Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'staging'

Browse source
This commit is contained in:
florian 2024-06-19 12:32:42 +02:00
commit b58a59b784
No known key found for this signature in database
GPG key ID: 93EE47CC3D061500
708 changed files with 39124 additions and 10983 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View file

@ -47,7 +47,7 @@ body:
label: BunkerWeb version
description: What version of BunkerWeb are you running?
placeholder: Version
value: 1.5.7
value: 1.5.8
validations:
required: true
- type: dropdown

21
.github/workflows/beta.yml vendored
View file

@ -94,14 +94,12 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
linux: [ubuntu, debian, fedora, rhel, rhel9]
platforms: [linux/amd64, linux/arm64]
include:
- release: beta
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -135,7 +133,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -181,17 +179,12 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
linux: [ubuntu, debian, fedora, el, el9]
arch: [amd64, arm64]
include:
- release: beta
repo: bunkerweb
- linux: ubuntu
separator: _
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
separator: _
suffix: ""
version: noble
@ -204,7 +197,7 @@ jobs:
- linux: fedora
separator: "-"
suffix: "1."
version: 39
version: 40
package: rpm
- linux: el
separator: "-"
@ -219,9 +212,6 @@ jobs:
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: ubuntu-noble
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
@ -237,9 +227,6 @@ jobs:
- linux: ubuntu
arch: arm64
package_arch: arm64
- linux: ubuntu-noble
arch: arm64
package_arch: arm64
- linux: debian
arch: arm64
package_arch: arm64

6
.github/workflows/codeql.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
language: ["python", "javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python 3.9
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
if: matrix.language == 'python'
@ -35,12 +35,12 @@ jobs:
python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
setup-python-dependencies: false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with:
category: "/language:${{matrix.language}}"

12
.github/workflows/container-build.yml vendored
View file

@ -45,7 +45,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Replace VERSION
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
@ -72,13 +72,13 @@ jobs:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
if: inputs.PUSH == true
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -92,7 +92,7 @@ jobs:
# Build cached image
- name: Build image
if: inputs.CACHE == true
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -105,7 +105,7 @@ jobs:
# Build non-cached image
- name: Build image
if: inputs.CACHE != true
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -117,7 +117,7 @@ jobs:
# Check OS vulnerabilities
- name: Check OS vulnerabilities
if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0
uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
with:
vuln-type: os
skip-dirs: /root/.cargo

2
.github/workflows/create-arm.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get ARM availabilities
id: availabilities
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082

2
.github/workflows/dev-update-mmdb.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

28
.github/workflows/dev.yml vendored
View file

@ -43,11 +43,11 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
include:
- linux: ubuntu
package: deb
- linux: ubuntu-noble
- linux: ubuntu-jammy
package: deb
- linux: debian
package: deb
@ -80,7 +80,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -113,7 +113,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -151,12 +151,12 @@ jobs:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -187,18 +187,12 @@ jobs:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
arch: [amd64]
include:
- release: dev
repo: bunkerweb
- linux: ubuntu
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
package_arch: amd64
separator: _
suffix: ""
@ -214,7 +208,7 @@ jobs:
package_arch: x86_64
separator: "-"
suffix: "1."
version: 39
version: 40
package: rpm
- linux: el
package_arch: x86_64
@ -228,6 +222,12 @@ jobs:
suffix: "1."
version: 9
package: rpm
- linux: ubuntu-jammy
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

2
.github/workflows/doc-to-pdf.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:

12
.github/workflows/linux-build.yml vendored
View file

@ -37,7 +37,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Replace VERSION
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
@ -81,12 +81,12 @@ jobs:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -94,7 +94,7 @@ jobs:
# Build testing package image
- name: Build package image
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
with:
context: .
load: true
@ -106,7 +106,7 @@ jobs:
# Build non-testing package image
- name: Build package image
if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
with:
context: .
load: true
@ -142,7 +142,7 @@ jobs:
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
- name: Build test image
if: inputs.TEST == true
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
with:
context: .
file: tests/linux/Dockerfile-${{ inputs.LINUX }}

2
.github/workflows/push-doc.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

8
.github/workflows/push-docker.yml vendored
View file

@ -33,14 +33,14 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -70,7 +70,7 @@ jobs:
images: bunkerity/${{ inputs.IMAGE }}
# Build and push
- name: Build and push
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}

2
.github/workflows/push-github.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Get PDF doc
- name: Get documentation
if: inputs.VERSION != 'testing'

20
.github/workflows/push-packagecloud.yml vendored
View file

@ -40,9 +40,9 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install ruby
uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
with:
ruby-version: "3.0"
- name: Install packagecloud
@ -60,7 +60,7 @@ jobs:
path: /tmp/${{ inputs.LINUX }}
# Remove existing packages
- name: Remove existing package
if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-noble'
if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-jammy'
run: package_cloud yank bunkerity/${{ inputs.REPO }}/${{ inputs.LINUX }}/${{ inputs.VERSION }} bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
continue-on-error: true
env:
@ -71,9 +71,9 @@ jobs:
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove existing package ubuntu-noble
if: inputs.LINUX == 'ubuntu-noble'
run: package_cloud yank bunkerity/${{ inputs.REPO }}/ubuntu/noble bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
- name: Remove existing package ubuntu-jammy
if: inputs.LINUX == 'ubuntu-jammy'
run: package_cloud yank bunkerity/${{ inputs.REPO }}/ubuntu/jammy bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
@ -83,7 +83,7 @@ jobs:
# run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
# Push package
- name: Push package to packagecloud
if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-noble'
if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-jammy'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
@ -100,12 +100,12 @@ jobs:
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: el/9
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push package to packagecloud for ubuntu-noble
if: inputs.LINUX == 'ubuntu-noble'
- name: Push package to packagecloud for ubuntu-jammy
if: inputs.LINUX == 'ubuntu-jammy'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: ubuntu/noble
PACKAGECLOUD-DISTRIB: ubuntu/jammy
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

37
.github/workflows/release.yml vendored
View file

@ -104,17 +104,12 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
platforms: [linux/amd64, linux/arm64]
exclude:
- linux: ubuntu-noble
platforms: linux/arm64
include:
- release: latest
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -123,6 +118,8 @@ jobs:
package: rpm
- linux: rhel9
package: rpm
- linux: ubuntu-jammy
package: deb
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: ${{ matrix.release }}
@ -146,7 +143,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -196,20 +193,12 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
arch: [amd64, arm64]
exclude:
- linux: ubuntu-noble
arch: arm64
include:
- release: latest
repo: bunkerweb
- linux: ubuntu
separator: _
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
separator: _
suffix: ""
version: noble
@ -222,7 +211,7 @@ jobs:
- linux: fedora
separator: "-"
suffix: "1."
version: 39
version: 40
package: rpm
- linux: el
separator: "-"
@ -234,12 +223,14 @@ jobs:
suffix: "1."
version: 9
package: rpm
- linux: ubuntu-jammy
separator: _
suffix: ""
version: jammy
package: deb
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: ubuntu-noble
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
@ -252,6 +243,9 @@ jobs:
- linux: el9
arch: amd64
package_arch: x86_64
- linux: ubuntu-jammy
arch: amd64
package_arch: amd64
- linux: ubuntu
arch: arm64
package_arch: arm64
@ -267,6 +261,9 @@ jobs:
- linux: el9
arch: arm64
package_arch: aarch64
- linux: ubuntu-jammy
arch: arm64
package_arch: arm64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

2
.github/workflows/rm-arm.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Delete ARM VM
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
with:

4
.github/workflows/scorecards-analysis.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
persist-credentials: false
- name: "Run analysis"
@ -25,6 +25,6 @@ jobs:
results_format: sarif
publish_results: true
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
with:
sarif_file: results.sarif

4
.github/workflows/staging-create-infra.yml vendored
View file

@ -21,14 +21,14 @@ jobs:
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
if: inputs.TYPE != 'k8s'
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install terraform
uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
- name: Install kubectl
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
with:
version: "v1.28.6"
version: "v1.29.1"
- name: Set up Python 3.12
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
if: inputs.TYPE != 'k8s'

4
.github/workflows/staging-delete-infra.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install terraform
uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
@ -37,7 +37,7 @@ jobs:
- uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
with:
version: "v1.28.2"
version: "v1.29.1"
# Remove infra
- run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s
if: inputs.TYPE == 'k8s'

24
.github/workflows/staging-tests.yml vendored
View file

@ -25,9 +25,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -69,15 +69,12 @@ jobs:
- uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
with:
version: "v1.28.2"
version: "v1.29.1"
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
if: inputs.TYPE == 'k8s'
- name: Pull BW linux ubuntu test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/ubuntu-tests:testing && docker tag ghcr.io/bunkerity/ubuntu-tests:testing local/ubuntu:latest
- name: Pull BW linux ubuntu noble test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/ubuntu-noble-tests:testing && docker tag ghcr.io/bunkerity/ubuntu-noble-tests:testing local/ubuntu-noble:latest
- name: Pull BW linux debian test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/debian-tests:testing && docker tag ghcr.io/bunkerity/debian-tests:testing local/debian:latest
@ -90,6 +87,9 @@ jobs:
- name: Pull BW linux rhel9 test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/rhel9-tests:testing && docker tag ghcr.io/bunkerity/rhel9-tests:testing local/rhel9:latest
- name: Pull BW linux ubuntu jammy test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/ubuntu-jammy-tests:testing && docker tag ghcr.io/bunkerity/ubuntu-jammy-tests:testing local/ubuntu-jammy:latest
# Do tests
- name: Run tests
if: inputs.TYPE == 'docker'
@ -124,12 +124,6 @@ jobs:
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux ubuntu noble tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu-noble"
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux debian tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian"
@ -154,3 +148,9 @@ jobs:
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux ubuntu-jammy tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu-jammy"
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}

30
.github/workflows/staging.yml vendored
View file

@ -43,12 +43,10 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
linux: [ubuntu, debian, fedora, rhel, rhel9, ubuntu-jammy]
include:
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -57,6 +55,8 @@ jobs:
package: rpm
- linux: rhel9
package: rpm
- linux: ubuntu-jammy
package: deb
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: testing
@ -91,7 +91,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -102,7 +102,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -199,12 +199,12 @@ jobs:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -223,18 +223,12 @@ jobs:
needs: [staging-tests, tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
linux: [ubuntu, debian, fedora, el, el9, ubuntu-jammy]
arch: [amd64]
include:
- release: testing
repo: bunkerweb
- linux: ubuntu
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
package_arch: amd64
separator: _
suffix: ""
@ -250,7 +244,7 @@ jobs:
package_arch: x86_64
separator: "-"
suffix: "1."
version: 39
version: 40
package: rpm
- linux: el
package_arch: x86_64
@ -264,6 +258,12 @@ jobs:
suffix: "1."
version: 9
package: rpm
- linux: ubuntu-jammy
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

37
.github/workflows/test-core-linux.yml vendored
View file

@ -12,15 +12,15 @@ on:
jobs:
tests:
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Set up Python 3.9
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python 3.12
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.9"
python-version: "3.12"
- name: Install Firefox manually and dependencies
run: |
sudo add-apt-repository ppa:mozillateam/ppa -y
@ -31,10 +31,12 @@ jobs:
Pin-Priority: 1001
Package: firefox
Pin: version 1:1snap1-0ubuntu2
Pin: version 1:1snap1-0ubuntu5
Pin-Priority: -1
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
export NEEDRESTART_SUSPEND=1
export DEBIAN_FRONTEND=noninteractive
sudo -E apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2t64 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
- name: Download geckodriver
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
@ -47,7 +49,7 @@ jobs:
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -61,11 +63,13 @@ jobs:
docker rm "$container_id"
- name: Install NGINX
run: |
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
export NEEDRESTART_SUSPEND=1
export DEBIAN_FRONTEND=noninteractive
sudo -E apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx=1.24.0-1~jammy
sudo -E apt install -y nginx=1.26.1-2~noble
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
@ -75,9 +79,9 @@ jobs:
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 bwadm.example.com" | sudo tee -a /etc/hosts
sudo cp ./tests/www-deb.conf /etc/php/8.1/fpm/pool.d/www.conf
sudo systemctl stop php8.1-fpm
sudo systemctl start php8.1-fpm
sudo cp ./tests/www-deb.conf /etc/php/8.3/fpm/pool.d/www.conf
sudo systemctl stop php8.3-fpm
sudo systemctl start php8.3-fpm
# BunkerWeb
sudo mkdir -p /etc/bunkerweb
echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
@ -92,12 +96,15 @@ jobs:
sudo chown nginx:nginx /etc/bunkerweb/variables.env
sudo chmod 777 /etc/bunkerweb/variables.env
- name: Install BunkerWeb
run: sudo apt install -fy /tmp/bunkerweb.deb
run: |
export NEEDRESTART_SUSPEND=1
export DEBIAN_FRONTEND=noninteractive
sudo -E apt install -fy /tmp/bunkerweb.deb
- name: Run tests
run: |
export MAKEFLAGS="-j $(nproc)"
pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
pip install --break-system-packages --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
cd tests/core/${{ inputs.TEST }}
find . -name "requirements.txt" -exec pip install --no-cache-dir --require-hashes --no-deps -r {} \;
find . -name "requirements.txt" -exec pip install --break-system-packages --no-cache-dir --require-hashes --no-deps -r {} \;
sudo truncate -s 0 /var/log/bunkerweb/error.log
./test.sh "linux"

4
.github/workflows/test-core.yml vendored
View file

@ -16,9 +16,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}

32
.github/workflows/tests-ui-linux.yml vendored
View file

@ -12,15 +12,15 @@ on:
jobs:
tests:
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Set up Python 3.9
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python 3.12
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.9"
python-version: "3.12"
- name: Install Firefox manually and dependencies
run: |
sudo add-apt-repository ppa:mozillateam/ppa -y
@ -31,10 +31,12 @@ jobs:
Pin-Priority: 1001
Package: firefox
Pin: version 1:1snap1-0ubuntu2
Pin: version 1:1snap1-0ubuntu5
Pin-Priority: -1
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
export NEEDRESTART_SUSPEND=1
export DEBIAN_FRONTEND=noninteractive
sudo -E apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2t64 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
- name: Download geckodriver
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
@ -47,7 +49,7 @@ jobs:
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -61,11 +63,13 @@ jobs:
docker rm "$container_id"
- name: Install NGINX
run: |
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
export NEEDRESTART_SUSPEND=1
export DEBIAN_FRONTEND=noninteractive
sudo -E apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx=1.24.0-1~jammy
sudo -E apt install -y nginx=1.26.1-2~noble
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
@ -80,6 +84,7 @@ jobs:
sudo mkdir -p /etc/bunkerweb
echo "SERVER_NAME=" | sudo tee /etc/bunkerweb/variables.env
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
echo "BAD_BEHAVIOR_THRESHOLD=20" | sudo tee -a /etc/bunkerweb/variables.env
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
echo 'API_LISTEN_IP=127.0.0.1' | sudo tee -a /etc/bunkerweb/variables.env
@ -97,12 +102,15 @@ jobs:
sudo chown nginx:nginx /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
sudo chmod 777 /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
- name: Install BunkerWeb
run: sudo apt install -fy /tmp/bunkerweb.deb
run: |
export NEEDRESTART_SUSPEND=1
export DEBIAN_FRONTEND=noninteractive
sudo -E apt install -fy /tmp/bunkerweb.deb
- name: Run tests
run: |
export MAKEFLAGS="-j $(nproc)"
pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
pip install --no-cache-dir --require-hashes -r tests/ui/requirements.txt
pip install --break-system-packages --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
pip install --break-system-packages --no-cache-dir --require-hashes -r tests/ui/requirements.txt
cd ./tests/ui
touch test.txt
zip test.zip test.txt

