From d81c526540b3bc13108ee2c8cc243ac4ed01b720 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Wed, 14 Dec 2022 17:18:17 +0100 Subject: [PATCH] Lint ui files and change .prettierignore file --- .prettierignore | 2 +- src/ui/component/bw-version.html | 84 +- src/ui/component/footer-link.html | 40 +- src/ui/component/newsletter.html | 72 +- src/ui/component/social.html | 50 +- src/ui/templates/components/alerts.html | 40 +- src/ui/templates/components/button.html | 12 +- src/ui/templates/components/card.html | 80 +- src/ui/templates/components/checkbox.html | 40 +- src/ui/templates/components/chips.html | 8 +- src/ui/templates/components/folders.js | 234 +- src/ui/templates/components/global-conf.js | 3532 ++++++++++---------- src/ui/templates/components/input.html | 18 +- src/ui/templates/components/static.html | 1709 ++++++---- src/ui/templates/components/text.html | 20 +- 15 files changed, 3256 insertions(+), 2685 deletions(-) diff --git a/.prettierignore b/.prettierignore index e85c77f48..ba5503369 100644 --- a/.prettierignore +++ b/.prettierignore @@ -10,4 +10,4 @@ CONTRIBUTING.md LICENSE.md README.md SECURITY.md -ui \ No newline at end of file +src/ui/static \ No newline at end of file diff --git a/src/ui/component/bw-version.html b/src/ui/component/bw-version.html index 569d480dd..d14290022 100644 --- a/src/ui/component/bw-version.html +++ b/src/ui/component/bw-version.html @@ -1,42 +1,42 @@ -
-
-
-
-
-
- BunkerWeb version -
- {% if check_version %} -
- {{ version }} {% if not remote_version %} - (couldn't fetch remote version) - {% endif %} -
- {% else %} -
- {{ version }} (your version) - - {{ remote_version }} (latest) -
- {% endif %} -
- {% if not check_version %} -
- Update -
- {% endif %} -
- -
-
-
-
-
+
+
+
+
+
+
+ BunkerWeb version +
+ {% if check_version %} +
+ {{ version }} {% if not remote_version %} + (couldn't fetch remote version) + {% endif %} +
+ {% else %} +
+ {{ version }} (your version) + + {{ remote_version }} (latest) +
+ {% endif %} +
+ {% if not check_version %} +
+ Update +
+ {% endif %} +
+ +
+
+
+
+
diff --git a/src/ui/component/footer-link.html b/src/ui/component/footer-link.html index fb42a930f..cfe3d2645 100644 --- a/src/ui/component/footer-link.html +++ b/src/ui/component/footer-link.html @@ -1,20 +1,20 @@ - + diff --git a/src/ui/component/newsletter.html b/src/ui/component/newsletter.html index 9dab3a86d..dc5d74efd 100644 --- a/src/ui/component/newsletter.html +++ b/src/ui/component/newsletter.html @@ -1,36 +1,36 @@ -
-
- - -
-
- -    -
- I've read and agree to the - privacy policy -
-
-
+
+
+ + +
+
+ +    +
+ I've read and agree to the + privacy policy +
+
+
diff --git a/src/ui/component/social.html b/src/ui/component/social.html index 1e644ebff..62584e3b6 100644 --- a/src/ui/component/social.html +++ b/src/ui/component/social.html @@ -1,25 +1,25 @@ -
-

Follow Us

- -
+
+

Follow Us

+ +
diff --git a/src/ui/templates/components/alerts.html b/src/ui/templates/components/alerts.html index 0f0c06aff..929e4b1a5 100644 --- a/src/ui/templates/components/alerts.html +++ b/src/ui/templates/components/alerts.html @@ -1,20 +1,20 @@ - -
- Alert blue -
- -
- A simple blue alert with - an example link. - Give it a click if you like. - -
+ +
+ Alert blue +
+ +
+ A simple blue alert with + an example link. + Give it a click if you like. + +
diff --git a/src/ui/templates/components/button.html b/src/ui/templates/components/button.html index 74f5525b8..72ba357c7 100644 --- a/src/ui/templates/components/button.html +++ b/src/ui/templates/components/button.html @@ -1,6 +1,6 @@ - + diff --git a/src/ui/templates/components/card.html b/src/ui/templates/components/card.html index c2fe4a3a3..771769aca 100644 --- a/src/ui/templates/components/card.html +++ b/src/ui/templates/components/card.html @@ -1,40 +1,40 @@ - -
- - - -

