Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dev' into ui

Browse source
This commit is contained in:
Jordan Blasenhauer 2024-04-26 12:46:18 +02:00
commit d69542956c
1778 changed files with 158256 additions and 27385 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View file

@ -47,7 +47,7 @@ body:
label: BunkerWeb version
description: What version of BunkerWeb are you running?
placeholder: Version
value: 1.5.5
value: 1.5.7
validations:
required: true
- type: dropdown

19
.github/workflows/beta.yml vendored
View file

@ -94,7 +94,7 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rhel9]
platforms: [linux/amd64, linux/arm64]
include:
- release: beta
@ -106,6 +106,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rhel9
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: ${{ matrix.release }}
@ -131,7 +133,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -177,7 +179,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, el, el9]
arch: [amd64, arm64]
include:
- release: beta
@ -202,6 +204,11 @@ jobs:
suffix: "1."
version: 8
package: rpm
- linux: el9
separator: "-"
suffix: "1."
version: 9
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
@ -214,6 +221,9 @@ jobs:
- linux: el
arch: amd64
package_arch: x86_64
- linux: el9
arch: amd64
package_arch: x86_64
- linux: ubuntu
arch: arm64
package_arch: arm64
@ -226,6 +236,9 @@ jobs:
- linux: el
arch: arm64
package_arch: aarch64
- linux: el9
arch: arm64
package_arch: aarch64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

8
.github/workflows/codeql.yml vendored
View file

@ -19,9 +19,9 @@ jobs:
language: ["python", "javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Set up Python 3.9
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
if: matrix.language == 'python'
with:
python-version: "3.9"
@ -35,12 +35,12 @@ jobs:
python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
uses: github/codeql-action/init@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
setup-python-dependencies: false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
uses: github/codeql-action/analyze@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
category: "/language:${{matrix.language}}"

22
.github/workflows/container-build.yml vendored
View file

@ -45,10 +45,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
- name: Setup SSH for ARM node
if: inputs.CACHE_SUFFIX == 'arm'
run: |
@ -63,22 +63,22 @@ jobs:
SSH_IP: ${{ secrets.ARM_SSH_IP }}
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
- name: Setup Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
if: inputs.CACHE_SUFFIX != 'arm'
- name: Setup Buildx (ARM)
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
if: inputs.CACHE_SUFFIX == 'arm'
with:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
if: inputs.PUSH == true
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -86,13 +86,13 @@ jobs:
# Compute metadata
- name: Extract metadata
id: meta
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: bunkerity/${{ inputs.IMAGE }}
# Build cached image
- name: Build image
if: inputs.CACHE == true
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -105,7 +105,7 @@ jobs:
# Build non-cached image
- name: Build image
if: inputs.CACHE != true
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -117,7 +117,7 @@ jobs:
# Check OS vulnerabilities
- name: Check OS vulnerabilities
if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
with:
vuln-type: os
skip-dirs: /root/.cargo

10
.github/workflows/create-arm.yml vendored
View file

@ -33,10 +33,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Get ARM availabilities
id: availabilities
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
with:
args: instance server-type get zone=fr-par-2
export-config: true
@ -53,7 +53,7 @@ jobs:
JSON: ${{ steps.availabilities.outputs.json }}
- name: Create ARM VM
id: scw
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
with:
args: instance server create zone=fr-par-2 type=${{ env.TYPE }} root-volume=block:50GB
- name: Get info
@ -62,11 +62,11 @@ jobs:
echo "id=${{ fromJson(steps.scw.outputs.json).id }}" >> "$GITHUB_OUTPUT"
echo "ip=${{ fromJson(steps.scw.outputs.json).public_ip.address }}" >> "$GITHUB_OUTPUT"
- name: Wait for VM
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
with:
args: instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
- name: Wait for SSH
uses: iFaxity/wait-on-action@628831cec646e6dacca502f34a6c6b46e131e51d
uses: iFaxity/wait-on-action@df89d0cf8089bb0c38e25279c74848ef313da53b
with:
resource: tcp:${{ fromJson(steps.scw.outputs.json).public_ip.address }}:22
timeout: 300000

4
.github/workflows/dev-update-mmdb.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}
@ -52,7 +52,7 @@ jobs:
rm -f asn.mmdb country.mmdb
gunzip asn.mmdb.gz country.mmdb.gz
- name: Commit and push changes
uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
with:
branch: dev
commit_message: "Monthly mmdb update"

57
.github/workflows/dev.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rhel9]
include:
- linux: ubuntu
package: deb
@ -53,6 +53,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rhel9
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: dev
@ -72,15 +74,36 @@ jobs:
security-events: write
# UI tests
prepare-tests-ui:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "tests=$tests" >> $GITHUB_OUTPUT
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
tests-ui:
needs: [build-containers]
needs: [prepare-tests-ui, build-containers]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-ui.outputs.tests) }}
uses: ./.github/workflows/tests-ui.yml
with:
TEST: ${{ matrix.test }}
RELEASE: dev
tests-ui-linux:
needs: [build-packages]
needs: [prepare-tests-ui, build-packages]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-ui.outputs.tests) }}
uses: ./.github/workflows/tests-ui-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: dev
# Core tests
@ -88,7 +111,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -126,12 +149,12 @@ jobs:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -162,43 +185,41 @@ jobs:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, el, el9]
arch: [amd64]
include:
- release: dev
repo: bunkerweb
- linux: ubuntu
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
package_arch: amd64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
package_arch: x86_64
separator: "-"
suffix: "1."
version: 39
package: rpm
- linux: el
package_arch: x86_64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
- linux: el9
package_arch: x86_64
separator: "-"
suffix: "1."
version: 9
package: rpm
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

8
.github/workflows/doc-to-pdf.yml vendored
View file

@ -13,9 +13,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Install Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"
- name: Install doc dependencies
@ -23,7 +23,7 @@ jobs:
- name: Install chromium
run: sudo apt install chromium-browser
- name: Install node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 18
- name: Install puppeteer
@ -32,7 +32,7 @@ jobs:
run: mkdocs serve & sleep 10
- name: Run pdf script
run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}'
- uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf

20
.github/workflows/linux-build.yml vendored
View file

@ -37,7 +37,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Replace VERSION
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
@ -72,21 +72,21 @@ jobs:
SSH_IP: ${{ secrets.ARM_SSH_IP }}
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
- name: Setup Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
if: startsWith(env.ARCH, 'arm') == false
- name: Setup Buildx (ARM)
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
if: startsWith(env.ARCH, 'arm') == true
with:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -94,7 +94,7 @@ jobs:
# Build testing package image
- name: Build package image
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
load: true
@ -106,7 +106,7 @@ jobs:
# Build non-testing package image
- name: Build package image
if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
load: true
@ -129,7 +129,7 @@ jobs:
scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
env:
LARCH: ${{ env.LARCH }}
- uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
@ -137,12 +137,12 @@ jobs:
- name: Extract metadata
if: inputs.TEST == true
id: meta
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
- name: Build test image
if: inputs.TEST == true
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: tests/linux/Dockerfile-${{ inputs.LINUX }}

4
.github/workflows/push-doc.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}
@ -29,7 +29,7 @@ jobs:
run: |
git config --global user.name "BunkerBot"
git config --global user.email "bunkerbot@bunkerity.com"
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"
- name: Install doc dependencies

12
.github/workflows/push-docker.yml vendored
View file

@ -33,14 +33,14 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -58,19 +58,19 @@ jobs:
SSH_IP: ${{ secrets.ARM_SSH_IP }}
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
- name: Setup Buildx (ARM)
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
with:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
# Compute metadata
- name: Extract metadata
id: meta
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: bunkerity/${{ inputs.IMAGE }}
# Build and push
- name: Build and push
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ${{ inputs.DOCKERFILE }}

8
.github/workflows/push-github.yml vendored
View file

@ -15,11 +15,11 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
# Get PDF doc
- name: Get documentation
if: inputs.VERSION != 'testing'
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
# Create tag
@ -51,7 +51,7 @@ jobs:
# Create release
- name: Create release
if: inputs.VERSION != 'testing'
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
with:
body: |
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
@ -75,7 +75,7 @@ jobs:
# Create release
- name: Create release
if: inputs.VERSION == 'testing'
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
with:
body: |
**The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.**

30
.github/workflows/push-packagecloud.yml vendored
View file

@ -40,23 +40,23 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Install ruby
uses: ruby/setup-ruby@5daca165445f0ae10478593083f72ca2625e241d # v1.169.0
uses: ruby/setup-ruby@70da3bbf44ac06db1b0547ce2acc9380a5270d1e # v1.175.0
with:
ruby-version: "3.0"
- name: Install packagecloud
run: gem install package_cloud
# Download packages
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
if: inputs.LINUX != 'el'
- uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
if: inputs.LINUX != 'el' && inputs.LINUX != 'el9'
with:
name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
path: /tmp/${{ inputs.LINUX }}
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
if: inputs.LINUX == 'el'
- uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
if: inputs.LINUX == 'el' || inputs.LINUX == 'el9'
with:
name: package-rhel-${{ inputs.PACKAGE_ARCH }}
name: package-rh${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
path: /tmp/${{ inputs.LINUX }}
# Remove existing packages
- name: Remove existing package
@ -64,12 +64,19 @@ jobs:
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Remove existing package
if: inputs.LINUX == 'el9'
run: package_cloud yank bunkerity/${{ inputs.REPO }}/el/9 bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
continue-on-error: true
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
# Update name
# - name: Rename package
# if: inputs.BW_VERSION == 'testing'
# run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
# Push package
- name: Push package to packagecloud
if: inputs.LINUX != 'el9'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
@ -77,3 +84,12 @@ jobs:
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: ${{ inputs.LINUX }}/${{ inputs.VERSION }}
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push package to packagecloud
if: inputs.LINUX == 'el9'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: el/9
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

19
.github/workflows/release.yml vendored
View file

@ -104,7 +104,7 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rhel9]
platforms: [linux/amd64, linux/arm64]
include:
- release: latest
@ -116,6 +116,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rhel9
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: ${{ matrix.release }}
@ -139,7 +141,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -189,7 +191,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, el, el9]
arch: [amd64, arm64]
include:
- release: latest
@ -214,6 +216,11 @@ jobs:
suffix: "1."
version: 8
package: rpm
- linux: el9
separator: "-"
suffix: "1."
version: 9
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
@ -226,6 +233,9 @@ jobs:
- linux: el
arch: amd64
package_arch: x86_64
- linux: el9
arch: amd64
package_arch: x86_64
- linux: ubuntu
arch: arm64
package_arch: arm64
@ -238,6 +248,9 @@ jobs:
- linux: el
arch: arm64
package_arch: aarch64
- linux: el9
arch: arm64
package_arch: aarch64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

4
.github/workflows/rm-arm.yml vendored
View file

@ -21,9 +21,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Delete ARM VM
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
with:
args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
access-key: ${{ secrets.SCW_ACCESS_KEY }}

4
.github/workflows/scorecards-analysis.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
with:
persist-credentials: false
- name: "Run analysis"
@ -25,6 +25,6 @@ jobs:
results_format: sarif
publish_results: true
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
sarif_file: results.sarif

17
.github/workflows/staging-create-infra.yml vendored
View file

@ -11,8 +11,6 @@ on:
required: true
SECRET_KEY:
required: true
K8S_IP:
required: true
jobs:
create:
@ -23,16 +21,16 @@ jobs:
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
if: inputs.TYPE != 'k8s'
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Install terraform
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 # v3.1.0
- name: Install kubectl
uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
with:
version: "v1.28.2"
version: "v1.28.6"
- name: Set up Python 3.12
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
if: inputs.TYPE != 'k8s'
with:
python-version: "3.12"
@ -40,13 +38,12 @@ jobs:
run: pip install --no-cache-dir --require-hashes -r misc/requirements-ansible.txt
if: inputs.TYPE != 'k8s'
- name: Install ansible libs
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general && ansible-galaxy collection install --timeout 120 community.docker
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.7 && ansible-galaxy collection install --timeout 120 community.general && ansible-galaxy collection install --timeout 120 community.docker
if: inputs.TYPE != 'k8s'
# Create infra
- run: ./tests/create.sh ${{ inputs.TYPE }}
env:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
K8S_IP: ${{ secrets.K8S_IP }}
- run: |
tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
echo "$SECRET_KEY" > /tmp/.secret_key
@ -55,7 +52,7 @@ jobs:
if: always()
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: always()
with:
name: tf-${{ inputs.TYPE }}

8
.github/workflows/staging-delete-infra.yml vendored
View file

@ -20,10 +20,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Install terraform
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 # v3.1.0
- uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: tf-${{ inputs.TYPE }}
path: /tmp
@ -34,7 +34,7 @@ jobs:
tar xf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
- uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
with:
version: "v1.28.2"

23
.github/workflows/staging-tests.yml vendored
View file

@ -25,9 +25,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -39,11 +39,11 @@ jobs:
- run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing local/autoconf-tests:latest
if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE)
- name: Push images to local repo
run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
run: docker tag local/bunkerweb-tests:latest manager:5000/bunkerweb-tests:latest && docker push manager:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest manager:5000/scheduler-tests:latest && docker push manager:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest manager:5000/autoconf-tests:latest && docker push manager:5000/autoconf-tests:latest
if: inputs.TYPE == 'swarm'
- name: Install test dependencies
run: pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
- uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
run: PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
- uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
with:
name: tf-k8s
path: /tmp
@ -66,11 +66,11 @@ jobs:
REG_USER: ${{ github.actor }}
REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: inputs.TYPE == 'k8s'
- uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
- uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
with:
version: "v1.28.2"
- uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
if: inputs.TYPE == 'k8s'
- name: Pull BW linux ubuntu test image
if: inputs.TYPE == 'linux'
@ -84,6 +84,9 @@ jobs:
- name: Pull BW linux rhel test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity/rhel-tests:testing local/rhel:latest
- name: Pull BW linux rhel9 test image
if: inputs.TYPE == 'linux'
run: docker pull ghcr.io/bunkerity/rhel9-tests:testing && docker tag ghcr.io/bunkerity/rhel9-tests:testing local/rhel9:latest
# Do tests
- name: Run tests
if: inputs.TYPE == 'docker'
@ -136,3 +139,9 @@ jobs:
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
- name: Run Linux rhel9 tests
if: inputs.TYPE == 'linux'
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "rhel9"
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}

60
.github/workflows/staging.yml vendored
View file

@ -43,7 +43,7 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, rhel, rhel9]
include:
- linux: ubuntu
package: deb
@ -53,6 +53,8 @@ jobs:
package: rpm
- linux: rhel
package: rpm
- linux: rhel9
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: testing
@ -83,30 +85,51 @@ jobs:
secrets:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
K8S_IP: ${{ secrets.K8S_IP }}
prepare-tests-core:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "tests=$tests" >> $GITHUB_OUTPUT
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
prepare-tests-ui:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "tests=$tests" >> $GITHUB_OUTPUT
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
# Perform tests
tests-ui:
needs: [codeql, build-containers]
needs: [prepare-tests-ui, build-containers]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-ui.outputs.tests) }}
uses: ./.github/workflows/tests-ui.yml
with:
TEST: ${{ matrix.test }}
RELEASE: testing
tests-ui-linux:
needs: [codeql, build-packages]
needs: [prepare-tests-ui, build-packages]
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-ui.outputs.tests) }}
uses: ./.github/workflows/tests-ui-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: testing
staging-tests:
needs: [create-infras]
strategy:
@ -128,6 +151,7 @@ jobs:
TYPE: ${{ matrix.type }}
RUNS_ON: ${{ matrix.runs_on }}
secrets: inherit
tests-core:
needs: [build-containers, prepare-tests-core]
strategy:
@ -173,12 +197,12 @@ jobs:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -197,43 +221,41 @@ jobs:
needs: [staging-tests, tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
linux: [ubuntu, debian, fedora, el, el9]
arch: [amd64]
include:
- release: testing
repo: bunkerweb
- linux: ubuntu
package_arch: amd64
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
package_arch: amd64
separator: _
suffix: ""
version: bookworm
package: deb
- linux: fedora
package_arch: x86_64
separator: "-"
suffix: "1."
version: 39
package: rpm
- linux: el
package_arch: x86_64
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
- linux: el9
package_arch: x86_64
separator: "-"
suffix: "1."
version: 9
package: rpm
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}

14
.github/workflows/test-core-linux.yml vendored
View file

@ -16,11 +16,11 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python 3.12
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Set up Python 3.9
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.12"
python-version: "3.9"
- name: Install Firefox manually and dependencies
run: |
sudo add-apt-repository ppa:mozillateam/ppa -y
@ -36,7 +36,7 @@ jobs:
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
- name: Download geckodriver
uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
max_attempts: 3
timeout_minutes: 20
@ -47,7 +47,7 @@ jobs:
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -88,7 +88,7 @@ jobs:
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "SEND_ANONYMOUS_REPORT=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=debug" | sudo tee -a /etc/bunkerweb/variables.env
sudo chown nginx:nginx /etc/bunkerweb/variables.env
sudo chmod 777 /etc/bunkerweb/variables.env
- name: Install BunkerWeb

6
.github/workflows/test-core.yml vendored
View file

@ -16,9 +16,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -33,4 +33,4 @@ jobs:
cd ./tests/core/${{ inputs.TEST }}
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb:.*@bunkerweb-tests@" {} \;
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb-scheduler:.*@scheduler-tests@" {} \;
./test.sh "docker"
./test.sh "docker" "${{ inputs.TEST }}"

24
.github/workflows/tests-ui-linux.yml vendored
View file

@ -3,6 +3,9 @@ name: Core test Linux (REUSABLE)
on:
workflow_call:
inputs:
TEST:
required: true
type: string
RELEASE:
required: true
type: string
@ -13,11 +16,11 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Python 3.12
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Set up Python 3.9
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.12"
python-version: "3.9"
- name: Install Firefox manually and dependencies
run: |
sudo add-apt-repository ppa:mozillateam/ppa -y
@ -33,7 +36,7 @@ jobs:
' | sudo tee /etc/apt/preferences.d/mozilla-firefox
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
- name: Download geckodriver
uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
max_attempts: 3
timeout_minutes: 20
@ -44,7 +47,7 @@ jobs:
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -71,18 +74,20 @@ jobs:
# Misc
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app2.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app3.example.com" | sudo tee -a /etc/hosts
# BunkerWeb
sudo mkdir -p /etc/bunkerweb
echo "SERVER_NAME=" | sudo tee /etc/bunkerweb/variables.env
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "BAD_BEHAVIOR_THRESHOLD=20" | sudo tee -a /etc/bunkerweb/variables.env
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
echo 'API_LISTEN_IP=127.0.0.1' | sudo tee -a /etc/bunkerweb/variables.env
echo "MULTISITE=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=debug" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "SEND_ANONYMOUS_REPORT=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "DISABLE_DEFAULT_SERVER=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_CLIENT_CACHE=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GZIP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "DATASTORE_MEMORY_SIZE=384m" | sudo tee -a /etc/bunkerweb/variables.env
@ -112,6 +117,7 @@ jobs:
}' | tee plugin.json
zip discord.zip plugin.json
rm plugin.json
./tests.sh "linux"
sudo truncate -s 0 /var/log/bunkerweb/error.log
./tests.sh "linux" ${{ inputs.TEST }}
env:
MODE: ${{ inputs.RELEASE }}

9
.github/workflows/tests-ui.yml vendored
View file

@ -3,6 +3,9 @@ name: Perform tests for UI (REUSABLE)
on:
workflow_call:
inputs:
TEST:
required: true
type: string
RELEASE:
required: true
type: string
@ -12,9 +15,9 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- name: Login to ghcr
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -29,6 +32,6 @@ jobs:
- name: Run tests
run: |
cd ./tests/ui
./tests.sh "docker"
./tests.sh "docker" ${{ inputs.TEST }}
env:
MODE: ${{ inputs.RELEASE }}

4
.gitignore vendored
View file

@ -2,8 +2,10 @@ site/
.idea/
.vscode/
__pycache__
env
env/
tmp_venv/
node_modules
/src/ui/*.txt
.mypy_cache
.cache/
/package*.json

11
.gitleaksignore
View file

@ -1 +1,12 @@
src/ui/templates/profile.html:hashicorp-tf-password:343
src/ui/templates/account.html:hashicorp-tf-password:194
src/ui/templates/account.html:hashicorp-tf-password:255
src/ui/templates/account.html:hashicorp-tf-password:292
src/ui/templates/account.html:hashicorp-tf-password:329
src/ui/templates/account.html:hashicorp-tf-password:417
src/ui/templates/account.html:hashicorp-tf-password:470
src/ui/templates/settings_plugins.html:hashicorp-tf-password:87
src/ui/templates/settings_plugins.html:hashicorp-tf-password:297
src/ui/templates/settings_plugins.html:hashicorp-tf-password:106
src/ui/templates/account.html:hashicorp-tf-password:154
src/ui/templates/account.html:hashicorp-tf-password:162

12
.pre-commit-config.yaml
View file

@ -3,7 +3,7 @@
exclude: (^LICENSE.md$|^src/VERSION$|^env/|^src/(bw/misc/root-ca.pem$|deps/src/|common/core/modsecurity/files|ui/static/(js/(editor/|utils/purify/|tsparticles\.bundle\.min\.js)|css/dashboard\.css))|\.(svg|drawio|patch\d?|ascii|tf|tftpl|key)$)
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: c4a0b883114b00d8d76b479c820ce7950211c99b # frozen: v4.5.0
rev: 2c9f875913ee60ca25ce70243dc24d5b6415598c # frozen: v4.6.0
hooks:
- id: requirements-txt-fixer
name: Fix requirements.txt and requirements.in files
@ -17,7 +17,7 @@ repos:
- id: check-case-conflict
- repo: https://github.com/psf/black
rev: ec91a2be3c44d88e1a3960a4937ad6ed3b63464e # frozen: 23.12.1
rev: 8fe627072f15ff2e3d380887b92f7868efaf6d05 # frozen: 24.4.0
hooks:
- id: black
name: Black Python Formatter
@ -47,10 +47,10 @@ repos:
hooks:
- id: flake8
name: Flake8 Python Linter
args: ["--max-line-length=250", "--ignore=E266,E402,E722,W503"]
args: ["--max-line-length=160", "--ignore=E266,E402,E501,E722,W503"]
- repo: https://github.com/dosisod/refurb
rev: a295cee6d188f5797aefe5d7cf77a353ed48ea93 # frozen: v1.27.0
rev: 2e31f0033b6c00bf99912fc6a8b5fd00460c9ba0 # frozen: v2.0.0
hooks:
- id: refurb
name: Refurb Python Refactoring Tool
@ -67,11 +67,11 @@ repos:
types: [text]
- repo: https://github.com/gitleaks/gitleaks
rev: e815c559e3ac76227e8e7463cf3a6598b715687b # frozen: v8.18.1
rev: 145400593c178304246371bc45290588bc72f43e # frozen: v8.18.2
hooks:
- id: gitleaks
- repo: https://github.com/koalaman/shellcheck-precommit
rev: 3f77b826548d8dc2d26675f077361c92773b50a7 # frozen: v0.9.0
rev: 2491238703a5d3415bb2b7ff11388bf775372f29 # frozen: v0.10.0
hooks:
- id: shellcheck

5
.prettierignore
View file

@ -2,7 +2,7 @@ docs/
env/
*/env/
*.min*
src/common/core/modsecurity/
src/common/core/modsecurity/files/
src/deps/src/
mkdocs.yml
CHANGELOG.md
@ -16,5 +16,6 @@ flatpickr.*
src/ui/static/js/editor/*
src/ui/static/js/utils/purify/*
src/ui/templates/*
src/common/core/*/ui/*
datepicker-foundation.css
examples/*
examples/

