1901,7 @@ x-bw-api-env: &bw-api-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -1913,7 +1914,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
depends_on:
- bunkerweb
environment:
@ -1979,8 +1980,8 @@ docker build -t bw-ui -f src/ui/Dockerfile .
```bash
# 下载脚本及其校验和
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# 验证校验和
sha256sum -c install-bunkerweb.sh.sha256
@ -2056,7 +2057,7 @@ sudo ./install-bunkerweb.sh
| 选项 | 描述 |
| ----------------------- | -------------------------------------------------- |
| `-v, --version VERSION` | 指定要安装的 BunkerWeb 版本(例如 `1.6.10~rc7`)。 |
| `-v, --version VERSION` | 指定要安装的 BunkerWeb 版本(例如 `1.6.11~rc1`)。 |
| `-w, --enable-wizard` | 启用设置向导。 |
| `-n, --no-wizard` | 禁用设置向导。 |
| `-y, --yes` | 以非交互模式运行,对所有提示使用默认答案。 |
@ -2123,7 +2124,7 @@ sudo ./install-bunkerweb.sh --yes
sudo ./install-bunkerweb.sh --worker --no-wizard
# 安装一个特定版本
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# 带有远程工作实例的管理器设置(需要 instances
sudo ./install-bunkerweb.sh --manager --instances "192.168.1.10 192.168.1.11"
@ -2231,7 +2232,7 @@ sudo ./install-bunkerweb.sh --yes --api
### 使用软件包管理器安装
请确保在安装 BunkerWeb 之前**已经安装了 NGINX 1.30.0**。对于所有发行版,强制要求使用来自[官方 NGINX 仓库](https://nginx.org/en/linux_packages.html)的预构建包。从源代码编译 NGINX 或使用来自不同仓库的包将无法与 BunkerWeb 的官方预构建包一起工作。但是,您可以选择从源代码构建 BunkerWeb。
请确保在安装 BunkerWeb 之前**已经安装了 NGINX 1.30.2**。对于所有发行版,强制要求使用来自[官方 NGINX 仓库](https://nginx.org/en/linux_packages.html)的预构建包。从源代码编译 NGINX 或使用来自不同仓库的包将无法与 BunkerWeb 的官方预构建包一起工作。但是,您可以选择从源代码构建 BunkerWeb。
=== "Debian Bookworm/Trixie"
@ -2246,11 +2247,11 @@ sudo ./install-bunkerweb.sh --yes --api
| sudo tee /etc/apt/sources.list.d/nginx.list
```
您现在应该能够安装 NGINX 1.30.0
您现在应该能够安装 NGINX 1.30.2
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "测试/开发版本"
@ -2267,12 +2268,12 @@ sudo ./install-bunkerweb.sh --yes --api
export UI_WIZARD=no
```
最后安装 BunkerWeb 1.6.10~rc7
最后安装 BunkerWeb 1.6.11~rc1
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
要防止在执行 `apt upgrade` 时升级 NGINX 和/或 BunkerWeb 包,您可以使用以下命令:
@ -2294,11 +2295,11 @@ sudo ./install-bunkerweb.sh --yes --api
| sudo tee /etc/apt/sources.list.d/nginx.list
```
您现在应该能够安装 NGINX 1.30.0
您现在应该能够安装 NGINX 1.30.2
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades nginx=1.30.0-1~$(lsb_release -cs)
sudo apt install -y --allow-downgrades nginx=1.30.2-1~$(lsb_release -cs)
```
!!! warning "测试/开发版本"
@ -2315,12 +2316,12 @@ sudo ./install-bunkerweb.sh --yes --api
export UI_WIZARD=no
```
最后安装 BunkerWeb 1.6.10~rc7
最后安装 BunkerWeb 1.6.11~rc1
```shell
curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo -E apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
要防止在执行 `apt upgrade` 时升级 NGINX 和/或 BunkerWeb 包,您可以使用以下命令:
@ -2338,10 +2339,10 @@ sudo ./install-bunkerweb.sh --yes --api
sudo dnf config-manager setopt updates-testing.enabled=1
```
Fedora 已经提供了我们支持的 NGINX 1.30.0
Fedora 已经提供了我们支持的 NGINX 1.30.1
```shell
sudo dnf install -y --allowerasing nginx-1.30.0
sudo dnf install -y --allowerasing nginx-1.30.1
```
!!! example "禁用设置向导"
@ -2351,12 +2352,12 @@ sudo ./install-bunkerweb.sh --yes --api
export UI_WIZARD=no
```
最后安装 BunkerWeb 1.6.10~rc7
最后安装 BunkerWeb 1.6.11~rc1