4
.github/workflows/tests-ui.yml vendored
View file

@ -15,9 +15,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}

2
.github/workflows/ui.yml vendored
View file

@ -67,7 +67,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')

3
.gitleaksignore
View file

@ -10,3 +10,6 @@ src/ui/templates/settings_plugins.html:hashicorp-tf-password:297
src/ui/templates/settings_plugins.html:hashicorp-tf-password:106
src/ui/templates/account.html:hashicorp-tf-password:154
src/ui/templates/account.html:hashicorp-tf-password:162
src/common/core/errors/files/error.html:aws-access-token:20
src/deps/src/nginx/src/event/quic/ngx_event_quic_protection.c:generic-api-key:164
src/deps/src/nginx/src/event/quic/ngx_event_quic_protection.c:generic-api-key:165

8
.pre-commit-config.yaml
View file

@ -17,7 +17,7 @@ repos:
- id: check-case-conflict
- repo: https://github.com/psf/black
rev: 8fe627072f15ff2e3d380887b92f7868efaf6d05 # frozen: 24.4.0
rev: 3702ba224ecffbcec30af640c149f231d90aebdb # frozen: 24.4.2
hooks:
- id: black
name: Black Python Formatter
@ -36,7 +36,7 @@ repos:
exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
- repo: https://github.com/lunarmodules/luacheck
rev: 418f48976c73be697fe64b0eba9ea9821ac9bca8 # frozen: v1.1.2
rev: cc089e3f65acdd1ef8716cc73a3eca24a6b845e4 # frozen: v1.2.0
hooks:
- id: luacheck
exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
@ -57,11 +57,11 @@ repos:
exclude: ^tests/
- repo: https://github.com/codespell-project/codespell
rev: 6e41aba91fb32e9feb741a6258eefeb9c6e4a482 # frozen: v2.2.6
rev: 193cd7d27cd571f79358af09a8fb8997e54f8fff # frozen: v2.3.0
hooks:
- id: codespell
name: Codespell Spell Checker
exclude: (^src/(ui/templates|common/core/.+/files|bw/loading)/.+.html|modsecurity-rules.conf.*)$
exclude: (^src/(ui/templates|common/core/.+/files|bw/loading)/.+.html|modsecurity-rules.conf.*|src/ui/static/js/lottie-web.min.js)$
entry: codespell --ignore-regex="(tabEl|Widgits)" --skip src/ui/static/js/utils/flatpickr.js,src/ui/static/css/style.css,CHANGELOG.md
language: python
types: [text]

2
.prettierignore
View file

@ -13,8 +13,10 @@ README.md
SECURITY.md
tsparticles.bundle.min.js
flatpickr.*
src/ui/static/js/lottie-web.min.js
src/ui/static/js/editor/*
src/ui/static/js/utils/purify/*
src/ui/static/json/particles.json
src/ui/templates/*
src/common/core/*/ui/*
datepicker-foundation.css

28
CHANGELOG.md
View file

@ -1,5 +1,33 @@
# Changelog
## v1.5.8 - ????/??/??
- [LINUX] Support Fedora 40 and drop support of Fedora 39
- [BUGFIX] Fix potential errors when upgrading from a previous version
- [BUGFIX] Fix rare bug on the web UI when editing the SERVER_NAME setting of a service
- [BUGFIX] Fix potential race conditions between the autoconf and the scheduler waiting for each other indefinitely
- [BUGFIX] Fix Let's Encrypt certificate renewal when a certificate date changes by forcing the renewal
- [BUGFIX] Fix issues with k8s integration and the save_config.py script
- [FEATURE] Add nightly build of the OWASP coreruleset that are automatically downloaded and updated
- [FEATURE] Enhance security on error pages, default server page and loading page by adding a custom `Content-Security-Policy` header with nonces and removing the `Server` header
- [FEATURE] Add new DATABASE_URI_READONLY setting to allow setting up a fallback read-only database URI in case the main database URI is not available
- [FEATURE] Add automatic fallback to either read-only on the primary database or to the read-only database URI when the main database URI is not available and automatically switch back to the main database URI when it becomes available again
- [FEATURE] Add experimental support of HTTP/3 (QUIC)
- [FEATURE] Optimize the way the scheduler handles jobs and the way the jobs are executed
- [FEATURE] Optimize the way the cache files are being refreshed from the database
- [FEATURE] Add failover logic in case the NGINX configuration is not valid to fallback to the previous configuration and log the error to prevent the service from being stopped
- [UI] Force HTTPS on setup wizard
- [UI] Fallback to self-signed certificate when UI is installed with setup wizard and let's encrypt is not used
- [UI] Force HTTPS even if UI is installed in advanced mode
- [UI] Add OVERRIDE_ADMIN_CREDS environment variable to allow overriding the default admin credentials even if an admin user already exists
- [UI] Optimize the way the UI handles the requests and the responses
- [AUTOCONF] Refactor Autoconf config parsing and saving logic so that it doesn't override the scheduler or UI config every time
- [MISC] Update logger format and datefmt for better readability
- [DEPS] Updated NGINX version to v1.26.1
- [DEPS] Updated stream-lua-nginx-module version to the latest commit to incorporate the latest changes and fixes for NGINX v1.26
- [DEPS] Updated coreruleset-v4 version to v4.3.0
- [DEPS] Updated lua-resty-openssl version to v1.4.0
## v1.5.7 - 2024/05/14
- [LINUX] Support Ubuntu 24.04 (Noble)

116
README.md
View file

@ -1,5 +1,5 @@
<p align="center">
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/misc/logo.png" height=100 width=350 />
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/misc/logo.png" height=100 width=350 />
</p>
<p align="center">
@ -26,7 +26,7 @@
&#124;
👨‍💻 <a href="https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo</a>
&#124;
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/examples">Examples</a>
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/examples">Examples</a>
&#124;
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
&#124;
@ -44,14 +44,14 @@
# BunkerWeb
<p align="center">
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/intro-overview.svg" />
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/intro-overview.svg" />
</p>
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.7/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.8/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.7/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.7/plugins/?utm_campaign=self&utm_source=github).
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.8/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.8/plugins/?utm_campaign=self&utm_source=github).
## Why BunkerWeb ?
@ -76,7 +76,7 @@ A non-exhaustive list of security features :
- **Block known bad IPs** with external blacklists and DNSBL
- And much more ...
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.7/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.8/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
## Demo
@ -86,19 +86,32 @@ Learn more about the core security features in the [security tuning](https://doc
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github). Feel free to visit it and perform some security tests.
## BunkerWeb Cloud
Don't want to self-host and manage your own BunkerWeb instance(s) ? You might be interested into BunkerWeb Cloud, our fully managed SaaS offer for BunkerWeb.
Try our [BunkerWeb Cloud beta offer for free](https://panel.bunkerweb.io/order/bunkerweb-cloud/14?utm_source=github&utm_campaign=self) and get access to :
- Fully managed BunkerWeb instance hosted in our cloud
- All BunkerWeb features including PRO ones
- Monitoring platform including dashboards and alerts
- Technical support to assist you in the configuration
You will find more information about BunkerWeb Cloud in the [FAQ page](https://panel.bunkerweb.io/knowledgebase/55/BunkerWeb-Cloud?utm_source=github&utm_campaign=self) of the BunkerWeb panel.
## PRO version
When using BunkerWeb you have the choice of the version you want to use : open-source or PRO.
Whether it's enhanced security, an enriched user experience, or technical supervision, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs.
Be it in the documentation or the user interface, the PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.5.7/assets/img/pro-icon.svg" alt="crow pro icon" height="24px" width="24px"> to distinguish them from those integrated into the open-source version.
Be it in the documentation or the user interface, the PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.5.8/assets/img/pro-icon.svg" alt="crow pro icon" height="24px" width="24px"> to distinguish them from those integrated into the open-source version.
You can upgrade from the open-source version to the PRO one easily and at any time you want. The process is pretty straightforward :
- Claim your [free trial on the BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc)
- Once connected to the client area, copy your PRO license key
- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.5.7/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.5.7/settings/#pro)
- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.5.8/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.5.8/settings/#pro)
Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question regarding the PRO version.
@ -131,10 +144,10 @@ Community and social networks :
# Concepts
<p align="center">
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/concepts.svg" />
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/concepts.svg" />
</p>
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.7/concepts/?utm_campaign=self&utm_source=github).
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.8/concepts/?utm_campaign=self&utm_source=github).
## Integrations
@ -142,12 +155,12 @@ The first concept is the integration of BunkerWeb into the target environment. W
The following integrations are officially supported :
- [Docker](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker)
- [Linux](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Kubernetes](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Swarm](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Microsoft Azure](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#microsoft-azure)
- [Docker](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker)
- [Linux](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#linux)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Kubernetes](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Swarm](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Microsoft Azure](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#microsoft-azure)
## Settings
@ -179,7 +192,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap
## Custom configurations
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.7/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.8/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
@ -188,7 +201,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall
## Database
<p align="center">
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/bunkerweb_db.svg" />
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/bunkerweb_db.svg" />
</p>
State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :
@ -214,10 +227,20 @@ In other words, the scheduler is the brain of BunkerWeb.
# Setup
## BunkerWeb Cloud
<p align="center">
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/bunkerweb-cloud.webp" />
</p>
BunkerWeb Cloud is the easiest way to get started with BunkerWeb. It offers you a fully managed BunkerWeb service with no hassle. Think of a like a BunkerWeb-as-a-Service !
You will find more information about BunkerWeb Cloud beta [here](https://www.bunkerweb.io/cloud?utm_campaign=self&utm_source=docs) and you can apply for free [in the BunkerWeb panel](https://panel.bunkerweb.io/order/bunkerweb-cloud/14?utm_campaign=self&utm_source=docs).
## Docker
<p align="center">
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-docker.svg" />
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/integration-docker.svg" />
</p>
We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
@ -228,77 +251,74 @@ Docker integration key concepts are :
- **Scheduler** container to store configuration and execute jobs
- **Networks** to expose ports for clients and connect to upstream web services
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
## Docker autoconf
<p align="center">
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-autoconf.svg" />
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/integration-autoconf.svg" />
</p>
The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
## Swarm
<p align="center">
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-swarm.svg" />
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/integration-swarm.svg" />
</p>
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
## Kubernetes
<p align="center">
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-kubernetes.svg" />
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/integration-kubernetes.svg" />
</p>
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
## Linux
<p align="center">
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-linux.svg" />
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/integration-linux.svg" />
</p>
List of supported Linux distros :
- Debian 12 "Bookworm"
- Ubuntu 22.04 "Jammy"
- Ubuntu 24.04 "Noble"
- Fedora 39
- Ubuntu 22.04 "Noble"
- Ubuntu 24.04 "Jammy"
- Fedora 40
- RHEL 8.9
- RHEL 9.4
Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
> [!IMPORTANT]
> As of Ubuntu 24.04, the `nginx` package is not available in the official repository. You will need to use the `jammy` repository to install NGINX 1.24.0. Also we do not yet run automated tests on Ubuntu 24.04, so please consider this version as experimental.
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
## Microsoft Azure
<p align="center">
<img alt="Azure banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-azure.webp" />
<img alt="Azure banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/integration-azure.webp" />
</p>
BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and a ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/misc/integrations/azure-arm-template.json).
BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and a ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/misc/integrations/azure-arm-template.json).
You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation.
You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation.
# Quickstart guide
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.7/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.8/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
- Protecting a single HTTP application
- Protecting multiple HTTP application
@ -309,9 +329,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo
# Security tuning
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.7/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.8/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.7/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.8/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
# Settings
@ -321,13 +341,13 @@ As a general rule when multisite mode is enabled, if you want to apply settings
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
Check the [settings section](https://docs.bunkerweb.io/1.5.7/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
Check the [settings section](https://docs.bunkerweb.io/1.5.8/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
# Web UI
<p align="center">
<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4">
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/user_interface_demo.webp" height="300" />
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.8/docs/assets/img/user_interface_demo.webp" height="300" />
</a>
</p>
@ -341,7 +361,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance
- Monitor jobs execution
- View the logs and search pattern
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.7/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.8/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
# Plugins
@ -359,7 +379,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| **VirusTotal** | 1.5 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.5 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.7/plugins/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.8/plugins/?utm_campaign=self&utm_source=github) of the documentation.
# Support
@ -382,15 +402,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues)
# License
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/LICENSE.md).
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/LICENSE.md).
# Contribute
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/CONTRIBUTING.md) to get started.
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/CONTRIBUTING.md) to get started.
# Security policy
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/SECURITY.md) for more information.
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/SECURITY.md) for more information.
# Stargazers over time

BIN
docs/assets/img/bunkerweb-cloud.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 48 KiB

4
docs/concepts.md
View file

@ -83,7 +83,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no
!!! info "Going further"
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples) directory of the repository.
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples) directory of the repository.
## Custom configurations
@ -97,7 +97,7 @@ By leveraging custom configurations, you unlock a world of possibilities to tail
!!! info "Going further"
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples) directory of the repository.
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples) directory of the repository.
## Database

13
docs/index.md
View file

@ -59,6 +59,19 @@ To delve deeper into the core security features, we invite you to explore the [s
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc). Feel free to visit it and perform some security tests.
## BunkerWeb Cloud
Don't want to self-host and manage your own BunkerWeb instance(s) ? You might be interested into BunkerWeb Cloud, our fully managed SaaS offer for BunkerWeb.
Try our [BunkerWeb Cloud beta offer for free](https://panel.bunkerweb.io/order/bunkerweb-cloud/14?utm_source=doc&utm_campaign=self) and get access to :
- Fully managed BunkerWeb instance hosted in our cloud
- All BunkerWeb features including PRO ones
- Monitoring platform including dashboards and alerts
- Technical support to assist you in the configuration
You will find more information about BunkerWeb Cloud in the [FAQ page](https://panel.bunkerweb.io/knowledgebase/55/BunkerWeb-Cloud?utm_source=doc&utm_campaign=self) of the BunkerWeb panel.
## PRO version
When using BunkerWeb you have the choice of the version you want to use : open-source or PRO.