88
CHANGELOG.md
View file

@ -1,13 +1,99 @@
# Changelog
## v1.5.6 - YYYY/MM/DD
## v1.5.7 - ????/??/??
- [BUGFIX] Fix rare error when the cache is not properly initialized and jobs are executed
- [BUGFIX] Fix bug when downloading new mmdb files
- [BUGFIX] Remove potential false positives with ModSecurity on the jobs page of the web UI
- [BUGFIX] Fix bwcli not working with Redis sentinel
- [BUGFIX] Fix potential issues when removing the bunkerweb Linux package
- [FEATURE] Add backup plugin to backup and restore easily the database
- [FEATURE] Add LETS_ENCRYPT_CLEAR_OLD_CERTS setting to control if old certificates should be removed when generating Let's Encrypt certificates (default is no)
- [FEATURE] Add DISABLE_DEFAULT_SERVER_STRICT_SNI setting to allow/block requests when SNI is unknown or unset (default is no)
- [UI] General : fix tooltip crop because of overflow
- [UI] General : fix select setting crop because of overflow and check if select is out of viewport to determine visible position
- [UI] General : show logs on UI when pre rendering issue
- [UI] General : Improve UI performance by using multiple workers for the web server and reducing the number of times we prompt a loading page
- [UI] Global config : fix script error while fragment relate to a missing plugin
- [UI] Global config / services page : filtering settings now open plugin select to highlight remaining plugin
- [UI] Global config / services page : add combobox on plugin select open to search a plugin quick
- [UI] Global config / services page : add combobox on plugin select open to search a plugin quick
- [UI] Global config / services page : add order for settings to always respect the order defined in the plugin
- [UI] Reporting page : fix missing data and add new ones
- [UI] Account page : keep license key form even if pro register to easy update
- [UI] Wizard : Add the possibility to still configure reverse proxy even if an admin user already exists
- [DOCUMENTATION] Add upgrade procedure for 1.5.7+
- [DOCUMENTATION] Rename Migrating section to Upgrading
- [MISC] Support custom bwcli commands using plugins
- [MISC] Add Docker labels in autoconf, bw, scheduler, and ui Dockerfiles
- [DEPS] Update Python base Docker image to version 3.12.3-alpine3.19
- [DEPS] Updated LuaJIT version to v2.1-20240314
- [DEPS] Updated lua-resty-openssl version to 1.3.1
- [DEPS] Updated coreruleset-v4 version to v4.2.0
## v1.5.6 - 2024/03/25
- [LINUX] Support RHEL 9.3
- [BUGFIX] Fix issues with the antibot feature ([#866](https://github.com/bunkerity/bunkerweb/issues/866), [#870](https://github.com/bunkerity/bunkerweb/issues/870))
- [BUGFIX] Fix Bad behavior whitelist check in access phase
- [BUGFIX] Fix ModSecurity FP on antibot page
- [BUGFIX] Fix Whitelist core plugin missing a check for empty server_name in multisite mode
- [BUGFIX] Fix Templator missing some common configs
- [BUGFIX] Database update with external plugins reupload
- [BUGFIX] UI delete or edit multiple setting
- [LINUX] Add logrotate support for the logs
- [UI] New : add bans management page in the web UI
- [UI] New : add blocked requests page in the web UI
- [UI] New : some core plugins pages in the web UI
- [UI] General : enhance the Content-Security-Policy header in the web UI
- [UI] General : dark mode enhancement
- [UI] General : add visual feedback when filtering is matching nothing
- [UI] General : blog news working and add dynamic banner news
- [UI] Global config page : Add multisite edit, add context filter
- [UI] Global config / Service page : remove tabs for select and enhance filtering (plugin name, multiple settings and context now includes)
- [UI] Service page : add the possibility to clone a service in the web UI
- [UI] Service page : add the possibility to set a service as draft in the web UI
- [UI] Service page : add services filter when at least 4 services
- [UI] Configs page : add path filtering related to config presence, remove service when config is root only
- [UI] Pro license : add home card, show pro plugins on menu and plugins page, resume in account page, alert in case issue with license usage
- [UI] Log page : enhance UX
- [FEATURE] Add setting REDIS_SSL_VERIFY to activate/disable the SSL certificate verification when using Redis
- [FEATURE] Add Redis Sentinel fallback to master automatically if no slaves are available
- [FEATURE] Add Redis Sentinel support for bwcli
- [FEATURE] Add new Metrics core plugin that will allow metrics collection and retrieval of internal metrics
- [FEATURE] Add setting DATABASE_LOG_LEVEL to control SQLAlchemy loggers separately from the main one
- [FEATURE] Add whitelist check for the default-server as well
- [FEATURE] Add the possibility to choose between the coreruleset v3 and v4 that will be used by ModSecurity (default is v3)
- [FEATURE] Add the TIMERS_LOG_LEVEL setting to control the log level of the lua timers
- [FEATURE] Add pro version management to core plugins, the scheduler and the web UI
- [FEATURE] Add REVERSE_PROXY_CUSTOM_HOST setting to set a custom Host header when using reverse proxy
- [MISC] Add a better custom certificate cache handling
- [MISC] Updated Linux base images in Dockerfiles
- [MISC] Add recommended dialects to databases string
- [MISC] Refine the data sent in the anonymous reporting feature and move the setting and the job to the "jobs" plugin
- [MISC] BunkerWeb will now load the default loading page even on 404 errors when generating the configuration
- [MISC] Update database schema to support the new pro version and optimize it
- [MISC] Refactor SSL/TLS logics to make it more consistent
- [MISC] Use ECDSA key instead of RSA for selfsigned/default/fallback certificates
- [MISC] Refactor certbot-new job to optimize the certbot requests
- [MISC] Refactor jobs utils to make it more consistent
- [MISC] Review jobs and utils to make it more consistent and better in general
- [MISC] Change BunkerWeb base Docker image to nginx:1.24.0-alpine-slim
- [DOCUMENTATION] Update web UI's setup wizard instructions in the documentation
- [DOCUMENTATION] Update plugins documentation to reflect the new plugin system
- [DOCUMENTATION] Update ModSecurity documentation to reflect the new changes in the Security Tuning section
- [DOCUMENTATION] Add pro version documentation
- [DEPS] Updated stream-lua-nginx-module to v0.0.14
- [DEPS] Updated lua-nginx-module version to v0.10.26
- [DEPS] Updated libmaxminddb version to v1.9.1
- [DEPS] Updated lua-resty-core to v0.1.28
- [DEPS] Updated zlib version to v1.3.1
- [DEPS] Updated ModSecurity version to v3.0.12
- [DEPS] Updated coreruleset version to v3.3.5
- [DEPS] Added coreruleset version v4.1.0
- [DEPS] Updated lua-resty-mlcache version to v2.7.0
- [DEPS] Updated lua-resty-openssl version to v1.2.1
- [DEPS] Updated lua-resty-http version to v0.17.2
## v1.5.5 - 2024/01/12

120
README.md
View file

@ -1,5 +1,5 @@
<p align="center">
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/misc/logo.png" height=100 width=350 />
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/misc/logo.png" height=100 width=350 />
</p>
<p align="center">
@ -26,7 +26,7 @@
&#124;
👨‍💻 <a href="https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo</a>
&#124;
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/examples">Examples</a>
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/examples">Examples</a>
&#124;
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
&#124;
@ -42,14 +42,14 @@
# BunkerWeb
<p align="center">
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/intro-overview.svg" />
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/intro-overview.svg" />
</p>
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.7/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github).
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.7/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.7/plugins/?utm_campaign=self&utm_source=github).
## Why BunkerWeb ?
@ -74,7 +74,7 @@ A non-exhaustive list of security features :
- **Block known bad IPs** with external blacklists and DNSBL
- And much more ...
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.7/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
## Demo
@ -84,13 +84,29 @@ Learn more about the core security features in the [security tuning](https://doc
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github). Feel free to visit it and perform some security tests.
## PRO version
When using BunkerWeb you have the choice of the version you want to use : open-source or PRO.
Whether it's enhanced security, an enriched user experience, or technical supervision, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs.
Be it in the documentation or the user interface, the PRO features are annotated with a crown <img src="https://docs.bunkerweb.io/1.5.7/assets/img/pro-icon.svg" alt="crow pro icon" height="24px" width="24px"> to distinguish them from those integrated into the open-source version.
You can upgrade from the open-source version to the PRO one easily and at any time you want. The process is pretty straightforward :
- Claim your [free trial on the BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc)
- Once connected to the client area, copy your PRO license key
- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.5.7/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.5.7/settings/#pro)
Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question regarding the PRO version.
## Professional services
Maximize your BunkerWeb experience by getting professional services directly from the maintainers of the project. Whether you require technical support, personalized consulting, or development services, we stand ready to assist you in fortifying the security of your web services.
Get the most of BunkerWeb by getting professional services directly from the maintainers of the project. From technical support to tailored consulting and development, we are here to assist you in the security of your web services.
You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github), our dedicated platform for professional services.
You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc), our dedicated platform for professional services.
Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=github) if you have any question, we will be more than happy to respond to your needs.
Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question, we will be more than happy to respond to your needs.
## Ecosystem, community and resources
@ -113,10 +129,10 @@ Community and social networks :
# Concepts
<p align="center">
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/concepts.svg" />
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/concepts.svg" />
</p>
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.5/concepts/?utm_campaign=self&utm_source=github).
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.7/concepts/?utm_campaign=self&utm_source=github).
## Integrations
@ -124,13 +140,13 @@ The first concept is the integration of BunkerWeb into the target environment. W
The following integrations are officially supported :
- [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux)
- [Ansible](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible)
- [Vagrant](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant)
- [Docker](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
- [Swarm](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#swarm)
- [Kubernetes](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#kubernetes)
- [Linux](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux)
- [Ansible](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#ansible)
- [Vagrant](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#vagrant)
## Settings
@ -162,7 +178,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap
## Custom configurations
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.7/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
@ -171,7 +187,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall
## Database
<p align="center">
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/bunkerweb_db.svg" />
<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/bunkerweb_db.svg" />
</p>
State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :
@ -200,7 +216,7 @@ In other words, the scheduler is the brain of BunkerWeb.
## Docker
<p align="center">
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-docker.svg" />
<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-docker.svg" />
</p>
We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
@ -211,46 +227,46 @@ Docker integration key concepts are :
- **Scheduler** container to store configuration and execute jobs
- **Networks** to expose ports for clients and connect to upstream web services
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.
## Docker autoconf
<p align="center">
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-autoconf.svg" />
<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-autoconf.svg" />
</p>
The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
## Swarm
<p align="center">
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-swarm.svg" />
<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-swarm.svg" />
</p>
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
## Kubernetes
<p align="center">
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-kubernetes.svg" />
<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-kubernetes.svg" />
</p>
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
## Linux
<p align="center">
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-linux.svg" />
<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-linux.svg" />
</p>
List of supported Linux distros :
@ -259,15 +275,16 @@ List of supported Linux distros :
- Ubuntu 22.04 "Jammy"
- Fedora 39
- RHEL 8.9
- RHEL 9.3
Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
## Ansible
<p align="center">
<img alt="Ansible banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-ansible.svg" />
<img alt="Ansible banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/integration-ansible.svg" />
</p>
List of supported Linux distros :
@ -276,12 +293,13 @@ List of supported Linux distros :
- Ubuntu 22.04 "Jammy"
- Fedora 39
- RHEL 8.9
- RHEL 9.3
[Ansible](https://www.ansible.com/) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation.
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation.
## Vagrant
@ -290,11 +308,11 @@ We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following
- virtualbox
- libvirt
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation.
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation.
# Quickstart guide
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.5/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.7/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
- Protecting a single HTTP application
- Protecting multiple HTTP application
@ -305,9 +323,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo
# Security tuning
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.7/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.7/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
# Settings
@ -317,13 +335,13 @@ As a general rule when multisite mode is enabled, if you want to apply settings
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
Check the [settings section](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
Check the [settings section](https://docs.bunkerweb.io/1.5.7/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
# Web UI
<p align="center">
<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4">
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/user_interface_demo.png" height="300" />
<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.7/docs/assets/img/user_interface_demo.webp" height="300" />
</a>
</p>
@ -337,7 +355,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance
- Monitor jobs execution
- View the logs and search pattern
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.7/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
# Plugins
@ -347,15 +365,15 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| Name | Version | Description | Link |
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------: |
| **ClamAV** | 1.3 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.3 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.3 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.3 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.3 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.3 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
| **ClamAV** | 1.4 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.4 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.4 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.4 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.4 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.4 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.4 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github) of the documentation.
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.7/plugins/?utm_campaign=self&utm_source=github) of the documentation.
# Support
@ -378,15 +396,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues)
# License
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/LICENSE.md).
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/LICENSE.md).
# Contribute
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/CONTRIBUTING.md) to get started.
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/CONTRIBUTING.md) to get started.
# Security policy
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/SECURITY.md) for more information.
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.7/SECURITY.md) for more information.
# Stargazers over time

20
docs/about.md
View file

@ -4,16 +4,32 @@
BunkerWeb is maintained by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), a French 🇫🇷 company specialized in Cybersecurity 🛡️.
## Do you have a professional version ?
Yes, we do offer a professional version of BunkerWeb called "BunkerWeb PRO".
Here are the main benefits of BunkerWeb PRO :
- Unlock all features of BunkerWeb
- Pay per protected services
- Respond to professional needs
- Free trial with no credit card
- Best effort support included
You can go the [BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) to get more information and claim your free trial.
## Do you offer professional services ?
Yes, we offer professional services related to BunkerWeb such as :
Yes, we offer professional services related to BunkerWeb.
You can get in touch with us about any of the following :
- Consulting
- Support
- Custom development
- Partnership
**We have a [dedicated panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) to centralize all professional requests.**
We have a [dedicated panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) to centralize all professional requests.
You can also contact use at [contact@bunkerity.com](mailto:contact@bunkerity.com) if you are interested.

4
docs/assets/img/bunkerweb_db.svg
View file

File diff suppressed because one or more lines are too long
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 903 KiB

After

Width:  |  Height:  |  Size: 911 KiB

BIN
docs/assets/img/crowdity1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.8 KiB

BIN
docs/assets/img/crowdity2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 6.7 KiB

BIN
docs/assets/img/crowdity3.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/assets/img/crowdity4.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
docs/assets/img/demo.gif
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 48 MiB

BIN
docs/assets/img/pro-from-ui.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 87 KiB

BIN
docs/assets/img/pro-home-card.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 8.3 KiB

7
docs/assets/img/pro-icon.svg Normal file
View file

@ -0,0 +1,7 @@
<svg style="height:1.5rem; width:1.5rem;"
viewBox="0 0 48 46"
fill="none"
xmlns="http://www.w3.org/2000/svg">
<path style="fill:#eab308" d="M43.218 28.2327L43.6765 23.971C43.921 21.6973 44.0825 20.1957 43.9557 19.2497L44 19.25C46.071 19.25 47.75 17.5711 47.75 15.5C47.75 13.4289 46.071 11.75 44 11.75C41.929 11.75 40.25 13.4289 40.25 15.5C40.25 16.4366 40.5935 17.2931 41.1613 17.9503C40.346 18.4535 39.2805 19.515 37.6763 21.1128C36.4405 22.3438 35.8225 22.9593 35.1333 23.0548C34.7513 23.1075 34.3622 23.0532 34.0095 22.898C33.373 22.6175 32.9485 21.8567 32.0997 20.335L27.6262 12.3135C27.1025 11.3747 26.6642 10.5889 26.2692 9.95662C27.89 9.12967 29 7.44445 29 5.5C29 2.73857 26.7615 0.5 24 0.5C21.2385 0.5 19 2.73857 19 5.5C19 7.44445 20.11 9.12967 21.7308 9.95662C21.3358 10.589 20.8975 11.3746 20.3738 12.3135L15.9002 20.335C15.0514 21.8567 14.627 22.6175 13.9905 22.898C13.6379 23.0532 13.2487 23.1075 12.8668 23.0548C12.1774 22.9593 11.5595 22.3438 10.3238 21.1128C8.71968 19.515 7.6539 18.4535 6.83882 17.9503C7.4066 17.2931 7.75 16.4366 7.75 15.5C7.75 13.4289 6.07107 11.75 4 11.75C1.92893 11.75 0.25 13.4289 0.25 15.5C0.25 17.5711 1.92893 19.25 4 19.25L4.04428 19.2497C3.91755 20.1957 4.07905 21.6973 4.32362 23.971L4.782 28.2327C5.03645 30.5982 5.24802 32.849 5.50717 34.875H42.4928C42.752 32.849 42.9635 30.5982 43.218 28.2327Z" fill="#1C274C" />
<path style="fill:#eab308" d="M21.2803 45.5H26.7198C33.8098 45.5 37.3545 45.5 39.7198 43.383C40.7523 42.4588 41.4057 40.793 41.8775 38.625H6.1224C6.59413 40.793 7.24783 42.4588 8.2802 43.383C10.6454 45.5 14.1903 45.5 21.2803 45.5Z" fill="#1C274C" />
</svg>
Side by side

After

Width:  |  Height:  |  Size: 1.6 KiB

BIN
docs/assets/img/pro-ui-upgrade.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
docs/assets/img/ui-pro.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 9.9 KiB

8
docs/concepts.md
View file

@ -26,6 +26,10 @@ If you think that a new integration should be supported, do not hesitate to open
## Settings
!!! tip "Pro settings"
Some plugins are reserved for the **pro version**. [Find out more about the pro version here.](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc#pro)
Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
@ -81,7 +85,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no
!!! info "Going further"
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/examples) directory of the repository.
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples) directory of the repository.
## Custom configurations
@ -95,7 +99,7 @@ By leveraging custom configurations, you unlock a world of possibilities to tail
!!! info "Going further"
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/examples) directory of the repository.
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples) directory of the repository.
## Database

18
docs/index.md
View file

@ -27,7 +27,7 @@ BunkerWeb contains primary [security features](security-tuning.md) as part of th
- **Free as in "freedom"** : BunkerWeb is licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html), embracing the principles of freedom and openness. Enjoy the freedom to use, modify, and distribute the software, backed by a supportive community.
- **Professional services** : Get technical support, tailored consulting and custom development directly from the maintainers of BunkerWeb. Visit the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) for more information.
- **Professional services** : Get technical support, tailored consulting and custom development directly from the maintainers of BunkerWeb. Visit the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc#pro) for more information.
## Security features
@ -59,6 +59,22 @@ To delve deeper into the core security features, we invite you to explore the [s
A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc). Feel free to visit it and perform some security tests.
## PRO version
When using BunkerWeb you have the choice of the version you want to use : open-source or PRO.
Whether it's enhanced security, an enriched user experience, or technical monitoring, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs.
Be it in the documentation or the user interface, the PRO features are annotated with a crown <img src="assets/img/pro-icon.svg" alt="crow pro icon" height="32px" width="32px"> to distinguish them from those integrated into the open-source version.
You can upgrade from the open-source version to the PRO one easily and at any time you want. The process is pretty straightforward :
- Claim your [free trial on the BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc)
- Once connected to the client area, copy your PRO license key
- Paste your private key into BunkerWeb using the [web UI](web-ui.md#upgrade-to-pro) or [specific setting](settings.md#pro)
Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question regarding the PRO version.
## Professional services
Get the most of BunkerWeb by getting professional services directly from the maintainers of the project. From technical support to tailored consulting and development, we are here to assist you in the security of your web services.

109
docs/integrations.md
View file

@ -21,13 +21,13 @@ By accessing these prebuilt images from Docker Hub, you can quickly pull and run
Whether you're conducting tests, developing applications, or deploying BunkerWeb in production, the Docker containerization option provides flexibility and ease of use. Embracing this method empowers you to take full advantage of BunkerWeb's features while leveraging the benefits of Docker technology.
```shell
docker pull bunkerity/bunkerweb:1.5.5
docker pull bunkerity/bunkerweb:1.5.7
```
Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address :
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.5.5
docker pull ghcr.io/bunkerity/bunkerweb:1.5.7
```
Alternatively, if you prefer a more hands-on approach, you have the option to build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb). Building the image from source gives you greater control and customization over the deployment process. However, please note that this method may take some time to complete, depending on your hardware configuration.
@ -57,7 +57,7 @@ When integrating BunkerWeb with Docker, there are key concepts to keep in mind,
- **Networks**: Docker networks play a vital role in the integration of BunkerWeb. These networks serve two main purposes: exposing ports to clients and connecting to upstream web services. By exposing ports, BunkerWeb can accept incoming requests from clients, allowing them to access the protected web services. Additionally, by connecting to upstream web services, BunkerWeb can efficiently route and manage the traffic, providing enhanced security and performance.
!!! info "Database backend"
Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
### Environment variables
@ -67,7 +67,7 @@ Settings are passed to BunkerWeb using Docker environment variables :
...
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
labels:
- "bunkerweb.INSTANCE=yes"
environment:
@ -86,7 +86,7 @@ Please note that the `bunkerweb.INSTANCE` is mandatory to make sure the schedule
The [scheduler](concepts.md#scheduler) is executed in its own container which is also available on Docker Hub :
```shell
docker pull bunkerity/bunkerweb-scheduler:1.5.5
docker pull bunkerity/bunkerweb-scheduler:1.5.7
```
Alternatively, you can build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb) (less coffee ☕ needed than BunkerWeb image) :
@ -103,7 +103,7 @@ A volume is needed to store the SQLite database that will be used by the schedul
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
volumes:
- bw-data:/data
...
@ -165,7 +165,7 @@ You will need to create the Docker API proxy container, mount the socket and set
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
env:
- DOCKER_HOST=tcp://bw-docker:2375
...
@ -213,7 +213,7 @@ To secure the communication between the scheduler and BunkerWeb API, it is impor
...
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -222,7 +222,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
networks:
- bw-universe
- bw-docker
@ -252,7 +252,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -266,7 +266,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -326,7 +326,7 @@ By adopting this approach, you can enjoy real-time reconfiguration of BunkerWeb
The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](concepts.md#multisite-mode) of the documentation for more information.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
To enable automated configuration updates, include an additional container called `bw-autoconf` in the stack. This container hosts the autoconf service, which manages dynamic configuration changes for BunkerWeb. To support this functionality, use a dedicated "real" database backend (e.g., MariaDB, MySQL, or PostgreSQL) for synchronized configuration storage. By integrating `bw-autoconf` and a suitable database backend, you establish the infrastructure for seamless automated configuration management in BunkerWeb.
@ -335,7 +335,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -352,7 +352,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -365,7 +365,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -464,7 +464,7 @@ Since multiple instances of BunkerWeb are running, a shared data store implement
As for the database volume, the documentation does not specify a specific approach. Choosing either a shared folder or a specific driver for the database volume is dependent on your unique use-case and is left as an exercise for the reader.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
@ -475,7 +475,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- published: 80
target: 8080
@ -505,7 +505,7 @@ services:
- "bunkerweb.INSTANCE=yes"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -537,7 +537,7 @@ services:
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -637,7 +637,7 @@ For an optimal setup, it is recommended to define BunkerWeb as a **[DaemonSet](h
Given the presence of multiple BunkerWeb instances, it is necessary to establish a shared data store implemented as a [Redis](https://redis.io/) service. This Redis service will be utilized by the instances to cache and share data among themselves. Further information about the Redis settings can be found [here](settings.md#redis).
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
@ -698,7 +698,7 @@ spec:
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -768,7 +768,7 @@ spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -795,7 +795,7 @@ spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -950,6 +950,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Ubuntu 22.04 "Jammy"
- Fedora 39
- Red Hat Enterprise Linux (RHEL) 8.9
- Red Hat Enterprise Linux (RHEL) 9.3
Please ensure that you have **NGINX 1.24.0 installed before installing BunkerWeb**. For all distributions, except Fedora, it is mandatory to use prebuilt packages from the [official NGINX repository](https://nginx.org/en/linux_packages.html). Compiling NGINX from source or using packages from different repositories will not work with the official prebuilt packages of BunkerWeb. However, you have the option to build BunkerWeb from source.
@ -975,15 +976,25 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo apt install -y nginx=1.24.0-1~$(lsb_release -cs)
```
!!! warning "Testing version"
If you use the `testing` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
!!! warning "Testing/dev version"
If you use the `testing` or `dev` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
And finally install BunkerWeb 1.5.5 :
```shell
echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
```
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
```shell
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.5.5
sudo -E apt install -y bunkerweb=1.5.7
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@ -1012,15 +1023,25 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo apt install -y nginx=1.24.0-1~jammy
```
!!! warning "Testing version"
If you use the `testing` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
!!! warning "Testing/dev version"
If you use the `testing` or `dev` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
And finally install BunkerWeb 1.5.5 :
```shell
echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
```
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
```shell
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.5.5
sudo -E apt install -y bunkerweb=1.5.7
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
@ -1037,14 +1058,20 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo dnf install -y nginx-1.24.0
```
And finally install BunkerWeb 1.5.5 :
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
```shell
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | \
sed 's/yum install -y pygpgme --disablerepo='\''bunkerity_bunkerweb'\''/yum install -y python-gnupg/g' | \
sed 's/pypgpme_check=`rpm -qa | grep -qw pygpgme`/python-gnupg_check=`rpm -qa | grep -qw python-gnupg`/g' | sudo bash && \
sudo dnf makecache && \
sudo dnf install -y bunkerweb-1.5.5
sudo -E dnf install -y bunkerweb-1.5.7
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -1081,13 +1108,20 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
```shell
sudo dnf install nginx-1.24.0
```
And finally install BunkerWeb 1.5.5 :
Optional step : if you want to automatically enable the [setup wizard](web-ui.md#setup-wizard) when BunkerWeb is installed, export the following variable :
```shell
dnf install -y epel-release && \
export UI_WIZARD=1
```
And finally install BunkerWeb 1.5.7 :
```shell
sudo dnf install -y epel-release && \
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo dnf install -y bunkerweb-1.5.5
sudo -E dnf install -y bunkerweb-1.5.7
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -1125,6 +1159,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Ubuntu 22.04 "Jammy"
- Fedora 39
- Red Hat Enterprise Linux (RHEL) 8.9
- Red Hat Enterprise Linux (RHEL) 9.3
To simplify the deployment and configuration process, [Ansible](https://docs.ansible.com/ansible/latest/index.html) can be used as an IT automation tool. Ansible enables you to configure systems, deploy software, and perform advanced IT tasks such as continuous deployments or zero downtime rolling updates.
@ -1165,7 +1200,7 @@ the configuration of BunkerWeb is done by using specific role variables :
| Name | Type | Description | Default value |
| :-------------------: | :--------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.5.5` |
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.5.7` |
| `nginx_version` | string | Version of NGINX to install. | `1.24.0` |
| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |

56
docs/json2md.py
View file

@ -5,6 +5,12 @@ from json import loads
from glob import glob
from pathlib import Path
from pytablewriter import MarkdownTableWriter
import requests
import zipfile
import shutil
from contextlib import suppress
from os import getenv
def print_md_table(settings) -> MarkdownTableWriter:
@ -35,6 +41,10 @@ def stream_support(support) -> str:
return md
def pro_title(title: str) -> str:
return f"## {title} <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'>\n"
doc = StringIO()
print("# Settings\n", file=doc)
@ -66,20 +76,50 @@ with open("src/common/settings.json", "r") as f:
print(print_md_table(loads(f.read())), file=doc)
print(file=doc)
# Print core settings
print("## Core settings\n", file=doc)
# Get core plugins
core_settings = {}
for core in glob("src/common/core/*/plugin.json"):
with open(core, "r") as f:
core_plugin = loads(f.read())
if len(core_plugin["settings"]) > 0:
core_settings[core_plugin["name"]] = core_plugin
with suppress(Exception):
core_plugin = loads(f.read())
if len(core_plugin["settings"]) > 0:
core_settings[core_plugin["name"]] = core_plugin
for name, data in dict(sorted(core_settings.items())).items():
print(f"### {data['name']}\n", file=doc)
# Get PRO plugins
if getenv("VERSION"):
version = getenv("VERSION")
else:
with open("src/VERSION", "r") as f:
version = f.read().strip()
url = f"https://assets.bunkerity.com/bw-pro/preview/v{version}.zip"
response = requests.get(url)
response.raise_for_status()
Path(f"v{version}.zip").write_bytes(response.content)
with zipfile.ZipFile(f"v{version}.zip", "r") as zip_ref:
zip_ref.extractall(f"v{version}")
pro_settings = {}
for pro in glob(f"v{version}/*/plugin.json"):
with open(pro, "r") as f:
with suppress(Exception):
pro_plugin = loads(f.read())
core_settings[pro_plugin["name"]] = pro_plugin
core_settings[pro_plugin["name"]]["is_pro"] = True
# Print plugins and their settings
for data in dict(sorted(core_settings.items())).values():
pro_crown = ""
if "is_pro" in data:
pro_crown = " <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)\n"
print(f"## {data['name']}{pro_crown}\n", file=doc)
print(f"{stream_support(data['stream'])}\n", file=doc)
print(f"{data['description']}\n", file=doc)
print(print_md_table(data["settings"]), file=doc)
if data["settings"]:
print(print_md_table(data["settings"]), file=doc)
# Remove zip file
Path(f"v{version}.zip").unlink()
# Remove folder using shutil
shutil.rmtree(f"v{version}")
doc.seek(0)
content = doc.read()

41
docs/migrating.md
View file

@ -1,41 +0,0 @@
# Migrating from 1.4.X
!!! warning "Read this if you were a 1.4.X user"
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) folder of the repository.
## Scheduler
Back to the 1.4.X releases, jobs (like Let's Encrypt certificate generation/renewal or blacklists download) **were executed in the same container as BunkerWeb**. For the purpose of [separation of concerns](https://en.wikipedia.org/wiki/Separation_of_concerns), we decided to create a **separate service** which is now responsible for managing jobs.
Called **Scheduler**, this service also generates the final configuration used by BunkerWeb and acts as an intermediary between autoconf and BunkerWeb. In other words, the scheduler is the **brain of the BunkerWeb 1.5.X stack**.
You will find more information about the scheduler [here](concepts.md#scheduler).
## Database
BunkerWeb configuration is **no more stored in a plain file** (located at `/etc/nginx/variables.env` if you didn't know it). That's it, we now support a **fully-featured database as a backend** to store settings, cache, custom configs, ... 🥳
Using a real database offers many advantages :
- Backup of the current configuration
- Usage with multiple services (scheduler, web UI, ...)
- Upgrade to a new BunkerWeb version
Please note that we actually support, **SQLite**, **MySQL**, **MariaDB** and **PostgreSQL** as backends.
You will find more information about the database [here](concepts.md#database).
## Redis
When BunkerWeb 1.4.X was used in cluster mode (Swarm or Kubernetes integrations), **data were not shared among the nodes**. For example, if an attacker was banned via the "bad behavior" feature on a specific node, **he could still connect to the other nodes**.
Security is not the only reason to have a shared data store for clustered integrations, **caching** is also another one. We can now **store results** of time-consuming operations like (reverse) dns lookups so they are **available for other nodes**.
We actually support **Redis** as a backend for the shared data store.
See the list of [redis settings](settings.md#redis) and the corresponding documentation of your integration for more information.
## Default values and new settings
The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.

131
docs/overrides/main.html
View file

@ -1,23 +1,39 @@
{% extends "base.html" %} {% block outdated %} You're not viewing the
documentation of the latest version.
<a href="{{ '../' ~ base_url }}">
<strong>Click here to view latest.</strong>
</a>
{% endblock %} {% block announce %} 📢 Looking for technical support, tailored
consulting or custom development for BunkerWeb ? Visit the
<a
href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc"
style="color: #3f6ec6; text-decoration: underline"
>BunkerWeb Panel</a
>
for more information on our enterprise offers. {% endblock %} {% block libs %}
<script
async
defer
data-domain="docs.bunkerweb.io"
src="https://data.bunkerity.com/js/script.js"
></script>
<script defer>
{% extends "base.html" %}
{% block outdated %}
You're not viewing the
documentation of the latest version.
<a href="{{ '../' ~ base_url }}">
<strong>Click here to view latest.</strong>
</a>
{% endblock %}
{% block announce %}
📢 Looking for BunkerWeb PRO version, technical support or tailored services ? Visit the
<a href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc"
style="color: #3f6ec6;
text-decoration: underline">BunkerWeb Panel</a>
for more information on our enterprise offers.
{% endblock %}
{% block libs %}
<script async
defer
data-domain="docs.bunkerweb.io"
src="https://data.bunkerity.com/js/script.js"></script>
<script defer>
window.addEventListener('DOMContentLoaded', (e) => {
const customHeaders = document.querySelectorAll('[data-custom-header]')
customHeaders.forEach(header => {
const getHeaders = document.querySelectorAll(`#${header.getAttribute('id')}`);
getHeaders.forEach(el => {
if(!el.hasAttribute('data-custom-header')) el.remove()
})})
})
</script>
<script defer>
// Lazy load images and embed youtube videos
window.addEventListener("load", () => {
document.querySelectorAll("[data-src]").forEach((el) => {
@ -30,5 +46,78 @@ for more information on our enterprise offers. {% endblock %} {% block libs %}
.querySelector('div.md-search[data-md-component="search"][role="dialog"]')
.setAttribute("aria-label", "Search in documentation");
} catch (err) {}
</script>
</script>
<script defer>
window.addEventListener('DOMContentLoaded', () => {
const bannerEl = document.querySelector('aside.md-banner');
let defaultContent = [{ "content" : '<p>Get the most of BunkerWeb by upgrading to the PRO version. More info and free trial <a style="text-decoration:underline; color : white;" href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc#pro">here</a>.</p>'},
{ "content" : '<p>Need premium support or tailored consulting around BunkerWeb ? Check out our <a style="text-decoration:underline; color : white;" href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc#services">professional services</a>.</p>'},
{ "content" : '<p>Be part of the Bunker community by joining the <a style="text-decoration:underline; color: white;" href="https://discord.bunkerweb.io">Discord chat</a> and following us on <a style="text-decoration:underline; color: white;" href="https://www.linkedin.com/company/bunkerity/">LinkedIn</a>.</p>'}
]
function setBannerStyle() {
const bannerItem = bannerEl.querySelector('.md-banner__inner');
bannerEl.style.backgroundColor = "#2eac68";
bannerItem.style.textAlign = "center";
bannerItem.style.transition = "all 0.5s ease-out";
}
function setDefault() {
const bannerItem = bannerEl.querySelector('.md-banner__inner');
const clone = bannerItem.cloneNode(true);
clone.innerHTML = defaultContent[0]["content"];
bannerEl.replaceChild(clone, bannerItem);
}
function startBannerLoop() {
const switchDelay = 7000;
let i = 0;
setInterval(() => {
// Update or reset index
if(i + 1 === defaultContent.length) {
i = 0;
} else {
i++;
}
// Prepare data with next el with opacity 0 too
const currItem = bannerEl.querySelector('.md-banner__inner');
currItem.style.opacity = 0;
const clone = currItem.cloneNode(true);
clone.innerHTML = defaultContent[i]["content"];
setTimeout(() => {
bannerEl.replaceChild(clone, currItem);
setTimeout(() => {
const newItem = bannerEl.querySelector('.md-banner__inner');
newItem.style.opacity = 1;
}, 20);
}, 600);
}, switchDelay);
}
function runBanner() {
// Try to get dynamic content
// Else keep static ones
fetch("https://www.bunkerweb.io/api/bw-ui-news")
.then((res) => {
return res.json();
})
.then((res) => {
defaultContent = res.data[0].data;
startBannerLoop();
})
.catch((e) => {
startBannerLoop();
});
}
setBannerStyle();
setDefault();
runBanner()
})
</script>
{% endblock %}