- Today's Money -

- - - -
$53,000
- - - -

- +55% - since yesterday -

- - - -
- -
- - - - - Read More - - - + +
+ + + +

+ Today's Money +

+ + + +
$53,000
+ + + +

+ +55% + since yesterday +

+ + + +
+ +
+ + + + + Read More + + + diff --git a/src/ui/templates/components/checkbox.html b/src/ui/templates/components/checkbox.html index 3e5bc9c50..921c32097 100644 --- a/src/ui/templates/components/checkbox.html +++ b/src/ui/templates/components/checkbox.html @@ -1,20 +1,20 @@ -
- - - - -
- +
+ + + + +
+ diff --git a/src/ui/templates/components/chips.html b/src/ui/templates/components/chips.html index a33744ccd..bfd6e8294 100644 --- a/src/ui/templates/components/chips.html +++ b/src/ui/templates/components/chips.html @@ -1,4 +1,4 @@ -chip blue +chip blue diff --git a/src/ui/templates/components/folders.js b/src/ui/templates/components/folders.js index 2c3d0946c..826bbf9c4 100644 --- a/src/ui/templates/components/folders.js +++ b/src/ui/templates/components/folders.js @@ -1,117 +1,117 @@ -//recup depuis jinja -//multisite -//name: service ou folder -//config - -const folders = { - name: "configs", - type: "folder", - path: "/opt/bunkerweb/configs", - can_create_files: False, - can_create_folders: False, - can_edit: False, - can_delete: False, - children: [ - { - name: "default-server-http", - type: "folder", - path: "/opt/bunkerweb/configs/default-server-http", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - { - name: "default-server-stream", - type: "folder", - path: "/opt/bunkerweb/configs/default-server-stream", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - { - name: "http", - type: "folder", - path: "/opt/bunkerweb/configs/http", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - { - name: "modsec", - type: "folder", - path: "/opt/bunkerweb/configs/modsec", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - { - name: "modsec-crs", - type: "folder", - path: "/opt/bunkerweb/configs/modsec-crs", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - { - name: "server-http", - type: "folder", - path: "/opt/bunkerweb/configs/server-http", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [ - { - name: "www.example.com", - type: "folder", - path: "/opt/bunkerweb/configs/server-http/www.example.com", - can_create_files: True, - can_create_folders: True, - can_edit: True, - can_delete: True, - children: [ - { - name: "hello-world.conf", - type: "file", - path: "/opt/bunkerweb/configs/server-http/www.example.com/hello-world.conf", - can_edit: True, - can_download: False, - content: - "CmxvY2F0aW9uIC9oZWxsbyB7CglkZWZhdWx0X3R5cGUgJ3RleHQvcGxhaW4nOwoJY29udGVudF9ieV9sdWFfYmxvY2sgewoJCW5neC5zYXkoJ3dvcmxkJykKCX0KfQo=", - }, - ], - }, - ], - }, - { - name: "server-stream", - type: "folder", - path: "/opt/bunkerweb/configs/server-stream", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - { - name: "stream", - type: "folder", - path: "/opt/bunkerweb/configs/stream", - can_create_files: True, - can_create_folders: True, - can_edit: False, - can_delete: False, - children: [], - }, - ], -}; +//recup depuis jinja +//multisite +//name: service ou folder +//config + +const folders = { + name: "configs", + type: "folder", + path: "/opt/bunkerweb/configs", + can_create_files: False, + can_create_folders: False, + can_edit: False, + can_delete: False, + children: [ + { + name: "default-server-http", + type: "folder", + path: "/opt/bunkerweb/configs/default-server-http", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + { + name: "default-server-stream", + type: "folder", + path: "/opt/bunkerweb/configs/default-server-stream", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + { + name: "http", + type: "folder", + path: "/opt/bunkerweb/configs/http", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + { + name: "modsec", + type: "folder", + path: "/opt/bunkerweb/configs/modsec", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + { + name: "modsec-crs", + type: "folder", + path: "/opt/bunkerweb/configs/modsec-crs", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + { + name: "server-http", + type: "folder", + path: "/opt/bunkerweb/configs/server-http", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [ + { + name: "www.example.com", + type: "folder", + path: "/opt/bunkerweb/configs/server-http/www.example.com", + can_create_files: True, + can_create_folders: True, + can_edit: True, + can_delete: True, + children: [ + { + name: "hello-world.conf", + type: "file", + path: "/opt/bunkerweb/configs/server-http/www.example.com/hello-world.conf", + can_edit: True, + can_download: False, + content: + "CmxvY2F0aW9uIC9oZWxsbyB7CglkZWZhdWx0X3R5cGUgJ3RleHQvcGxhaW4nOwoJY29udGVudF9ieV9sdWFfYmxvY2sgewoJCW5neC5zYXkoJ3dvcmxkJykKCX0KfQo=", + }, + ], + }, + ], + }, + { + name: "server-stream", + type: "folder", + path: "/opt/bunkerweb/configs/server-stream", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + { + name: "stream", + type: "folder", + path: "/opt/bunkerweb/configs/stream", + can_create_files: True, + can_create_folders: True, + can_edit: False, + can_delete: False, + children: [], + }, + ], +}; diff --git a/src/ui/templates/components/global-conf.js b/src/ui/templates/components/global-conf.js index 67d81f34c..702a86ecb 100644 --- a/src/ui/templates/components/global-conf.js +++ b/src/ui/templates/components/global-conf.js @@ -1,1766 +1,1766 @@ -const plugins = [ - { - id: "antibot", - order: 4, - name: "Antibot", - description: "Bot detection by using a challenge.", - version: "0.1", - settings: { - USE_ANTIBOT: { - context: "multisite", - default: "no", - help: "Activate antibot feature.", - id: "use-antibot", - label: "Antibot challenge", - regex: "^(no|cookie|javascript|captcha|recaptcha|hcaptcha)$", - type: "select", - select: [ - "no", - "cookie", - "javascript", - "captcha", - "recaptcha", - "hcaptcha", - ], - }, - ANTIBOT_URI: { - context: "multisite", - default: "/challenge", - help: "Unused URI that clients will be redirected to solve the challenge.", - id: "antibot-uri", - label: "Antibot URL", - regex: "^.*$", - type: "text", - }, - ANTIBOT_SESSION_SECRET: { - context: "global", - default: "random", - help: "Secret used to encrypt sessions variables for storing data related to challenges.", - id: "antibot-session-secret", - label: "Session secret", - regex: "^.*$", - type: "text", - }, - ANTIBOT_SESSION_NAME: { - context: "global", - default: "random", - help: "Name of the cookie used by the antibot feature.", - id: "antibot-session-name", - label: "Session name", - regex: "^.*$", - type: "text", - }, - ANTIBOT_RECAPTCHA_SCORE: { - context: "multisite", - default: "0.7", - help: "Minimum score required for reCAPTCHA challenge.", - id: "antibot-recaptcha-score", - label: "reCAPTCHA score", - regex: "^.*$", - type: "text", - }, - ANTIBOT_RECAPTCHA_SITEKEY: { - context: "multisite", - default: "", - help: "Sitekey for reCAPTCHA challenge.", - id: "antibot-recaptcha-sitekey", - label: "reCAPTCHA sitekey", - regex: "^.*$", - type: "text", - }, - ANTIBOT_RECAPTCHA_SECRET: { - context: "multisite", - default: "", - help: "Secret for reCAPTCHA challenge.", - id: "antibot-recaptcha-secret", - label: "reCAPTCHA secret", - regex: "^.*$", - type: "text", - }, - ANTIBOT_HCAPTCHA_SITEKEY: { - context: "multisite", - default: "", - help: "Sitekey for hCaptcha challenge.", - id: "antibot-hcaptcha-sitekey", - label: "hCaptcha sitekey", - regex: "^.