116
docs/integrations.md
View file

@ -1,5 +1,19 @@
# Integrations
## BunkerWeb Cloud
<figure markdown>
![Overview](assets/img/bunkerweb-cloud.webp){ align=center, width="600" }
<figcaption>BunkerWeb Cloud</figcaption>
</figure>
!!! example "Beta phase"
BunkerWeb Cloud offer is in beta phase. We are actively getting feedbacks from our precious beta tester to improve the offer.
BunkerWeb Cloud is the easiest way to get started with BunkerWeb. It offers you a fully managed BunkerWeb service with no hassle. Think of a like a BunkerWeb-as-a-Service !
You will find more information about BunkerWeb Cloud beta [here](https://www.bunkerweb.io/cloud?utm_campaign=self&utm_source=docs) and you can apply for free [in the BunkerWeb panel](https://panel.bunkerweb.io/order/bunkerweb-cloud/14?utm_campaign=self&utm_source=docs).
## Docker
<figure markdown>
@ -21,13 +35,13 @@ By accessing these prebuilt images from Docker Hub, you can quickly pull and run
Whether you're conducting tests, developing applications, or deploying BunkerWeb in production, the Docker containerization option provides flexibility and ease of use. Embracing this method empowers you to take full advantage of BunkerWeb's features while leveraging the benefits of Docker technology.
```shell
docker pull bunkerity/bunkerweb:1.5.7
docker pull bunkerity/bunkerweb:1.5.8
```
Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address :
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.5.7
docker pull ghcr.io/bunkerity/bunkerweb:1.5.8
```
Alternatively, if you prefer a more hands-on approach, you have the option to build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb). Building the image from source gives you greater control and customization over the deployment process. However, please note that this method may take some time to complete, depending on your hardware configuration.
@ -57,7 +71,7 @@ When integrating BunkerWeb with Docker, there are key concepts to keep in mind,
- **Networks**: Docker networks play a vital role in the integration of BunkerWeb. These networks serve two main purposes: exposing ports to clients and connecting to upstream web services. By exposing ports, BunkerWeb can accept incoming requests from clients, allowing them to access the protected web services. Additionally, by connecting to upstream web services, BunkerWeb can efficiently route and manage the traffic, providing enhanced security and performance.
!!! info "Database backend"
Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information.
### Environment variables
@ -67,7 +81,7 @@ Settings are passed to BunkerWeb using Docker environment variables :
...
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -86,7 +100,7 @@ Please note that the `bunkerweb.INSTANCE` is mandatory to make sure the schedule
The [scheduler](concepts.md#scheduler) is executed in its own container which is also available on Docker Hub :
```shell
docker pull bunkerity/bunkerweb-scheduler:1.5.7
docker pull bunkerity/bunkerweb-scheduler:1.5.8
```
Alternatively, you can build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb) (less coffee ☕ needed than BunkerWeb image) :
@ -103,7 +117,7 @@ A volume is needed to store the SQLite database that will be used by the schedul
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
volumes:
- bw-data:/data
...
@ -165,7 +179,7 @@ You will need to create the Docker API proxy container, mount the socket and set
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
env:
- DOCKER_HOST=tcp://bw-docker:2375
...
@ -213,7 +227,7 @@ To secure the communication between the scheduler and BunkerWeb API, it is impor
...
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -222,7 +236,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
networks:
- bw-universe
- bw-docker
@ -252,7 +266,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -266,7 +280,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -316,11 +330,11 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Debian 12 "Bookworm"
- Ubuntu 22.04 "Jammy"
- Ubuntu 24.04 "Noble"
- Fedora 39
- Fedora 40
- Red Hat Enterprise Linux (RHEL) 8.9
- Red Hat Enterprise Linux (RHEL) 9.4
Please ensure that you have **NGINX 1.24.0 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
Please ensure that you have **NGINX 1.26.1 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
To simplify the installation process, Linux package repositories for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb). They provide a bash script that automatically adds and trusts the repository. You can follow the provided script for automatic setup, or opt for [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer.
@ -337,11 +351,11 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
| sudo tee /etc/apt/sources.list.d/nginx.list
```
You should now be able to install NGINX 1.24.0 :
You should now be able to install NGINX 1.26.1 :
```shell
sudo apt update && \
sudo apt install -y nginx=1.24.0-1~$(lsb_release -cs)
sudo apt install -y nginx=1.26.1-2~$(lsb_release -cs)
```
!!! warning "Testing/dev version"
@ -357,12 +371,12 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
And finally install BunkerWeb 1.5.8 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y bunkerweb=1.5.7
sudo -E apt install -y bunkerweb=1.5.8
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@ -373,11 +387,6 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
=== "Ubuntu"
!!! example "Specifications for Ubuntu 24.04"
As of Ubuntu 24.04, the `nginx` package is not available in the official repository. You will need to use the `jammy` repository to install NGINX 1.24.0.
Also we do not yet run automated tests on Ubuntu 24.04, so please consider this version as experimental.
The first step is to add NGINX official repository :
```shell
@ -385,15 +394,15 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu jammy nginx" \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
```
You should now be able to install NGINX 1.24.0 :
You should now be able to install NGINX 1.26.1 :
```shell
sudo apt update && \
sudo apt install -y nginx=1.24.0-1~jammy
sudo apt install -y nginx=1.26.1-2~$(lsb_release -cs)
```
!!! warning "Testing/dev version"
@ -409,12 +418,12 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
And finally install BunkerWeb 1.5.8 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo -E apt install -y bunkerweb=1.5.7
sudo -E apt install -y bunkerweb=1.5.8
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@ -425,10 +434,17 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
=== "Fedora"
Fedora already provides NGINX 1.24.0 that we support :
!!! info "Fedora Update Testing"
If you can't find the NGINX version listed in the stable repository, you can enable the `updates-testing` repository :
```shell
sudo dnf config-manager --set-enabled updates-testing
```
Fedora already provides NGINX 1.26.1 that we support :
```shell
sudo dnf install -y nginx-1.24.0
sudo dnf install -y nginx-1.26.1
```
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
@ -437,14 +453,14 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
And finally install BunkerWeb 1.5.8 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | \
sed 's/yum install -y pygpgme --disablerepo='\''bunkerity_bunkerweb'\''/yum install -y python-gnupg/g' | \
sed 's/pypgpme_check=`rpm -qa | grep -qw pygpgme`/python-gnupg_check=`rpm -qa | grep -qw python-gnupg`/g' | sudo bash && \
sudo dnf makecache && \
sudo -E dnf install -y bunkerweb-1.5.7
sudo -E dnf install -y bunkerweb-1.5.8
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -476,10 +492,10 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
module_hotfixes=true
```
You should now be able to install NGINX 1.24.0 :
You should now be able to install NGINX 1.26.1 :
```shell
sudo dnf install nginx-1.24.0
sudo dnf install nginx-1.26.1
```
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
@ -488,13 +504,13 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
And finally install BunkerWeb 1.5.8 :
```shell
sudo dnf install -y epel-release && \
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo -E dnf install -y bunkerweb-1.5.7
sudo -E dnf install -y bunkerweb-1.5.8
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -542,7 +558,7 @@ By adopting this approach, you can enjoy real-time reconfiguration of BunkerWeb
The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](concepts.md#multisite-mode) of the documentation for more information.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information.
To enable automated configuration updates, include an additional container called `bw-autoconf` in the stack. This container hosts the autoconf service, which manages dynamic configuration changes for BunkerWeb. To support this functionality, use a dedicated "real" database backend (e.g., MariaDB, MySQL, or PostgreSQL) for synchronized configuration storage. By integrating `bw-autoconf` and a suitable database backend, you establish the infrastructure for seamless automated configuration management in BunkerWeb.
@ -551,7 +567,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -568,7 +584,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -581,7 +597,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -673,7 +689,7 @@ For an optimal setup, it is recommended to define BunkerWeb as a **[DaemonSet](h
Given the presence of multiple BunkerWeb instances, it is necessary to establish a shared data store implemented as a [Redis](https://redis.io/) service. This Redis service will be utilized by the instances to cache and share data among themselves. Further information about the Redis settings can be found [here](settings.md#redis).
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
@ -734,7 +750,7 @@ spec:
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -804,7 +820,7 @@ spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -831,7 +847,7 @@ spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -994,7 +1010,7 @@ Since multiple instances of BunkerWeb are running, a shared data store implement
As for the database volume, the documentation does not specify a specific approach. Choosing either a shared folder or a specific driver for the database volume is dependent on your unique use-case and is left as an exercise for the reader.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
@ -1005,7 +1021,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- published: 80
target: 8080
@ -1035,7 +1051,7 @@ services:
- "bunkerweb.INSTANCE=yes"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -1067,7 +1083,7 @@ services:
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -1204,6 +1220,8 @@ You can easily deploy BunkerWeb on your Azure subscription in several ways:
Login in [Azure portal](https://portal.azure.com){:target="_blank"}.
Get BunkerWeb from the [Create ressource menu](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/bunkerity.bunkerweb){:target="_blank"}.
Get BunkerWeb from the [Create resource menu](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/bunkerity.bunkerweb){:target="_blank"}.
You can also go through the [Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview){:target="_blank"}.
You can also go through the [Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview){:target="_blank"}.
You can access the setup wizard by browsing the `https://your-ip-address/setup` URI of your virtual machine.