208
docs/plugins.md
View file

@ -8,13 +8,13 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| Name | Version | Description | Link |
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
| **ClamAV** | 1.3 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.3 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.3 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.3 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.3 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.3 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
| **ClamAV** | 1.4 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.4 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.4 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.4 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.4 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.4 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.4 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
## How to use a plugin
@ -22,7 +22,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
If you want to quickly install external plugins, you can use the `EXTERNAL_PLUGIN_URLS` setting. It takes a list of URLs, separated with space, pointing to compressed (zip format) archive containing one or more plugin(s).
You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.3.zip`
You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.4.zip`
### Manual
@ -45,11 +45,44 @@ The first step is to install the plugin by putting the plugin files inside the c
cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
```
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
!!! warning "Using local folder for persistent data"
The scheduler runs as an **unprivileged user with UID 101 and GID 101** inside the container. The reason behind this is security : in case a vulnerability is exploited, the attacker won't have full root (UID/GID 0) privileges.
But there is a downside : if you use a **local folder for the persistent data**, you will need to **set the correct permissions** so the unprivileged user can write data to it. Something like that should do the trick :
```shell
chown -R 101:101 ./bw-data
```
```shell
mkdir bw-data && \
chown root:101 bw-data && \
chmod 770 bw-data
```
Alternatively, if the folder already exists :
```shell
chown -R root:101 bw-data && \
chmod -R 770 bw-data
```
If you are using [Docker in rootless mode](https://docs.docker.com/engine/security/rootless) or [podman](https://podman.io/), UIDs and GIDs in the container will be mapped to different ones in the host. You will first need to check your initial subuid and subgid :
```shell
grep ^$(whoami): /etc/subuid && \
grep ^$(whoami): /etc/subgid
```
For example, if you have a value of **100000**, the mapped UID/GID will be **100100** (100000 + 100) :
```shell
mkdir bw-data && \
sudo chgrp 100100 bw-data && \
chmod 770 bw-data
```
Or if the folder already exists :
```shell
sudo chgrp -R 100100 bw-data && \
chmod -R 770 bw-data
```
Then you can mount the volume when starting your Docker stack :
@ -58,7 +91,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
volumes:
- ./bw-data:/data
...
@ -95,7 +128,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
volumes:
- ./bw-data:/data
...
@ -134,7 +167,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -181,7 +214,7 @@ The first step is to install the plugin by putting the plugin files inside the c
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -260,9 +293,36 @@ The first step is to install the plugin by putting the plugin files inside the c
## Writing a plugin
### Structure
!!! tip "Existing plugins"
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
What a plugin structure looks like :
```
plugin /
confs / conf_type / conf_name.conf
ui / actions.py
template.html
jobs / my-job.py
plugin.lua
plugin.json
```
- **conf_name.conf** : add [custom NGINX configurations](quickstart-guide.md#custom-configurations) (as jinja2 templates)
- **actions.py** : script to execute on flask server, this script is running on flask context, you have access to lib and utils like `jinja2`, `requests`, etc...
- **template.html** : custom plugin page you can access from ui
- **jobs py file** : custom python files executed as jobs by the scheduler
- **plugin.lua** : code to execute on NGINX using [NGINX LUA module](https://github.com/openresty/lua-nginx-module)
- **plugin.json** : metadata, settings and jobs for your settings
### Getting started
The first step is to create a folder that will contain the plugin :
@ -339,7 +399,7 @@ Each job has the following fields :
### Configurations
You can add custom NGINX configurations by adding a folder named **confs** with content similar to the [custom configurations](quickstart-guide.md#custom-configurations). Each subfolder inside the **confs** will contain [jinja2](https://jinja.palletsprojects.com) templates that will be generated and loaded at the corresponding context (`http`, `server-http`, `default-server-http`, `stream` and `server-stream`).
You can add custom NGINX configurations by adding a folder named **confs** with content similar to the [custom configurations](quickstart-guide.md#custom-configurations). Each subfolder inside the **confs** will contain [jinja2](https://jinja.palletsprojects.com) templates that will be generated and loaded at the corresponding context (`http`, `server-http`, `default-server-http`, `stream`, `server-stream`, `modsec` and `modsec-crs`).
Here is an example for a configuration template file inside the **confs/server-http** folder named **example.conf** :
@ -369,8 +429,8 @@ local utils = require "bunkerweb.utils"
local myplugin = class("myplugin", plugin)
function myplugin:initialize()
plugin.initialize(self, "myplugin")
function myplugin:initialize(ctx)
plugin.initialize(self, "myplugin", ctx)
self.dummy = "dummy"
end
@ -507,7 +567,7 @@ end
!!! tip "More examples"
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/src/bw/lua/bunkerweb) of the repository.
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/src/bw/lua/bunkerweb) of the repository.
### Jobs
@ -515,43 +575,111 @@ BunkerWeb uses an internal job scheduler for periodic tasks like renewing certif
### Plugin page
Plugin pages are used to display information about your plugin and interact with the user inside the plugins section of the [web UI](web-ui.md).
Everything related to the web UI is located inside the subfolder **ui** as we seen in the [previous structure section.](#structure).
Everything related to the web UI is located inside a subfolder named **ui** at the root directory of your plugin. A template file named **template.html** and located inside the **ui** subfolder contains the client code and logic to display your page. Another file named **actions.py** and also located inside the **ui** subfolder contains code that will be executed when the user is interacting with your page (filling a form for example).
#### Prerequisites
When you want to create a plugin page, you need two files :
- **template.html** that will be accessible with a **GET /plugins/<*plugin_id*>**.
- **actions.py** where you can add some scripting and logic with a **POST /plugins/<*plugin_id*>**. Notice that this file **need a function with the same name as the plugin** to work. This file is needed even if the function is empty.
#### Basic example
!!! info "Jinja 2 template"
The **template.html** file is a Jinja2 template, please refer to the [Jinja2 documentation](https://jinja.palletsprojects.com) if needed.
A plugin page can have a form that is used to submit data to the plugin. To get the values of the form, you need to put a **actions.py** file in the **ui** folder. Inside the file, **you must define a function that has the same name as the plugin**. This function will be called when the form is submitted. You can then use the **request** object (from the [Flask library](https://flask.palletsprojects.com)) to get the values of the form. The form's action must finish with **/plugins/<*plugin_id*>**. The helper function `url_for` will generate for you the prefix of the URL : `{{ url_for('plugins') }}/plugin_id`.
We can put aside the **actions.py** file and start **only using the template on a GET situation**. The template can access app context and libs, so you can use Jinja, request or flask utils.
If you want to display variables generated from your **actions.py** in your template file, you can return a dictionary with variables name as keys and variables value as values. Here is dummy example where we return a single variable :
For example, you can get the request arguments in your template like this :
```html
<p>request args : {{ request.args.get() }}.</p>
```
#### Actions.py
!!! warning "CSRF Token"
Please note that every form submission is protected via a CSRF token, you will need to include the following snippet into your forms :
```html
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
```
You can power-up your plugin page with additional scripting with the **actions.py** file when sending a **POST /plugins/<*plugin_id*>**.
You have two functions by default in **actions.py** :
**pre_render function**
This allows you to retrieve data when you **GET** the template, and to use the data with the pre_render variable available in Jinja to display content more dynamically.
```python
def myplugin() :
return {"foo": "bar"}
def pre_render(**kwargs)
return <pre_render_data>
```
And we display it in the **template.html** file :
```html
{% if foo %}
Content of foo is : {{ foo }}.
{% endif %}
BunkerWeb will send you this type of response :
```python
return jsonify({"status": "ok|ko", "code" : XXX, "data": <pre_render_data>}), 200
```
Please note that every form submission is protected via a CSRF token, you will need to include the following snippet into your forms :
```html
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
**<*plugin_id*> function**
This allows you to retrieve data when you make a **POST** from the template endpoint, which must be used in AJAX.
```python
def myplugin(**kwargs)
return <plugin_id_data>
```
Retrieving user submitted data is pretty simple, thanks to the request module provided by Flask :
BunkerWeb will send you this type of response :
```python
return jsonify({"message": "ok", "data": <plugin_id_data>}), 200
```
**What you can access from action.py**
Here are the arguments that are passed and access on action.py functions:
```python
function(app=app, args=request.args.to_dict() or request.json or None)
```
!!! info "Python libraries"
In addition, you can use Python libraries that are already available like :
`Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blobsrc/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
**Some examples**
- Retrieve form submitted data
```python
from flask import request
def myplugin() :
def myplugin(**kwargs) :
my_form_value = request.form["my_form_input"]
return my_form_value
```
!!! info "Python libraries"
You can use Python libraries that are already available like :
`Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blobsrc/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
- Access app config
**action.py**
```python
from flask import request
def pre_render(**kwargs) :
config = kwargs['app'].config["CONFIG"].get_config(methods=False)
return config
```
**template**
```html
<!-- metadata + config -->
<div>{{ pre_render }}</div>
```

4
docs/professional-services.md
View file

@ -4,9 +4,11 @@
Since BunkerWeb is a free (as in freedom) software, you've the right to use it freely as long as you respect the [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html).
You can also upgrade BunkerWeb to the PRO version at any time. By doing so, you will get an enhanced experience to assist you in the security of your web services. Our goal is to help you focus on your business needs. The PRO version is updated regularly and we try our best to gather feedbacks from enterprises to include the needed features.
But dedicating time to a specific technology may not be easy depending on your business priorities. Not mentioning that cybersecurity is complex domain where being both judge and jury is not recommended.
Getting professional services in addition to the open-source solution is the ideal solution to cover your business needs. You can focus on your top priorities and rely on a trusted partner when it comes to web security.
Getting professional services in addition to the open-source or PRO version is the ideal solution to cover your business needs. You can focus on your top priorities and rely on a trusted partner when it comes to web security.
Please note that professionnal services are directly offered by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), the company maintaining the BunkerWeb project, through our [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) online platform.

112
docs/quickstart-guide.md
View file

@ -6,7 +6,7 @@
!!! tip "Going further"
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/examples) of the repository to get real-world examples.
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/examples) of the repository to get real-world examples.
## Protect HTTP applications
@ -32,12 +32,12 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -48,13 +48,13 @@ You will find more settings about reverse proxy in the [settings section](settin
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -102,7 +102,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -111,7 +111,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp:8080"
networks:
bw-services:
@ -128,7 +128,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -141,7 +141,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp:8080"
networks:
bw-services:
@ -174,9 +174,9 @@ You will find more settings about reverse proxy in the [settings section](settin
spec:
containers:
- name: app
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -188,7 +188,7 @@ You will find more settings about reverse proxy in the [settings section](settin
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
```
Here is the corresponding Ingress definition to serve and protect the web application :
@ -376,22 +376,22 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -403,15 +403,15 @@ You will find more settings about reverse proxy in the [settings section](settin
- SERVER_NAME=app1.example.com app2.example.com app3.example.com
- USE_REVERSE_PROXY=yes # Will be applied to all server config
- REVERSE_PROXY_URL=/ # Will be applied to all server config
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2
- app3.example.com_REVERSE_PROXY_HOST=http://myapp3
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1:8080
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2:8080
- app3.example.com_REVERSE_PROXY_HOST=http://myapp3:8080
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -458,7 +458,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -467,10 +467,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app1.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -479,10 +479,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app2.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -491,7 +491,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app3.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
networks:
bw-services:
@ -508,7 +508,7 @@ You will find more settings about reverse proxy in the [settings section](settin
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -521,10 +521,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app1.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -537,10 +537,10 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app2.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -553,7 +553,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- "bunkerweb.SERVER_NAME=app3.example.com"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
networks:
bw-services:
@ -586,9 +586,9 @@ You will find more settings about reverse proxy in the [settings section](settin
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -600,7 +600,7 @@ You will find more settings about reverse proxy in the [settings section](settin
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
```
Here is the corresponding Ingress definition to serve and protect the web applications :
@ -830,7 +830,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
...
environment:
- USE_REAL_IP=yes
@ -845,7 +845,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
...
environment:
- USE_REAL_IP=yes
@ -860,7 +860,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
...
environment:
- USE_REAL_IP=yes
@ -980,7 +980,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
...
environment:
- USE_REAL_IP=yes
@ -996,7 +996,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
...
environment:
- USE_REAL_IP=yes
@ -1012,7 +1012,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
...
environment:
- USE_REAL_IP=yes
@ -1159,7 +1159,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080 # Keep it if you want to use Let's Encrypt automation
- 10000:10000 # app1
@ -1181,7 +1181,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -1230,7 +1230,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080 # Keep it if you want to use Let's Encrypt automation
- 10000:10000 # app1
@ -1288,7 +1288,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
# Keep it if you want to use Let's Encrypt automation
- published: 80
@ -1476,7 +1476,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
...
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1519,7 +1519,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
volumes:
- ./bw-data:/data
...
@ -1546,7 +1546,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
labels:
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1589,7 +1589,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
volumes:
- ./bw-data:/data
...
@ -1822,7 +1822,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
volumes:
- ./www:/var/www/html
ports:
@ -1845,7 +1845,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -1923,7 +1923,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
volumes:
- ./www:/var/www/html
labels:
@ -1937,7 +1937,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -2081,7 +2081,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
volumes:
- /shared/www:/var/www/html
...
@ -2364,7 +2364,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
environment:
- USE_IPv6=yes
@ -2409,7 +2409,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
environment:
- USE_IPv6=yes

5
docs/requirements.in
View file

@ -1,5 +1,4 @@
mike==2.0.0
mkdocs==1.5.3
mkdocs-material[imaging]==9.5.4
mkdocs-print-site-plugin==2.3.6
mkdocs-material[imaging]==9.5.18
mkdocs-print-site-plugin==2.4.0
pytablewriter==1.2.0

616
docs/requirements.txt
View file

@ -16,9 +16,9 @@ cairosvg==2.7.1 \
--hash=sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0 \
--hash=sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b
# via mkdocs-material
certifi==2023.11.17 \
--hash=sha256:9b469f3a900bf28dc19b8cfbf8019bf47f7fdd1a65a1d4ffb98fc14166beb4d1 \
--hash=sha256:e036ab49d5b79556f99cfc2d9320b34cfbe5be05c5871b51de9329f0603b0474
certifi==2024.2.2 \
--hash=sha256:0569859f95fc761b18b45ef421b1290a0f65f147e92a1e5eb3e635f9a5e4e66f \
--hash=sha256:dc383c07b76109f368f6106eee2b593b04a011ea4d55f652c6ca24a754d1cdd1
# via requests
cffi==1.16.0 \
--hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \
@ -196,20 +196,20 @@ ghp-import==2.1.0 \
--hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \
--hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343
# via mkdocs
idna==3.6 \
--hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \
--hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f
idna==3.7 \
--hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \
--hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0
# via requests
importlib-metadata==7.0.1 \
--hash=sha256:4805911c3a4ec7c3966410053e9ec6a1fecd629117df5adee56dfc9432a1081e \
--hash=sha256:f238736bb06590ae52ac1fab06a3a9ef1d8dce2b7a35b5ab329371d6c8f5d2cc
importlib-metadata==7.1.0 \
--hash=sha256:30962b96c0c223483ed6cc7280e7f0199feb01a0e40cfae4d4450fc6fab1f570 \
--hash=sha256:b78938b926ee8d5f020fc4772d487045805a55ddbad2ecf21c6d60938dc7fcd2
# via
# markdown
# mike
# mkdocs
importlib-resources==6.1.1 \
--hash=sha256:3893a00122eafde6894c59914446a512f728a0c1a45f9bb9b63721b6bacf0b4a \
--hash=sha256:e8bf90d8213b486f428c9c39714b920041cb02c184686a3dee24905aaa8105d6
importlib-resources==6.4.0 \
--hash=sha256:50d10f043df931902d4194ea07ec57960f66a80449ff867bfe782b4c486ba78c \
--hash=sha256:cdb2b453b8046ca4e3798eb1d84f3cce1446a0e8e7b5ef4efb600f19fc398145
# via mike
jinja2==3.1.3 \
--hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \
@ -218,74 +218,74 @@ jinja2==3.1.3 \
# mike
# mkdocs
# mkdocs-material
markdown==3.5.2 \
--hash=sha256:d43323865d89fc0cb9b20c75fc8ad313af307cc087e84b657d9eec768eddeadd \
--hash=sha256:e1ac7b3dc550ee80e602e71c1d168002f062e49f1b11e26a36264dafd4df2ef8
markdown==3.6 \
--hash=sha256:48f276f4d8cfb8ce6527c8f79e2ee29708508bf4d40aa410fbc3b4ee832c850f \
--hash=sha256:ed4f41f6daecbeeb96e576ce414c41d2d876daa9a16cb35fa8ed8c2ddfad0224
# via
# mkdocs
# mkdocs-material
# pymdown-extensions
markupsafe==2.1.4 \
--hash=sha256:0042d6a9880b38e1dd9ff83146cc3c9c18a059b9360ceae207805567aacccc69 \
--hash=sha256:0c26f67b3fe27302d3a412b85ef696792c4a2386293c53ba683a89562f9399b0 \
--hash=sha256:0fbad3d346df8f9d72622ac71b69565e621ada2ce6572f37c2eae8dacd60385d \
--hash=sha256:15866d7f2dc60cfdde12ebb4e75e41be862348b4728300c36cdf405e258415ec \
--hash=sha256:1c98c33ffe20e9a489145d97070a435ea0679fddaabcafe19982fe9c971987d5 \
--hash=sha256:21e7af8091007bf4bebf4521184f4880a6acab8df0df52ef9e513d8e5db23411 \
--hash=sha256:23984d1bdae01bee794267424af55eef4dfc038dc5d1272860669b2aa025c9e3 \
--hash=sha256:31f57d64c336b8ccb1966d156932f3daa4fee74176b0fdc48ef580be774aae74 \
--hash=sha256:3583a3a3ab7958e354dc1d25be74aee6228938312ee875a22330c4dc2e41beb0 \
--hash=sha256:36d7626a8cca4d34216875aee5a1d3d654bb3dac201c1c003d182283e3205949 \
--hash=sha256:396549cea79e8ca4ba65525470d534e8a41070e6b3500ce2414921099cb73e8d \
--hash=sha256:3a66c36a3864df95e4f62f9167c734b3b1192cb0851b43d7cc08040c074c6279 \
--hash=sha256:3aae9af4cac263007fd6309c64c6ab4506dd2b79382d9d19a1994f9240b8db4f \
--hash=sha256:3ab3a886a237f6e9c9f4f7d272067e712cdb4efa774bef494dccad08f39d8ae6 \
--hash=sha256:47bb5f0142b8b64ed1399b6b60f700a580335c8e1c57f2f15587bd072012decc \
--hash=sha256:49a3b78a5af63ec10d8604180380c13dcd870aba7928c1fe04e881d5c792dc4e \
--hash=sha256:4df98d4a9cd6a88d6a585852f56f2155c9cdb6aec78361a19f938810aa020954 \
--hash=sha256:5045e892cfdaecc5b4c01822f353cf2c8feb88a6ec1c0adef2a2e705eef0f656 \
--hash=sha256:5244324676254697fe5c181fc762284e2c5fceeb1c4e3e7f6aca2b6f107e60dc \
--hash=sha256:54635102ba3cf5da26eb6f96c4b8c53af8a9c0d97b64bdcb592596a6255d8518 \
--hash=sha256:54a7e1380dfece8847c71bf7e33da5d084e9b889c75eca19100ef98027bd9f56 \
--hash=sha256:55d03fea4c4e9fd0ad75dc2e7e2b6757b80c152c032ea1d1de487461d8140efc \
--hash=sha256:698e84142f3f884114ea8cf83e7a67ca8f4ace8454e78fe960646c6c91c63bfa \
--hash=sha256:6aa5e2e7fc9bc042ae82d8b79d795b9a62bd8f15ba1e7594e3db243f158b5565 \
--hash=sha256:7653fa39578957bc42e5ebc15cf4361d9e0ee4b702d7d5ec96cdac860953c5b4 \
--hash=sha256:765f036a3d00395a326df2835d8f86b637dbaf9832f90f5d196c3b8a7a5080cb \
--hash=sha256:78bc995e004681246e85e28e068111a4c3f35f34e6c62da1471e844ee1446250 \
--hash=sha256:7a07f40ef8f0fbc5ef1000d0c78771f4d5ca03b4953fc162749772916b298fc4 \
--hash=sha256:8b570a1537367b52396e53325769608f2a687ec9a4363647af1cded8928af959 \
--hash=sha256:987d13fe1d23e12a66ca2073b8d2e2a75cec2ecb8eab43ff5624ba0ad42764bc \
--hash=sha256:9896fca4a8eb246defc8b2a7ac77ef7553b638e04fbf170bff78a40fa8a91474 \
--hash=sha256:9e9e3c4020aa2dc62d5dd6743a69e399ce3de58320522948af6140ac959ab863 \
--hash=sha256:a0b838c37ba596fcbfca71651a104a611543077156cb0a26fe0c475e1f152ee8 \
--hash=sha256:a4d176cfdfde84f732c4a53109b293d05883e952bbba68b857ae446fa3119b4f \
--hash=sha256:a76055d5cb1c23485d7ddae533229039b850db711c554a12ea64a0fd8a0129e2 \
--hash=sha256:a76cd37d229fc385738bd1ce4cba2a121cf26b53864c1772694ad0ad348e509e \
--hash=sha256:a7cc49ef48a3c7a0005a949f3c04f8baa5409d3f663a1b36f0eba9bfe2a0396e \
--hash=sha256:abf5ebbec056817057bfafc0445916bb688a255a5146f900445d081db08cbabb \
--hash=sha256:b0fe73bac2fed83839dbdbe6da84ae2a31c11cfc1c777a40dbd8ac8a6ed1560f \
--hash=sha256:b6f14a9cd50c3cb100eb94b3273131c80d102e19bb20253ac7bd7336118a673a \