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf makecache && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
要防止在执行 `dnf upgrade` 时升级 NGINX 和/或 BunkerWeb 包,您可以使用以下命令:
@ -2388,10 +2389,10 @@ sudo ./install-bunkerweb.sh --yes --api
module_hotfixes=true
```
您现在应该能够安装 NGINX 1.30.0
您现在应该能够安装 NGINX 1.30.2
```shell
sudo dnf install --allowerasing nginx-1.30.0
sudo dnf install --allowerasing nginx-1.30.2
```
!!! example "禁用设置向导"
@ -2401,12 +2402,12 @@ sudo ./install-bunkerweb.sh --yes --api
export UI_WIZARD=no
```
最后安装 BunkerWeb 1.6.10~rc7
最后安装 BunkerWeb 1.6.11~rc1
```shell
curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo -E dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo -E dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
要防止在执行 `dnf upgrade` 时升级 NGINX 和/或 BunkerWeb 包,您可以使用以下命令:
@ -2499,7 +2500,7 @@ export SERVICE_UI=yes
Docker 自动配置集成意味着使用**多站点模式**。有关更多信息,请参阅文档的[多站点部分](concepts.md#multisite-mode)。
!!! info "数据库后端"
请注意,我们的说明假设您正在使用 MariaDB 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,我们理解您可能更喜欢为您的 Docker 集成使用其他后端。如果是这样,请放心,其他数据库后端仍然是可行的。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations)中的 docker-compose 文件。
请注意,我们的说明假设您正在使用 MariaDB 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,我们理解您可能更喜欢为您的 Docker 集成使用其他后端。如果是这样,请放心,其他数据库后端仍然是可行的。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations)中的 docker-compose 文件。
要启用自动配置更新,请在堆栈中包含一个名为 `bw-autoconf` 的额外容器。此容器承载自动配置服务,该服务管理 BunkerWeb 的动态配置更改。
@ -2513,7 +2514,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -2528,7 +2529,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # 我们不需要在这里指定 BunkerWeb 实例,因为它们由自动配置服务自动检测
@ -2543,7 +2544,7 @@ services:
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bunkerweb
- bw-docker
@ -2712,7 +2713,7 @@ networks:
```yaml
services:
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
AUTOCONF_MODE: "yes"
AUTOCONF_DISABLE_CLEANUP: "yes" # 将被移除的服务保留为草稿
@ -2748,13 +2749,13 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
labels:
- "bunkerweb.INSTANCE=yes"
- "bunkerweb.NAMESPACE=my-namespace" # 为 BunkerWeb 实例设置命名空间,以便自动配置服务可以检测到它
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
...
NAMESPACES: "my-namespace my-other-namespace" # 只监听这些命名空间
@ -2805,7 +2806,7 @@ autoconf 服务充当一个 [Ingress 控制器](https://kubernetes.io/docs/conce
鉴于存在多个 BunkerWeb 实例,有必要建立一个共享数据存储,实现为一个 [Redis](https://redis.io/) 或 [Valkey](https://valkey.io/) 服务。这些实例将利用该服务来缓存和共享彼此之间的数据。有关 Redis/Valkey 设置的更多信息,请参见[此处](features.md#redis)。
!!! info "数据库后端"
请注意,我们的说明假设您正在使用 MariaDB 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,我们理解您可能更喜欢为您的 Docker 集成使用其他后端。如果是这样,请放心,其他数据库后端仍然是可行的。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations)中的 docker-compose 文件。
请注意,我们的说明假设您正在使用 MariaDB 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,我们理解您可能更喜欢为您的 Docker 集成使用其他后端。如果是这样,请放心,其他数据库后端仍然是可行的。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations)中的 docker-compose 文件。
集群数据库后端的设置超出了本文档的范围。
@ -2920,7 +2921,7 @@ The **BunkerWeb controller** automatically discovers pods with BunkerWeb sidecar
```yaml
controller:
enabled: true
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
```
2. For each sidecar, add:
@ -3013,7 +3014,7 @@ In your BunkerWeb chart `values.yaml`, configure the `BUNKERWEB_INSTANCES` envir
```yaml
scheduler:
tag: "1.6.10~rc7"
tag: "1.6.11~rc1"
extraEnvs:
- name: BUNKERWEB_INSTANCES
value: "http://app1-bunkerweb-workers.namespace.svc.cluster.local:5000 http://app2-bunkerweb-workers.namespace.svc.cluster.local:5000"
@ -3057,7 +3058,7 @@ spec:
# BunkerWeb Sidecar
- name: bunkerweb
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- containerPort: 8080 # Exposed HTTP port
- containerPort: 5000 # Internal API (mandatory)
@ -3328,7 +3329,7 @@ To add a new application protected by BunkerWeb:
#### 完整的 YAML 文件
除了使用 helm chart您还可以使用 GitHub 仓库中 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations)内的 YAML 样板文件。请注意,我们强烈建议您改用 helm chart。
除了使用 helm chart您还可以使用 GitHub 仓库中 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations)内的 YAML 样板文件。请注意,我们强烈建议您改用 helm chart。
### Ingress 资源
@ -3476,7 +3477,7 @@ metadata:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
imagePullPolicy: Always
env:
- name: NAMESPACES
@ -3650,11 +3651,11 @@ service:
# BunkerWeb 设置
bunkerweb:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# 调度器设置
scheduler:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
extraEnvs:
# 启用 real IP 模块以获取客户端的真实 IP
- name: USE_REAL_IP
@ -3662,11 +3663,11 @@ scheduler:
# 控制器设置
controller:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
# UI 设置
ui:
tag: 1.6.10~rc7
tag: 1.6.11~rc1
```
使用自定义值安装 BunkerWeb
@ -4288,7 +4289,7 @@ kubectl delete ingress <old-ingress> -n <namespace>
至于数据库卷,文档并未指定具体的方法。为数据库卷选择共享文件夹或特定驱动程序取决于您的独特用例,留给读者自行决定。
!!! info "数据库后端"
请注意,我们的说明假设您正在使用 MariaDB 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,我们理解您可能更喜欢为您的 Docker 集成使用其他后端。如果是这样,请放心,其他数据库后端仍然是可行的。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/misc/integrations)中的 docker-compose 文件。
请注意,我们的说明假设您正在使用 MariaDB 作为默认的数据库后端,这是由 `DATABASE_URI` 设置配置的。但是,我们理解您可能更喜欢为您的 Docker 集成使用其他后端。如果是这样,请放心,其他数据库后端仍然是可行的。有关更多信息,请参阅仓库的 [misc/integrations 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/misc/integrations)中的 docker-compose 文件。
集群数据库后端的设置超出了本文档的范围。
@ -4302,7 +4303,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -4331,7 +4332,7 @@ services:
- "bunkerweb.INSTANCE=yes" # autoconf 服务识别 BunkerWeb 实例的强制性标签
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "" # 我们不需要在这里指定 BunkerWeb 实例,因为它们由 autoconf 服务自动检测
@ -4352,7 +4353,7 @@ services:
- "node.role == worker"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
SWARM_MODE: "yes"
DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # 记得为数据库设置一个更强的密码
@ -4501,7 +4502,7 @@ networks:
...
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
deploy:
mode: global
@ -4513,7 +4514,7 @@ networks:
- "bunkerweb.NAMESPACE=my-namespace" # 为 BunkerWeb 实例设置命名空间
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
NAMESPACES: "my-namespace my-other-namespace" # 只监听这些命名空间
...

12
docs/zh/plugins.md
View file

@ -89,7 +89,7 @@ BunkerWeb 附带一个插件系统,可以轻松添加新功能。安装插件
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -125,7 +125,7 @@ BunkerWeb 附带一个插件系统,可以轻松添加新功能。安装插件
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- ./bw-data:/data
...