12
docs/plugins.md
View file

@ -91,7 +91,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
volumes:
- ./bw-data:/data
...
@ -128,7 +128,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
volumes:
- ./bw-data:/data
...
@ -167,7 +167,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -214,7 +214,7 @@ The first step is to install the plugin by putting the plugin files inside the c
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -254,7 +254,7 @@ The first step is to install the plugin by putting the plugin files inside the c
!!! tip "Existing plugins"
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
What a plugin structure looks like :
```
@ -524,7 +524,7 @@ end
!!! tip "More examples"
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/src/bw/lua/bunkerweb) of the repository.
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/src/bw/lua/bunkerweb) of the repository.
### Jobs

2
docs/professional-services.md
View file

@ -10,7 +10,7 @@ But dedicating time to a specific technology may not be easy depending on your b
Getting professional services in addition to the open-source or PRO version is the ideal solution to cover your business needs. You can focus on your top priorities and rely on a trusted partner when it comes to web security.
Please note that professionnal services are directly offered by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), the company maintaining the BunkerWeb project, through our [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) online platform.
Please note that professional services are directly offered by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), the company maintaining the BunkerWeb project, through our [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) online platform.
## Which professional services do you offer ?

50
docs/quickstart-guide.md
View file

@ -6,7 +6,7 @@
!!! tip "Going further"
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples) of the repository to get real-world examples.
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples) of the repository to get real-world examples.
## Protect HTTP applications
@ -37,7 +37,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -295,7 +295,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -315,7 +315,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -634,7 +634,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
...
environment:
- USE_REAL_IP=yes
@ -649,7 +649,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
...
environment:
- USE_REAL_IP=yes
@ -664,7 +664,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
...
environment:
- USE_REAL_IP=yes
@ -738,7 +738,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
...
environment:
- USE_REAL_IP=yes
@ -754,7 +754,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
...
environment:
- USE_REAL_IP=yes
@ -770,7 +770,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
...
environment:
- USE_REAL_IP=yes
@ -869,7 +869,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080 # Keep it if you want to use Let's Encrypt automation
- 10000:10000 # app1
@ -891,7 +891,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -940,7 +940,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080 # Keep it if you want to use Let's Encrypt automation
- 10000:10000 # app1
@ -998,7 +998,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
# Keep it if you want to use Let's Encrypt automation
- published: 80
@ -1142,7 +1142,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
...
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1185,7 +1185,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
volumes:
- ./bw-data:/data
...
@ -1255,7 +1255,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
volumes:
- ./bw-data:/data
...
@ -1439,7 +1439,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
volumes:
- ./www:/var/www/html
ports:
@ -1462,7 +1462,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -1540,7 +1540,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
volumes:
- ./www:/var/www/html
labels:
@ -1554,7 +1554,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -1698,7 +1698,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
volumes:
- /shared/www:/var/www/html
...
@ -1889,7 +1889,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
environment:
- USE_IPv6=yes
@ -1934,7 +1934,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
environment:
- USE_IPv6=yes

4
docs/requirements.in
View file

@ -1,4 +1,4 @@
mike==2.1.1
mkdocs-material[imaging]==9.5.22
mkdocs-print-site-plugin==2.4.1
mkdocs-material[imaging]==9.5.27
mkdocs-print-site-plugin==2.5.0
pytablewriter==1.2.0

277
docs/requirements.txt
View file

@ -16,9 +16,9 @@ cairosvg==2.7.1 \
--hash=sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0 \
--hash=sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b
# via mkdocs-material
certifi==2024.2.2 \
--hash=sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f \
--hash=sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1
certifi==2024.6.2 \
--hash=sha256:3cd43f1c6fa7dedc5899d69d3ad0398fd018ad1a17fba83ddaf78aa46c747516 \
--hash=sha256:ddc6c8ce995e6987e7faf5e3f1b02b302836a0e5d98ece18392cb1a36c72ad56
# via requests
cffi==1.16.0 \
--hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \
@ -317,9 +317,9 @@ mkdocs-get-deps==0.2.0 \
--hash=sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c \
--hash=sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134
# via mkdocs
mkdocs-material==9.5.22 \
--hash=sha256:22a853a456ae8c581c4628159574d6fc7c71b2c7569dc9c3a82cc70432219599 \
--hash=sha256:8c7a377d323567934e6cd46915e64dc209efceaec0dec1cf2202184f5649862c
mkdocs-material==9.5.27 \
--hash=sha256:a7d4a35f6d4a62b0c43a0cfe7e987da0980c13587b5bc3c26e690ad494427ec0 \
--hash=sha256:af8cc263fafa98bb79e9e15a8c966204abf15164987569bd1175fd66a7705182
# via
# -r requirements.in
# mkdocs-print-site-plugin
@ -327,13 +327,13 @@ mkdocs-material-extensions==1.3.1 \
--hash=sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443 \
--hash=sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31
# via mkdocs-material
mkdocs-print-site-plugin==2.4.1 \
--hash=sha256:8c05bdd6b34095fdfdb77a37a117106d4ba362ac5145a1664a3bef53b8cc9ba5 \
--hash=sha256:c62eda1d47b65e48aa5a9316cb8ea93c035a342b5648b84bd892f48729aea6c9
mkdocs-print-site-plugin==2.5.0 \
--hash=sha256:48b3d41ae80384de72062b2712fce677f2e46d8364d9fe603ba837b0cf7156a4 \
--hash=sha256:95dccc8d5cc8a59da67815a2d3304ef0101b065e363f2b9ac919c23d6196dd24
# via -r requirements.in
packaging==24.0 \
--hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \
--hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9
packaging==24.1 \
--hash=sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002 \
--hash=sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124
# via
# mkdocs
# typepy
@ -421,9 +421,9 @@ pillow==10.3.0 \
# via
# cairosvg
# mkdocs-material
platformdirs==4.2.1 \
--hash=sha256:031cd18d4ec63ec53e82dceaac0417d218a6863f7745dfcc9efe7793b7039bdf \
--hash=sha256:17d5a1161b3fd67b390023cb2d3b026bbd40abde6fdb052dfbd3a29c3ba22ee1
platformdirs==4.2.2 \
--hash=sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee \
--hash=sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3
# via mkdocs-get-deps
pycparser==2.22 \
--hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
@ -519,98 +519,98 @@ pyyaml-env-tag==0.1 \
# via
# mike
# mkdocs
regex==2024.5.10 \
--hash=sha256:031219782d97550c2098d9a68ce9e9eaefe67d2d81d8ff84c8354f9c009e720c \
--hash=sha256:0709ba544cf50bd5cb843df4b8bb6701bae2b70a8e88da9add8386cbca5c1385 \
--hash=sha256:0a9f89d7db5ef6bdf53e5cc8e6199a493d0f1374b3171796b464a74ebe8e508a \
--hash=sha256:0bc94873ba11e34837bffd7e5006703abeffc4514e2f482022f46ce05bd25e67 \
--hash=sha256:0ce56a923f4c01d7568811bfdffe156268c0a7aae8a94c902b92fe34c4bde785 \
--hash=sha256:0faecb6d5779753a6066a3c7a0471a8d29fe25d9981ca9e552d6d1b8f8b6a594 \
--hash=sha256:1118ba9def608250250f4b3e3f48c62f4562ba16ca58ede491b6e7554bfa09ff \
--hash=sha256:12446827f43c7881decf2c126762e11425de5eb93b3b0d8b581344c16db7047a \
--hash=sha256:14905ed75c7a6edf423eb46c213ed3f4507c38115f1ed3c00f4ec9eafba50e58 \
--hash=sha256:15e593386ec6331e0ab4ac0795b7593f02ab2f4b30a698beb89fbdc34f92386a \
--hash=sha256:160ba087232c5c6e2a1e7ad08bd3a3f49b58c815be0504d8c8aacfb064491cd8 \
--hash=sha256:161a206c8f3511e2f5fafc9142a2cc25d7fe9a1ec5ad9b4ad2496a7c33e1c5d2 \
--hash=sha256:169fd0acd7a259f58f417e492e93d0e15fc87592cd1e971c8c533ad5703b5830 \
--hash=sha256:193b7c6834a06f722f0ce1ba685efe80881de7c3de31415513862f601097648c \
--hash=sha256:1a3903128f9e17a500618e80c68165c78c741ebb17dd1a0b44575f92c3c68b02 \
--hash=sha256:1d5bd666466c8f00a06886ce1397ba8b12371c1f1c6d1bef11013e9e0a1464a8 \
--hash=sha256:224a9269f133564109ce668213ef3cb32bc72ccf040b0b51c72a50e569e9dc9e \
--hash=sha256:236cace6c1903effd647ed46ce6dd5d76d54985fc36dafc5256032886736c85d \
--hash=sha256:249fbcee0a277c32a3ce36d8e36d50c27c968fdf969e0fbe342658d4e010fbc8 \
--hash=sha256:29d839829209f3c53f004e1de8c3113efce6d98029f044fa5cfee666253ee7e6 \
--hash=sha256:2c8982ee19ccecabbaeac1ba687bfef085a6352a8c64f821ce2f43e6d76a9298 \
--hash=sha256:2f30a5ab8902f93930dc6f627c4dd5da2703333287081c85cace0fc6e21c25af \
--hash=sha256:304e7e2418146ae4d0ef0e9ffa28f881f7874b45b4994cc2279b21b6e7ae50c8 \
--hash=sha256:32e5f3b8e32918bfbdd12eca62e49ab3031125c454b507127ad6ecbd86e62fca \
--hash=sha256:334b79ce9c08f26b4659a53f42892793948a613c46f1b583e985fd5a6bf1c149 \
--hash=sha256:33d19f0cde6838c81acffff25c7708e4adc7dd02896c9ec25c3939b1500a1778 \
--hash=sha256:3799e36d60a35162bb35b2246d8bb012192b7437dff807ef79c14e7352706306 \
--hash=sha256:42be5de7cc8c1edac55db92d82b68dc8e683b204d6f5414c5a51997a323d7081 \
--hash=sha256:44b3267cea873684af022822195298501568ed44d542f9a2d9bebc0212e99069 \
--hash=sha256:458d68d34fb74b906709735c927c029e62f7d06437a98af1b5b6258025223210 \
--hash=sha256:45cc13d398b6359a7708986386f72bd156ae781c3e83a68a6d4cee5af04b1ce9 \
--hash=sha256:4e7eaf9df15423d07b6050fb91f86c66307171b95ea53e2d87a7993b6d02c7f7 \
--hash=sha256:4fad420b14ae1970a1f322e8ae84a1d9d89375eb71e1b504060ab2d1bfe68f3c \
--hash=sha256:504b5116e2bd1821efd815941edff7535e93372a098e156bb9dffde30264e798 \
--hash=sha256:50e7e96a527488334379e05755b210b7da4a60fc5d6481938c1fa053e0c92184 \
--hash=sha256:51d27844763c273a122e08a3e86e7aefa54ee09fb672d96a645ece0454d8425e \
--hash=sha256:5253dcb0bfda7214523de58b002eb0090cb530d7c55993ce5f6d17faf953ece7 \
--hash=sha256:534efd2653ebc4f26fc0e47234e53bf0cb4715bb61f98c64d2774a278b58c846 \
--hash=sha256:560278c9975694e1f0bc50da187abf2cdc1e4890739ea33df2bc4a85eeef143e \
--hash=sha256:571452362d552de508c37191b6abbbb660028b8b418e2d68c20779e0bc8eaaa8 \
--hash=sha256:62b5f7910b639f3c1d122d408421317c351e213ca39c964ad4121f27916631c6 \
--hash=sha256:696639a73ca78a380acfaa0a1f6dd8220616a99074c05bba9ba8bb916914b224 \
--hash=sha256:6ccdeef4584450b6f0bddd5135354908dacad95425fcb629fe36d13e48b60f32 \
--hash=sha256:70364a097437dd0a90b31cd77f09f7387ad9ac60ef57590971f43b7fca3082a5 \
--hash=sha256:7117cb7d6ac7f2e985f3d18aa8a1728864097da1a677ffa69e970ca215baebf1 \
--hash=sha256:7467ad8b0eac0b28e52679e972b9b234b3de0ea5cee12eb50091d2b68145fe36 \
--hash=sha256:7d35d4cc9270944e95f9c88af757b0c9fc43f396917e143a5756608462c5223b \
--hash=sha256:7dda3091838206969c2b286f9832dff41e2da545b99d1cfaea9ebd8584d02708 \
--hash=sha256:853cc36e756ff673bf984e9044ccc8fad60b95a748915dddeab9488aea974c73 \
--hash=sha256:8722f72068b3e1156a4b2e1afde6810f1fc67155a9fa30a4b9d5b4bc46f18fb0 \
--hash=sha256:8c6c71cf92b09e5faa72ea2c68aa1f61c9ce11cb66fdc5069d712f4392ddfd00 \
--hash=sha256:903350bf44d7e4116b4d5898b30b15755d61dcd3161e3413a49c7db76f0bee5a \
--hash=sha256:91b53dea84415e8115506cc62e441a2b54537359c63d856d73cb1abe05af4c9a \
--hash=sha256:951be1eae7b47660412dc4938777a975ebc41936d64e28081bf2e584b47ec246 \
--hash=sha256:972b49f2fe1047b9249c958ec4fa1bdd2cf8ce305dc19d27546d5a38e57732d8 \
--hash=sha256:9a8625849387b9d558d528e263ecc9c0fbde86cfa5c2f0eef43fff480ae24d71 \
--hash=sha256:9cdbb1998da94607d5eec02566b9586f0e70d6438abf1b690261aac0edda7ab6 \
--hash=sha256:9e6d4d6ae1827b2f8c7200aaf7501c37cf3f3896c86a6aaf2566448397c823dd \
--hash=sha256:aab65121229c2ecdf4a31b793d99a6a0501225bd39b616e653c87b219ed34a49 \
--hash=sha256:ab98016541543692a37905871a5ffca59b16e08aacc3d7d10a27297b443f572d \
--hash=sha256:ad45f3bccfcb00868f2871dce02a755529838d2b86163ab8a246115e80cfb7d6 \
--hash=sha256:b43b78f9386d3d932a6ce5af4b45f393d2e93693ee18dc4800d30a8909df700e \
--hash=sha256:b66421f8878a0c82fc0c272a43e2121c8d4c67cb37429b764f0d5ad70b82993b \
--hash=sha256:ba034c8db4b264ef1601eb33cd23d87c5013b8fb48b8161debe2e5d3bd9156b0 \
--hash=sha256:bbdc5db2c98ac2bf1971ffa1410c87ca7a15800415f788971e8ba8520fc0fda9 \
--hash=sha256:bc0db93ad039fc2fe32ccd3dd0e0e70c4f3d6e37ae83f0a487e1aba939bd2fbd \
--hash=sha256:bf7c8ee4861d9ef5b1120abb75846828c811f932d63311596ad25fa168053e00 \
--hash=sha256:bf9596cba92ce7b1fd32c7b07c6e3212c7eed0edc271757e48bfcd2b54646452 \
--hash=sha256:c43395a3b7cc9862801a65c6994678484f186ce13c929abab44fb8a9e473a55a \
--hash=sha256:c46a76a599fcbf95f98755275c5527304cc4f1bb69919434c1e15544d7052910 \
--hash=sha256:ca23b41355ba95929e9505ee04e55495726aa2282003ed9b012d86f857d3e49b \
--hash=sha256:cd832bd9b6120d6074f39bdfbb3c80e416848b07ac72910f1c7f03131a6debc3 \
--hash=sha256:cfa6d61a76c77610ba9274c1a90a453062bdf6887858afbe214d18ad41cf6bde \
--hash=sha256:d8a0f0ab5453e409586b11ebe91c672040bc804ca98d03a656825f7890cbdf88 \
--hash=sha256:e91b1976358e17197157b405cab408a5f4e33310cda211c49fc6da7cffd0b2f0 \
--hash=sha256:ea057306ab469130167014b662643cfaed84651c792948891d003cf0039223a5 \
--hash=sha256:eda3dd46df535da787ffb9036b5140f941ecb91701717df91c9daf64cabef953 \
--hash=sha256:f03b1dbd4d9596dd84955bb40f7d885204d6aac0d56a919bb1e0ff2fb7e1735a \
--hash=sha256:fa9335674d7c819674467c7b46154196c51efbaf5f5715187fd366814ba3fa39
regex==2024.5.15 \
--hash=sha256:0721931ad5fe0dda45d07f9820b90b2148ccdd8e45bb9e9b42a146cb4f695649 \
--hash=sha256:10002e86e6068d9e1c91eae8295ef690f02f913c57db120b58fdd35a6bb1af35 \
--hash=sha256:10e4ce0dca9ae7a66e6089bb29355d4432caed736acae36fef0fdd7879f0b0cb \
--hash=sha256:119af6e56dce35e8dfb5222573b50c89e5508d94d55713c75126b753f834de68 \
--hash=sha256:1337b7dbef9b2f71121cdbf1e97e40de33ff114801263b275aafd75303bd62b5 \
--hash=sha256:13cdaf31bed30a1e1c2453ef6015aa0983e1366fad2667657dbcac7b02f67133 \
--hash=sha256:1595f2d10dff3d805e054ebdc41c124753631b6a471b976963c7b28543cf13b0 \
--hash=sha256:16093f563098448ff6b1fa68170e4acbef94e6b6a4e25e10eae8598bb1694b5d \
--hash=sha256:1878b8301ed011704aea4c806a3cadbd76f84dece1ec09cc9e4dc934cfa5d4da \
--hash=sha256:19068a6a79cf99a19ccefa44610491e9ca02c2be3305c7760d3831d38a467a6f \
--hash=sha256:19dfb1c504781a136a80ecd1fff9f16dddf5bb43cec6871778c8a907a085bb3d \
--hash=sha256:1b5269484f6126eee5e687785e83c6b60aad7663dafe842b34691157e5083e53 \
--hash=sha256:1c1c174d6ec38d6c8a7504087358ce9213d4332f6293a94fbf5249992ba54efa \
--hash=sha256:2431b9e263af1953c55abbd3e2efca67ca80a3de8a0437cb58e2421f8184717a \
--hash=sha256:287eb7f54fc81546346207c533ad3c2c51a8d61075127d7f6d79aaf96cdee890 \
--hash=sha256:2b4c884767504c0e2401babe8b5b7aea9148680d2e157fa28f01529d1f7fcf67 \
--hash=sha256:35cb514e137cb3488bce23352af3e12fb0dbedd1ee6e60da053c69fb1b29cc6c \
--hash=sha256:391d7f7f1e409d192dba8bcd42d3e4cf9e598f3979cdaed6ab11288da88cb9f2 \
--hash=sha256:3ad070b823ca5890cab606c940522d05d3d22395d432f4aaaf9d5b1653e47ced \
--hash=sha256:3cd7874d57f13bf70078f1ff02b8b0aa48d5b9ed25fc48547516c6aba36f5741 \
--hash=sha256:3e507ff1e74373c4d3038195fdd2af30d297b4f0950eeda6f515ae3d84a1770f \
--hash=sha256:455705d34b4154a80ead722f4f185b04c4237e8e8e33f265cd0798d0e44825fa \
--hash=sha256:4a605586358893b483976cffc1723fb0f83e526e8f14c6e6614e75919d9862cf \
--hash=sha256:4babf07ad476aaf7830d77000874d7611704a7fcf68c9c2ad151f5d94ae4bfc4 \
--hash=sha256:4eee78a04e6c67e8391edd4dad3279828dd66ac4b79570ec998e2155d2e59fd5 \
--hash=sha256:5397de3219a8b08ae9540c48f602996aa6b0b65d5a61683e233af8605c42b0f2 \
--hash=sha256:5b5467acbfc153847d5adb21e21e29847bcb5870e65c94c9206d20eb4e99a384 \
--hash=sha256:5eaa7ddaf517aa095fa8da0b5015c44d03da83f5bd49c87961e3c997daed0de7 \
--hash=sha256:632b01153e5248c134007209b5c6348a544ce96c46005d8456de1d552455b014 \
--hash=sha256:64c65783e96e563103d641760664125e91bd85d8e49566ee560ded4da0d3e704 \
--hash=sha256:64f18a9a3513a99c4bef0e3efd4c4a5b11228b48aa80743be822b71e132ae4f5 \
--hash=sha256:673b5a6da4557b975c6c90198588181029c60793835ce02f497ea817ff647cb2 \
--hash=sha256:68811ab14087b2f6e0fc0c2bae9ad689ea3584cad6917fc57be6a48bbd012c49 \
--hash=sha256:6e8d717bca3a6e2064fc3a08df5cbe366369f4b052dcd21b7416e6d71620dca1 \
--hash=sha256:71a455a3c584a88f654b64feccc1e25876066c4f5ef26cd6dd711308aa538694 \
--hash=sha256:72d7a99cd6b8f958e85fc6ca5b37c4303294954eac1376535b03c2a43eb72629 \