--hash=sha256:b83041cda633871572f0d3c41dddd5582ad7d22f65a72eacd8d3d6d00291df26 \
--hash=sha256:b835aba863195269ea358cecc21b400276747cc977492319fd7682b8cd2c253d \
--hash=sha256:bf1196dcc239e608605b716e7b166eb5faf4bc192f8a44b81e85251e62584bd2 \
--hash=sha256:c669391319973e49a7c6230c218a1e3044710bc1ce4c8e6eb71f7e6d43a2c131 \
--hash=sha256:c7556bafeaa0a50e2fe7dc86e0382dea349ebcad8f010d5a7dc6ba568eaaa789 \
--hash=sha256:c8f253a84dbd2c63c19590fa86a032ef3d8cc18923b8049d91bcdeeb2581fbf6 \
--hash=sha256:d18b66fe626ac412d96c2ab536306c736c66cf2a31c243a45025156cc190dc8a \
--hash=sha256:d5291d98cd3ad9a562883468c690a2a238c4a6388ab3bd155b0c75dd55ece858 \
--hash=sha256:d5c31fe855c77cad679b302aabc42d724ed87c043b1432d457f4976add1c2c3e \
--hash=sha256:d6e427c7378c7f1b2bef6a344c925b8b63623d3321c09a237b7cc0e77dd98ceb \
--hash=sha256:dac1ebf6983148b45b5fa48593950f90ed6d1d26300604f321c74a9ca1609f8e \
--hash=sha256:de8153a7aae3835484ac168a9a9bdaa0c5eee4e0bc595503c95d53b942879c84 \
--hash=sha256:e1a0d1924a5013d4f294087e00024ad25668234569289650929ab871231668e7 \
--hash=sha256:e7902211afd0af05fbadcc9a312e4cf10f27b779cf1323e78d52377ae4b72bea \
--hash=sha256:e888ff76ceb39601c59e219f281466c6d7e66bd375b4ec1ce83bcdc68306796b \
--hash=sha256:f06e5a9e99b7df44640767842f414ed5d7bedaaa78cd817ce04bbd6fd86e2dd6 \
--hash=sha256:f6be2d708a9d0e9b0054856f07ac7070fbe1754be40ca8525d5adccdbda8f475 \
--hash=sha256:f9917691f410a2e0897d1ef99619fd3f7dd503647c8ff2475bf90c3cf222ad74 \
--hash=sha256:fc1a75aa8f11b87910ffd98de62b29d6520b6d6e8a3de69a70ca34dea85d2a8a \
--hash=sha256:fe8512ed897d5daf089e5bd010c3dc03bb1bdae00b35588c49b98268d4a01e00
markupsafe==2.1.5 \
--hash=sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf \
--hash=sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff \
--hash=sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f \
--hash=sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3 \
--hash=sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532 \
--hash=sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f \
--hash=sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617 \
--hash=sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df \
--hash=sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4 \
--hash=sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906 \
--hash=sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f \
--hash=sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4 \
--hash=sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8 \
--hash=sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371 \
--hash=sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2 \
--hash=sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465 \
--hash=sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52 \
--hash=sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6 \
--hash=sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169 \
--hash=sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad \
--hash=sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2 \
--hash=sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0 \
--hash=sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029 \
--hash=sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f \
--hash=sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a \
--hash=sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced \
--hash=sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5 \
--hash=sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c \
--hash=sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf \
--hash=sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9 \
--hash=sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb \
--hash=sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad \
--hash=sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3 \
--hash=sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1 \
--hash=sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46 \
--hash=sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc \
--hash=sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a \
--hash=sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee \
--hash=sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900 \
--hash=sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5 \
--hash=sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea \
--hash=sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f \
--hash=sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5 \
--hash=sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e \
--hash=sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a \
--hash=sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f \
--hash=sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50 \
--hash=sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a \
--hash=sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b \
--hash=sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4 \
--hash=sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff \
--hash=sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2 \
--hash=sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46 \
--hash=sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b \
--hash=sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf \
--hash=sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5 \
--hash=sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5 \
--hash=sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab \
--hash=sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd \
--hash=sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68
# via
# jinja2
# mkdocs
@ -308,27 +308,25 @@ mkdocs==1.5.3 \
--hash=sha256:3b3a78e736b31158d64dbb2f8ba29bd46a379d0c6e324c2246c3bc3d2189cfc1 \
--hash=sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2
# via
# -r requirements.in
# mike
# mkdocs-material
mkdocs-material==9.5.4 \
--hash=sha256:3d196ee67fad16b2df1a458d650a8ac1890294eaae368d26cee71bc24ad41c40 \
--hash=sha256:efd7cc8ae03296d728da9bd38f4db8b07ab61f9738a0cbd0dfaf2a15a50e7343
mkdocs-material==9.5.18 \
--hash=sha256:1e0e27fc9fe239f9064318acf548771a4629d5fd5dfd45444fd80a953fe21eb4 \
--hash=sha256:a43f470947053fa2405c33995f282d24992c752a50114f23f30da9d8d0c57e62
# via
# -r requirements.in
# mkdocs-material
# mkdocs-print-site-plugin
mkdocs-material-extensions==1.3.1 \
--hash=sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443 \
--hash=sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31
# via mkdocs-material
mkdocs-print-site-plugin==2.3.6 \
--hash=sha256:01ccb1ceccc87f29e1612bebb77c3bf9980809fbce750fc2113f9d6acea589d4 \
--hash=sha256:82e5cabcfb7fe3074daecea018f28ccb4bff086f965e3103fe91019a76752f22
mkdocs-print-site-plugin==2.4.0 \
--hash=sha256:2257e8116cdea6c4063a2bbd84c8cf00ace62de4cb2e09516124a08c20fc2033 \
--hash=sha256:b44d4533c5be8bd4676d61ff9b8a946dc340ef5e745a8c60fe1072e22032b2d8
# via -r requirements.in
packaging==23.2 \
--hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
--hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
packaging==24.0 \
--hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \
--hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9
# via
# mkdocs
# typepy
@ -343,109 +341,112 @@ pathvalidate==3.2.0 \
--hash=sha256:5e8378cf6712bff67fbe7a8307d99fa8c1a0cb28aa477056f8fc374f0dff24ad \
--hash=sha256:cc593caa6299b22b37f228148257997e2fa850eea2daf7e4cc9205cef6908dee
# via pytablewriter
pillow==9.5.0 \
--hash=sha256:07999f5834bdc404c442146942a2ecadd1cb6292f5229f4ed3b31e0a108746b1 \
--hash=sha256:0852ddb76d85f127c135b6dd1f0bb88dbb9ee990d2cd9aa9e28526c93e794fba \
--hash=sha256:1781a624c229cb35a2ac31cc4a77e28cafc8900733a864870c49bfeedacd106a \
--hash=sha256:1e7723bd90ef94eda669a3c2c19d549874dd5badaeefabefd26053304abe5799 \
--hash=sha256:229e2c79c00e85989a34b5981a2b67aa079fd08c903f0aaead522a1d68d79e51 \
--hash=sha256:22baf0c3cf0c7f26e82d6e1adf118027afb325e703922c8dfc1d5d0156bb2eeb \
--hash=sha256:252a03f1bdddce077eff2354c3861bf437c892fb1832f75ce813ee94347aa9b5 \
--hash=sha256:2dfaaf10b6172697b9bceb9a3bd7b951819d1ca339a5ef294d1f1ac6d7f63270 \
--hash=sha256:322724c0032af6692456cd6ed554bb85f8149214d97398bb80613b04e33769f6 \
--hash=sha256:35f6e77122a0c0762268216315bf239cf52b88865bba522999dc38f1c52b9b47 \
--hash=sha256:375f6e5ee9620a271acb6820b3d1e94ffa8e741c0601db4c0c4d3cb0a9c224bf \
--hash=sha256:3ded42b9ad70e5f1754fb7c2e2d6465a9c842e41d178f262e08b8c85ed8a1d8e \
--hash=sha256:432b975c009cf649420615388561c0ce7cc31ce9b2e374db659ee4f7d57a1f8b \
--hash=sha256:482877592e927fd263028c105b36272398e3e1be3269efda09f6ba21fd83ec66 \
--hash=sha256:489f8389261e5ed43ac8ff7b453162af39c3e8abd730af8363587ba64bb2e865 \
--hash=sha256:54f7102ad31a3de5666827526e248c3530b3a33539dbda27c6843d19d72644ec \
--hash=sha256:560737e70cb9c6255d6dcba3de6578a9e2ec4b573659943a5e7e4af13f298f5c \
--hash=sha256:5671583eab84af046a397d6d0ba25343c00cd50bce03787948e0fff01d4fd9b1 \
--hash=sha256:5ba1b81ee69573fe7124881762bb4cd2e4b6ed9dd28c9c60a632902fe8db8b38 \
--hash=sha256:5d4ebf8e1db4441a55c509c4baa7a0587a0210f7cd25fcfe74dbbce7a4bd1906 \
--hash=sha256:60037a8db8750e474af7ffc9faa9b5859e6c6d0a50e55c45576bf28be7419705 \
--hash=sha256:608488bdcbdb4ba7837461442b90ea6f3079397ddc968c31265c1e056964f1ef \
--hash=sha256:6608ff3bf781eee0cd14d0901a2b9cc3d3834516532e3bd673a0a204dc8615fc \
--hash=sha256:662da1f3f89a302cc22faa9f14a262c2e3951f9dbc9617609a47521c69dd9f8f \
--hash=sha256:7002d0797a3e4193c7cdee3198d7c14f92c0836d6b4a3f3046a64bd1ce8df2bf \
--hash=sha256:763782b2e03e45e2c77d7779875f4432e25121ef002a41829d8868700d119392 \
--hash=sha256:77165c4a5e7d5a284f10a6efaa39a0ae8ba839da344f20b111d62cc932fa4e5d \
--hash=sha256:7c9af5a3b406a50e313467e3565fc99929717f780164fe6fbb7704edba0cebbe \
--hash=sha256:7ec6f6ce99dab90b52da21cf0dc519e21095e332ff3b399a357c187b1a5eee32 \
--hash=sha256:833b86a98e0ede388fa29363159c9b1a294b0905b5128baf01db683672f230f5 \
--hash=sha256:84a6f19ce086c1bf894644b43cd129702f781ba5751ca8572f08aa40ef0ab7b7 \
--hash=sha256:8507eda3cd0608a1f94f58c64817e83ec12fa93a9436938b191b80d9e4c0fc44 \
--hash=sha256:85ec677246533e27770b0de5cf0f9d6e4ec0c212a1f89dfc941b64b21226009d \
--hash=sha256:8aca1152d93dcc27dc55395604dcfc55bed5f25ef4c98716a928bacba90d33a3 \
--hash=sha256:8d935f924bbab8f0a9a28404422da8af4904e36d5c33fc6f677e4c4485515625 \
--hash=sha256:8f36397bf3f7d7c6a3abdea815ecf6fd14e7fcd4418ab24bae01008d8d8ca15e \
--hash=sha256:91ec6fe47b5eb5a9968c79ad9ed78c342b1f97a091677ba0e012701add857829 \
--hash=sha256:965e4a05ef364e7b973dd17fc765f42233415974d773e82144c9bbaaaea5d089 \
--hash=sha256:96e88745a55b88a7c64fa49bceff363a1a27d9a64e04019c2281049444a571e3 \
--hash=sha256:99eb6cafb6ba90e436684e08dad8be1637efb71c4f2180ee6b8f940739406e78 \
--hash=sha256:9adf58f5d64e474bed00d69bcd86ec4bcaa4123bfa70a65ce72e424bfb88ed96 \
--hash=sha256:9b1af95c3a967bf1da94f253e56b6286b50af23392a886720f563c547e48e964 \
--hash=sha256:a0aa9417994d91301056f3d0038af1199eb7adc86e646a36b9e050b06f526597 \
--hash=sha256:a0f9bb6c80e6efcde93ffc51256d5cfb2155ff8f78292f074f60f9e70b942d99 \
--hash=sha256:a127ae76092974abfbfa38ca2d12cbeddcdeac0fb71f9627cc1135bedaf9d51a \
--hash=sha256:aaf305d6d40bd9632198c766fb64f0c1a83ca5b667f16c1e79e1661ab5060140 \
--hash=sha256:aca1c196f407ec7cf04dcbb15d19a43c507a81f7ffc45b690899d6a76ac9fda7 \
--hash=sha256:ace6ca218308447b9077c14ea4ef381ba0b67ee78d64046b3f19cf4e1139ad16 \
--hash=sha256:b416f03d37d27290cb93597335a2f85ed446731200705b22bb927405320de903 \
--hash=sha256:bf548479d336726d7a0eceb6e767e179fbde37833ae42794602631a070d630f1 \
--hash=sha256:c1170d6b195555644f0616fd6ed929dfcf6333b8675fcca044ae5ab110ded296 \
--hash=sha256:c380b27d041209b849ed246b111b7c166ba36d7933ec6e41175fd15ab9eb1572 \
--hash=sha256:c446d2245ba29820d405315083d55299a796695d747efceb5717a8b450324115 \
--hash=sha256:c830a02caeb789633863b466b9de10c015bded434deb3ec87c768e53752ad22a \
--hash=sha256:cb841572862f629b99725ebaec3287fc6d275be9b14443ea746c1dd325053cbd \
--hash=sha256:cfa4561277f677ecf651e2b22dc43e8f5368b74a25a8f7d1d4a3a243e573f2d4 \
--hash=sha256:cfcc2c53c06f2ccb8976fb5c71d448bdd0a07d26d8e07e321c103416444c7ad1 \
--hash=sha256:d3c6b54e304c60c4181da1c9dadf83e4a54fd266a99c70ba646a9baa626819eb \
--hash=sha256:d3d403753c9d5adc04d4694d35cf0391f0f3d57c8e0030aac09d7678fa8030aa \
--hash=sha256:d9c206c29b46cfd343ea7cdfe1232443072bbb270d6a46f59c259460db76779a \
--hash=sha256:e49eb4e95ff6fd7c0c402508894b1ef0e01b99a44320ba7d8ecbabefddcc5569 \
--hash=sha256:f8286396b351785801a976b1e85ea88e937712ee2c3ac653710a4a57a8da5d9c \
--hash=sha256:f8fc330c3370a81bbf3f88557097d1ea26cd8b019d6433aa59f71195f5ddebbf \
--hash=sha256:fbd359831c1657d69bb81f0db962905ee05e5e9451913b18b831febfe0519082 \
--hash=sha256:fe7e1c262d3392afcf5071df9afa574544f28eac825284596ac6db56e6d11062 \
--hash=sha256:fed1e1cf6a42577953abbe8e6cf2fe2f566daebde7c34724ec8803c4c0cda579
pillow==10.3.0 \
--hash=sha256:048ad577748b9fa4a99a0548c64f2cb8d672d5bf2e643a739ac8faff1164238c \
--hash=sha256:048eeade4c33fdf7e08da40ef402e748df113fd0b4584e32c4af74fe78baaeb2 \
--hash=sha256:0ba26351b137ca4e0db0342d5d00d2e355eb29372c05afd544ebf47c0956ffeb \
--hash=sha256:0ea2a783a2bdf2a561808fe4a7a12e9aa3799b701ba305de596bc48b8bdfce9d \
--hash=sha256:1530e8f3a4b965eb6a7785cf17a426c779333eb62c9a7d1bbcf3ffd5bf77a4aa \
--hash=sha256:16563993329b79513f59142a6b02055e10514c1a8e86dca8b48a893e33cf91e3 \
--hash=sha256:19aeb96d43902f0a783946a0a87dbdad5c84c936025b8419da0a0cd7724356b1 \
--hash=sha256:1a1d1915db1a4fdb2754b9de292642a39a7fb28f1736699527bb649484fb966a \
--hash=sha256:1b87bd9d81d179bd8ab871603bd80d8645729939f90b71e62914e816a76fc6bd \
--hash=sha256:1dfc94946bc60ea375cc39cff0b8da6c7e5f8fcdc1d946beb8da5c216156ddd8 \
--hash=sha256:2034f6759a722da3a3dbd91a81148cf884e91d1b747992ca288ab88c1de15999 \
--hash=sha256:261ddb7ca91fcf71757979534fb4c128448b5b4c55cb6152d280312062f69599 \
--hash=sha256:2ed854e716a89b1afcedea551cd85f2eb2a807613752ab997b9974aaa0d56936 \
--hash=sha256:3102045a10945173d38336f6e71a8dc71bcaeed55c3123ad4af82c52807b9375 \
--hash=sha256:339894035d0ede518b16073bdc2feef4c991ee991a29774b33e515f1d308e08d \
--hash=sha256:412444afb8c4c7a6cc11a47dade32982439925537e483be7c0ae0cf96c4f6a0b \
--hash=sha256:4203efca580f0dd6f882ca211f923168548f7ba334c189e9eab1178ab840bf60 \
--hash=sha256:45ebc7b45406febf07fef35d856f0293a92e7417ae7933207e90bf9090b70572 \
--hash=sha256:4b5ec25d8b17217d635f8935dbc1b9aa5907962fae29dff220f2659487891cd3 \
--hash=sha256:4c8e73e99da7db1b4cad7f8d682cf6abad7844da39834c288fbfa394a47bbced \
--hash=sha256:4e6f7d1c414191c1199f8996d3f2282b9ebea0945693fb67392c75a3a320941f \
--hash=sha256:4eaa22f0d22b1a7e93ff0a596d57fdede2e550aecffb5a1ef1106aaece48e96b \
--hash=sha256:50b8eae8f7334ec826d6eeffaeeb00e36b5e24aa0b9df322c247539714c6df19 \
--hash=sha256:50fd3f6b26e3441ae07b7c979309638b72abc1a25da31a81a7fbd9495713ef4f \
--hash=sha256:51243f1ed5161b9945011a7360e997729776f6e5d7005ba0c6879267d4c5139d \
--hash=sha256:5d512aafa1d32efa014fa041d38868fda85028e3f930a96f85d49c7d8ddc0383 \
--hash=sha256:5f77cf66e96ae734717d341c145c5949c63180842a545c47a0ce7ae52ca83795 \
--hash=sha256:6b02471b72526ab8a18c39cb7967b72d194ec53c1fd0a70b050565a0f366d355 \
--hash=sha256:6fb1b30043271ec92dc65f6d9f0b7a830c210b8a96423074b15c7bc999975f57 \
--hash=sha256:7161ec49ef0800947dc5570f86568a7bb36fa97dd09e9827dc02b718c5643f09 \
--hash=sha256:72d622d262e463dfb7595202d229f5f3ab4b852289a1cd09650362db23b9eb0b \
--hash=sha256:74d28c17412d9caa1066f7a31df8403ec23d5268ba46cd0ad2c50fb82ae40462 \
--hash=sha256:78618cdbccaa74d3f88d0ad6cb8ac3007f1a6fa5c6f19af64b55ca170bfa1edf \
--hash=sha256:793b4e24db2e8742ca6423d3fde8396db336698c55cd34b660663ee9e45ed37f \
--hash=sha256:798232c92e7665fe82ac085f9d8e8ca98826f8e27859d9a96b41d519ecd2e49a \
--hash=sha256:81d09caa7b27ef4e61cb7d8fbf1714f5aec1c6b6c5270ee53504981e6e9121ad \
--hash=sha256:8ab74c06ffdab957d7670c2a5a6e1a70181cd10b727cd788c4dd9005b6a8acd9 \
--hash=sha256:8eb0908e954d093b02a543dc963984d6e99ad2b5e36503d8a0aaf040505f747d \
--hash=sha256:90b9e29824800e90c84e4022dd5cc16eb2d9605ee13f05d47641eb183cd73d45 \
--hash=sha256:9797a6c8fe16f25749b371c02e2ade0efb51155e767a971c61734b1bf6293994 \
--hash=sha256:9d2455fbf44c914840c793e89aa82d0e1763a14253a000743719ae5946814b2d \
--hash=sha256:9d3bea1c75f8c53ee4d505c3e67d8c158ad4df0d83170605b50b64025917f338 \
--hash=sha256:9e2ec1e921fd07c7cda7962bad283acc2f2a9ccc1b971ee4b216b75fad6f0463 \
--hash=sha256:9e91179a242bbc99be65e139e30690e081fe6cb91a8e77faf4c409653de39451 \
--hash=sha256:a0eaa93d054751ee9964afa21c06247779b90440ca41d184aeb5d410f20ff591 \
--hash=sha256:a2c405445c79c3f5a124573a051062300936b0281fee57637e706453e452746c \
--hash=sha256:aa7e402ce11f0885305bfb6afb3434b3cd8f53b563ac065452d9d5654c7b86fd \
--hash=sha256:aff76a55a8aa8364d25400a210a65ff59d0168e0b4285ba6bf2bd83cf675ba32 \
--hash=sha256:b09b86b27a064c9624d0a6c54da01c1beaf5b6cadfa609cf63789b1d08a797b9 \
--hash=sha256:b14f16f94cbc61215115b9b1236f9c18403c15dd3c52cf629072afa9d54c1cbf \
--hash=sha256:b50811d664d392f02f7761621303eba9d1b056fb1868c8cdf4231279645c25f5 \
--hash=sha256:b7bc2176354defba3edc2b9a777744462da2f8e921fbaf61e52acb95bafa9828 \
--hash=sha256:c78e1b00a87ce43bb37642c0812315b411e856a905d58d597750eb79802aaaa3 \
--hash=sha256:c83341b89884e2b2e55886e8fbbf37c3fa5efd6c8907124aeb72f285ae5696e5 \
--hash=sha256:ca2870d5d10d8726a27396d3ca4cf7976cec0f3cb706debe88e3a5bd4610f7d2 \
--hash=sha256:ccce24b7ad89adb5a1e34a6ba96ac2530046763912806ad4c247356a8f33a67b \
--hash=sha256:cd5e14fbf22a87321b24c88669aad3a51ec052eb145315b3da3b7e3cc105b9a2 \
--hash=sha256:ce49c67f4ea0609933d01c0731b34b8695a7a748d6c8d186f95e7d085d2fe475 \
--hash=sha256:d33891be6df59d93df4d846640f0e46f1a807339f09e79a8040bc887bdcd7ed3 \
--hash=sha256:d3b2348a78bc939b4fed6552abfd2e7988e0f81443ef3911a4b8498ca084f6eb \
--hash=sha256:d886f5d353333b4771d21267c7ecc75b710f1a73d72d03ca06df49b09015a9ef \
--hash=sha256:d93480005693d247f8346bc8ee28c72a2191bdf1f6b5db469c096c0c867ac015 \
--hash=sha256:dc1a390a82755a8c26c9964d457d4c9cbec5405896cba94cf51f36ea0d855002 \
--hash=sha256:dd78700f5788ae180b5ee8902c6aea5a5726bac7c364b202b4b3e3ba2d293170 \
--hash=sha256:e46f38133e5a060d46bd630faa4d9fa0202377495df1f068a8299fd78c84de84 \
--hash=sha256:e4b878386c4bf293578b48fc570b84ecfe477d3b77ba39a6e87150af77f40c57 \
--hash=sha256:f0d0591a0aeaefdaf9a5e545e7485f89910c977087e7de2b6c388aec32011e9f \
--hash=sha256:fdcbb4068117dfd9ce0138d068ac512843c52295ed996ae6dd1faf537b6dbc27 \
--hash=sha256:ff61bfd9253c3915e6d41c651d5f962da23eda633cf02262990094a18a55371a
# via
# cairosvg
# mkdocs-material
platformdirs==4.1.0 \
--hash=sha256:11c8f37bcca40db96d8144522d925583bdb7a31f7b0e37e3ed4318400a8e2380 \
--hash=sha256:906d548203468492d432bcb294d4bc2fff751bf84971fbb2c10918cc206ee420
platformdirs==4.2.1 \
--hash=sha256:031cd18d4ec63ec53e82dceaac0417d218a6863f7745dfcc9efe7793b7039bdf \
--hash=sha256:17d5a1161b3fd67b390023cb2d3b026bbd40abde6fdb052dfbd3a29c3ba22ee1
# via mkdocs
pycparser==2.21 \
--hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
pycparser==2.22 \
--hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
--hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
# via cffi
pygments==2.17.2 \
--hash=sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c \
--hash=sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367
# via mkdocs-material
pymdown-extensions==10.7 \
--hash=sha256:6ca215bc57bc12bf32b414887a68b810637d039124ed9b2e5bd3325cbb2c050c \
--hash=sha256:c0d64d5cf62566f59e6b2b690a4095c931107c250a8c8e1351c1de5f6b036deb
pymdown-extensions==10.8 \
--hash=sha256:3539003ff0d5e219ba979d2dc961d18fcad5ac259e66c764482e8347b4c0503c \
--hash=sha256:91ca336caf414e1e5e0626feca86e145de9f85a3921a7bcbd32890b51738c428
# via mkdocs-material
pyparsing==3.1.1 \
--hash=sha256:32c7c0b711493c72ff18a981d24f28aaf9c1fb7ed5e9667c9e84e3db623bdbfb \
--hash=sha256:ede28a1a32462f5a9705e07aea48001a08f7cf81a021585011deba701581a0db
pyparsing==3.1.2 \
--hash=sha256:a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad \
--hash=sha256:f9db75911801ed778fe61bb643079ff86601aca99fcae6345aa67292038fb742
# via mike
pytablewriter==1.2.0 \
--hash=sha256:0204a4bb684a22140d640f2599f09e137bcdc18b3dd49426f4a555016e246b46 \
--hash=sha256:4a30e2bb4bf5bc1069b1d2b2bc41947577c4517ab0875b23a5b194d296f543d8
# via -r requirements.in
python-dateutil==2.8.2 \
--hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
--hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
python-dateutil==2.9.0.post0 \
--hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
--hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427
# via
# ghp-import
# typepy
pytz==2023.3.post1 \
--hash=sha256:7b4fddbeb94a1eba4b557da24f19fdf9db575192544270a9101d8509f9f43d7b \
--hash=sha256:ce42d816b81b68506614c11e8937d3aa9e41007ceb50bfdcb0749b921bf646c7
pytz==2024.1 \
--hash=sha256:2a29735ea9c18baf14b448846bde5a48030ed267578472d8955cd0e7443a9812 \
--hash=sha256:328171f4e3623139da4983451950b28e95ac706e13f3f2630a879749e7a8b319
# via typepy
pyyaml==6.0.1 \
--hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
@ -508,100 +509,100 @@ pyyaml-env-tag==0.1 \
--hash=sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb \
--hash=sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069
# via mkdocs
regex==2023.12.25 \
--hash=sha256:0694219a1d54336fd0445ea382d49d36882415c0134ee1e8332afd1529f0baa5 \
--hash=sha256:086dd15e9435b393ae06f96ab69ab2d333f5d65cbe65ca5a3ef0ec9564dfe770 \
--hash=sha256:094ba386bb5c01e54e14434d4caabf6583334090865b23ef58e0424a6286d3dc \
--hash=sha256:09da66917262d9481c719599116c7dc0c321ffcec4b1f510c4f8a066f8768105 \
--hash=sha256:0ecf44ddf9171cd7566ef1768047f6e66975788258b1c6c6ca78098b95cf9a3d \
--hash=sha256:0fda75704357805eb953a3ee15a2b240694a9a514548cd49b3c5124b4e2ad01b \
--hash=sha256:11a963f8e25ab5c61348d090bf1b07f1953929c13bd2309a0662e9ff680763c9 \
--hash=sha256:150c39f5b964e4d7dba46a7962a088fbc91f06e606f023ce57bb347a3b2d4630 \
--hash=sha256:1b9d811f72210fa9306aeb88385b8f8bcef0dfbf3873410413c00aa94c56c2b6 \
--hash=sha256:1e0eabac536b4cc7f57a5f3d095bfa557860ab912f25965e08fe1545e2ed8b4c \
--hash=sha256:22a86d9fff2009302c440b9d799ef2fe322416d2d58fc124b926aa89365ec482 \
--hash=sha256:22f3470f7524b6da61e2020672df2f3063676aff444db1daa283c2ea4ed259d6 \
--hash=sha256:263ef5cc10979837f243950637fffb06e8daed7f1ac1e39d5910fd29929e489a \
--hash=sha256:283fc8eed679758de38fe493b7d7d84a198b558942b03f017b1f94dda8efae80 \
--hash=sha256:29171aa128da69afdf4bde412d5bedc335f2ca8fcfe4489038577d05f16181e5 \
--hash=sha256:298dc6354d414bc921581be85695d18912bea163a8b23cac9a2562bbcd5088b1 \
--hash=sha256:2aae8101919e8aa05ecfe6322b278f41ce2994c4a430303c4cd163fef746e04f \
--hash=sha256:2f4e475a80ecbd15896a976aa0b386c5525d0ed34d5c600b6d3ebac0a67c7ddf \
--hash=sha256:34e4af5b27232f68042aa40a91c3b9bb4da0eeb31b7632e0091afc4310afe6cb \
--hash=sha256:37f8e93a81fc5e5bd8db7e10e62dc64261bcd88f8d7e6640aaebe9bc180d9ce2 \
--hash=sha256:3a17d3ede18f9cedcbe23d2daa8a2cd6f59fe2bf082c567e43083bba3fb00347 \
--hash=sha256:3b1de218d5375cd6ac4b5493e0b9f3df2be331e86520f23382f216c137913d20 \
--hash=sha256:43f7cd5754d02a56ae4ebb91b33461dc67be8e3e0153f593c509e21d219c5060 \
--hash=sha256:4558410b7a5607a645e9804a3e9dd509af12fb72b9825b13791a37cd417d73a5 \
--hash=sha256:4719bb05094d7d8563a450cf8738d2e1061420f79cfcc1fa7f0a44744c4d8f73 \
--hash=sha256:4bfc2b16e3ba8850e0e262467275dd4d62f0d045e0e9eda2bc65078c0110a11f \
--hash=sha256:518440c991f514331f4850a63560321f833979d145d7d81186dbe2f19e27ae3d \
--hash=sha256:51f4b32f793812714fd5307222a7f77e739b9bc566dc94a18126aba3b92b98a3 \
--hash=sha256:531ac6cf22b53e0696f8e1d56ce2396311254eb806111ddd3922c9d937151dae \
--hash=sha256:5cd05d0f57846d8ba4b71d9c00f6f37d6b97d5e5ef8b3c3840426a475c8f70f4 \
--hash=sha256:5dd58946bce44b53b06d94aa95560d0b243eb2fe64227cba50017a8d8b3cd3e2 \
--hash=sha256:60080bb3d8617d96f0fb7e19796384cc2467447ef1c491694850ebd3670bc457 \
--hash=sha256:636ba0a77de609d6510235b7f0e77ec494d2657108f777e8765efc060094c98c \
--hash=sha256:67d3ccfc590e5e7197750fcb3a2915b416a53e2de847a728cfa60141054123d4 \
--hash=sha256:68191f80a9bad283432385961d9efe09d783bcd36ed35a60fb1ff3f1ec2efe87 \
--hash=sha256:7502534e55c7c36c0978c91ba6f61703faf7ce733715ca48f499d3dbbd7657e0 \
--hash=sha256:7aa47c2e9ea33a4a2a05f40fcd3ea36d73853a2aae7b4feab6fc85f8bf2c9704 \
--hash=sha256:7d2af3f6b8419661a0c421584cfe8aaec1c0e435ce7e47ee2a97e344b98f794f \
--hash=sha256:7e316026cc1095f2a3e8cc012822c99f413b702eaa2ca5408a513609488cb62f \
--hash=sha256:88ad44e220e22b63b0f8f81f007e8abbb92874d8ced66f32571ef8beb0643b2b \
--hash=sha256:88d1f7bef20c721359d8675f7d9f8e414ec5003d8f642fdfd8087777ff7f94b5 \
--hash=sha256:89723d2112697feaa320c9d351e5f5e7b841e83f8b143dba8e2d2b5f04e10923 \