*$", - type: "text", - }, - ANTIBOT_HCAPTCHA_SECRET: { - context: "multisite", - default: "", - help: "Secret for hCaptcha challenge.", - id: "antibot-hcaptcha-secret", - label: "hCaptcha secret", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "authbasic", - order: 999, - name: "Auth basic", - description: - "Enforce login before accessing a resource or the whole site using HTTP basic auth method.", - version: "0.1", - settings: { - USE_AUTH_BASIC: { - context: "multisite", - default: "no", - help: "Use HTTP basic auth", - id: "use-auth-basic", - label: "Use HTTP basic auth", - regex: "^(yes|no)$", - type: "check", - }, - AUTH_BASIC_LOCATION: { - context: "multisite", - default: "sitewide", - help: "URL of the protected resource or sitewide value.", - id: "auth-basic-location", - label: "Location", - regex: "^.*$", - type: "text", - }, - AUTH_BASIC_USER: { - context: "multisite", - default: "changeme", - help: "Username", - id: "auth-basic-user", - label: "Username", - regex: "^.*$", - type: "text", - }, - AUTH_BASIC_PASSWORD: { - context: "multisite", - default: "changeme", - help: "Password", - id: "auth-basic-password", - label: "Password", - regex: "^.*$", - type: "text", - }, - AUTH_BASIC_TEXT: { - context: "multisite", - default: "Restricted area", - help: "Text to display", - id: "auth-basic-text", - label: "Text", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "badbehavior", - order: 2, - name: "Bad behavior", - description: - "Ban IP generating too much 'bad' HTTP status code in a period of time.", - version: "0.1", - settings: { - USE_BAD_BEHAVIOR: { - context: "multisite", - default: "yes", - help: "Activate Bad behavior feature.", - id: "use-bad-behavior", - label: "Activate bad behavior", - regex: "^(yes|no)$", - type: "check", - }, - BAD_BEHAVIOR_STATUS_CODES: { - context: "multisite", - default: "400 401 403 404 405 429 444", - help: "List of HTTP status codes considered as 'bad'.", - id: "bad-behavior-status-code", - label: "Bad status codes", - regex: "^.*$", - type: "text", - }, - BAD_BEHAVIOR_BAN_TIME: { - context: "multisite", - default: "86400", - help: "The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.", - id: "bad-behavior-ban-time", - label: "Ban duration (in seconds)", - regex: "^.*$", - type: "text", - }, - BAD_BEHAVIOR_THRESHOLD: { - context: "multisite", - default: "10", - help: "Maximum number of 'bad' HTTP status codes within the period of time before IP is banned.", - id: "bad-behavior-threshold", - label: "Threshold", - regex: "^.*$", - type: "text", - }, - BAD_BEHAVIOR_COUNT_TIME: { - context: "multisite", - default: "60", - help: "Period of time where we count 'bad' HTTP status codes.", - id: "bad-behavior-period", - label: "Period (in seconds)", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "blacklist", - order: 2, - name: "Blacklist", - description: - "Deny access based on internal and external IP/network/rDNS/ASN blacklists.", - version: "0.1", - settings: { - USE_BLACKLIST: { - context: "multisite", - default: "yes", - help: "Activate blacklist feature.", - id: "use-blacklist", - label: "Activate blacklisting", - regex: "^(yes|no)$", - type: "check", - }, - BLACKLIST_IP_URLS: { - context: "global", - default: "https://www.dan.me.uk/torlist/?exit", - help: "List of URLs, separated with spaces, containing bad IP/network to block.", - id: "blacklist-ip-urls", - label: "Blacklist IP/network URLs", - regex: "^.*$", - type: "text", - }, - BLACKLIST_IP: { - context: "multisite", - default: "", - help: "List of IP/network, separated with spaces, to block.", - id: "blacklist-ip", - label: "Blacklist IP/network", - regex: "^.*$", - type: "text", - }, - BLACKLIST_RDNS: { - context: "multisite", - default: ".shodan.io .censys.io", - help: "List of reverse DNS suffixes, separated with spaces, to block.", - id: "blacklist-rdns", - label: "Blacklist reverse DNS", - regex: "^.