@ -168,7 +168,7 @@ BunkerWeb 附带一个插件系统,可以轻松添加新功能。安装插件
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -215,7 +215,7 @@ BunkerWeb 附带一个插件系统,可以轻松添加新功能。安装插件
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -255,7 +255,7 @@ BunkerWeb 附带一个插件系统,可以轻松添加新功能。安装插件
!!! tip "现有插件"
如果文档不够,您可以查看[官方插件](https://github.com/bunkerity/bunkerweb-plugins)和[核心插件](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/common/core)的现有源代码(已包含在 BunkerWeb 中,但从技术上讲它们是插件)。
如果文档不够,您可以查看[官方插件](https://github.com/bunkerity/bunkerweb-plugins)和[核心插件](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/common/core)的现有源代码(已包含在 BunkerWeb 中,但从技术上讲它们是插件)。
插件结构如下所示:
```
@ -560,7 +560,7 @@ end
!!! tip "更多示例"
如果您想查看可用函数的完整列表,可以查看仓库的 [lua 目录](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/src/bw/lua/bunkerweb)中存在的文件。
如果您想查看可用函数的完整列表,可以查看仓库的 [lua 目录](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/src/bw/lua/bunkerweb)中存在的文件。
### 作业

34
docs/zh/quickstart-guide.md
View file

@ -18,7 +18,7 @@
保护已经可以通过 HTTP(S) 协议访问的现有 Web 应用程序是 BunkerWeb 的主要目标:它将充当一个带有额外安全功能的经典[反向代理](https://en.wikipedia.org/wiki/Reverse_proxy)。
有关真实世界的示例,请参阅仓库的 [examples 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.10-rc7/examples)。
有关真实世界的示例,请参阅仓库的 [examples 文件夹](https://github.com/bunkerity/bunkerweb/tree/v1.6.11-rc1/examples)。
## 基本设置
@ -33,7 +33,7 @@
-p 80:8080/tcp \
-p 443:8443/tcp \
-p 443:8443/udp \
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
默认情况下,容器暴露:
@ -51,8 +51,8 @@
```bash
# 下载脚本及其校验和
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.10-rc7/install-bunkerweb.sh.sha256
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh
curl -fsSL -O https://github.com/bunkerity/bunkerweb/releases/download/v1.6.11-rc1/install-bunkerweb.sh.sha256
# 验证校验和
sha256sum -c install-bunkerweb.sh.sha256
@ -93,7 +93,7 @@
services:
bunkerweb:
# 这是将用于在调度器中识别实例的名称
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -106,7 +106,7 @@
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # 确保设置正确的实例名称
@ -123,7 +123,7 @@
- bw-db
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-env
restart: "unless-stopped"
@ -190,7 +190,7 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -206,7 +206,7 @@
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -224,7 +224,7 @@
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
depends_on:
- bw-docker
environment:
@ -247,7 +247,7 @@
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # 记得设置一个更强的密钥(请参阅先决条件部分)
@ -342,7 +342,7 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- published: 80
target: 8080
@ -372,7 +372,7 @@
- "bunkerweb.INSTANCE=yes"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-ui-env
BUNKERWEB_INSTANCES: ""
@ -390,7 +390,7 @@
- bw-db
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
environment:
<<: *bw-ui-env
DOCKER_HOST: "tcp://bw-docker:2375"
@ -419,7 +419,7 @@
- "node.role == manager"
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *bw-ui-env
TOTP_ENCRYPTION_KEYS: "mysecret" # 记得设置一个更强的密钥(请参阅先决条件部分)
@ -641,7 +641,7 @@
-e "www.example.com_REVERSE_PROXY_HOST=http://myapp:8080" \
-e "www.example.com_REVERSE_PROXY_URL=/" \
# --- 包括任何其他现有的用于 UI、Redis、CrowdSec 等的环境变量 ---
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
您的应用程序容器 (`myapp`) 和 `bunkerweb-aio` 容器必须在同一个 Docker 网络上,以便 BunkerWeb 能够使用主机名 `myapp` 访问它。