--hash=sha256:8a0ccf52bb37d1a700375a6b395bff5dd15c50acb745f7db30415bae3c2b0715 \
--hash=sha256:8c2c19dae8a3eb0ea45a8448356ed561be843b13cbc34b840922ddf565498c1c \
--hash=sha256:905466ad1702ed4acfd67a902af50b8db1feeb9781436372261808df7a2a7bca \
--hash=sha256:9852b76ab558e45b20bf1893b59af64a28bd3820b0c2efc80e0a70a4a3ea51c1 \
--hash=sha256:98a2636994f943b871786c9e82bfe7883ecdaba2ef5df54e1450fa9869d1f756 \
--hash=sha256:9aa1a67bbf0f957bbe096375887b2505f5d8ae16bf04488e8b0f334c36e31360 \
--hash=sha256:9eda5f7a50141291beda3edd00abc2d4a5b16c29c92daf8d5bd76934150f3edc \
--hash=sha256:a6d1047952c0b8104a1d371f88f4ab62e6275567d4458c1e26e9627ad489b445 \
--hash=sha256:a9b6d73353f777630626f403b0652055ebfe8ff142a44ec2cf18ae470395766e \
--hash=sha256:a9cc99d6946d750eb75827cb53c4371b8b0fe89c733a94b1573c9dd16ea6c9e4 \
--hash=sha256:ad83e7545b4ab69216cef4cc47e344d19622e28aabec61574b20257c65466d6a \
--hash=sha256:b014333bd0217ad3d54c143de9d4b9a3ca1c5a29a6d0d554952ea071cff0f1f8 \
--hash=sha256:b43523d7bc2abd757119dbfb38af91b5735eea45537ec6ec3a5ec3f9562a1c53 \
--hash=sha256:b521dcecebc5b978b447f0f69b5b7f3840eac454862270406a39837ffae4e697 \
--hash=sha256:b77e27b79448e34c2c51c09836033056a0547aa360c45eeeb67803da7b0eedaf \
--hash=sha256:b7a635871143661feccce3979e1727c4e094f2bdfd3ec4b90dfd4f16f571a87a \
--hash=sha256:b7fca9205b59c1a3d5031f7e64ed627a1074730a51c2a80e97653e3e9fa0d415 \
--hash=sha256:ba1b30765a55acf15dce3f364e4928b80858fa8f979ad41f862358939bdd1f2f \
--hash=sha256:ba99d8077424501b9616b43a2d208095746fb1284fc5ba490139651f971d39d9 \
--hash=sha256:c25a8ad70e716f96e13a637802813f65d8a6760ef48672aa3502f4c24ea8b400 \
--hash=sha256:c3c4a78615b7762740531c27cf46e2f388d8d727d0c0c739e72048beb26c8a9d \
--hash=sha256:c40281f7d70baf6e0db0c2f7472b31609f5bc2748fe7275ea65a0b4601d9b392 \
--hash=sha256:c7ad32824b7f02bb3c9f80306d405a1d9b7bb89362d68b3c5a9be53836caebdb \
--hash=sha256:cb3fe77aec8f1995611f966d0c656fdce398317f850d0e6e7aebdfe61f40e1cd \
--hash=sha256:cc038b2d8b1470364b1888a98fd22d616fba2b6309c5b5f181ad4483e0017861 \
--hash=sha256:cc37b9aeebab425f11f27e5e9e6cf580be7206c6582a64467a14dda211abc232 \
--hash=sha256:cc6bb9aa69aacf0f6032c307da718f61a40cf970849e471254e0e91c56ffca95 \
--hash=sha256:d126361607b33c4eb7b36debc173bf25d7805847346dd4d99b5499e1fef52bc7 \
--hash=sha256:d15b274f9e15b1a0b7a45d2ac86d1f634d983ca40d6b886721626c47a400bf39 \
--hash=sha256:d166eafc19f4718df38887b2bbe1467a4f74a9830e8605089ea7a30dd4da8887 \
--hash=sha256:d498eea3f581fbe1b34b59c697512a8baef88212f92e4c7830fcc1499f5b45a5 \
--hash=sha256:d6f7e255e5fa94642a0724e35406e6cb7001c09d476ab5fce002f652b36d0c39 \
--hash=sha256:d78bd484930c1da2b9679290a41cdb25cc127d783768a0369d6b449e72f88beb \
--hash=sha256:d865984b3f71f6d0af64d0d88f5733521698f6c16f445bb09ce746c92c97c586 \
--hash=sha256:d902a43085a308cef32c0d3aea962524b725403fd9373dea18110904003bac97 \
--hash=sha256:d94a1db462d5690ebf6ae86d11c5e420042b9898af5dcf278bd97d6bda065423 \
--hash=sha256:da695d75ac97cb1cd725adac136d25ca687da4536154cdc2815f576e4da11c69 \
--hash=sha256:db2a0b1857f18b11e3b0e54ddfefc96af46b0896fb678c85f63fb8c37518b3e7 \
--hash=sha256:df26481f0c7a3f8739fecb3e81bc9da3fcfae34d6c094563b9d4670b047312e1 \
--hash=sha256:e14b73607d6231f3cc4622809c196b540a6a44e903bcfad940779c80dffa7be7 \
--hash=sha256:e2610e9406d3b0073636a3a2e80db05a02f0c3169b5632022b4e81c0364bcda5 \
--hash=sha256:e692296c4cc2873967771345a876bcfc1c547e8dd695c6b89342488b0ea55cd8 \
--hash=sha256:e693e233ac92ba83a87024e1d32b5f9ab15ca55ddd916d878146f4e3406b5c91 \
--hash=sha256:e81469f7d01efed9b53740aedd26085f20d49da65f9c1f41e822a33992cb1590 \
--hash=sha256:e8c7e08bb566de4faaf11984af13f6bcf6a08f327b13631d41d62592681d24fe \
--hash=sha256:ed19b3a05ae0c97dd8f75a5d8f21f7723a8c33bbc555da6bbe1f96c470139d3c \
--hash=sha256:efb2d82f33b2212898f1659fb1c2e9ac30493ac41e4d53123da374c3b5541e64 \
--hash=sha256:f44dd4d68697559d007462b0a3a1d9acd61d97072b71f6d1968daef26bc744bd \
--hash=sha256:f72cbae7f6b01591f90814250e636065850c5926751af02bb48da94dfced7baa \
--hash=sha256:f7bc09bc9c29ebead055bcba136a67378f03d66bf359e87d0f7c759d6d4ffa31 \
--hash=sha256:ff100b203092af77d1a5a7abe085b3506b7eaaf9abf65b73b7d6905b6cb76988
regex==2024.4.16 \
--hash=sha256:00169caa125f35d1bca6045d65a662af0202704489fada95346cfa092ec23f39 \
--hash=sha256:03576e3a423d19dda13e55598f0fd507b5d660d42c51b02df4e0d97824fdcae3 \
--hash=sha256:03e68f44340528111067cecf12721c3df4811c67268b897fbe695c95f860ac42 \
--hash=sha256:0534b034fba6101611968fae8e856c1698da97ce2efb5c2b895fc8b9e23a5834 \
--hash=sha256:08dea89f859c3df48a440dbdcd7b7155bc675f2fa2ec8c521d02dc69e877db70 \
--hash=sha256:0a38d151e2cdd66d16dab550c22f9521ba79761423b87c01dae0a6e9add79c0d \
--hash=sha256:0c8290b44d8b0af4e77048646c10c6e3aa583c1ca67f3b5ffb6e06cf0c6f0f89 \
--hash=sha256:10188fe732dec829c7acca7422cdd1bf57d853c7199d5a9e96bb4d40db239c73 \
--hash=sha256:1210365faba7c2150451eb78ec5687871c796b0f1fa701bfd2a4a25420482d26 \
--hash=sha256:12f6a3f2f58bb7344751919a1876ee1b976fe08b9ffccb4bbea66f26af6017b9 \
--hash=sha256:159dc4e59a159cb8e4e8f8961eb1fa5d58f93cb1acd1701d8aff38d45e1a84a6 \
--hash=sha256:20b7a68444f536365af42a75ccecb7ab41a896a04acf58432db9e206f4e525d6 \
--hash=sha256:23cff1b267038501b179ccbbd74a821ac4a7192a1852d1d558e562b507d46013 \
--hash=sha256:2c72608e70f053643437bd2be0608f7f1c46d4022e4104d76826f0839199347a \
--hash=sha256:3399dd8a7495bbb2bacd59b84840eef9057826c664472e86c91d675d007137f5 \
--hash=sha256:34422d5a69a60b7e9a07a690094e824b66f5ddc662a5fc600d65b7c174a05f04 \
--hash=sha256:370c68dc5570b394cbaadff50e64d705f64debed30573e5c313c360689b6aadc \
--hash=sha256:3a1018e97aeb24e4f939afcd88211ace472ba566efc5bdf53fd8fd7f41fa7170 \
--hash=sha256:3d5ac5234fb5053850d79dd8eb1015cb0d7d9ed951fa37aa9e6249a19aa4f336 \
--hash=sha256:4313ab9bf6a81206c8ac28fdfcddc0435299dc88cad12cc6305fd0e78b81f9e4 \
--hash=sha256:445ca8d3c5a01309633a0c9db57150312a181146315693273e35d936472df912 \
--hash=sha256:479595a4fbe9ed8f8f72c59717e8cf222da2e4c07b6ae5b65411e6302af9708e \
--hash=sha256:4918fd5f8b43aa7ec031e0fef1ee02deb80b6afd49c85f0790be1dc4ce34cb50 \
--hash=sha256:4aba818dcc7263852aabb172ec27b71d2abca02a593b95fa79351b2774eb1d2b \
--hash=sha256:4e819a806420bc010489f4e741b3036071aba209f2e0989d4750b08b12a9343f \
--hash=sha256:4facc913e10bdba42ec0aee76d029aedda628161a7ce4116b16680a0413f658a \
--hash=sha256:549c3584993772e25f02d0656ac48abdda73169fe347263948cf2b1cead622f3 \
--hash=sha256:5c02fcd2bf45162280613d2e4a1ca3ac558ff921ae4e308ecb307650d3a6ee51 \
--hash=sha256:5f580c651a72b75c39e311343fe6875d6f58cf51c471a97f15a938d9fe4e0d37 \
--hash=sha256:62120ed0de69b3649cc68e2965376048793f466c5a6c4370fb27c16c1beac22d \
--hash=sha256:6295004b2dd37b0835ea5c14a33e00e8cfa3c4add4d587b77287825f3418d310 \
--hash=sha256:65436dce9fdc0aeeb0a0effe0839cb3d6a05f45aa45a4d9f9c60989beca78b9c \
--hash=sha256:684008ec44ad275832a5a152f6e764bbe1914bea10968017b6feaecdad5736e0 \
--hash=sha256:684e52023aec43bdf0250e843e1fdd6febbe831bd9d52da72333fa201aaa2335 \
--hash=sha256:6cc38067209354e16c5609b66285af17a2863a47585bcf75285cab33d4c3b8df \
--hash=sha256:6f2f017c5be19984fbbf55f8af6caba25e62c71293213f044da3ada7091a4455 \
--hash=sha256:743deffdf3b3481da32e8a96887e2aa945ec6685af1cfe2bcc292638c9ba2f48 \
--hash=sha256:7571f19f4a3fd00af9341c7801d1ad1967fc9c3f5e62402683047e7166b9f2b4 \
--hash=sha256:7731728b6568fc286d86745f27f07266de49603a6fdc4d19c87e8c247be452af \
--hash=sha256:785c071c982dce54d44ea0b79cd6dfafddeccdd98cfa5f7b86ef69b381b457d9 \
--hash=sha256:78fddb22b9ef810b63ef341c9fcf6455232d97cfe03938cbc29e2672c436670e \
--hash=sha256:7bb966fdd9217e53abf824f437a5a2d643a38d4fd5fd0ca711b9da683d452969 \
--hash=sha256:7cbc5d9e8a1781e7be17da67b92580d6ce4dcef5819c1b1b89f49d9678cc278c \
--hash=sha256:803b8905b52de78b173d3c1e83df0efb929621e7b7c5766c0843704d5332682f \
--hash=sha256:80b696e8972b81edf0af2a259e1b2a4a661f818fae22e5fa4fa1a995fb4a40fd \
--hash=sha256:81500ed5af2090b4a9157a59dbc89873a25c33db1bb9a8cf123837dcc9765047 \
--hash=sha256:89ec7f2c08937421bbbb8b48c54096fa4f88347946d4747021ad85f1b3021b3c \
--hash=sha256:8ba6745440b9a27336443b0c285d705ce73adb9ec90e2f2004c64d95ab5a7598 \
--hash=sha256:8c91e1763696c0eb66340c4df98623c2d4e77d0746b8f8f2bee2c6883fd1fe18 \
--hash=sha256:8d015604ee6204e76569d2f44e5a210728fa917115bef0d102f4107e622b08d5 \
--hash=sha256:8d1f86f3f4e2388aa3310b50694ac44daefbd1681def26b4519bd050a398dc5a \
--hash=sha256:8f83b6fd3dc3ba94d2b22717f9c8b8512354fd95221ac661784df2769ea9bba9 \
--hash=sha256:8fc6976a3395fe4d1fbeb984adaa8ec652a1e12f36b56ec8c236e5117b585427 \
--hash=sha256:904c883cf10a975b02ab3478bce652f0f5346a2c28d0a8521d97bb23c323cc8b \
--hash=sha256:911742856ce98d879acbea33fcc03c1d8dc1106234c5e7d068932c945db209c0 \
--hash=sha256:91797b98f5e34b6a49f54be33f72e2fb658018ae532be2f79f7c63b4ae225145 \
--hash=sha256:95399831a206211d6bc40224af1c635cb8790ddd5c7493e0bd03b85711076a53 \
--hash=sha256:956b58d692f235cfbf5b4f3abd6d99bf102f161ccfe20d2fd0904f51c72c4c66 \
--hash=sha256:98c1165f3809ce7774f05cb74e5408cd3aa93ee8573ae959a97a53db3ca3180d \
--hash=sha256:9ab40412f8cd6f615bfedea40c8bf0407d41bf83b96f6fc9ff34976d6b7037fd \
--hash=sha256:9df1bfef97db938469ef0a7354b2d591a2d438bc497b2c489471bec0e6baf7c4 \
--hash=sha256:a01fe2305e6232ef3e8f40bfc0f0f3a04def9aab514910fa4203bafbc0bb4682 \
--hash=sha256:a70b51f55fd954d1f194271695821dd62054d949efd6368d8be64edd37f55c86 \
--hash=sha256:a7ccdd1c4a3472a7533b0a7aa9ee34c9a2bef859ba86deec07aff2ad7e0c3b94 \
--hash=sha256:b340cccad138ecb363324aa26893963dcabb02bb25e440ebdf42e30963f1a4e0 \
--hash=sha256:b74586dd0b039c62416034f811d7ee62810174bb70dffcca6439f5236249eb09 \
--hash=sha256:b9d320b3bf82a39f248769fc7f188e00f93526cc0fe739cfa197868633d44701 \
--hash=sha256:ba2336d6548dee3117520545cfe44dc28a250aa091f8281d28804aa8d707d93d \
--hash=sha256:ba8122e3bb94ecda29a8de4cf889f600171424ea586847aa92c334772d200331 \
--hash=sha256:bd727ad276bb91928879f3aa6396c9a1d34e5e180dce40578421a691eeb77f47 \
--hash=sha256:c21fc21a4c7480479d12fd8e679b699f744f76bb05f53a1d14182b31f55aac76 \
--hash=sha256:c2d0e7cbb6341e830adcbfa2479fdeebbfbb328f11edd6b5675674e7a1e37730 \
--hash=sha256:c2ef6f7990b6e8758fe48ad08f7e2f66c8f11dc66e24093304b87cae9037bb4a \
--hash=sha256:c4ed75ea6892a56896d78f11006161eea52c45a14994794bcfa1654430984b22 \
--hash=sha256:cccc79a9be9b64c881f18305a7c715ba199e471a3973faeb7ba84172abb3f317 \
--hash=sha256:d0800631e565c47520aaa04ae38b96abc5196fe8b4aa9bd864445bd2b5848a7a \
--hash=sha256:d2da13568eff02b30fd54fccd1e042a70fe920d816616fda4bf54ec705668d81 \
--hash=sha256:d61ae114d2a2311f61d90c2ef1358518e8f05eafda76eaf9c772a077e0b465ec \
--hash=sha256:d83c2bc678453646f1a18f8db1e927a2d3f4935031b9ad8a76e56760461105dd \
--hash=sha256:dd5acc0a7d38fdc7a3a6fd3ad14c880819008ecb3379626e56b163165162cc46 \
--hash=sha256:df79012ebf6f4efb8d307b1328226aef24ca446b3ff8d0e30202d7ebcb977a8c \
--hash=sha256:e0a2df336d1135a0b3a67f3bbf78a75f69562c1199ed9935372b82215cddd6e2 \
--hash=sha256:e2f142b45c6fed48166faeb4303b4b58c9fcd827da63f4cf0a123c3480ae11fb \
--hash=sha256:e697e1c0238133589e00c244a8b676bc2cfc3ab4961318d902040d099fec7483 \
--hash=sha256:e757d475953269fbf4b441207bb7dbdd1c43180711b6208e129b637792ac0b93 \
--hash=sha256:e87ab229332ceb127a165612d839ab87795972102cb9830e5f12b8c9a5c1b508 \
--hash=sha256:ea355eb43b11764cf799dda62c658c4d2fdb16af41f59bb1ccfec517b60bcb07 \
--hash=sha256:ec7e0043b91115f427998febaa2beb82c82df708168b35ece3accb610b91fac1 \
--hash=sha256:eeaa0b5328b785abc344acc6241cffde50dc394a0644a968add75fcefe15b9d4 \
--hash=sha256:f2d80a6749724b37853ece57988b39c4e79d2b5fe2869a86e8aeae3bbeef9eb0 \
--hash=sha256:fa454d26f2e87ad661c4f0c5a5fe4cf6aab1e307d1b94f16ffdfcb089ba685c0 \
--hash=sha256:fb83cc090eac63c006871fd24db5e30a1f282faa46328572661c0a24a2323a08 \
--hash=sha256:fd80d1280d473500d8086d104962a82d77bfbf2b118053824b7be28cd5a79ea5
# via mkdocs-material
requests==2.31.0 \
--hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
@ -611,9 +612,9 @@ requests==2.31.0 \
# importlib-resources
# The following packages are considered to be unsafe in a requirements file:
setuptools==69.0.3 \
--hash=sha256:385eb4edd9c9d5c17540511303e39a147ce2fc04bc55289c322b9e5904fe2c05 \
--hash=sha256:be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78
setuptools==69.5.1 \
--hash=sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987 \
--hash=sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32
# via mkdocs-material
six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
@ -627,9 +628,9 @@ tcolorpy==0.1.4 \
--hash=sha256:d0926480aa5012f34877d69fc3b670f207dc165674e68ad07458fa6ee5b12724 \
--hash=sha256:f0dceb1cb95e554cee63024b3cd2fd8d4628c568773de2d1e6b4f0478461901c
# via pytablewriter
tinycss2==1.2.1 \
--hash=sha256:2b80a96d41e7c3914b8cda8bc7f705a4d9c49275616e886103dd839dfc847847 \
--hash=sha256:8cff3a8f066c2ec677c06dbc7b45619804a6938478d9d73c284b29d14ecb0627
tinycss2==1.3.0 \
--hash=sha256:152f9acabd296a8375fbca5b84c961ff95971fcfc32e79550c8df8e29118c54d \
--hash=sha256:54a8dbdffb334d536851be0226030e9505965bb2f30f21a4a82c55fb2a80fae7
# via
# cairosvg
# cssselect2
@ -640,43 +641,44 @@ typepy==1.3.2 \
# dataproperty
# pytablewriter
# tabledata
# typepy
urllib3==2.1.0 \
--hash=sha256:55901e917a5896a349ff771be919f8bd99aff50b79fe58fec595eb37bbc56bb3 \
--hash=sha256:df7aa8afb0148fa78488e7899b2c59b5f4ffcfa82e6c54ccb9dd37c1d7b52d54
urllib3==2.2.1 \
--hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
--hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
# via requests
verspec==0.1.0 \
--hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d481cda100f11c31 \
--hash=sha256:c4504ca697b2056cdb4bfa7121461f5a0e81809255b41c03dda4ba823637c01e
# via mike
watchdog==3.0.0 \
--hash=sha256:0e06ab8858a76e1219e68c7573dfeba9dd1c0219476c5a44d5333b01d7e1743a \
--hash=sha256:13bbbb462ee42ec3c5723e1205be8ced776f05b100e4737518c67c8325cf6100 \
--hash=sha256:233b5817932685d39a7896b1090353fc8efc1ef99c9c054e46c8002561252fb8 \
--hash=sha256:25f70b4aa53bd743729c7475d7ec41093a580528b100e9a8c5b5efe8899592fc \
--hash=sha256:2b57a1e730af3156d13b7fdddfc23dea6487fceca29fc75c5a868beed29177ae \
--hash=sha256:336adfc6f5cc4e037d52db31194f7581ff744b67382eb6021c868322e32eef41 \
--hash=sha256:3aa7f6a12e831ddfe78cdd4f8996af9cf334fd6346531b16cec61c3b3c0d8da0 \
--hash=sha256:3ed7c71a9dccfe838c2f0b6314ed0d9b22e77d268c67e015450a29036a81f60f \
--hash=sha256:4c9956d27be0bb08fc5f30d9d0179a855436e655f046d288e2bcc11adfae893c \
--hash=sha256:4d98a320595da7a7c5a18fc48cb633c2e73cda78f93cac2ef42d42bf609a33f9 \
--hash=sha256:4f94069eb16657d2c6faada4624c39464f65c05606af50bb7902e036e3219be3 \
--hash=sha256:5113334cf8cf0ac8cd45e1f8309a603291b614191c9add34d33075727a967709 \
--hash=sha256:51f90f73b4697bac9c9a78394c3acbbd331ccd3655c11be1a15ae6fe289a8c83 \
--hash=sha256:5d9f3a10e02d7371cd929b5d8f11e87d4bad890212ed3901f9b4d68767bee759 \
--hash=sha256:7ade88d0d778b1b222adebcc0927428f883db07017618a5e684fd03b83342bd9 \
--hash=sha256:7c5f84b5194c24dd573fa6472685b2a27cc5a17fe5f7b6fd40345378ca6812e3 \
--hash=sha256:7e447d172af52ad204d19982739aa2346245cc5ba6f579d16dac4bfec226d2e7 \
--hash=sha256:8ae9cda41fa114e28faf86cb137d751a17ffd0316d1c34ccf2235e8a84365c7f \
--hash=sha256:8f3ceecd20d71067c7fd4c9e832d4e22584318983cabc013dbf3f70ea95de346 \
--hash=sha256:9fac43a7466eb73e64a9940ac9ed6369baa39b3bf221ae23493a9ec4d0022674 \
--hash=sha256:a70a8dcde91be523c35b2bf96196edc5730edb347e374c7de7cd20c43ed95397 \
--hash=sha256:adfdeab2da79ea2f76f87eb42a3ab1966a5313e5a69a0213a3cc06ef692b0e96 \
--hash=sha256:ba07e92756c97e3aca0912b5cbc4e5ad802f4557212788e72a72a47ff376950d \
--hash=sha256:c07253088265c363d1ddf4b3cdb808d59a0468ecd017770ed716991620b8f77a \
--hash=sha256:c9d8c8ec7efb887333cf71e328e39cffbf771d8f8f95d308ea4125bf5f90ba64 \
--hash=sha256:d00e6be486affb5781468457b21a6cbe848c33ef43f9ea4a73b4882e5f188a44 \
--hash=sha256:d429c2430c93b7903914e4db9a966c7f2b068dd2ebdd2fa9b9ce094c7d459f33
watchdog==4.0.0 \
--hash=sha256:11e12fafb13372e18ca1bbf12d50f593e7280646687463dd47730fd4f4d5d257 \
--hash=sha256:2895bf0518361a9728773083908801a376743bcc37dfa252b801af8fd281b1ca \
--hash=sha256:39cb34b1f1afbf23e9562501673e7146777efe95da24fab5707b88f7fb11649b \
--hash=sha256:45cc09cc4c3b43fb10b59ef4d07318d9a3ecdbff03abd2e36e77b6dd9f9a5c85 \
--hash=sha256:4986db5e8880b0e6b7cd52ba36255d4793bf5cdc95bd6264806c233173b1ec0b \
--hash=sha256:5369136a6474678e02426bd984466343924d1df8e2fd94a9b443cb7e3aa20d19 \
--hash=sha256:557ba04c816d23ce98a06e70af6abaa0485f6d94994ec78a42b05d1c03dcbd50 \
--hash=sha256:6a4db54edea37d1058b08947c789a2354ee02972ed5d1e0dca9b0b820f4c7f92 \
--hash=sha256:6a80d5cae8c265842c7419c560b9961561556c4361b297b4c431903f8c33b269 \
--hash=sha256:6a9c71a0b02985b4b0b6d14b875a6c86ddea2fdbebd0c9a720a806a8bbffc69f \
--hash=sha256:6c47bdd680009b11c9ac382163e05ca43baf4127954c5f6d0250e7d772d2b80c \
--hash=sha256:6e949a8a94186bced05b6508faa61b7adacc911115664ccb1923b9ad1f1ccf7b \
--hash=sha256:73c7a935e62033bd5e8f0da33a4dcb763da2361921a69a5a95aaf6c93aa03a87 \
--hash=sha256:76ad8484379695f3fe46228962017a7e1337e9acadafed67eb20aabb175df98b \
--hash=sha256:8350d4055505412a426b6ad8c521bc7d367d1637a762c70fdd93a3a0d595990b \
--hash=sha256:87e9df830022488e235dd601478c15ad73a0389628588ba0b028cb74eb72fed8 \
--hash=sha256:8f9a542c979df62098ae9c58b19e03ad3df1c9d8c6895d96c0d51da17b243b1c \
--hash=sha256:8fec441f5adcf81dd240a5fe78e3d83767999771630b5ddfc5867827a34fa3d3 \
--hash=sha256:9a03e16e55465177d416699331b0f3564138f1807ecc5f2de9d55d8f188d08c7 \
--hash=sha256:ba30a896166f0fee83183cec913298151b73164160d965af2e93a20bbd2ab605 \
--hash=sha256:c17d98799f32e3f55f181f19dd2021d762eb38fdd381b4a748b9f5a36738e935 \
--hash=sha256:c522392acc5e962bcac3b22b9592493ffd06d1fc5d755954e6be9f4990de932b \
--hash=sha256:d0f9bd1fd919134d459d8abf954f63886745f4660ef66480b9d753a7c9d40927 \
--hash=sha256:d18d7f18a47de6863cd480734613502904611730f8def45fc52a5d97503e5101 \
--hash=sha256:d31481ccf4694a8416b681544c23bd271f5a123162ab603c7d7d2dd7dd901a07 \
--hash=sha256:e3e7065cbdabe6183ab82199d7a4f6b3ba0a438c5a512a68559846ccb76a78ec \
--hash=sha256:eed82cdf79cd7f0232e2fdc1ad05b06a5e102a43e331f7d041e5f0e0a34a51c4 \
--hash=sha256:f970663fa4f7e80401a7b0cbeec00fa801bf0287d93d48368fc3e6fa32716245 \
--hash=sha256:f9b2fdca47dc855516b2d66eef3c39f2672cbf7e7a42e7e67ad2cbfcd6ba107d
# via mkdocs
webencodings==0.5.1 \
--hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
@ -684,7 +686,7 @@ webencodings==0.5.1 \
# via
# cssselect2
# tinycss2
zipp==3.17.0 \
--hash=sha256:0e923e726174922dce09c53c59ad483ff7bbb8e572e00c7f7c46b88556409f31 \
--hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0
zipp==3.18.1 \
--hash=sha256:206f5a15f2af3dbaee80769fb7dc6f249695e940acca08dfb2a4769fe61e538b \
--hash=sha256:2884ed22e7d8961de1c9a05142eb69a247f120291bc0206a00a7642f09b5b715
# via pytablewriter

931
docs/security-tuning.md
View file

File diff suppressed because it is too large Load diff

322
docs/settings.md
View file

@ -15,44 +15,45 @@ When settings are considered as "multiple", it means that you can have multiple
STREAM support :warning:
| Setting | Default | Context |Multiple| Description |
|------------------------------|------------------------------------------------------------------------------------------------------------------------|---------|--------|--------------------------------------------------|
|`IS_LOADING` |`no` |global |no |Internal use : set to yes when BW is loading. |
|`NGINX_PREFIX` |`/etc/nginx/` |global |no |Where nginx will search for configurations. |
|`HTTP_PORT` |`8080` |global |no |HTTP port number which bunkerweb binds to. |
|`HTTPS_PORT` |`8443` |global |no |HTTPS port number which bunkerweb binds to. |
|`MULTISITE` |`no` |global |no |Multi site activation. |
|`SERVER_NAME` |`www.example.com` |multisite|no |List of the virtual hosts served by bunkerweb. |
|`WORKER_PROCESSES` |`auto` |global |no |Number of worker processes. |
|`WORKER_RLIMIT_NOFILE` |`2048` |global |no |Maximum number of open files for worker processes.|
|`WORKER_CONNECTIONS` |`1024` |global |no |Maximum number of connections per worker. |
|`LOG_FORMAT` |`$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"`|global |no |The format to use for access logs. |
|`LOG_LEVEL` |`notice` |global |no |The level to use for error logs. |
|`DNS_RESOLVERS` |`127.0.0.11` |global |no |DNS addresses of resolvers to use. |
|`DATASTORE_MEMORY_SIZE` |`64m` |global |no |Size of the internal datastore. |
|`CACHESTORE_MEMORY_SIZE` |`64m` |global |no |Size of the internal cachestore. |
|`CACHESTORE_IPC_MEMORY_SIZE` |`16m` |global |no |Size of the internal cachestore (ipc). |
|`CACHESTORE_MISS_MEMORY_SIZE` |`16m` |global |no |Size of the internal cachestore (miss). |
|`CACHESTORE_LOCKS_MEMORY_SIZE`|`16m` |global |no |Size of the internal cachestore (locks). |
|`USE_API` |`yes` |global |no |Activate the API to control BunkerWeb. |
|`API_HTTP_PORT` |`5000` |global |no |Listen port number for the API. |
|`API_LISTEN_IP` |`0.0.0.0` |global |no |Listen IP address for the API. |
|`API_SERVER_NAME` |`bwapi` |global |no |Server name (virtual host) for the API. |
|`API_WHITELIST_IP` |`127.0.0.0/8` |global |no |List of IP/network allowed to contact the API. |
|`AUTOCONF_MODE` |`no` |global |no |Enable Autoconf Docker integration. |
|`SWARM_MODE` |`no` |global |no |Enable Docker Swarm integration. |
|`KUBERNETES_MODE` |`no` |global |no |Enable Kubernetes integration. |
|`SERVER_TYPE` |`http` |multisite|no |Server type : http or stream. |
|`LISTEN_STREAM` |`yes` |multisite|no |Enable listening for non-ssl (passthrough). |
|`LISTEN_STREAM_PORT` |`1337` |multisite|no |Listening port for non-ssl (passthrough). |
|`LISTEN_STREAM_PORT_SSL` |`4242` |multisite|no |Listening port for ssl (passthrough). |
|`USE_UDP` |`no` |multisite|no |UDP listen instead of TCP (stream). |
|`USE_IPV6` |`no` |global |no |Enable IPv6 connectivity. |
| Setting | Default | Context |Multiple| Description |
|------------------------------|------------------------------------------------------------------------------------------------------------------------|---------|--------|--------------------------------------------------------------------------------------------|
|`IS_LOADING` |`no` |global |no |Internal use : set to yes when BW is loading. |
|`NGINX_PREFIX` |`/etc/nginx/` |global |no |Where nginx will search for configurations. |
|`HTTP_PORT` |`8080` |global |no |HTTP port number which bunkerweb binds to. |
|`HTTPS_PORT` |`8443` |global |no |HTTPS port number which bunkerweb binds to. |
|`MULTISITE` |`no` |global |no |Multi site activation. |
|`SERVER_NAME` |`www.example.com` |multisite|no |List of the virtual hosts served by bunkerweb. |
|`WORKER_PROCESSES` |`auto` |global |no |Number of worker processes. |
|`WORKER_RLIMIT_NOFILE` |`2048` |global |no |Maximum number of open files for worker processes. |
|`WORKER_CONNECTIONS` |`1024` |global |no |Maximum number of connections per worker. |
|`LOG_FORMAT` |`$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"`|global |no |The format to use for access logs. |
|`LOG_LEVEL` |`notice` |global |no |The level to use for error logs. |
|`DNS_RESOLVERS` |`127.0.0.11` |global |no |DNS addresses of resolvers to use. |
|`DATASTORE_MEMORY_SIZE` |`64m` |global |no |Size of the internal datastore. |
|`CACHESTORE_MEMORY_SIZE` |`64m` |global |no |Size of the internal cachestore. |
|`CACHESTORE_IPC_MEMORY_SIZE` |`16m` |global |no |Size of the internal cachestore (ipc). |
|`CACHESTORE_MISS_MEMORY_SIZE` |`16m` |global |no |Size of the internal cachestore (miss). |
|`CACHESTORE_LOCKS_MEMORY_SIZE`|`16m` |global |no |Size of the internal cachestore (locks). |
|`USE_API` |`yes` |global |no |Activate the API to control BunkerWeb. |
|`API_HTTP_PORT` |`5000` |global |no |Listen port number for the API. |
|`API_LISTEN_IP` |`0.0.0.0` |global |no |Listen IP address for the API. |
|`API_SERVER_NAME` |`bwapi` |global |no |Server name (virtual host) for the API. |
|`API_WHITELIST_IP` |`127.0.0.0/8` |global |no |List of IP/network allowed to contact the API. |
|`AUTOCONF_MODE` |`no` |global |no |Enable Autoconf Docker integration. |
|`SWARM_MODE` |`no` |global |no |Enable Docker Swarm integration. |
|`KUBERNETES_MODE` |`no` |global |no |Enable Kubernetes integration. |
|`SERVER_TYPE` |`http` |multisite|no |Server type : http or stream. |
|`LISTEN_STREAM` |`yes` |multisite|no |Enable listening for non-ssl (passthrough). |
|`LISTEN_STREAM_PORT` |`1337` |multisite|no |Listening port for non-ssl (passthrough). |
|`LISTEN_STREAM_PORT_SSL` |`4242` |multisite|no |Listening port for ssl (passthrough). |
|`USE_UDP` |`no` |multisite|no |UDP listen instead of TCP (stream). |