--hash=sha256:7b59138b219ffa8979013be7bc85bb60c6f7b7575df3d56dc1e403a438c7a3f6 \
--hash=sha256:7dbe2467273b875ea2de38ded4eba86cbcbc9a1a6d0aa11dcf7bd2e67859c435 \
--hash=sha256:833616ddc75ad595dee848ad984d067f2f31be645d603e4d158bba656bbf516c \
--hash=sha256:87e2a9c29e672fc65523fb47a90d429b70ef72b901b4e4b1bd42387caf0d6835 \
--hash=sha256:8fe45aa3f4aa57faabbc9cb46a93363edd6197cbc43523daea044e9ff2fea83e \
--hash=sha256:9e717956dcfd656f5055cc70996ee2cc82ac5149517fc8e1b60261b907740201 \
--hash=sha256:9efa1a32ad3a3ea112224897cdaeb6aa00381627f567179c0314f7b65d354c62 \
--hash=sha256:9ff11639a8d98969c863d4617595eb5425fd12f7c5ef6621a4b74b71ed8726d5 \
--hash=sha256:a094801d379ab20c2135529948cb84d417a2169b9bdceda2a36f5f10977ebc16 \
--hash=sha256:a0981022dccabca811e8171f913de05720590c915b033b7e601f35ce4ea7019f \
--hash=sha256:a0bd000c6e266927cb7a1bc39d55be95c4b4f65c5be53e659537537e019232b1 \
--hash=sha256:a32b96f15c8ab2e7d27655969a23895eb799de3665fa94349f3b2fbfd547236f \
--hash=sha256:a81e3cfbae20378d75185171587cbf756015ccb14840702944f014e0d93ea09f \
--hash=sha256:ac394ff680fc46b97487941f5e6ae49a9f30ea41c6c6804832063f14b2a5a145 \
--hash=sha256:ada150c5adfa8fbcbf321c30c751dc67d2f12f15bd183ffe4ec7cde351d945b3 \
--hash=sha256:b2b6f1b3bb6f640c1a92be3bbfbcb18657b125b99ecf141fb3310b5282c7d4ed \
--hash=sha256:b802512f3e1f480f41ab5f2cfc0e2f761f08a1f41092d6718868082fc0d27143 \
--hash=sha256:ba68168daedb2c0bab7fd7e00ced5ba90aebf91024dea3c88ad5063c2a562cca \
--hash=sha256:bfc4f82cabe54f1e7f206fd3d30fda143f84a63fe7d64a81558d6e5f2e5aaba9 \
--hash=sha256:c0c18345010870e58238790a6779a1219b4d97bd2e77e1140e8ee5d14df071aa \
--hash=sha256:c3bea0ba8b73b71b37ac833a7f3fd53825924165da6a924aec78c13032f20850 \
--hash=sha256:c486b4106066d502495b3025a0a7251bf37ea9540433940a23419461ab9f2a80 \
--hash=sha256:c49e15eac7c149f3670b3e27f1f28a2c1ddeccd3a2812cba953e01be2ab9b5fe \
--hash=sha256:c6a2b494a76983df8e3d3feea9b9ffdd558b247e60b92f877f93a1ff43d26656 \
--hash=sha256:cab12877a9bdafde5500206d1020a584355a97884dfd388af3699e9137bf7388 \
--hash=sha256:cac27dcaa821ca271855a32188aa61d12decb6fe45ffe3e722401fe61e323cd1 \
--hash=sha256:cdd09d47c0b2efee9378679f8510ee6955d329424c659ab3c5e3a6edea696294 \
--hash=sha256:cf2430df4148b08fb4324b848672514b1385ae3807651f3567871f130a728cc3 \
--hash=sha256:d0a3d8d6acf0c78a1fff0e210d224b821081330b8524e3e2bc5a68ef6ab5803d \
--hash=sha256:d0c0c0003c10f54a591d220997dd27d953cd9ccc1a7294b40a4be5312be8797b \
--hash=sha256:d1f059a4d795e646e1c37665b9d06062c62d0e8cc3c511fe01315973a6542e40 \
--hash=sha256:d347a741ea871c2e278fde6c48f85136c96b8659b632fb57a7d1ce1872547600 \
--hash=sha256:d3ee02d9e5f482cc8309134a91eeaacbdd2261ba111b0fef3748eeb4913e6a2c \
--hash=sha256:d99ceffa25ac45d150e30bd9ed14ec6039f2aad0ffa6bb87a5936f5782fc1569 \
--hash=sha256:e38a7d4e8f633a33b4c7350fbd8bad3b70bf81439ac67ac38916c4a86b465456 \
--hash=sha256:e4682f5ba31f475d58884045c1a97a860a007d44938c4c0895f41d64481edbc9 \
--hash=sha256:e5bb9425fe881d578aeca0b2b4b3d314ec88738706f66f219c194d67179337cb \
--hash=sha256:e64198f6b856d48192bf921421fdd8ad8eb35e179086e99e99f711957ffedd6e \
--hash=sha256:e6662686aeb633ad65be2a42b4cb00178b3fbf7b91878f9446075c404ada552f \
--hash=sha256:ec54d5afa89c19c6dd8541a133be51ee1017a38b412b1321ccb8d6ddbeb4cf7d \
--hash=sha256:f5b1dff3ad008dccf18e652283f5e5339d70bf8ba7c98bf848ac33db10f7bc7a \
--hash=sha256:f8ec0c2fea1e886a19c3bee0cd19d862b3aa75dcdfb42ebe8ed30708df64687a \
--hash=sha256:f9ebd0a36102fcad2f03696e8af4ae682793a5d30b46c647eaf280d6cfb32796
# via mkdocs-material
requests==2.31.0 \
--hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
--hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
requests==2.32.3 \
--hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
--hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
# via
# importlib-metadata
# importlib-resources
# The following packages are considered to be unsafe in a requirements file:
setuptools==69.5.1 \
--hash=sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987 \
--hash=sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32
setuptools==70.0.0 \
--hash=sha256:54faa7f2e8d2d11bcd2c07bed282eef1046b5c080d1c32add737d7b5817b1ad4 \
--hash=sha256:f211a66637b8fa059bb28183da127d4e86396c991a942b028c6650d4319c3fd0
# via mkdocs-material
six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
@ -637,44 +637,47 @@ typepy==1.3.2 \
# dataproperty
# pytablewriter
# tabledata
urllib3==2.2.1 \
--hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
--hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
urllib3==2.2.2 \
--hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
--hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
# via requests
verspec==0.1.0 \
--hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d481cda100f11c31 \
--hash=sha256:c4504ca697b2056cdb4bfa7121461f5a0e81809255b41c03dda4ba823637c01e
# via mike
watchdog==4.0.0 \
--hash=sha256:11e12fafb13372e18ca1bbf12d50f593e7280646687463dd47730fd4f4d5d257 \
--hash=sha256:2895bf0518361a9728773083908801a376743bcc37dfa252b801af8fd281b1ca \
--hash=sha256:39cb34b1f1afbf23e9562501673e7146777efe95da24fab5707b88f7fb11649b \
--hash=sha256:45cc09cc4c3b43fb10b59ef4d07318d9a3ecdbff03abd2e36e77b6dd9f9a5c85 \
--hash=sha256:4986db5e8880b0e6b7cd52ba36255d4793bf5cdc95bd6264806c233173b1ec0b \
--hash=sha256:5369136a6474678e02426bd984466343924d1df8e2fd94a9b443cb7e3aa20d19 \
--hash=sha256:557ba04c816d23ce98a06e70af6abaa0485f6d94994ec78a42b05d1c03dcbd50 \
--hash=sha256:6a4db54edea37d1058b08947c789a2354ee02972ed5d1e0dca9b0b820f4c7f92 \
--hash=sha256:6a80d5cae8c265842c7419c560b9961561556c4361b297b4c431903f8c33b269 \
--hash=sha256:6a9c71a0b02985b4b0b6d14b875a6c86ddea2fdbebd0c9a720a806a8bbffc69f \
--hash=sha256:6c47bdd680009b11c9ac382163e05ca43baf4127954c5f6d0250e7d772d2b80c \
--hash=sha256:6e949a8a94186bced05b6508faa61b7adacc911115664ccb1923b9ad1f1ccf7b \
--hash=sha256:73c7a935e62033bd5e8f0da33a4dcb763da2361921a69a5a95aaf6c93aa03a87 \
--hash=sha256:76ad8484379695f3fe46228962017a7e1337e9acadafed67eb20aabb175df98b \
--hash=sha256:8350d4055505412a426b6ad8c521bc7d367d1637a762c70fdd93a3a0d595990b \
--hash=sha256:87e9df830022488e235dd601478c15ad73a0389628588ba0b028cb74eb72fed8 \
--hash=sha256:8f9a542c979df62098ae9c58b19e03ad3df1c9d8c6895d96c0d51da17b243b1c \
--hash=sha256:8fec441f5adcf81dd240a5fe78e3d83767999771630b5ddfc5867827a34fa3d3 \
--hash=sha256:9a03e16e55465177d416699331b0f3564138f1807ecc5f2de9d55d8f188d08c7 \
--hash=sha256:ba30a896166f0fee83183cec913298151b73164160d965af2e93a20bbd2ab605 \
--hash=sha256:c17d98799f32e3f55f181f19dd2021d762eb38fdd381b4a748b9f5a36738e935 \
--hash=sha256:c522392acc5e962bcac3b22b9592493ffd06d1fc5d755954e6be9f4990de932b \
--hash=sha256:d0f9bd1fd919134d459d8abf954f63886745f4660ef66480b9d753a7c9d40927 \
--hash=sha256:d18d7f18a47de6863cd480734613502904611730f8def45fc52a5d97503e5101 \
--hash=sha256:d31481ccf4694a8416b681544c23bd271f5a123162ab603c7d7d2dd7dd901a07 \
--hash=sha256:e3e7065cbdabe6183ab82199d7a4f6b3ba0a438c5a512a68559846ccb76a78ec \
--hash=sha256:eed82cdf79cd7f0232e2fdc1ad05b06a5e102a43e331f7d041e5f0e0a34a51c4 \
--hash=sha256:f970663fa4f7e80401a7b0cbeec00fa801bf0287d93d48368fc3e6fa32716245 \
--hash=sha256:f9b2fdca47dc855516b2d66eef3c39f2672cbf7e7a42e7e67ad2cbfcd6ba107d
watchdog==4.0.1 \
--hash=sha256:0144c0ea9997b92615af1d94afc0c217e07ce2c14912c7b1a5731776329fcfc7 \
--hash=sha256:03e70d2df2258fb6cb0e95bbdbe06c16e608af94a3ffbd2b90c3f1e83eb10767 \
--hash=sha256:093b23e6906a8b97051191a4a0c73a77ecc958121d42346274c6af6520dec175 \
--hash=sha256:123587af84260c991dc5f62a6e7ef3d1c57dfddc99faacee508c71d287248459 \
--hash=sha256:17e32f147d8bf9657e0922c0940bcde863b894cd871dbb694beb6704cfbd2fb5 \
--hash=sha256:206afc3d964f9a233e6ad34618ec60b9837d0582b500b63687e34011e15bb429 \
--hash=sha256:4107ac5ab936a63952dea2a46a734a23230aa2f6f9db1291bf171dac3ebd53c6 \
--hash=sha256:4513ec234c68b14d4161440e07f995f231be21a09329051e67a2118a7a612d2d \
--hash=sha256:611be3904f9843f0529c35a3ff3fd617449463cb4b73b1633950b3d97fa4bfb7 \
--hash=sha256:62c613ad689ddcb11707f030e722fa929f322ef7e4f18f5335d2b73c61a85c28 \
--hash=sha256:667f3c579e813fcbad1b784db7a1aaa96524bed53437e119f6a2f5de4db04235 \
--hash=sha256:6e8c70d2cd745daec2a08734d9f63092b793ad97612470a0ee4cbb8f5f705c57 \
--hash=sha256:7577b3c43e5909623149f76b099ac49a1a01ca4e167d1785c76eb52fa585745a \
--hash=sha256:998d2be6976a0ee3a81fb8e2777900c28641fb5bfbd0c84717d89bca0addcdc5 \
--hash=sha256:a3c2c317a8fb53e5b3d25790553796105501a235343f5d2bf23bb8649c2c8709 \
--hash=sha256:ab998f567ebdf6b1da7dc1e5accfaa7c6992244629c0fdaef062f43249bd8dee \
--hash=sha256:ac7041b385f04c047fcc2951dc001671dee1b7e0615cde772e84b01fbf68ee84 \
--hash=sha256:bca36be5707e81b9e6ce3208d92d95540d4ca244c006b61511753583c81c70dd \
--hash=sha256:c9904904b6564d4ee8a1ed820db76185a3c96e05560c776c79a6ce5ab71888ba \
--hash=sha256:cad0bbd66cd59fc474b4a4376bc5ac3fc698723510cbb64091c2a793b18654db \
--hash=sha256:d10a681c9a1d5a77e75c48a3b8e1a9f2ae2928eda463e8d33660437705659682 \
--hash=sha256:d4925e4bf7b9bddd1c3de13c9b8a2cdb89a468f640e66fbfabaf735bd85b3e35 \
--hash=sha256:d7b9f5f3299e8dd230880b6c55504a1f69cf1e4316275d1b215ebdd8187ec88d \
--hash=sha256:da2dfdaa8006eb6a71051795856bedd97e5b03e57da96f98e375682c48850645 \
--hash=sha256:dddba7ca1c807045323b6af4ff80f5ddc4d654c8bce8317dde1bd96b128ed253 \
--hash=sha256:e7921319fe4430b11278d924ef66d4daa469fafb1da679a2e48c935fa27af193 \
--hash=sha256:e93f451f2dfa433d97765ca2634628b789b49ba8b504fdde5837cdcf25fdb53b \
--hash=sha256:eebaacf674fa25511e8867028d281e602ee6500045b57f43b08778082f7f8b44 \
--hash=sha256:ef0107bbb6a55f5be727cfc2ef945d5676b97bffb8425650dadbb184be9f9a2b \
--hash=sha256:f0de0f284248ab40188f23380b03b59126d1479cd59940f2a34f8852db710625 \
--hash=sha256:f27279d060e2ab24c0aa98363ff906d2386aa6c4dc2f1a374655d4e02a6c5e5e \
--hash=sha256:f8affdf3c0f0466e69f5b3917cdd042f89c8c63aebdb9f7c078996f607cdb0f5
# via mkdocs
webencodings==0.5.1 \
--hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
@ -682,7 +685,7 @@ webencodings==0.5.1 \
# via
# cssselect2
# tinycss2
zipp==3.18.1 \
--hash=sha256:206f5a15f2af3dbaee80769fb7dc6f249695e940acca08dfb2a4769fe61e538b \
--hash=sha256:2884ed22e7d8961de1c9a05142eb69a247f120291bc0206a00a7642f09b5b715
zipp==3.19.2 \
--hash=sha256:bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19 \
--hash=sha256:f091755f667055f2d02b32c53771a7a6c8b47e1fdbc4b72a8b9072b3eef8015c
# via pytablewriter

117
docs/security-tuning.md
View file

@ -137,8 +137,15 @@ Besides the HTTPS / SSL/TLS configuration, the following settings related to HTT
| `AUTO_REDIRECT_HTTP_TO_HTTPS` | `yes` | When set to `yes`, will redirect every HTTP request to HTTPS only if BunkerWeb is configured with HTTPS. |
| `SSL_PROTOCOLS` | `TLSv1.2 TLSv1.3` | List of supported SSL/TLS protocols when SSL is enabled. |
| `HTTP2` | `yes` | When set to `yes`, will enable HTTP2 protocol support when using HTTPS. |
| `HTTP3` | `no` | When set to `yes`, will enable HTTP3 protocol support when using HTTPS. |
| `HTTP3_ALT_SVC_PORT` | `443` | HTTP3 alternate service port. This value will be used as part of the Alt-Svc header. |
| `LISTEN_HTTP` | `yes` | When set to `no`, BunkerWeb will not listen for HTTP requests. Useful if you want HTTPS only for example. |
!!! example "About HTTP3"
HTTP/3 is the next version of the HTTP protocol. It is based on Google's QUIC protocol which is a transport layer protocol that provides security and reliability features. HTTP/3 is designed to improve the performance of websites and web applications.
**Remember that NGINX's support for HTTP/3 is still experimental and may not be suitable for all use cases.**
### Let's Encrypt
STREAM support :white_check_mark:
@ -241,7 +248,7 @@ ModSecurity is integrated and enabled by default alongside the OWASP Core Rule S
| :-----------------------: | :-----: | :---------------------------------------------------------------------------------------------------- |
| `USE_MODSECURITY` | `yes` | When set to `yes`, ModSecurity will be enabled. |
| `USE_MODSECURITY_CRS` | `yes` | When set to `yes` and `USE_MODSECURITY` is also set to `yes`, the OWASP Core Rule Set will be loaded. |
| `MODSECURITY_CRS_VERSION` | `3` | Version of the OWASP Core Rule Set to use. |
| `MODSECURITY_CRS_VERSION` | `3` | Version of the OWASP Core Rule Set to use with ModSecurity (3, 4 or nightly). |
!!! warning "ModSecurity and the OWASP Core Rule Set"
**We strongly recommend keeping both ModSecurity and the OWASP Core Rule Set enabled**. The only downsides are the false positives that may occur. But they can be fixed with some efforts and the CRS team maintains a list of exclusions for common applications (e.g., WordPress, Nextcloud, Drupal, Cpanel, ...).
@ -250,6 +257,10 @@ You can choose between the following versions of the OWASP Core Rule Set :
- **3** : The version [v3.3.5](https://github.com/coreruleset/coreruleset/releases/tag/v3.3.5) of the OWASP Core Rule Set (***default***)
- **4** : The version [v4.2.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.2.0) of the OWASP Core Rule Set
- **nightly** : The latest [nightly](https://github.com/coreruleset/coreruleset/releases/tag/nightly) build of the OWASP Core Rule Set which is updated every day
!!! example "OWASP Core Rule Set's nightly build"
The nightly build of the OWASP Core Rule Set is updated every day and contains the latest rules. It is recommended to use it in a staging environment before using it in production.
### Custom configurations
@ -319,7 +330,7 @@ Here is the list of related settings :
| --------------------------- | ------------ | --------- | -------- | ------------------------------------------------------------------------------------------------------------------------------ |
| `USE_ANTIBOT` | `no` | multisite | no | Activate antibot feature. |
| `ANTIBOT_URI` | `/challenge` | multisite | no | Unused URI that clients will be redirected to to solve the challenge. |
| `ANTIBOT_RECAPTCHA_SCORE` | `0.7` | multisite | no | Minimum score required for reCAPTCHA challenge. |
| `ANTIBOT_RECAPTCHA_SCORE` | `0.7` | multisite | no | Minimum score required for reCAPTCHA challenge (Only compatible with reCAPTCHA v3). |
| `ANTIBOT_RECAPTCHA_SITEKEY` | | multisite | no | Sitekey for reCAPTCHA challenge. |
| `ANTIBOT_RECAPTCHA_SECRET` | | multisite | no | Secret for reCAPTCHA challenge. |
| `ANTIBOT_HCAPTCHA_SITEKEY` | | multisite | no | Sitekey for hCaptcha challenge. |
@ -343,30 +354,26 @@ STREAM support :warning:
You can use the following settings to set up blacklisting :
| Setting | Default | Context | Multiple | Description |
| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | --------- | -------- | ------------------------------------------------------------------------------------------------ |
| `USE_BLACKLIST` | `yes` | multisite | no | Activate blacklist feature. |
| `BLACKLIST_IP` | | multisite | no | List of IP/network, separated with spaces, to block. |
| `BLACKLIST_IP_URLS` | `https://www.dan.me.uk/torlist/?exit` | global | no | List of URLs, separated with spaces, containing bad IP/network to block. |
| `BLACKLIST_RDNS_GLOBAL` | `yes` | multisite | no | Only perform RDNS blacklist checks on global IP addresses. |
| `BLACKLIST_RDNS` | `.shodan.io .censys.io` | multisite | no | List of reverse DNS suffixes, separated with spaces, to block. |
| `BLACKLIST_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to block. |
| `BLACKLIST_ASN` | | multisite | no | List of ASN numbers, separated with spaces, to block. |
| `BLACKLIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to block. |
| `BLACKLIST_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to block. |
| `BLACKLIST_USER_AGENT_URLS` | `https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list` | global | no | List of URLs, separated with spaces, containing bad User-Agent to block. |
| `BLACKLIST_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to block. |
| `BLACKLIST_URI_URLS` | | global | no | List of URLs, separated with spaces, containing bad URI to block. |
| `BLACKLIST_IGNORE_IP` | | multisite | no | List of IP/network, separated with spaces, to ignore in the blacklist. |
| `BLACKLIST_IGNORE_IP_URLS` | | global | no | List of URLs, separated with spaces, containing IP/network to ignore in the blacklist. |
| `BLACKLIST_IGNORE_RDNS` | | multisite | no | List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist. |
| `BLACKLIST_IGNORE_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist. |
| `BLACKLIST_IGNORE_ASN` | | multisite | no | List of ASN numbers, separated with spaces, to ignore in the blacklist. |
| `BLACKLIST_IGNORE_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to ignore in the blacklist. |
| `BLACKLIST_IGNORE_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist. |