@ -663,7 +663,7 @@
-p 443:8443/tcp \
-p 443:8443/udp \
# ... (如上主示例所示的所有其他相关环境变量)...
bunkerity/bunkerweb-all-in-one:1.6.10-rc7
bunkerity/bunkerweb-all-in-one:1.6.11-rc1
```
请确保将 `myapp` 替换为您的应用程序容器的实际名称或 IP并将 `http://myapp:8080` 替换为其正确的地址和端口。

36
docs/zh/upgrading.md
View file

@ -25,16 +25,16 @@
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -146,20 +146,20 @@
示例:
```bash
# 交互式升级到 1.6.10~rc7(会提示备份)
sudo ./install-bunkerweb.sh --version 1.6.10~rc7
# 交互式升级到 1.6.11~rc1(会提示备份)
sudo ./install-bunkerweb.sh --version 1.6.11~rc1
# 使用自动备份到自定义目录的非交互式升级
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --backup-dir /var/backups/bw-2025-01 -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --backup-dir /var/backups/bw-2025-01 -y
# 静默无人值守升级(抑制日志)– 依赖默认的自动备份
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 -y -q
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 -y -q
# 执行一次空运行(计划)而不应用更改
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --dry-run
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --dry-run
# 跳过自动备份进行升级(不推荐)
sudo ./install-bunkerweb.sh -v 1.6.10~rc7 --no-auto-backup -y
sudo ./install-bunkerweb.sh -v 1.6.11~rc1 --no-auto-backup -y
```
!!! warning "跳过备份"
@ -239,7 +239,7 @@
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
为了防止在执行 `apt upgrade` 时升级 BunkerWeb 软件包,您可以使用以下命令:
@ -265,7 +265,7 @@
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
为了防止在执行 `dnf upgrade` 时升级 BunkerWeb 软件包,您可以使用以下命令:
@ -662,16 +662,16 @@
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.6.10-rc7
image: bunkerity/bunkerweb-autoconf:1.6.11-rc1
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
...
```
@ -706,7 +706,7 @@
```shell
sudo apt update && \
sudo apt install -y --allow-downgrades bunkerweb=1.6.10~rc7
sudo apt install -y --allow-downgrades bunkerweb=1.6.11~rc1
```
为了防止在执行 `apt upgrade` 时升级 BunkerWeb 软件包,您可以使用以下命令:
@ -732,7 +732,7 @@
```shell
sudo dnf makecache && \
sudo dnf install -y --allowerasing bunkerweb-1.6.10~rc7
sudo dnf install -y --allowerasing bunkerweb-1.6.11~rc1
```
为了防止在执行 `dnf upgrade` 时升级 BunkerWeb 软件包,您可以使用以下命令:

22
docs/zh/web-ui.md
View file

@ -35,7 +35,7 @@ UI 需要可访问的 scheduler /BunkerWebAPI / redis / 数据库。
使用已发布镜像与[快速入门](quickstart-guide.md#__tabbed_1_3)的布局启动栈,然后在浏览器完成向导。
```bash
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.10~rc7-rc1/misc/integrations/docker-compose.yml up -d
docker compose -f https://raw.githubusercontent.com/bunkerity/bunkerweb/v1.6.11~rc1-rc1/misc/integrations/docker-compose.yml up -d
```
访问 scheduler 主机名(如 `https://www.example.com/changeme`),运行 `/setup` 向导以配置 UI、scheduler 与实例。
@ -52,7 +52,7 @@ UI 需要可访问的 scheduler /BunkerWebAPI / redis / 数据库。
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -63,7 +63,7 @@ UI 需要可访问的 scheduler /BunkerWebAPI / redis / 数据库。
networks: [bw-universe, bw-services]
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *service-env
BUNKERWEB_INSTANCES: "bunkerweb"
@ -83,7 +83,7 @@ UI 需要可访问的 scheduler /BunkerWebAPI / redis / 数据库。
networks: [bw-universe, bw-db]
bw-ui:
image: bunkerity/bunkerweb-ui:1.6.10-rc7
image: bunkerity/bunkerweb-ui:1.6.11-rc1
environment:
<<: *service-env
ADMIN_USERNAME: "admin"
@ -168,6 +168,18 @@ UI 需要可访问的 scheduler /BunkerWebAPI / redis / 数据库。
- 会话:默认空闲时长 12 小时(`SESSION_LIFETIME_HOURS`),每次请求刷新。`SESSION_ABSOLUTE_HOURS`(默认 `168` = 7 天)设定绝对上限——无论是否活跃,超过即强制登出。可选的会话 ID 轮换(`SESSION_ROLLING_HOURS`,默认 `0` = 关闭)按该间隔重新生成会话 ID。会话绑定 IP 与 User-Agent`CHECK_PRIVATE_IP=no` 仅对私网放宽 IP 检查。`ALWAYS_REMEMBER=yes` 始终启用持久 Cookie。
- 若多级代理附加 `X-Forwarded-*`,请设置 `PROXY_NUMBERS`
!!! tip "预哈希管理员密码"
`ADMIN_PASSWORD` 接受 **bcrypt 哈希**`$2a$`/`$2b$`/`$2y$`)并按原样存储,明文不再留在环境文件或密钥中。跳过强度策略(源密码由你负责);成本低于 12 会记录警告。仅限环境创建和 `OVERRIDE_ADMIN_CREDS`;向导和个人资料页面仍需明文。
生成哈希:
```bash
python3 -c "import bcrypt; print(bcrypt.hashpw(b'Str0ng&P@ss!', bcrypt.gensalt(rounds=13)).decode())"
```
!!! warning "错误的哈希会将你锁定"
仅在知道哈希对应的明文时才使用。首次创建时使用有效但错误的哈希不可逆,重启也无法修复;需用不同的 `ADMIN_PASSWORD` 配合 `OVERRIDE_ADMIN_CREDS=yes` 恢复。
## 配置来源与优先级
1. 环境变量(含 Docker/Compose `environment:`
@ -200,7 +212,7 @@ UI 需要可访问的 scheduler /BunkerWebAPI / redis / 数据库。
| 设置 | 描述 | 可接受值 | 默认值 |