|`USE_IPV6` |`no` |global |no |Enable IPv6 connectivity. |
|`IS_DRAFT` |`no` |multisite|no |Internal use : set to yes when the service is in draft mode. |
|`TIMERS_LOG_LEVEL` |`debug` |global |no |Log level for timers. |
|`OVERRIDE_INSTANCES` | |global |no |List of BunkerWeb instances separated with spaces (format : fqdn-or-ip:5000 fqdn-or-ip:5000)|
## Core settings
### Antibot
## Antibot
STREAM support :x:
@ -72,7 +73,7 @@ Bot detection by using a challenge.
|`ANTIBOT_TIME_RESOLVE` |`60` |multisite|no |Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.|
|`ANTIBOT_TIME_VALID` |`86400` |multisite|no |Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one. |
### Auth basic
## Auth basic
STREAM support :x:
@ -86,7 +87,39 @@ Enforce login before accessing a resource or the whole site using HTTP basic aut
|`AUTH_BASIC_PASSWORD`|`changeme` |multisite|no |Password |
|`AUTH_BASIC_TEXT` |`Restricted area`|multisite|no |Text to display |
### Bad behavior
## Backup
STREAM support :white_check_mark:
Backup your data to a custom location. Ensure the safety and availability of your important files by creating regular backups.
| Setting | Default |Context|Multiple| Description |
|------------------|----------------------------|-------|--------|---------------------------------------------|
|`USE_BACKUP` |`yes` |global |no |Enable or disable the backup feature |
|`BACKUP_DIRECTORY`|`/var/lib/bunkerweb/backups`|global |no |The directory where the backup will be stored|
|`BACKUP_SCHEDULE` |`daily` |global |no |The frequency of the backup |
|`BACKUP_ROTATION` |`7` |global |no |The number of backups to keep |
## Backup S3 <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :white_check_mark:
Automatically backup your data to an S3 bucket
| Setting |Default|Context|Multiple| Description |
|-----------------------------|-------|-------|--------|--------------------------------------------|
|`USE_BACKUP_S3` |`no` |global |no |Enable or disable the S3 backup feature |
|`BACKUP_S3_SCHEDULE` |`daily`|global |no |The frequency of the backup |
|`BACKUP_S3_ROTATION` |`7` |global |no |The number of backups to keep |
|`BACKUP_S3_ENDPOINT` | |global |no |The S3 endpoint |
|`BACKUP_S3_BUCKET` | |global |no |The S3 bucket |
|`BACKUP_S3_REGION` | |global |no |The S3 region |
|`BACKUP_S3_ACCESS_KEY_ID` | |global |no |The S3 access key ID |
|`BACKUP_S3_ACCESS_KEY_SECRET`| |global |no |The S3 access key secret |
|`BACKUP_S3_COMP_LEVEL` |`6` |global |no |The compression level of the backup zip file|
## Bad behavior
STREAM support :white_check_mark:
@ -100,7 +133,7 @@ Ban IP generating too much 'bad' HTTP status code in a period of time.
|`BAD_BEHAVIOR_THRESHOLD` |`10` |multisite|no |Maximum number of 'bad' HTTP status codes within the period of time before IP is banned. |
|`BAD_BEHAVIOR_COUNT_TIME` |`60` |multisite|no |Period of time (in seconds) during which we count 'bad' HTTP status codes. |
### Blacklist
## Blacklist
STREAM support :warning:
@ -131,7 +164,7 @@ Deny access based on internal and external IP/network/rDNS/ASN blacklists.
|`BLACKLIST_IGNORE_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist. |
|`BLACKLIST_IGNORE_URI_URLS` | |global |no |List of URLs, separated with spaces, containing URI to ignore in the blacklist. |
### Brotli
## Brotli
STREAM support :x:
@ -144,7 +177,7 @@ Compress HTTP requests with the brotli algorithm.
|`BROTLI_MIN_LENGTH`|`1000` |multisite|no |Minimum length for brotli compression. |
|`BROTLI_COMP_LEVEL`|`6` |multisite|no |The compression level of the brotli algorithm. |
### BunkerNet
## BunkerNet
STREAM support :white_check_mark:
@ -155,7 +188,7 @@ Share threat data with other BunkerWeb instances via BunkerNet.
|`USE_BUNKERNET` |`yes` |multisite|no |Activate BunkerNet feature. |
|`BUNKERNET_SERVER`|`https://api.bunkerweb.io`|global |no |Address of the BunkerNet API.|
### CORS
## CORS
STREAM support :x:
@ -175,7 +208,7 @@ Cross-Origin Resource Sharing.
|`CORS_ALLOW_HEADERS` |`DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range`|multisite|no |Value of the Access-Control-Allow-Headers header. |
|`CORS_DENY_REQUEST` |`yes` |multisite|no |Deny request and don't send it to backend if Origin is not allowed.|
### Client cache
## Client cache
STREAM support :x:
@ -188,7 +221,7 @@ Manage caching for clients.
|`CLIENT_CACHE_ETAG` |`yes` |multisite|no |Send the HTTP ETag header for static resources. |
|`CLIENT_CACHE_CONTROL` |`public, max-age=15552000` |multisite|no |Value of the Cache-Control HTTP header. |
### Country
## Country
STREAM support :white_check_mark:
@ -199,7 +232,7 @@ Deny access based on the country of the client IP.
|`BLACKLIST_COUNTRY`| |multisite|no |Deny access if the country of the client is in the list (ISO 3166-1 alpha-2 format separated with spaces). |
|`WHITELIST_COUNTRY`| |multisite|no |Deny access if the country of the client is not in the list (ISO 3166-1 alpha-2 format separated with spaces).|
### Custom HTTPS certificate
## Custom HTTPS certificate
STREAM support :white_check_mark:
@ -213,17 +246,18 @@ Choose custom certificate for HTTPS.
|`CUSTOM_SSL_CERT_DATA`| |multisite|no |Certificate data encoded in base64. |
|`CUSTOM_SSL_KEY_DATA` | |multisite|no |Key data encoded in base64. |
### DB
## DB
STREAM support :white_check_mark:
Integrate easily the Database.
| Setting | Default |Context|Multiple| Description |
|--------------|-----------------------------------------|-------|--------|--------------------------------------------------|
|`DATABASE_URI`|`sqlite:////var/lib/bunkerweb/db.sqlite3`|global |no |The database URI, following the sqlalchemy format.|
| Setting | Default |Context|Multiple| Description |
|--------------------|-----------------------------------------|-------|--------|--------------------------------------------------|
|`DATABASE_URI` |`sqlite:////var/lib/bunkerweb/db.sqlite3`|global |no |The database URI, following the sqlalchemy format.|
|`DATABASE_LOG_LEVEL`|`warning` |global |no |The level to use for database logs. |
### DNSBL
## DNSBL
STREAM support :white_check_mark:
@ -234,7 +268,7 @@ Deny access based on external DNSBL servers.
|`USE_DNSBL` |`yes` |multisite|no |Activate DNSBL feature.|
|`DNSBL_LIST`|`bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org`|global |no |List of DNSBL servers. |
### Errors
## Errors
STREAM support :x:
@ -245,7 +279,7 @@ Manage default error pages
|`ERRORS` | |multisite|no |List of HTTP error code and corresponding error pages, separated with spaces (404=/my404.html 403=/errors/403.html ...).|
|`INTERCEPTED_ERROR_CODES`|`400 401 403 404 405 413 429 500 501 502 503 504`|multisite|no |List of HTTP error code intercepted by BunkerWeb |
### Greylist
## Greylist
STREAM support :warning:
@ -266,7 +300,7 @@ Allow access while keeping security features based on internal and external IP/n
|`GREYLIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to put into the greylist. |
|`GREYLIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to put into the greylist. |
### Gzip
## Gzip
STREAM support :x:
@ -279,7 +313,7 @@ Compress HTTP requests with the gzip algorithm.
|`GZIP_MIN_LENGTH`|`1000` |multisite|no |Minimum length for gzip compression. |
|`GZIP_COMP_LEVEL`|`5` |multisite|no |The compression level of the gzip algorithm. |
### HTML injection
## HTML injection
STREAM support :x:
@ -289,7 +323,7 @@ Inject custom HTML code before the </body> tag.
|-------------|-------|---------|--------|------------------------|
|`INJECT_BODY`| |multisite|no |The HTML code to inject.|
### Headers
## Headers
STREAM support :x:
@ -312,19 +346,38 @@ Manage HTTP headers sent to clients.
|`X_CONTENT_TYPE_OPTIONS` |`nosniff` |multisite|no |Value for the X-Content-Type-Options header. |
|`X_XSS_PROTECTION` |`1; mode=block` |multisite|no |Value for the X-XSS-Protection header. |
### Let's Encrypt
## Let's Encrypt
STREAM support :white_check_mark:
Automatic creation, renewal and configuration of Let's Encrypt certificates.
| Setting |Default| Context |Multiple| Description |
|--------------------------|-------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`AUTO_LETS_ENCRYPT` |`no` |multisite|no |Activate automatic Let's Encrypt mode. |
|`EMAIL_LETS_ENCRYPT` | |multisite|no |Email used for Let's Encrypt notification and in certificate. |
|`USE_LETS_ENCRYPT_STAGING`|`no` |multisite|no |Use the staging environment for Lets Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.|
| Setting |Default| Context |Multiple| Description |
|------------------------------|-------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|`AUTO_LETS_ENCRYPT` |`no` |multisite|no |Activate automatic Let's Encrypt mode. |
|`EMAIL_LETS_ENCRYPT` | |multisite|no |Email used for Let's Encrypt notification and in certificate. |
|`USE_LETS_ENCRYPT_STAGING` |`no` |multisite|no |Use the staging environment for Lets Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.|
|`LETS_ENCRYPT_CLEAR_OLD_CERTS`|`no` |global |no |Clear old certificates when renewing. |
### Limit
## Let's Encrypt DNS <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :white_check_mark:
Automatic creation, renewal and configuration of Let's Encrypt certificates using DNS challenges.
| Setting | Default | Context |Multiple| Description |
|----------------------------------|---------|---------|--------|---------------------------------------------------------------------------------------|
|`AUTO_LETS_ENCRYPT_DNS` |`no` |multisite|no |Activate automatic Let's Encrypt DNS. |
|`LETS_ENCRYPT_DNS_EMAIL` | |multisite|no |The email address to use for Let's Encrypt notifications. |
|`USE_LETS_ENCRYPT_DNS_STAGING` |`no` |multisite|no |Use the Let's Encrypt staging environment. |
|`LETS_ENCRYPT_DNS_PROVIDER` | |multisite|no |The DNS provider to use for DNS challenges. |
|`USE_LETS_ENCRYPT_DNS_WILDCARD` |`yes` |multisite|no |Create wildcard certificates for all domains using DNS challenges. |
|`LETS_ENCRYPT_DNS_PROPAGATION` |`default`|multisite|no |The time to wait for DNS propagation in seconds. |
|`LETS_ENCRYPT_DNS_CREDENTIAL_ITEM`| |multisite|yes |Configuration item that will be added to the credentials.ini file for the DNS provider.|
|`LETS_ENCRYPT_DNS_CLEAR_OLD_CERTS`|`no` |global |no |Clear old certificates when renewing. |
## Limit
STREAM support :warning:
@ -340,34 +393,54 @@ Limit maximum number of requests and connections.
|`LIMIT_CONN_MAX_HTTP2` |`100` |multisite|no |Maximum number of streams per IP when using HTTP/2 protocol. |
|`LIMIT_CONN_MAX_STREAM`|`10` |multisite|no |Maximum number of connections per IP when using stream. |
### Miscellaneous
## Metrics
STREAM support :warning:
Metrics collection and retrieve.
| Setting |Default| Context |Multiple| Description |
|------------------------------|-------|---------|--------|---------------------------------------------------------|
|`USE_METRICS` |`yes` |multisite|no |Enable collection and retrieval of internal metrics. |
|`METRICS_MEMORY_SIZE` |`16m` |global |no |Size of the internal storage for metrics. |
|`METRICS_MAX_BLOCKED_REQUESTS`|`100` |global |no |Maximum number of blocked requests to store (per worker).|
## Migration <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :white_check_mark:
Migration of BunkerWeb configuration between instances made easy via the web UI
## Miscellaneous
STREAM support :warning:
Miscellaneous settings.
| Setting | Default | Context |Multiple| Description |
|-----------------------------|-----------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------|
|`DISABLE_DEFAULT_SERVER` |`no` |global |no |Close connection if the request vhost is unknown. |
|`REDIRECT_HTTP_TO_HTTPS` |`no` |multisite|no |Redirect all HTTP request to HTTPS. |
|`AUTO_REDIRECT_HTTP_TO_HTTPS`|`yes` |multisite|no |Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case. |
|`ALLOWED_METHODS` |`GET|POST|HEAD` |multisite|no |Allowed HTTP and WebDAV methods, separated with pipes to be sent by clients. |
|`MAX_CLIENT_SIZE` |`10m` |multisite|no |Maximum body size (0 for infinite). |
|`SERVE_FILES` |`yes` |multisite|no |Serve files from the local folder. |
|`ROOT_FOLDER` | |multisite|no |Root folder containing files to serve (/var/www/html/{server_name} if unset). |
|`SSL_PROTOCOLS` |`TLSv1.2 TLSv1.3` |multisite|no |The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons. |
|`HTTP2` |`yes` |multisite|no |Support HTTP2 protocol when HTTPS is enabled. |
|`LISTEN_HTTP` |`yes` |multisite|no |Respond to (insecure) HTTP requests. |
|`USE_OPEN_FILE_CACHE` |`no` |multisite|no |Enable open file cache feature |
|`OPEN_FILE_CACHE` |`max=1000 inactive=20s`|multisite|no |Open file cache directive |
|`OPEN_FILE_CACHE_ERRORS` |`yes` |multisite|no |Enable open file cache for errors |
|`OPEN_FILE_CACHE_MIN_USES` |`2` |multisite|no |Enable open file cache minimum uses |
|`OPEN_FILE_CACHE_VALID` |`30s` |multisite|no |Open file cache valid time |
|`EXTERNAL_PLUGIN_URLS` | |global |no |List of external plugins URLs (direct download to .zip or .tar file) to download and install (URLs are separated with space).|
|`DENY_HTTP_STATUS` |`403` |global |no |HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection. |
|`SEND_ANONYMOUS_REPORT` |`yes` |global |no |Send anonymous report to BunkerWeb maintainers. |
| Setting | Default | Context |Multiple| Description |
|-----------------------------------|-----------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------|
|`DISABLE_DEFAULT_SERVER` |`no` |global |no |Deny HTTP request if the request vhost is unknown. |
|`DISABLE_DEFAULT_SERVER_STRICT_SNI`|`no` |global |no |Close SSL/TLS connection if the SNI is unknown. |
|`REDIRECT_HTTP_TO_HTTPS` |`no` |multisite|no |Redirect all HTTP request to HTTPS. |
|`AUTO_REDIRECT_HTTP_TO_HTTPS` |`yes` |multisite|no |Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case. |
|`ALLOWED_METHODS` |`GET|POST|HEAD` |multisite|no |Allowed HTTP and WebDAV methods, separated with pipes to be sent by clients. |
|`MAX_CLIENT_SIZE` |`10m` |multisite|no |Maximum body size (0 for infinite). |
|`SERVE_FILES` |`yes` |multisite|no |Serve files from the local folder. |
|`ROOT_FOLDER` | |multisite|no |Root folder containing files to serve (/var/www/html/{server_name} if unset). |
|`SSL_PROTOCOLS` |`TLSv1.2 TLSv1.3` |multisite|no |The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons. |
|`HTTP2` |`yes` |multisite|no |Support HTTP2 protocol when HTTPS is enabled. |
|`LISTEN_HTTP` |`yes` |multisite|no |Respond to (insecure) HTTP requests. |
|`USE_OPEN_FILE_CACHE` |`no` |multisite|no |Enable open file cache feature |
|`OPEN_FILE_CACHE` |`max=1000 inactive=20s`|multisite|no |Open file cache directive |
|`OPEN_FILE_CACHE_ERRORS` |`yes` |multisite|no |Enable open file cache for errors |
|`OPEN_FILE_CACHE_MIN_USES` |`2` |multisite|no |Enable open file cache minimum uses |
|`OPEN_FILE_CACHE_VALID` |`30s` |multisite|no |Open file cache valid time |
|`EXTERNAL_PLUGIN_URLS` | |global |no |List of external plugins URLs (direct download to .zip or .tar file) to download and install (URLs are separated with space).|
|`DENY_HTTP_STATUS` |`403` |global |no |HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection. |
|`SEND_ANONYMOUS_REPORT` |`yes` |global |no |Send anonymous report to BunkerWeb maintainers. |
### ModSecurity
## ModSecurity
STREAM support :x:
@ -377,11 +450,24 @@ Management of the ModSecurity WAF.
|---------------------------------|--------------|---------|--------|------------------------------------------|
|`USE_MODSECURITY` |`yes` |multisite|no |Enable ModSecurity WAF. |
|`USE_MODSECURITY_CRS` |`yes` |multisite|no |Enable OWASP Core Rule Set. |
|`MODSECURITY_CRS_VERSION` |`3` |multisite|no |Version of the OWASP Core Rule Set to use.|
|`MODSECURITY_SEC_AUDIT_ENGINE` |`RelevantOnly`|multisite|no |SecAuditEngine directive of ModSecurity. |
|`MODSECURITY_SEC_RULE_ENGINE` |`On` |multisite|no |SecRuleEngine directive of ModSecurity. |
|`MODSECURITY_SEC_AUDIT_LOG_PARTS`|`ABCFHZ` |multisite|no |SecAuditLogParts directive of ModSecurity.|
### PHP
## Monitoring <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :x:
BunkerWeb monitoring pro system. This plugin is a prerequisite for some other plugins.
| Setting |Default|Context|Multiple| Description |
|------------------------------|-------|-------|--------|---------------------------------------------|
|`USE_MONITORING` |`yes` |global |no |Enable monitoring of BunkerWeb. |
|`MONITORING_METRICS_DICT_SIZE`|`10M` |global |no |Size of the dict to store monitoring metrics.|
## PHP
STREAM support :x:
@ -394,7 +480,32 @@ Manage local or remote PHP-FPM.
|`LOCAL_PHP` | |multisite|no |Path to the PHP-FPM socket file. |
|`LOCAL_PHP_PATH` | |multisite|no |Root folder containing files in the local PHP-FPM instance. |
### Real IP
## Pro
STREAM support :x:
Pro settings for the Pro version of BunkerWeb.
| Setting |Default|Context|Multiple| Description |
|-----------------|-------|-------|--------|-------------------------------------------------|
|`PRO_LICENSE_KEY`| |global |no |The License Key for the Pro version of BunkerWeb.|
## Prometheus exporter <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :x:
Prometheus exporter for BunkerWeb internal metrics.
| Setting | Default |Context|Multiple| Description |
|------------------------------|-----------------------------------------------------|-------|--------|------------------------------------------------------------------------|
|`USE_PROMETHEUS_EXPORTER` |`no` |global |no |Enable the Prometheus export. |
|`PROMETHEUS_EXPORTER_IP` |`0.0.0.0` |global |no |Listening IP of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_PORT` |`9113` |global |no |Listening port of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_URL` |`/metrics` |global |no |HTTP URL of the Prometheus exporter. |
|`PROMETHEUS_EXPORTER_ALLOW_IP`|`127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16`|global |no |List of IP/networks allowed to contact the Prometheus exporter endpoint.|
## Real IP
STREAM support :warning:
@ -409,7 +520,7 @@ Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.
|`REAL_IP_HEADER` |`X-Forwarded-For` |multisite|no |HTTP header containing the real IP or special value proxy_protocol for PROXY protocol. |
|`REAL_IP_RECURSIVE` |`yes` |multisite|no |Perform a recursive search in the header container IP address. |
### Redirect
## Redirect
STREAM support :x:
@ -421,7 +532,7 @@ Manage HTTP redirects.
|`REDIRECT_TO_REQUEST_URI`|`no` |multisite|no |Append the requested URI to the redirect address.|
|`REDIRECT_TO_STATUS_CODE`|`301` |multisite|no |Status code to send to client when redirecting. |
### Redis
## Redis
STREAM support :white_check_mark:
@ -434,6 +545,7 @@ Redis server configuration when using BunkerWeb in cluster mode.
|`REDIS_PORT` |`6379` |global |no |Redis server port. |
|`REDIS_DATABASE` |`0` |global |no |Redis database number. |
|`REDIS_SSL` |`no` |global |no |Use SSL/TLS connection with Redis server. |
|`REDIS_SSL_VERIFY` |`no` |global |no |Verify the certificate of Redis server. |
|`REDIS_TIMEOUT` |`1000` |global |no |Redis server timeout (in ms) for connect, read and write. |
|`REDIS_KEEPALIVE_IDLE` |`30000`|global |no |Max idle time (in ms) before closing redis connection in the pool. |
|`REDIS_KEEPALIVE_POOL` |`10` |global |no |Max number of redis connection(s) kept in the pool. |
@ -444,7 +556,28 @@ Redis server configuration when using BunkerWeb in cluster mode.
|`REDIS_SENTINEL_PASSWORD`| |global |no |Redis sentinel password. |
|`REDIS_SENTINEL_MASTER` | |global |no |Redis sentinel master name. |
### Reverse proxy
## Reporting <img src='../assets/img/pro-icon.svg' alt='crow pro icon' height='24px' width='24px' style='transform : translateY(3px);'> (PRO)
STREAM support :x:
Regular reporting of important data from BunkerWeb (global, attacks, bans, requests, reasons, AS...). Monitoring pro plugin needed to work.
| Setting |Default |Context|Multiple| Description |
|------------------------------|--------|-------|--------|----------------------------------------------------------------------------------------------------------------------------------|
|`USE_REPORTING_SMTP` |`no` |global |no |Enable sending the report via email. |
|`USE_REPORTING_WEBHOOK` |`no` |global |no |Enable sending the report via webhook. |
|`REPORTING_SCHEDULE` |`weekly`|global |no |The frequency at which reports are sent. |
|`REPORTING_WEBHOOK_URLS` | |global |no |List of webhook URLs to receive the report in Markdown (separated by spaces). |
|`REPORTING_SMTP_EMAILS` | |global |no |List of email addresses to receive the report in HTML format (separated by spaces). |
|`REPORTING_SMTP_HOST` | |global |no |The host server used for SMTP sending. |
|`REPORTING_SMTP_PORT` |`465` |global |no |The port used for SMTP. Please note that there are different standards depending on the type of connection (SSL = 465, TLS = 587).|
|`REPORTING_SMTP_FROM_EMAIL` | |global |no |The email address used as the sender. Note that 2FA must be disabled for this email address. |
|`REPORTING_SMTP_FROM_USER` | |global |no |The user authentication value for sending via the from email address. |
|`REPORTING_SMTP_FROM_PASSWORD`| |global |no |The password authentication value for sending via the from email address. |
|`REPORTING_SMTP_SSL` |`SSL` |global |no |Determine whether or not to use a secure connection for SMTP. |
## Reverse proxy
STREAM support :warning:
@ -478,8 +611,9 @@ Manage reverse proxy configurations.
|`REVERSE_PROXY_READ_TIMEOUT` |`60s` |multisite|yes |Timeout when reading from the proxied resource. |
|`REVERSE_PROXY_SEND_TIMEOUT` |`60s` |multisite|yes |Timeout when sending to the proxied resource. |
|`REVERSE_PROXY_INCLUDES` | |multisite|yes |Additional configuration to include in the location block, separated with spaces. |
|`REVERSE_PROXY_CUSTOM_HOST` | |multisite|no |Override Host header sent to upstream server. |
### Reverse scan
## Reverse scan
STREAM support :white_check_mark:
@ -491,7 +625,7 @@ Scan clients ports to detect proxies or servers.
|`REVERSE_SCAN_PORTS` |`22 80 443 3128 8000 8080`|multisite|no |List of port to scan when using reverse scan feature. |
|`REVERSE_SCAN_TIMEOUT`|`500` |multisite|no |Specify the maximum timeout (in ms) when scanning a port. |
### Self-signed certificate
## Self-signed certificate
STREAM support :white_check_mark:
@ -503,7 +637,7 @@ Generate self-signed certificate.
|`SELF_SIGNED_SSL_EXPIRY` |`365` |multisite|no |Self-signed certificate expiry in days. |
|`SELF_SIGNED_SSL_SUBJ` |`/CN=www.example.com/`|multisite|no |Self-signed certificate subject. |
### Sessions
## Sessions
STREAM support :white_check_mark:
@ -519,7 +653,7 @@ Management of session used by other plugins.
|`SESSIONS_CHECK_IP` |`yes` |global |no |Destroy session if IP address is different than original one. |
|`SESSIONS_CHECK_USER_AGENT`|`yes` |global |no |Destroy session if User-Agent is different than original one. |
### UI
## UI
STREAM support :x:
@ -530,7 +664,7 @@ Integrate easily the BunkerWeb UI.
|`USE_UI` |`no` |multisite|no |Use UI |
|`UI_HOST`| |global |no |Address of the web UI used for initial setup|
### Whitelist
## Whitelist
STREAM support :warning:

11
docs/troubleshooting.md
View file

@ -119,6 +119,10 @@ Here is how you can access the logs, depending on your integration :
Don't forget that BunkerWeb runs as an unprivileged user for obvious security reasons. Double-check the permissions of files and folders used by BunkerWeb, especially if you use custom configurations (more info [here](quickstart-guide.md#custom-configurations)). You will need to set at least **RW** rights on files and **_RWX_** on folders.
## Disable security checks
For debugging purposes, you may need to temporarily disable the security checks made by BunkerWeb. One quick way of doing it is by adding everyone in the whitelist (e.g. `WHITELIST_IP=0.0.0.0/0`).
## ModSecurity
The default BunkerWeb configuration of ModSecurity is to load the Core Rule Set in anomaly scoring mode with a paranoia level (PL) of 1 :
@ -466,3 +470,10 @@ In case you lost your UI credentials or have 2FA issues, you can connect to the
```
You should now be able to log into the web UI only using your username and password.
**Upload plugin**
It may not be possible to upload a plugin from the UI in certain situations:
- Missing package to manage compressed files on your integration, in which case you will need to add the necessary packages
- Safari browser : the 'safe mode' may prevent you from being able to add a plugin. You will need to make the necessary changes on your machine