| `BLACKLIST_IGNORE_USER_AGENT_URLS` | | global | no | List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist. |
| `BLACKLIST_IGNORE_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to ignore in the blacklist. |
| `BLACKLIST_IGNORE_URI_URLS` | | global | no | List of URLs, separated with spaces, containing URI to ignore in the blacklist. |
| Setting | Default | Context | Multiple | Description |
| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | --------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `USE_BLACKLIST` | `yes` | multisite | no | Activate blacklist feature. |
| `BLACKLIST_IP` | | multisite | no | List of IP/network, separated with spaces, to block. |
| `BLACKLIST_RDNS_GLOBAL` | `yes` | multisite | no | Only perform RDNS blacklist checks on global IP addresses. |
| `BLACKLIST_RDNS` | `.shodan.io .censys.io` | multisite | no | List of reverse DNS suffixes, separated with spaces, to block. |
| `BLACKLIST_ASN` | | multisite | no | List of ASN numbers, separated with spaces, to block. |
| `BLACKLIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to block. |
| `BLACKLIST_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to block. |
| `BLACKLIST_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to block. |
| `BLACKLIST_IP_URLS` | `https://www.dan.me.uk/torlist/?exit` | global | no | List of URLs, separated with spaces, containing bad IP/network to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_USER_AGENT_URLS` | `https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list` | global | no | List of URLs, separated with spaces, containing bad User-Agent to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_URI_URLS` | | global | no | List of URLs, separated with spaces, containing bad URI to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_IGNORE_IP_URLS` | | global | no | List of URLs, separated with spaces, containing IP/network to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_IGNORE_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_IGNORE_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_IGNORE_USER_AGENT_URLS` | | global | no | List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `BLACKLIST_IGNORE_URI_URLS` | | global | no | List of URLs, separated with spaces, containing URI to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
When using stream mode, only IP, RDNS and ASN checks will be done.
@ -376,20 +383,20 @@ STREAM support :warning:
You can use the following settings to set up greylisting :
| Setting | Default | Context | Multiple | Description |
| -------------------------- | ------- | --------- | -------- | ---------------------------------------------------------------------------------------------- |
| `USE_GREYLIST` | `no` | multisite | no | Activate greylist feature. |
| `GREYLIST_IP` | | multisite | no | List of IP/network, separated with spaces, to put into the greylist. |
| `GREYLIST_IP_URLS` | | global | no | List of URLs, separated with spaces, containing good IP/network to put into the greylist. |
| `GREYLIST_RDNS_GLOBAL` | `yes` | multisite | no | Only perform RDNS greylist checks on global IP addresses. |
| `GREYLIST_RDNS` | | multisite | no | List of reverse DNS suffixes, separated with spaces, to put into the greylist. |
| `GREYLIST_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist. |
| `GREYLIST_ASN` | | multisite | no | List of ASN numbers, separated with spaces, to put into the greylist. |
| `GREYLIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to put into the greylist. |
| `GREYLIST_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to put into the greylist. |
| `GREYLIST_USER_AGENT_URLS` | | global | no | List of URLs, separated with spaces, containing good User-Agent to put into the greylist. |
| `GREYLIST_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to put into the greylist. |
| `GREYLIST_URI_URLS` | | global | no | List of URLs, separated with spaces, containing bad URI to put into the greylist. |
| Setting | Default | Context | Multiple | Description |
| -------------------------- | ------- | --------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `USE_GREYLIST` | `no` | multisite | no | Activate greylist feature. |
| `GREYLIST_IP` | | multisite | no | List of IP/network, separated with spaces, to put into the greylist. |
| `GREYLIST_RDNS_GLOBAL` | `yes` | multisite | no | Only perform RDNS greylist checks on global IP addresses. |
| `GREYLIST_RDNS` | | multisite | no | List of reverse DNS suffixes, separated with spaces, to put into the greylist. |
| `GREYLIST_ASN` | | multisite | no | List of ASN numbers, separated with spaces, to put into the greylist. |
| `GREYLIST_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to put into the greylist. |
| `GREYLIST_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to put into the greylist. |
| `GREYLIST_IP_URLS` | | global | no | List of URLs, separated with spaces, containing good IP/network to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `GREYLIST_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `GREYLIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `GREYLIST_USER_AGENT_URLS` | | global | no | List of URLs, separated with spaces, containing good User-Agent to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `GREYLIST_URI_URLS` | | global | no | List of URLs, separated with spaces, containing bad URI to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
When using stream mode, only IP, RDNS and ASN checks will be done.
@ -399,20 +406,20 @@ STREAM support :warning:
You can use the following settings to set up whitelisting :
| Setting | Default | Context | Multiple | Description |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -------- | ---------------------------------------------------------------------------------- |
| `USE_WHITELIST` | `yes` | multisite | no | Activate whitelist feature. |
| `WHITELIST_IP` | `20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8` | multisite | no | List of IP/network, separated with spaces, to put into the whitelist. |
| `WHITELIST_IP_URLS` | | global | no | List of URLs, separated with spaces, containing good IP/network to whitelist. |
| `WHITELIST_RDNS_GLOBAL` | `yes` | multisite | no | Only perform RDNS whitelist checks on global IP addresses. |
| `WHITELIST_RDNS` | `.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com` | multisite | no | List of reverse DNS suffixes, separated with spaces, to whitelist. |
| `WHITELIST_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist. |
| `WHITELIST_ASN` | `32934` | multisite | no | List of ASN numbers, separated with spaces, to whitelist. |
| `WHITELIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to whitelist. |
| `WHITELIST_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to whitelist. |
| `WHITELIST_USER_AGENT_URLS` | | global | no | List of URLs, separated with spaces, containing good User-Agent to whitelist. |
| `WHITELIST_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to whitelist. |
| `WHITELIST_URI_URLS` | | global | no | List of URLs, separated with spaces, containing bad URI to whitelist. |
| Setting | Default | Context | Multiple | Description |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `USE_WHITELIST` | `yes` | multisite | no | Activate whitelist feature. |
| `WHITELIST_IP` | `20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8` | multisite | no | List of IP/network, separated with spaces, to put into the whitelist. |
| `WHITELIST_RDNS_GLOBAL` | `yes` | multisite | no | Only perform RDNS whitelist checks on global IP addresses. |
| `WHITELIST_RDNS` | `.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com` | multisite | no | List of reverse DNS suffixes, separated with spaces, to whitelist. |
| `WHITELIST_ASN` | `32934` | multisite | no | List of ASN numbers, separated with spaces, to whitelist. |
| `WHITELIST_USER_AGENT` | | multisite | no | List of User-Agent (PCRE regex), separated with spaces, to whitelist. |
| `WHITELIST_URI` | | multisite | no | List of URI (PCRE regex), separated with spaces, to whitelist. |
| `WHITELIST_IP_URLS` | | global | no | List of URLs, separated with spaces, containing good IP/network to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `WHITELIST_RDNS_URLS` | | global | no | List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `WHITELIST_ASN_URLS` | | global | no | List of URLs, separated with spaces, containing ASN to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `WHITELIST_USER_AGENT_URLS` | | global | no | List of URLs, separated with spaces, containing good User-Agent to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
| `WHITELIST_URI_URLS` | | global | no | List of URLs, separated with spaces, containing bad URI to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
When using stream mode, only IP, RDNS and ASN checks will be done.
@ -598,7 +605,7 @@ You can quickly protect sensitive resources like the admin area for example, by
### Auth request
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples).
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples).
**Auth request settings are related to reverse proxy rules.**

179
docs/settings.md
View file

@ -65,7 +65,7 @@ Bot detection by using a challenge.
|`ANTIBOT_URI` |`/challenge`|multisite|no |Unused URI that clients will be redirected to to solve the challenge. |
|`ANTIBOT_TIME_RESOLVE` |`60` |multisite|no |Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.|
|`ANTIBOT_TIME_VALID` |`86400` |multisite|no |Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one. |
|`ANTIBOT_RECAPTCHA_SCORE` |`0.7` |multisite|no |Minimum score required for reCAPTCHA challenge. |
|`ANTIBOT_RECAPTCHA_SCORE` |`0.7` |multisite|no |Minimum score required for reCAPTCHA challenge (Only compatible with reCAPTCHA v3). |
|`ANTIBOT_RECAPTCHA_SITEKEY`| |multisite|no |Sitekey for reCAPTCHA challenge. |
|`ANTIBOT_RECAPTCHA_SECRET` | |multisite|no |Secret for reCAPTCHA challenge. |
|`ANTIBOT_HCAPTCHA_SITEKEY` | |multisite|no |Sitekey for hCaptcha challenge. |
@ -140,30 +140,30 @@ STREAM support :warning:
Deny access based on internal and external IP/network/rDNS/ASN blacklists.
| Setting | Default | Context |Multiple| Description |
|----------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------|
|`USE_BLACKLIST` |`yes` |multisite|no |Activate blacklist feature. |
|`BLACKLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to block. |
|`BLACKLIST_RDNS` |`.shodan.io .censys.io` |multisite|no |List of reverse DNS suffixes, separated with spaces, to block. |
|`BLACKLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS blacklist checks on global IP addresses. |
|`BLACKLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to block. |
|`BLACKLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to block. |
|`BLACKLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to block. |
|`BLACKLIST_IGNORE_IP` | |multisite|no |List of IP/network, separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IP_URLS` |`https://www.dan.me.uk/torlist/?exit` |global |no |List of URLs, separated with spaces, containing bad IP/network to block. |
|`BLACKLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to block. |
|`BLACKLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to block. |
|`BLACKLIST_USER_AGENT_URLS` |`https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list`|global |no |List of URLs, separated with spaces, containing bad User-Agent to block. |
|`BLACKLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to block. |
|`BLACKLIST_IGNORE_IP_URLS` | |global |no |List of URLs, separated with spaces, containing IP/network to ignore in the blacklist. |
|`BLACKLIST_IGNORE_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.|
|`BLACKLIST_IGNORE_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to ignore in the blacklist. |
|`BLACKLIST_IGNORE_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist. |
|`BLACKLIST_IGNORE_URI_URLS` | |global |no |List of URLs, separated with spaces, containing URI to ignore in the blacklist. |
| Setting | Default | Context |Multiple| Description |
|----------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`USE_BLACKLIST` |`yes` |multisite|no |Activate blacklist feature. |
|`BLACKLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to block. |
|`BLACKLIST_RDNS` |`.shodan.io .censys.io` |multisite|no |List of reverse DNS suffixes, separated with spaces, to block. |
|`BLACKLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS blacklist checks on global IP addresses. |
|`BLACKLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to block. |
|`BLACKLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to block. |
|`BLACKLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to block. |
|`BLACKLIST_IGNORE_IP` | |multisite|no |List of IP/network, separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IP_URLS` |`https://www.dan.me.uk/torlist/?exit` |global |no |List of URLs, separated with spaces, containing bad IP/network to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_USER_AGENT_URLS` |`https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list`|global |no |List of URLs, separated with spaces, containing bad User-Agent to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to block. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_IGNORE_IP_URLS` | |global |no |List of URLs, separated with spaces, containing IP/network to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_IGNORE_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme.|
|`BLACKLIST_IGNORE_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_IGNORE_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`BLACKLIST_IGNORE_URI_URLS` | |global |no |List of URLs, separated with spaces, containing URI to ignore in the blacklist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
## Brotli
@ -253,10 +253,11 @@ STREAM support :white_check_mark:
Integrate easily the Database.
| Setting | Default |Context|Multiple| Description |
|--------------------|-----------------------------------------|-------|--------|--------------------------------------------------|
|`DATABASE_URI` |`sqlite:////var/lib/bunkerweb/db.sqlite3`|global |no |The database URI, following the sqlalchemy format.|
|`DATABASE_LOG_LEVEL`|`warning` |global |no |The level to use for database logs. |
| Setting | Default |Context|Multiple| Description |
|-----------------------|-----------------------------------------|-------|--------|-----------------------------------------------------------------------------------------------------------------------------------------|
|`DATABASE_URI` |`sqlite:////var/lib/bunkerweb/db.sqlite3`|global |no |The database URI, following the sqlalchemy format. |
|`DATABASE_URI_READONLY`| |global |no |The database URI for read-only operations, it can also serve as a fallback if the main database is down. Following the sqlalchemy format.|
|`DATABASE_LOG_LEVEL` |`warning` |global |no |The level to use for database logs. |
## DNSBL
@ -286,20 +287,20 @@ STREAM support :warning:
Allow access while keeping security features based on internal and external IP/network/rDNS/ASN greylists.
| Setting |Default| Context |Multiple| Description |
|--------------------------|-------|---------|--------|----------------------------------------------------------------------------------------------|
|`USE_GREYLIST` |`no` |multisite|no |Activate greylist feature. |
|`GREYLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to put into the greylist. |
|`GREYLIST_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to put into the greylist. |
|`GREYLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS greylist checks on global IP addresses. |
|`GREYLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to put into the greylist. |
|`GREYLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to put into the greylist. |
|`GREYLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to put into the greylist. |
|`GREYLIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to put into the greylist. |
|`GREYLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.|
|`GREYLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to put into the greylist. |
|`GREYLIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to put into the greylist. |
|`GREYLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to put into the greylist. |
| Setting |Default| Context |Multiple| Description |
|--------------------------|-------|---------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`USE_GREYLIST` |`no` |multisite|no |Activate greylist feature. |
|`GREYLIST_IP` | |multisite|no |List of IP/network, separated with spaces, to put into the greylist. |