| ------------------------------------------- | ------------------------------------------------------- | ---------------------------- | -------------- |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | 初始化管理员账户(执行密码策略 | 字符串 | 未设 |
| `ADMIN_USERNAME`, `ADMIN_PASSWORD` | 初始化管理员账户(执行密码策略`ADMIN_PASSWORD` 也接受 bcrypt 哈希,按原样存储) | 字符串 / bcrypt 哈希 | 未设 |
| `OVERRIDE_ADMIN_CREDS` | 强制用环境变量更新管理员凭据 | `yes``no` | `no` |
| `FLASK_SECRET` | 会话签名密钥(存于 `/var/lib/bunkerweb/.flask_secret` | 十六进制/Base64/不透明字符串 | 自动生成 |
| `TOTP_ENCRYPTION_KEYS` (`TOTP_SECRETS`) | TOTP 秘钥加密键(空格或 JSON | 字符串 / JSON | 缺失时自动生成 |

4
examples/authelia/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/authentik/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -6,7 +6,7 @@ x-env: &env
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
environment:
<<: *env
@ -17,7 +17,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/bigbluebutton/docker-compose.yml
View file

@ -25,7 +25,7 @@ services:
...
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -40,7 +40,7 @@ services:
bw-universe:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/cors/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -22,7 +22,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-cloudflare/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-desec/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-digitalocean/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-dnsimple/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-dnsmadeeasy/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-gehirn/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-google/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-linode/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-luadns/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-nsone/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-ovh/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-rfc2136/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-route53/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-sakuracloud/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/dns-scaleway/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/docker-configs/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/drupal/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/ghost/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/gogs/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/hardened/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
# dropping all capabilities
cap_drop:
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/jellyfin/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/joomla/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/load-balancer/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/magento/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/mattermost/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

6
examples/mcp-stack/docker-compose.yml
View file

@ -9,7 +9,7 @@ x-bw-env: &bw-env
services:
bunkerweb:
# This is the name that will be used to identify the instance in the Scheduler
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
ports:
- "80:8080/tcp"
- "443:8443/tcp"
@ -22,7 +22,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
environment:
<<: *bw-env
BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
@ -44,7 +44,7 @@ services:
- bw-db
bw-api:
image: bunkerity/bunkerweb-api:1.6.10-rc7
image: bunkerity/bunkerweb-api:1.6.11-rc1
environment:
<<: *bw-env
# API_USERNAME: "admin"

4
examples/mongo-express/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/moodle/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/nextcloud/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/passbolt/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -14,7 +14,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

4
examples/php-cookie-flags/docker-compose.yml
View file

@ -1,6 +1,6 @@
services:
bunkerweb:
image: bunkerity/bunkerweb:1.6.10-rc7
image: bunkerity/bunkerweb:1.6.11-rc1
container_name: bunkerweb
ports:
- "80:8080/tcp"
@ -22,7 +22,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.6.10-rc7
image: bunkerity/bunkerweb-scheduler:1.6.11-rc1
container_name: bw-scheduler
depends_on:
- bunkerweb

Some files were not shown because too many files have changed in this diff Show more