360
docs/upgrading.md Normal file
View file

@ -0,0 +1,360 @@
# Upgrading
## Upgrade from 1.5.X
!!! warning "Read me first"
We often add new features and settings to BunkerWeb. We recommend you read the [settings](settings.md) sections of the documentation or the GitHub releases to see what's new.
### Procedure
1. **Backup the database**:
- Before proceeding with the database upgrade, ensure to perform a complete backup of the current state of the database.
- Use appropriate tools to backup the entire database, including data, schemas, and configurations.
=== "1\.5\.7 and later"
=== "Docker"
```bash
docker exec -it -e BACKUP_DIRECTORY=/path/to/backup/directory <scheduler_container> bwcli plugin backup save
```
```bash
docker cp <scheduler_container>:/path/to/backup/directory /path/to/backup/directory
```
=== "Linux"
!!! warning "Information for Red Hat Enterprise Linux (RHEL) 8.9 users"
If you are using **RHEL 8.9** and plan on using an **external database**, you will need to install the `mysql-community-client` package to ensure the `mysqldump` command is available. You can install the package by executing the following commands:
=== "MySQL/MariaDB"
1. **Install the MySQL repository configuration package**
```bash
sudo dnf install https://dev.mysql.com/get/mysql80-community-release-el8-9.noarch.rpm
```
2. **Enable the MySQL repository**
```bash
sudo dnf config-manager --enable mysql80-community
```
3. **Install the MySQL client**
```bash
sudo dnf install mysql-community-client
```
=== "PostgreSQL"
4. **Install the PostgreSQL repository configuration package**
```bash
dnf install "https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-$(uname -m)/pgdg-redhat-repo-latest.noarch.rpm"
```
5. **Install the PostgreSQL client**
```bash
dnf install postgresql<version>
```
```bash
BACKUP_DIRECTORY=/path/to/backup/directory bwcli plugin backup save
```
=== "1\.5\.6 and earlier"
=== "SQLite"
=== "Docker"
We first need to install the `sqlite` package in the container.
```bash
docker exec -u 0 -it <scheduler_container> apk add sqlite
```
Then, backup the database.
```bash
docker exec -it <scheduler_container> sqlite3 /var/lib/bunkerweb/db.sqlite3 ".dump" > /path/to/backup/directory/backup.sql
```
=== "Linux"
```bash
sqlite3 /var/lib/bunkerweb/db.sqlite3 ".dump" > /path/to/backup/directory/backup.sql
```
=== "MySQL/MariaDB"
=== "Docker"
```bash
docker exec -it <database_container> mysqldump -u <username> -p <database_name> > /path/to/backup/directory/backup.sql
```
=== "Linux"
```bash
mysqldump -u <username> -p <database_name> > /path/to/backup/directory/backup.sql
```
=== "PostgreSQL"
=== "Docker"
```bash
docker exec -it <database_container> pg_dump -U <username> -d <database_name> > /path/to/backup/directory/backup.sql
```
=== "Linux"
```bash
pg_dump -U <username> -d <database_name> > /path/to/backup/directory/backup.sql
```
2. **Upgrade BunkerWeb**:
- Upgrade BunkerWeb to the latest version.
=== "Docker"
1. **Update the Docker Compose file**: Update the Docker Compose file to use the new version of the BunkerWeb image.
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.7
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.7
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.7
...
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.7
...
```
2. **Restart the containers**: Restart the containers to apply the changes.
```bash
docker compose down
docker compose up -d
```
=== "Linux"
3. **Stop the services**:
```bash
systemctl stop bunkerweb-scheduler
systemctl stop bunkerweb-ui
```
4. **Update BunkerWeb**:
- Update BunkerWeb to the latest version by following the instructions in the [integration Linux page](integrations.md#linux).
3. **Check the logs**: Check the logs of the scheduler service to ensure that the migration was successful.
=== "Docker"
```bash
docker compose logs <scheduler_container>
```
=== "Linux"
```bash
journalctl -u bunkerweb --no-pager
```
4. **Verify the database**: Verify that the database upgrade was successful by checking the data and configurations in the new database container.
### Rollback
!!! failure "In case of issues"
If you encounter any issues during the upgrade, you can rollback to the previous version of the database by restoring the backup taken in [step 1](#__tabbed_1_1).
Get support and more information :
- [Order professionnal support](https://panel.bunkerweb.io/?utm_source=doc&utm_campaign=self)
- [Create an issue on GitHub](https://github.com/bunkerity/bunkerweb/issues)
- [Join the BunkerWeb Discord server](https://discord.bunkerity.com)
=== "Docker"
1. **Restore the backup**.
=== "SQLite"
1. **Remove the existing database file.**
```bash
docker exec -u 0 -i <scheduler_container> rm -f /var/lib/bunkerweb/db.sqlite3
```
2. **Restore the backup.**
```bash
docker exec -i -T <scheduler_container> sqlite3 /var/lib/bunkerweb/db.sqlite3 < /path/to/backup/directory/backup.sql
```
=== "MySQL/MariaDB"
3. **Stop the Scheduler container.**
```bash
docker compose down <scheduler_container>
```
4. **Restore the backup.**
```bash
docker exec -e MYSQL_PWD=<your_password> -i -T <database_container> mysql -u <username> <database_name> < /path/to/backup/directory/backup.sql
```
=== "PostgreSQL"
5. **Stop the Scheduler container.**
```bash
docker compose down <scheduler_container>
```
6. **Remove the existing database.**
```bash
docker exec -i <database_container> dropdb -U <username> --force <database_name>
```
7. **Recreate the database.**
```bash
docker exec -i <database_container> createdb -U <username> <database_name>
```
8. **Restore the backup.**
```bash
docker exec -i -T <database_container> psql -U <username> -d <database_name> < /path/to/backup/directory/backup.sql
```
2. **Downgrade BunkerWeb**.
```yaml
services:
bunkerweb:
image: bunkerity/bunkerweb:<old_version>
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:<old_version>
...
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:<old_version>
...
bw-ui:
image: bunkerity/bunkerweb-ui:<old_version>
...
```
3. **Restart the containers**.
```bash
docker compose down
docker compose up -d
```
=== "Linux"
4. **Stop the services**.
```bash
systemctl stop bunkerweb-scheduler
systemctl stop bunkerweb-ui
```
5. **Restore the backup**.
=== "SQLite"
```bash
rm -f /var/lib/bunkerweb/db.sqlite3
sqlite3 /var/lib/bunkerweb/db.sqlite3 < /path/to/backup/directory/backup.sql
```
=== "MySQL/MariaDB"
```bash
mysql -u <username> -p <database_name> < /path/to/backup/directory/backup.sql
```
=== "PostgreSQL"
1. **Remove the existing database.**
```bash
dropdb -U <username> --force <database_name>
```
2. **Recreate the database.**
```bash
createdb -U <username> <database_name>
```
3. **Restore the backup.**
```bash
psql -U <username> -d <database_name> < /path/to/backup/directory/backup.sql
```
6. **Downgrade BunkerWeb**.
- Downgrade BunkerWeb to the previous version by following the same steps as when upgrading BunkerWeb in the [integration Linux page](integrations.md#linux)
## Upgrade from 1.4.X
!!! warning "Read this if you were a 1.4.X user"
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) folder of the repository.
### Scheduler
Back to the 1.4.X releases, jobs (like Let's Encrypt certificate generation/renewal or blacklists download) **were executed in the same container as BunkerWeb**. For the purpose of [separation of concerns](https://en.wikipedia.org/wiki/Separation_of_concerns), we decided to create a **separate service** which is now responsible for managing jobs.
Called **Scheduler**, this service also generates the final configuration used by BunkerWeb and acts as an intermediary between autoconf and BunkerWeb. In other words, the scheduler is the **brain of the BunkerWeb 1.5.X stack**.
You will find more information about the scheduler [here](concepts.md#scheduler).
### Database
BunkerWeb configuration is **no more stored in a plain file** (located at `/etc/nginx/variables.env` if you didn't know it). That's it, we now support a **fully-featured database as a backend** to store settings, cache, custom configs, ... 🥳
Using a real database offers many advantages :
- Backup of the current configuration
- Usage with multiple services (scheduler, web UI, ...)
- Upgrade to a new BunkerWeb version
Please note that we actually support, **SQLite**, **MySQL**, **MariaDB** and **PostgreSQL** as backends.
You will find more information about the database [here](concepts.md#database).
### Redis
When BunkerWeb 1.4.X was used in cluster mode (Swarm or Kubernetes integrations), **data were not shared among the nodes**. For example, if an attacker was banned via the "bad behavior" feature on a specific node, **he could still connect to the other nodes**.
Security is not the only reason to have a shared data store for clustered integrations, **caching** is also another one. We can now **store results** of time-consuming operations like (reverse) dns lookups so they are **available for other nodes**.
We actually support **Redis** as a backend for the shared data store.
See the list of [redis settings](settings.md#redis) and the corresponding documentation of your integration for more information.
### Default values and new settings
The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.

141
docs/web-ui.md
View file

@ -80,7 +80,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -96,7 +96,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -118,7 +118,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
depends_on:
- bw-docker
environment:
@ -171,7 +171,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -188,7 +188,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -201,7 +201,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -236,7 +236,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
networks:
bw-docker:
bw-universe:
@ -278,7 +278,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- published: 80
target: 8080
@ -308,7 +308,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- "bunkerweb.INSTANCE=yes"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -336,7 +336,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -363,7 +363,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
- bw-universe
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -410,7 +410,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
resources: ["services", "pods", "configmaps", "secrets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
@ -454,7 +454,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -527,7 +527,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -554,7 +554,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -639,7 +639,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -713,55 +713,43 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th
=== "Linux"
If you want to use the setup wizard, you will need to set the `UI_HOST` setting to the HTTP endpoint of your web UI SERVICE. Since the web UI is listening on the same machine as BunkerWeb, you will need to set the `UI_HOST` setting `http://127.0.0.1:7000`.
If you want to use the setup wizard, you will need to run the following command `export UI_WIZARD=1` before installing BunkerWeb as described in [integrations section](integrations.md#linux) of the documentation (this is an optional step).
!!! tip "Accessing the setup wizard"
You can access the setup wizard by browsing the `http://your-ip-address/setup` URI of your server.
Here is the `/etc/bunkerweb/variables.env` boilerplate you can use :
```conf
HTTP_PORT=80
HTTPS_PORT=443
DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4
API_LISTEN_IP=127.0.0.1
SERVER_NAME=
MULTISITE=yes
UI_HOST=http://127.0.0.1:7000
```
The web UI comes as systemd service named `bunkerweb-ui` which is not enabled by default. If you want to start the web UI when on startup you can run the following command :
```shell
systemctl enable bunkerweb-ui
```
Create an empty configuration file for the web UI :
```shell
echo "" > /etc/bunkerweb/ui.env
chown nginx:nginx /etc/bunkerweb/ui.env
```
Don't forget to restart the `bunkerweb` and `bunkerweb-ui` services :
```shell
systemctl restart bunkerweb
systemctl restart bunkerweb-ui
```
## Account management
You can change the username, password needed and manage two-factor authentication by **accessing the account page** of the web UI from the menu.
You need to click on `manage account` inside the sidebar menu.
You can access the account management page by clicking on `manage account` inside the sidebar menu :
<figure markdown>
![Overview](assets/img/manage-account.webp){ align=center, width="350" }
<figcaption>Account page access from menu</figcaption>
</figure>
### Upgrade to PRO
!!! info "What is BunkerWeb PRO ?"
BunkerWeb PRO is an enhanced version of BunkerWeb open-source. Whether it's enhanced security, an enriched user experience, or technical monitoring, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs. Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question regarding the PRO version.
Once you have your PRO license key from the [BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc), you can paste it into the PRO section of the account management page.
<figure markdown>
![PRO upgrade](assets/img/pro-ui-upgrade.webp){ align=center, width="550" }
<figcaption>Upgrade to PRO from the web UI</figcaption>
</figure>
!!! warning "Upgrade time"
The PRO version is downloaded in the background by the scheduler, it may take some time to upgrade.
When your BunkerWeb instance has upgraded to the PRO version, you will see your license expiration date and the maximum number of services you can protect.
<figure markdown>
![PRO upgrade](assets/img/ui-pro.webp){ align=center, width="550" }
<figcaption>PRO license information</figcaption>
</figure>
### Username / Password
!!! warning "Lost password/username"
@ -839,7 +827,7 @@ After a successful login/password combination, you will be prompted to enter you
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -848,7 +836,7 @@ After a successful login/password combination, you will be prompted to enter you
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -867,12 +855,13 @@ After a successful login/password combination, you will be prompted to enter you
- www.example.com_REVERSE_PROXY_URL=/changeme
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
- www.example.com_MAX_CLIENT_SIZE=50m
networks:
- bw-universe
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -894,7 +883,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
depends_on:
- bw-docker
environment:
@ -959,7 +948,7 @@ After a successful login/password combination, you will be prompted to enter you
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -968,7 +957,7 @@ After a successful login/password combination, you will be prompted to enter you
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -985,7 +974,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -998,7 +987,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- bunkerweb
- bw-docker
@ -1033,7 +1022,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
networks:
bw-docker:
bw-universe:
@ -1052,7 +1041,7 @@ After a successful login/password combination, you will be prompted to enter you
- "bunkerweb.REVERSE_PROXY_URL=/changeme"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
- "bunkerweb.MAX_CLIENT_SIZE=50m"
volumes:
bw-data:
@ -1094,7 +1083,7 @@ After a successful login/password combination, you will be prompted to enter you
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -1103,7 +1092,7 @@ After a successful login/password combination, you will be prompted to enter you
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- published: 80
target: 8080
@ -1133,7 +1122,7 @@ After a successful login/password combination, you will be prompted to enter you
- "bunkerweb.INSTANCE=yes"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -1161,7 +1150,7 @@ After a successful login/password combination, you will be prompted to enter you
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -1188,7 +1177,7 @@ After a successful login/password combination, you will be prompted to enter you
- bw-universe
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
- DOCKER_HOST=tcp://bw-docker:2375
@ -1207,7 +1196,7 @@ After a successful login/password combination, you will be prompted to enter you
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
- "bunkerweb.MAX_CLIENT_SIZE=50m"
volumes:
bw-data:
@ -1242,7 +1231,7 @@ After a successful login/password combination, you will be prompted to enter you
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.5/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.7/misc/integrations) of the repository.
Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -1253,7 +1242,7 @@ After a successful login/password combination, you will be prompted to enter you
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
resources: ["services", "pods", "configmaps", "secrets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
@ -1297,7 +1286,7 @@ After a successful login/password combination, you will be prompted to enter you
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -1367,7 +1356,7 @@ After a successful login/password combination, you will be prompted to enter you
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.5
image: bunkerity/bunkerweb-autoconf:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -1394,7 +1383,7 @@ After a successful login/password combination, you will be prompted to enter you
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -1479,7 +1468,7 @@ After a successful login/password combination, you will be prompted to enter you
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.5
image: bunkerity/bunkerweb-ui:1.5.7
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
@ -1561,6 +1550,7 @@ After a successful login/password combination, you will be prompted to enter you
annotations:
bunkerweb.io/www.example.com_USE_UI: "yes"
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: '400 404 405 413 429 500 501 502 503 504'
bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: '50m'
spec:
rules:
- host: www.example.com
@ -1614,6 +1604,7 @@ After a successful login/password combination, you will be prompted to enter you
www.example.com_REVERSE_PROXY_URL=/changeme
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
www.example.com_MAX_CLIENT_SIZE=50m
```
Don't forget to restart the `bunkerweb` service :
@ -1647,6 +1638,7 @@ After a successful login/password combination, you will be prompted to enter you
www.example.com_REVERSE_PROXY_URL=/changeme
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
www.example.com_MAX_CLIENT_SIZE=50m
```
The variable `enable_ui` can be set to `true` in order to activate the web UI service and the variable `custom_ui` can be used to specify the configuration file for the web UI :
@ -1721,6 +1713,7 @@ After a successful login/password combination, you will be prompted to enter you
www.example.com_REVERSE_PROXY_URL=/changeme
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
www.example.com_MAX_CLIENT_SIZE=50m
```
Don't forget to restart the `bunkerweb` service :

8
examples/authelia/autoconf.yml
View file

@ -3,7 +3,7 @@ version: "3"
services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -12,7 +12,7 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
@ -22,7 +22,7 @@ services:
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -31,7 +31,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email

12
examples/authelia/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.4"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -31,20 +31,20 @@ services:
- auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
# Applications
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
- app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
- app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -67,11 +67,11 @@ services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/authelia/kubernetes.yml
View file

@ -70,7 +70,7 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -82,7 +82,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -102,7 +102,7 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -114,7 +114,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: ConfigMap

8
examples/authelia/swarm.yml
View file

@ -3,7 +3,7 @@ version: "3"
services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -14,7 +14,7 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
@ -24,7 +24,7 @@ services:
- bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
deploy:
@ -35,7 +35,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
- bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email

12
examples/authentik/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.4"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -38,14 +38,14 @@ services:
- auth.example.com_COOKIE_FLAGS=* SameSite=Lax
# Applications
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/outpost.goauthentik.io/auth/nginx
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/outpost.goauthentik.io/start?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$auth_cookie $$upstream_http_set_cookie;$$authentik_username $$upstream_http_x_authentik_username;$$authentik_groups $$upstream_http_x_authentik_groups;$$authentik_email $$upstream_http_x_authentik_email;$$authentik_name $$upstream_http_x_authentik_name;$$authentik_uid $$upstream_http_x_authentik_uid
- app1.example.com_REVERSE_PROXY_HEADERS_CLIENT=Set-Cookie $$auth_cookie
- app1.example.com_REVERSE_PROXY_HEADERS=X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/outpost.goauthentik.io/auth/nginx
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/outpost.goauthentik.io/start?rd=$$scheme%3A%2F%2F$$host$$request_uri
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$auth_cookie $$upstream_http_set_cookie;$$authentik_username $$upstream_http_x_authentik_username;$$authentik_groups $$upstream_http_x_authentik_groups;$$authentik_email $$upstream_http_x_authentik_email;$$authentik_name $$upstream_http_x_authentik_name;$$authentik_uid $$upstream_http_x_authentik_uid
@ -53,7 +53,7 @@ services:
- app2.example.com_REVERSE_PROXY_HEADERS=X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -76,11 +76,11 @@ services:
# APPLICATIONS
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

12
examples/autoconf-configs/autoconf.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -11,7 +11,7 @@ services:
- "bunkerweb.SERVER_NAME=app1.example.com" # replace with your domain
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp1:8080"
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_example=
location /hello {
@ -22,7 +22,7 @@ services:
}
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -31,7 +31,7 @@ services:
- "bunkerweb.SERVER_NAME=app2.example.com" # replace with your domain
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp2:8080"
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_example=
location /hello {
@ -42,7 +42,7 @@ services:
}
myapp3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -51,7 +51,7 @@ services:
- "bunkerweb.SERVER_NAME=app3.example.com" # replace with your domain
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3"
- "bunkerweb.REVERSE_PROXY_HOST=http://myapp3:8080"
- |
bunkerweb.CUSTOM_CONF_SERVER_HTTP_example=
location /hello {

8
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
@ -12,7 +12,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
# real IP settings
- USE_REAL_IP=yes
- REAL_IP_FROM=10.10.10.0/24
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -55,7 +55,7 @@ services:
- net-proxy
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/bigbluebutton/docker-compose.yml
View file

@ -27,7 +27,7 @@ services:
...
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -50,7 +50,7 @@ services:
bw-universe:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

16
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

16
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

16
examples/certbot-dns-google/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

16
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

16
examples/certbot-dns-route53/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -21,11 +21,11 @@ services:
- CUSTOM_SSL_CERT=/certs/live/example.com/fullchain.pem
- CUSTOM_SSL_KEY=/certs/live/example.com/privkey.pem
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
- app3.example.com_REVERSE_PROXY_URL=/
- app3.example.com_REVERSE_PROXY_HOST=http://app3
- app3.example.com_REVERSE_PROXY_HOST=http://app3:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -33,7 +33,7 @@ services:
- bw-services
bbw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -67,17 +67,17 @@ services:
entrypoint: /bin/sh /opt/entrypoint.sh
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/cors/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -38,7 +38,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

12
examples/docker-configs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -17,9 +17,9 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1
- app1.example.com_REVERSE_PROXY_HOST=http://myapp1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2
- app2.example.com_REVERSE_PROXY_HOST=http://myapp2:8080
# global config applied at server context
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -53,7 +53,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -75,12 +75,12 @@ services:
- bw-docker
myapp1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
myapp2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/drupal/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/ghost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/gogs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/gogs/tests.json
View file

@ -2,8 +2,8 @@
"name": "gogs",
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
"no_copy_container": true,
"timeout": 60,
"delay": 120,
"timeout": 90,
"delay": 150,
"tests": [
{
"type": "string",

8
examples/hardened/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
# dropping all capabilities
cap_drop:
- ALL
@ -30,7 +30,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
- REMOTE_PHP_PATH=/app
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
@ -39,7 +39,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -61,7 +61,7 @@ services:
- bw-docker
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/joomla/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

18
examples/kubernetes-configs/kubernetes.yml
View file

@ -122,9 +122,9 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -144,9 +144,9 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -166,9 +166,9 @@ spec:
spec:
containers:
- name: app3
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -180,7 +180,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -192,7 +192,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -204,4 +204,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

2
examples/kubernetes-configs/tests.json
View file

@ -2,7 +2,7 @@
"name": "kubernetes-configs",
"kinds": ["kubernetes"],
"timeout": 60,
"delay": 60,
"delay": 120,
"tests": [
{
"type": "string",

18
examples/kubernetes-ingress/kubernetes.yml
View file

@ -55,9 +55,9 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -77,9 +77,9 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -99,9 +99,9 @@ spec:
spec:
containers:
- name: app3
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -113,7 +113,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -125,7 +125,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -137,4 +137,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

18
examples/kubernetes-tls/kubernetes.yml
View file

@ -79,9 +79,9 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -101,9 +101,9 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -123,9 +123,9 @@ spec:
spec:
containers:
- name: app3
image: tutum/hello-world
image: nginxdemos/nginx-hello
ports:
- containerPort: 80
- containerPort: 8080
---
apiVersion: v1
kind: Service
@ -137,7 +137,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -149,7 +149,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
@ -161,4 +161,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

16
examples/load-balancer/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -20,9 +20,9 @@ services:
- |
CUSTOM_CONF_HTTP_upstream=
upstream app {
server app1:80;
server app2:80;
server app3:80;
server app1:8080;
server app2:8080;
server app3:8080;
}
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
@ -31,7 +31,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -53,17 +53,17 @@ services:
- bw-docker
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app3:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/magento/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -29,7 +29,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/mattermost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -44,7 +44,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/mongo-express/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -27,7 +27,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/moodle/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -25,7 +25,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/nextcloud/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -54,7 +54,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/passbolt/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -26,7 +26,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/php-cookie-flags/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -31,7 +31,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/php-multisite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -34,7 +34,7 @@ services:
- net-app2
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/php-singlesite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -30,7 +30,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/prestashop/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

10
examples/proxy-protocol/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
@ -13,7 +13,7 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL=/
- REVERSE_PROXY_HOST=http://myapp
- REVERSE_PROXY_HOST=http://myapp:8080
# proxy protocol settings
- USE_PROXY_PROTOCOL=yes
- USE_REAL_IP=yes
@ -27,7 +27,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -49,7 +49,7 @@ services:
- bw-docker
myproxy:
image: haproxy:2.7-alpine
image: haproxy:2.9-alpine
ports:
- 80:8080
- 443:8443
@ -59,7 +59,7 @@ services:
- net-proxy
myapp:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

4
examples/radarr/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.5"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -34,7 +34,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

4
examples/redmine/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:

8
examples/reverse-proxy-multisite/autoconf.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -11,10 +11,10 @@ services:
- bunkerweb.SERVER_NAME=app1.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app1
- bunkerweb.REVERSE_PROXY_HOST=http://app1:8080
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
bw-services:
aliases:
@ -23,7 +23,7 @@ services:
- bunkerweb.SERVER_NAME=app2.example.com
- bunkerweb.USE_REVERSE_PROXY=yes
- bunkerweb.REVERSE_PROXY_URL=/
- bunkerweb.REVERSE_PROXY_HOST=http://app2
- bunkerweb.REVERSE_PROXY_HOST=http://app2:8080
networks:
bw-services:

12
examples/reverse-proxy-multisite/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.5
image: bunkerity/bunkerweb:1.5.7
ports:
- 80:8080
- 443:8443
@ -17,9 +17,9 @@ services:
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- app1.example.com_REVERSE_PROXY_URL=/
- app1.example.com_REVERSE_PROXY_HOST=http://app1
- app1.example.com_REVERSE_PROXY_HOST=http://app1:8080
- app2.example.com_REVERSE_PROXY_URL=/
- app2.example.com_REVERSE_PROXY_HOST=http://app2
- app2.example.com_REVERSE_PROXY_HOST=http://app2:8080
labels:
- "bunkerweb.INSTANCE=yes" # required for the scheduler to recognize the container
networks:
@ -27,7 +27,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.5
image: bunkerity/bunkerweb-scheduler:1.5.7
depends_on:
- mybunker
environment:
@ -49,12 +49,12 @@ services:
- bw-docker
app1:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services
app2:
image: tutum/hello-world
image: nginxdemos/nginx-hello
networks:
- bw-services

8
examples/reverse-proxy-multisite/kubernetes.yml
View file

@ -45,7 +45,7 @@ spec:
spec:
containers:
- name: app1
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -57,7 +57,7 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
@ -77,7 +77,7 @@ spec:
spec:
containers:
- name: app2
image: tutum/hello-world
image: nginxdemos/nginx-hello
---
apiVersion: v1
kind: Service
@ -89,4 +89,4 @@ spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
targetPort: 8080

Some files were not shown because too many files have changed in this diff Show more