|`GREYLIST_RDNS` | |multisite|no |List of reverse DNS suffixes, separated with spaces, to put into the greylist. |
|`GREYLIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS greylist checks on global IP addresses. |
|`GREYLIST_ASN` | |multisite|no |List of ASN numbers, separated with spaces, to put into the greylist. |
|`GREYLIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to put into the greylist. |
|`GREYLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to put into the greylist. |
|`GREYLIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`GREYLIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme.|
|`GREYLIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`GREYLIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`GREYLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to put into the greylist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
## Gzip
@ -368,16 +369,16 @@ STREAM support :white_check_mark:
Automatic creation, renewal and configuration of Let's Encrypt certificates using DNS challenges.
| Setting | Default | Context |Multiple| Description |
|----------------------------------|---------|---------|--------|---------------------------------------------------------------------------------------|
|`AUTO_LETS_ENCRYPT_DNS` |`no` |multisite|no |Activate automatic Let's Encrypt DNS. |
|`LETS_ENCRYPT_DNS_EMAIL` | |multisite|no |The email address to use for Let's Encrypt notifications. |
|`USE_LETS_ENCRYPT_DNS_STAGING` |`no` |multisite|no |Use the Let's Encrypt staging environment. |
|`LETS_ENCRYPT_DNS_PROVIDER` | |multisite|no |The DNS provider to use for DNS challenges. |
|`USE_LETS_ENCRYPT_DNS_WILDCARD` |`yes` |multisite|no |Create wildcard certificates for all domains using DNS challenges. |
|`LETS_ENCRYPT_DNS_PROPAGATION` |`default`|multisite|no |The time to wait for DNS propagation in seconds. |
|`LETS_ENCRYPT_DNS_CREDENTIAL_ITEM`| |multisite|yes |Configuration item that will be added to the credentials.ini file for the DNS provider.|
|`LETS_ENCRYPT_DNS_CLEAR_OLD_CERTS`|`no` |global |no |Clear old certificates when renewing. |
| Setting | Default | Context |Multiple| Description |
|----------------------------------|---------|---------|--------|----------------------------------------------------------------------------------------------------------------------------|
|`AUTO_LETS_ENCRYPT_DNS` |`no` |multisite|no |Activate automatic Let's Encrypt DNS. |
|`LETS_ENCRYPT_DNS_EMAIL` | |multisite|no |The email address to use for Let's Encrypt notifications. |
|`USE_LETS_ENCRYPT_DNS_STAGING` |`no` |multisite|no |Use the Let's Encrypt staging environment. |
|`LETS_ENCRYPT_DNS_PROVIDER` | |multisite|no |The DNS provider to use for DNS challenges. |
|`USE_LETS_ENCRYPT_DNS_WILDCARD` |`yes` |multisite|no |Create wildcard certificates for all domains using DNS challenges. |
|`LETS_ENCRYPT_DNS_PROPAGATION` |`default`|multisite|no |The time to wait for DNS propagation in seconds. |
|`LETS_ENCRYPT_DNS_CREDENTIAL_ITEM`| |multisite|yes |Configuration item that will be added to the credentials.ini file for the DNS provider (e.g. 'cloudflare_api_token 123456').|
|`LETS_ENCRYPT_DNS_CLEAR_OLD_CERTS`|`no` |global |no |Clear old certificates when renewing. |
## Limit
@ -432,6 +433,8 @@ Miscellaneous settings.
|`ROOT_FOLDER` | |multisite|no |Root folder containing files to serve (/var/www/html/{server_name} if unset). |
|`SSL_PROTOCOLS` |`TLSv1.2 TLSv1.3` |multisite|no |The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons. |
|`HTTP2` |`yes` |multisite|no |Support HTTP2 protocol when HTTPS is enabled. |
|`HTTP3` |`no` |multisite|no |Support HTTP3 protocol when HTTPS is enabled. |
|`HTTP3_ALT_SVC_PORT` |`443` |multisite|no |HTTP3 alternate service port. This value will be used as part of the Alt-Svc header. |
|`LISTEN_HTTP` |`yes` |multisite|no |Respond to (insecure) HTTP requests. |
|`USE_OPEN_FILE_CACHE` |`no` |multisite|no |Enable open file cache feature |
|`OPEN_FILE_CACHE` |`max=1000 inactive=20s`|multisite|no |Open file cache directive |
@ -448,14 +451,14 @@ STREAM support :x:
Management of the ModSecurity WAF.
| Setting | Default | Context |Multiple| Description |
|---------------------------------|--------------|---------|--------|------------------------------------------|
|`USE_MODSECURITY` |`yes` |multisite|no |Enable ModSecurity WAF. |
|`USE_MODSECURITY_CRS` |`yes` |multisite|no |Enable OWASP Core Rule Set. |
|`MODSECURITY_CRS_VERSION` |`3` |multisite|no |Version of the OWASP Core Rule Set to use.|
|`MODSECURITY_SEC_AUDIT_ENGINE` |`RelevantOnly`|multisite|no |SecAuditEngine directive of ModSecurity. |
|`MODSECURITY_SEC_RULE_ENGINE` |`On` |multisite|no |SecRuleEngine directive of ModSecurity. |
|`MODSECURITY_SEC_AUDIT_LOG_PARTS`|`ABCFHZ` |multisite|no |SecAuditLogParts directive of ModSecurity.|
| Setting | Default | Context |Multiple| Description |
|---------------------------------|--------------|---------|--------|-----------------------------------------------------------------------------|
|`USE_MODSECURITY` |`yes` |multisite|no |Enable ModSecurity WAF. |
|`USE_MODSECURITY_CRS` |`yes` |multisite|no |Enable OWASP Core Rule Set. |
|`MODSECURITY_CRS_VERSION` |`3` |multisite|no |Version of the OWASP Core Rule Set to use with ModSecurity (3, 4 or nightly).|
|`MODSECURITY_SEC_AUDIT_ENGINE` |`RelevantOnly`|multisite|no |SecAuditEngine directive of ModSecurity. |
|`MODSECURITY_SEC_RULE_ENGINE` |`On` |multisite|no |SecRuleEngine directive of ModSecurity. |
|`MODSECURITY_SEC_AUDIT_LOG_PARTS`|`ABCFHZ` |multisite|no |SecAuditLogParts directive of ModSecurity. |
## Monitoring <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
@ -464,10 +467,11 @@ STREAM support :x:
BunkerWeb monitoring pro system. This plugin is a prerequisite for some other plugins.
| Setting |Default|Context|Multiple| Description |
|------------------------------|-------|-------|--------|---------------------------------------------|
|`USE_MONITORING` |`yes` |global |no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics.|
| Setting |Default|Context|Multiple| Description |
|------------------------------|-------|-------|--------|---------------------------------------------------------------------------|
|`USE_MONITORING` |`yes` |global |no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics. |
|`MONITORING_IGNORE_URLS` | |global |no |List of URLs to ignore when monitoring separated with spaces (e.g. /health)|
## PHP
@ -513,14 +517,14 @@ STREAM support :warning:
Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.
| Setting | Default | Context |Multiple| Description |
|--------------------|-----------------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------|
|`USE_REAL_IP` |`no` |multisite|no |Retrieve the real IP of client. |
|`USE_PROXY_PROTOCOL`|`no` |multisite|no |Enable PROXY protocol communication. |
|`REAL_IP_FROM` |`192.168.0.0/16 172.16.0.0/12 10.0.0.0/8`|multisite|no |List of trusted IPs / networks, separated with spaces, where proxied requests come from. |
|`REAL_IP_HEADER` |`X-Forwarded-For` |multisite|no |HTTP header containing the real IP or special value proxy_protocol for PROXY protocol. |
|`REAL_IP_RECURSIVE` |`yes` |multisite|no |Perform a recursive search in the header container IP address. |
|`REAL_IP_FROM_URLS` | |global |no |List of URLs containing trusted IPs / networks, separated with spaces, where proxied requests come from.|
| Setting | Default | Context |Multiple| Description |
|--------------------|-----------------------------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`USE_REAL_IP` |`no` |multisite|no |Retrieve the real IP of client. |
|`USE_PROXY_PROTOCOL`|`no` |multisite|no |Enable PROXY protocol communication. |
|`REAL_IP_FROM` |`192.168.0.0/16 172.16.0.0/12 10.0.0.0/8`|multisite|no |List of trusted IPs / networks, separated with spaces, where proxied requests come from. |
|`REAL_IP_HEADER` |`X-Forwarded-For` |multisite|no |HTTP header containing the real IP or special value proxy_protocol for PROXY protocol. |
|`REAL_IP_RECURSIVE` |`yes` |multisite|no |Perform a recursive search in the header container IP address. |
|`REAL_IP_FROM_URLS` | |global |no |List of URLs containing trusted IPs / networks, separated with spaces, where proxied requests come from. Also supports file:// URLs and and auth basic using http://user:pass@url scheme.|
## Redirect
@ -673,17 +677,18 @@ STREAM support :warning:
Allow access based on internal and external IP/network/rDNS/ASN whitelists.
| Setting | Default | Context |Multiple| Description |
|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------|
|`USE_WHITELIST` |`yes` |multisite|no |Activate whitelist feature. |
|`WHITELIST_IP` |`20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247` |multisite|no |List of IP/network, separated with spaces, to put into the whitelist. |
|`WHITELIST_RDNS` |`.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com`|multisite|no |List of reverse DNS suffixes, separated with spaces, to whitelist. |
|`WHITELIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS whitelist checks on global IP addresses. |
|`WHITELIST_ASN` |`32934` |multisite|no |List of ASN numbers, separated with spaces, to whitelist. |
|`WHITELIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to whitelist. |
|`WHITELIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to whitelist. |
|`WHITELIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to whitelist. |
|`WHITELIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.|
|`WHITELIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to whitelist. |
|`WHITELIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to whitelist. |
|`WHITELIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to whitelist. |
| Setting | Default | Context |Multiple| Description |
|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`USE_WHITELIST` |`yes` |multisite|no |Activate whitelist feature. |
|`WHITELIST_IP` |`20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247` |multisite|no |List of IP/network, separated with spaces, to put into the whitelist. |
|`WHITELIST_RDNS` |`.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com`|multisite|no |List of reverse DNS suffixes, separated with spaces, to whitelist. |
|`WHITELIST_RDNS_GLOBAL` |`yes` |multisite|no |Only perform RDNS whitelist checks on global IP addresses. |
|`WHITELIST_ASN` |`32934` |multisite|no |List of ASN numbers, separated with spaces, to whitelist. |
|`WHITELIST_USER_AGENT` | |multisite|no |List of User-Agent (PCRE regex), separated with spaces, to whitelist. |
|`WHITELIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to whitelist. |
|`WHITELIST_IP_URLS` | |global |no |List of URLs, separated with spaces, containing good IP/network to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`WHITELIST_RDNS_URLS` | |global |no |List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme.|
|`WHITELIST_ASN_URLS` | |global |no |List of URLs, separated with spaces, containing ASN to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`WHITELIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |
|`WHITELIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to whitelist. Also supports file:// URLs and and auth basic using http://user:pass@url scheme. |

159
docs/upgrading.md
View file

@ -122,42 +122,88 @@
2. **Upgrade BunkerWeb**:
- Upgrade BunkerWeb to the latest version.
=== "Docker"
=== "Docker"
1. **Update the Docker Compose file**: Update the Docker Compose file to use the new version of the BunkerWeb image.
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
...
```
1. **Update the Docker Compose file**: Update the Docker Compose file to use the new version of the BunkerWeb image.
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.8
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.8
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.8
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.8
...
```
2. **Restart the containers**: Restart the containers to apply the changes.
```bash
docker compose down
docker compose up -d
```
2. **Restart the containers**: Restart the containers to apply the changes.
```bash
docker compose down
docker compose up -d
```
=== "Linux"
=== "Linux"
3. **Stop the services**:
```bash
systemctl stop bunkerweb
systemctl stop bunkerweb-ui
```
3. **Stop the services**:
```bash
systemctl stop bunkerweb
systemctl stop bunkerweb-ui
```
4. **Update BunkerWeb**:
- Update BunkerWeb to the latest version by following the instructions in the [integration Linux page](integrations.md#linux).
4. **Update BunkerWeb**:
=== "Debian/Ubuntu"
First, if you have previously hold the BunkerWeb package, unhold it :
You can print a list of packages on hold with `apt-mark showhold`
```shell
sudo apt-mark unhold bunkerweb
```
Them, you can update BunkerWeb package :
```shell
sudo apt install -y bunkerweb=1.5.8
```
To prevent upgrading BunkerWeb package when executing `apt upgrade`, you can use the following command :
```shell
sudo apt-mark hold bunkerweb
```
More details in the [integration Linux page](integrations.md#__tabbed_1_1).
=== "Fedora/RedHat"
First, if you have previously hold the BunkerWeb package, unhold it :
You can print a list of packages on hold with `dnf versionlock list`
```shell
sudo dnf versionlock delete package bunkerweb
```
Them, you can update BunkerWeb package :
```shell
sudo dnf install -y bunkerweb-1.5.8
```
To prevent upgrading BunkerWeb package when executing `dnf upgrade`, you can use the following command :
```shell
sudo dnf versionlock add bunkerweb
```
More details in the [integration Linux page](integrations.md#__tabbed_1_3).
3. **Check the logs**: Check the logs of the scheduler service to ensure that the migration was successful.
@ -183,7 +229,7 @@
Get support and more information :
- [Order professionnal support](https://panel.bunkerweb.io/?utm_source=doc&utm_campaign=self)
- [Order professional support](https://panel.bunkerweb.io/?utm_source=doc&utm_campaign=self)
- [Create an issue on GitHub](https://github.com/bunkerity/bunkerweb/issues)
- [Join the BunkerWeb Discord server](https://discord.bunkerity.com)
@ -193,27 +239,40 @@
=== "SQLite"
1. **Remove the existing database file.**
1. **Stop the Stack.**
```bash
docker compose down
```
2. **Remove the existing database file.**
```bash
docker exec -u 0 -i <scheduler_container> rm -f /var/lib/bunkerweb/db.sqlite3
```
2. **Restore the backup.**
3. **Restore the backup.**
```bash
docker exec -i -T <scheduler_container> sqlite3 /var/lib/bunkerweb/db.sqlite3 < /path/to/backup/directory/backup.sql
```
=== "MySQL/MariaDB"
3. **Stop the Scheduler container.**
4. **Fix permissions.**
```bash
docker compose down <scheduler_container>
docker exec -u 0 -i <scheduler_container> chown root:nginx /var/lib/bunkerweb/db.sqlite3
docker exec -u 0 -i <scheduler_container> chmod 770 /var/lib/bunkerweb/db.sqlite3
```
4. **Restore the backup.**
=== "MySQL/MariaDB"
5. **Stop the Stack.**
```bash
docker compose down
```
6. **Restore the backup.**
```bash
docker exec -e MYSQL_PWD=<your_password> -i -T <database_container> mysql -u <username> <database_name> < /path/to/backup/directory/backup.sql
@ -221,25 +280,25 @@
=== "PostgreSQL"
5. **Stop the Scheduler container.**
7. **Stop the Stack.**
```bash
docker compose down <scheduler_container>
docker compose down
```
6. **Remove the existing database.**
8. **Remove the existing database.**
```bash
docker exec -i <database_container> dropdb -U <username> --force <database_name>
```
7. **Recreate the database.**
9. **Recreate the database.**
```bash
docker exec -i <database_container> createdb -U <username> <database_name>
```
8. **Restore the backup.**
10. **Restore the backup.**
```bash
docker exec -i -T <database_container> psql -U <username> -d <database_name> < /path/to/backup/directory/backup.sql
@ -263,10 +322,9 @@
...
```
3. **Restart the containers**.
3. **Start the containers**.
```bash
docker compose down
docker compose up -d
```
@ -275,8 +333,7 @@
4. **Stop the services**.
```bash
systemctl stop bunkerweb
systemctl stop bunkerweb-ui
systemctl stop bunkerweb bunkerweb-ui
```
5. **Restore the backup**.
@ -284,8 +341,10 @@
=== "SQLite"
```bash
rm -f /var/lib/bunkerweb/db.sqlite3
sqlite3 /var/lib/bunkerweb/db.sqlite3 < /path/to/backup/directory/backup.sql
sudo rm -f /var/lib/bunkerweb/db.sqlite3
sudo sqlite3 /var/lib/bunkerweb/db.sqlite3 < /path/to/backup/directory/backup.sql
sudo chown root:nginx /var/lib/bunkerweb/db.sqlite3
sudo chmod 770 /var/lib/bunkerweb/db.sqlite3
```
=== "MySQL/MariaDB"
@ -321,7 +380,7 @@
!!! warning "Read this if you were a 1.4.X user"
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository.
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository.
### Scheduler

95
docs/web-ui.md
View file

@ -31,6 +31,8 @@ Because the web UI is a web application, the recommended installation procedure
* Do not open the web UI on the Internet without any further restrictions
* Apply settings listed in the [security tuning section](security-tuning.md) of the documentation
**Please note that using HTTPS in front the web UI is mandatory since version 1.5.8 of BunkerWeb.**
!!! info "Multisite mode"
The usage of the web UI implies enabling the [multisite mode](concepts.md#multisite-mode).
@ -70,7 +72,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
!!! tip "Accessing the setup wizard"
You can access the setup wizard by browsing the `http://your-ip-address/setup` URI of your server.
You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -80,7 +82,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -96,7 +98,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -118,7 +120,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
depends_on:
- bw-docker
environment:
@ -162,7 +164,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
!!! tip "Accessing the setup wizard"
You can access the setup wizard by browsing the `http://your-ip-address/setup` URI of your server.
You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -171,7 +173,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -188,7 +190,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -201,7 +203,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -236,7 +238,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
networks:
bw-docker:
bw-universe:
@ -269,7 +271,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
!!! tip "Accessing the setup wizard"
You can access the setup wizard by browsing the `http://your-ip-address/setup` URI of your server.
You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.
Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -278,7 +280,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- published: 80
target: 8080
@ -308,7 +310,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- "bunkerweb.INSTANCE=yes"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -336,7 +338,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -363,7 +365,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-universe
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -399,7 +401,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
!!! tip "Accessing the setup wizard"
You can access the setup wizard by browsing the `http://your-ip-address/setup` URI of your server.
You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.
Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -454,7 +456,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -527,7 +529,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -554,7 +556,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -639,7 +641,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -717,7 +719,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
!!! tip "Accessing the setup wizard"
You can access the setup wizard by browsing the `http://your-ip-address/setup` URI of your server.
You can access the setup wizard by browsing the `https://your-ip-address/setup` URI of your server.
## Account management
@ -752,6 +754,16 @@ When your BunkerWeb instance has upgraded to the PRO version, you will see your
### Username / Password
!!! tip "Overriding admin credentials from environment variables"
If you want to override the admin credentials from environment variables, you can set the following variables :
- `OVERRIDE_ADMIN_CREDS` : set it to `yes` to enable the override even if the admin credentials are already set (default is `no`)
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
The web UI will use these variables to authenticate you.
!!! warning "Lost password/username"
In case you forgot your UI credentials, you can reset them from the CLI following [the steps described in the troubleshooting section](troubleshooting.md#web-ui).
@ -822,12 +834,13 @@ After a successful login/password combination, you will be prompted to enter you
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -836,7 +849,7 @@ After a successful login/password combination, you will be prompted to enter you
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -861,7 +874,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -883,7 +896,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
depends_on:
- bw-docker
environment:
@ -943,12 +956,13 @@ After a successful login/password combination, you will be prompted to enter you
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler and autoconf) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -957,7 +971,7 @@ After a successful login/password combination, you will be prompted to enter you
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -974,7 +988,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -987,7 +1001,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -1022,7 +1036,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
networks:
bw-docker:
bw-universe:
@ -1078,12 +1092,13 @@ After a successful login/password combination, you will be prompted to enter you
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler and autoconf) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository.
Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -1092,7 +1107,7 @@ After a successful login/password combination, you will be prompted to enter you
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- published: 80
target: 8080
@ -1122,7 +1137,7 @@ After a successful login/password combination, you will be prompted to enter you
- "bunkerweb.INSTANCE=yes"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -1150,7 +1165,7 @@ After a successful login/password combination, you will be prompted to enter you
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -1177,7 +1192,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-universe
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
- DOCKER_HOST=tcp://bw-docker:2375
@ -1226,12 +1241,13 @@ After a successful login/password combination, you will be prompted to enter you
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). Network segmentation between web UI and web services is not covered in this documentation. Please note that the web UI container is listening on the `7000` port.
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository.
Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -1286,7 +1302,7 @@ After a successful login/password combination, you will be prompted to enter you
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -1356,7 +1372,7 @@ After a successful login/password combination, you will be prompted to enter you
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -1383,7 +1399,7 @@ After a successful login/password combination, you will be prompted to enter you
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -1468,7 +1484,7 @@ After a successful login/password combination, you will be prompted to enter you
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
@ -1580,6 +1596,7 @@ After a successful login/password combination, you will be prompted to enter you
```conf
ADMIN_USERNAME=changeme
ADMIN_PASSWORD=changeme
OVERRIDE_ADMIN_CREDS=no
```
Each time you edit the `/etc/bunkerweb/ui.env` file, you will need to restart the service :

4
examples/authelia/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.4"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -44,7 +44,7 @@ services:
- app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/authentik/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.4"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -53,7 +53,7 @@ services:
- app2.example.com_REVERSE_PROXY_HEADERS=X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/bigbluebutton/docker-compose.yml
View file

@ -27,7 +27,7 @@ services:
...
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -50,7 +50,7 @@ services:
bw-universe:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/certbot-dns-google/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/certbot-dns-route53/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bbw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/cors/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -38,7 +38,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/docker-configs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -53,7 +53,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/drupal/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/ghost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/gogs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/hardened/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
# dropping all capabilities
cap_drop:
- ALL
@ -39,7 +39,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/joomla/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/load-balancer/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -31,7 +31,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/magento/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -29,7 +29,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/mattermost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -44,7 +44,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/mongo-express/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -27,7 +27,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/moodle/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -25,7 +25,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/nextcloud/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -54,7 +54,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/passbolt/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -26,7 +26,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/php-cookie-flags/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -31,7 +31,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/php-multisite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -34,7 +34,7 @@ services:
- net-app2
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/php-singlesite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -30,7 +30,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/prestashop/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/proxy-protocol/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
@ -27,7 +27,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/radarr/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -34,7 +34,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/redmine/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/reverse-proxy-multisite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -27,7 +27,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/reverse-proxy-singlesite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -32,7 +32,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/reverse-proxy-websocket/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -25,7 +25,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/stream-multisite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080 # required to resolve let's encrypt challenges
- 10000:10000 # app1 without SSL/TLS
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/syslog/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
logging:
driver: syslog
options:
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
logging:
driver: syslog
options:

4
examples/tomcat/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -23,7 +23,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

4
examples/tor-hidden-service/docker-compose.yml
View file

@ -12,7 +12,7 @@ services:
- bw-universe
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
environment:
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
# disable common security measures based on IP
@ -34,7 +34,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

6
examples/web-ui/docker-compose.wizard.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -23,7 +23,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -45,7 +45,7 @@ services:
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
depends_on:
- bw-docker
environment:

6
examples/web-ui/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -50,7 +50,7 @@ services:
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
depends_on:
- bw-docker
environment:

4
examples/wordpress/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -25,7 +25,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- mybunker
environment:

11
misc/dev/docker-compose.autoconf.misc.yml
View file

@ -10,8 +10,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -30,6 +31,7 @@ services:
- USE_GZIP=yes
- EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/heads/dev.zip
- CUSTOM_CONF_MODSEC_CRS_reqbody-rule=SecRuleRemoveById 200002
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -47,6 +49,7 @@ services:
- bw-docker
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -67,6 +70,7 @@ services:
- ./configs/server-http/hello.conf:/data/configs/server-http/hello.conf:ro
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -82,6 +86,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -96,6 +101,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -103,6 +109,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

13
misc/dev/docker-compose.autoconf.ui.misc.yml
View file

@ -10,8 +10,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -30,6 +31,7 @@ services:
- USE_GZIP=yes
- EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/heads/dev.zip
- CUSTOM_CONF_MODSEC_CRS_reqbody-rule=SecRuleRemoveById 200002
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -47,6 +49,7 @@ services:
- bw-docker
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -67,6 +70,7 @@ services:
- ./configs/server-http/hello.conf:/data/configs/server-http/hello.conf:ro
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -82,6 +86,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -105,6 +110,7 @@ services:
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
DEBUG: "1"
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -119,6 +125,7 @@ services:
- "bunkerweb.REVERSE_PROXY_URL=/admin"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
- "bunkerweb.GENERATE_SELF_SIGNED_SSL=yes"
- bunkerweb.CUSTOM_CONF_MODSEC_CRS_ip-host=SecRuleRemoveById 920350
bw-db:
@ -130,6 +137,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -137,6 +145,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

13
misc/dev/docker-compose.autoconf.ui.yml
View file

@ -10,8 +10,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -28,6 +29,7 @@ services:
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -45,6 +47,7 @@ services:
- bw-docker
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -64,6 +67,7 @@ services:
- bw-data:/data
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -79,6 +83,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -102,6 +107,7 @@ services:
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
DEBUG: "1"
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -116,6 +122,7 @@ services:
- "bunkerweb.REVERSE_PROXY_URL=/admin"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
- "bunkerweb.GENERATE_SELF_SIGNED_SSL=yes"
bw-db:
image: mariadb:11
@ -126,6 +133,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -133,6 +141,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

12
misc/dev/docker-compose.autoconf.wizard.yml
View file

@ -10,8 +10,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -28,6 +29,7 @@ services:
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- UI_HOST=http://bw-ui:7000
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -45,6 +47,7 @@ services:
- bw-docker
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -64,6 +67,7 @@ services:
- bw-data:/data
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -79,6 +83,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -100,6 +105,7 @@ services:
environment:
<<: *env
DEBUG: "1"
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -117,6 +123,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -124,6 +131,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

11
misc/dev/docker-compose.autoconf.yml
View file

@ -10,8 +10,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -28,6 +29,7 @@ services:
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -45,6 +47,7 @@ services:
- bw-docker
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -64,6 +67,7 @@ services:
- bw-data:/data
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -79,6 +83,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -93,6 +98,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -100,6 +106,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

9
misc/dev/docker-compose.misc.yml
View file

@ -4,8 +4,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -25,6 +26,7 @@ services:
- REVERSE_PROXY_HOST=http://app1:8080
- EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/heads/dev.zip
- CUSTOM_CONF_MODSEC_CRS_reqbody-suppress=SecRuleRemoveById 200002
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -46,6 +48,7 @@ services:
environment:
- DOCKER_HOST=tcp://bw-docker:2375
- LOG_LEVEL=debug
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -61,6 +64,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -68,6 +72,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

12
misc/dev/docker-compose.ui.misc.yml
View file

@ -9,8 +9,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -33,10 +34,12 @@ services:
- www.example.com_REVERSE_PROXY_URL=/admin
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
- www.example.com_GENERATE_SELF_SIGNED_SSL=yes
- www.example.com_CUSTOM_CONF_MODSEC_CRS_ip-host=SecRuleRemoveById 920350
- app1.example.com_USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -57,6 +60,7 @@ services:
- ./configs/server-http/hello.conf:/data/configs/server-http/hello.conf:ro
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -72,6 +76,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -95,6 +100,7 @@ services:
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
DEBUG: "1"
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -112,6 +118,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -119,6 +126,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

12
misc/dev/docker-compose.ui.yml
View file

@ -9,8 +9,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -31,9 +32,11 @@ services:
- www.example.com_REVERSE_PROXY_URL=/admin
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
- www.example.com_GENERATE_SELF_SIGNED_SSL=yes
- app1.example.com_USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -53,6 +56,7 @@ services:
- bw-data:/data
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -68,6 +72,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -91,6 +96,7 @@ services:
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
DEBUG: "1"
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -108,6 +114,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -115,6 +122,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

11
misc/dev/docker-compose.wizard.yml
View file

@ -9,8 +9,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -29,6 +30,7 @@ services:
- app1.example.com_USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -48,6 +50,7 @@ services:
- bw-data:/data
environment:
<<: *env
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -63,6 +66,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -84,6 +88,7 @@ services:
environment:
<<: *env
DEBUG: "1"
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -101,6 +106,7 @@ services:
- MYSQL_PASSWORD=secret
volumes:
- bw-db:/var/lib/mysql
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -108,6 +114,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

9
misc/dev/docker-compose.yml
View file

@ -4,8 +4,9 @@ services:
context: ../..
dockerfile: ./src/bw/Dockerfile
ports:
- 80:8080
- 443:8443
- 80:8080/tcp
- 443:8443/tcp
- 443:8443/udp
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -23,6 +24,7 @@ services:
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://app1:8080
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -43,6 +45,7 @@ services:
environment:
- DOCKER_HOST=tcp://bw-docker:2375
- LOG_LEVEL=debug
restart: "unless-stopped"
networks:
bw-universe:
aliases:
@ -58,6 +61,7 @@ services:
environment:
- CONTAINERS=1
- LOG_LEVEL=warning
restart: "unless-stopped"
networks:
bw-docker:
aliases:
@ -65,6 +69,7 @@ services:
app1:
image: nginxdemos/nginx-hello
restart: "unless-stopped"
networks:
bw-services:
aliases:

1
misc/dev/variables.ui.env
View file

@ -17,3 +17,4 @@ www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/admin
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
www.example.com_GENERATE_SELF_SIGNED_SSL=yes

1
misc/dev/variables.ui.misc.env
View file

@ -18,4 +18,5 @@ www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/admin
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
www.example.com_GENERATE_SELF_SIGNED_SSL=yes
EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/heads/dev.zip

8
misc/integrations/autoconf.mariadb.ui.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -19,7 +19,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -32,7 +32,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -67,7 +67,7 @@ services:
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
networks:
bw-docker:
bw-universe:

6
misc/integrations/autoconf.mariadb.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -19,7 +19,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -32,7 +32,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker

8
misc/integrations/autoconf.mysql.ui.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -19,7 +19,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -32,7 +32,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -67,7 +67,7 @@ services:
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
networks:
bw-docker:
bw-universe:

6
misc/integrations/autoconf.mysql.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -19,7 +19,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -32,7 +32,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker

8
misc/integrations/autoconf.postgres.ui.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
image: bunkerity/bunkerweb:1.5.8
ports:
- 80:8080
- 443:8443
@ -19,7 +19,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
image: bunkerity/bunkerweb-autoconf:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -32,7 +32,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
image: bunkerity/bunkerweb-scheduler:1.5.8
depends_on:
- bunkerweb
- bw-docker
@ -66,7 +66,7 @@ services:
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
image: bunkerity/bunkerweb-ui:1.5.8
networks:
bw-docker:
bw-universe:

Some files were not shown because too many files have changed in this diff Show more