*$", - type: "text", - }, - BLACKLIST_RDNS_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing reverse DNS suffixes to block.", - id: "blacklist-rdns-urls", - label: "Blacklist reverse DNS URLs", - regex: "^.*$", - type: "text", - }, - BLACKLIST_RDNS_GLOBAL: { - context: "multisite", - default: "yes", - help: "Only perform RDNS blacklist checks on global IP addresses.", - id: "blacklist-rdns-global", - label: "Blacklist reverse DNS global IPs", - regex: "^.*$", - type: "text", - }, - BLACKLIST_ASN: { - context: "multisite", - default: "", - help: "List of ASN numbers, separated with spaces, to block.", - id: "blacklist-asn", - label: "Blacklist ASN", - regex: "^.*$", - type: "text", - }, - BLACKLIST_ASN_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing ASN to block.", - id: "blacklist-rdns-urls", - label: "Blacklist ASN URLs", - regex: "^.*$", - type: "text", - }, - BLACKLIST_USER_AGENT: { - context: "multisite", - default: "", - help: "List of User-Agent, separated with spaces, to block.", - id: "blacklist-user-agent", - label: "Blacklist User-Agent", - regex: "^.*$", - type: "text", - }, - BLACKLIST_USER_AGENT_URLS: { - context: "global", - default: - "https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list", - help: "List of URLs, separated with spaces, containing bad User-Agent to block.", - id: "blacklist-user-agent-urls", - label: "Blacklist User-Agent URLs", - regex: "^.*$", - type: "text", - }, - BLACKLIST_URI: { - context: "multisite", - default: "", - help: "List of URI, separated with spaces, to block.", - id: "blacklist-uri", - label: "Blacklist URI", - regex: "^.*$", - type: "text", - }, - BLACKLIST_URI_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing bad URI to block.", - id: "blacklist-uri-urls", - label: "Blacklist URI URLs", - regex: "^.*$", - type: "text", - }, - }, - jobs: [ - { - name: "blacklist-download", - file: "blacklist-download.py", - every: "hour", - reload: True, - }, - ], - }, - { - id: "brotli", - order: 999, - name: "Brotli", - description: "Compress HTTP requests with the brotli algorithm.", - version: "0.1", - settings: { - USE_BROTLI: { - context: "multisite", - default: "no", - help: "Use brotli", - id: "use-brotli", - label: "Use brotli", - regex: "^(yes|no)$", - type: "check", - }, - BROTLI_TYPES: { - context: "multisite", - default: - "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml", - help: "List of MIME types that will be compressed with brotli.", - id: "brotli-types", - label: "MIME types", - regex: "^.*$", - type: "text", - }, - BROTLI_MIN_LENGTH: { - context: "multisite", - default: "1000", - help: "Minimum length for brotli compression.", - id: "brotli-min-length", - label: "Minimum length", - regex: "^.*$", - type: "text", - }, - BROTLI_COMP_LEVEL: { - context: "multisite", - default: "6", - help: "The compression level of the brotli algorithm.", - id: "brotli-comp-level", - label: "Compression level", - regex: "^([1-9]|10|11)$", - type: "select", - select: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"], - }, - }, - }, - { - id: "bunkernet", - order: 2, - name: "BunkerNet", - description: - "Share threat data with other BunkerWeb instances via BunkerNet.", - version: "0.1", - settings: { - USE_BUNKERNET: { - context: "multisite", - default: "yes", - help: "Activate BunkerNet feature.", - id: "use-bunkernet", - label: "Activate BunkerNet", - regex: "^(yes|no)$", - type: "check", - }, - BUNKERNET_SERVER: { - context: "global", - default: "https://api.bunkerweb.io", - help: "Address of the BunkerNet API.", - id: "bunkernet-server", - label: "BunkerNet server", - regex: "^.*$", - type: "text", - }, - }, - jobs: [ - { - name: "bunkernet-register", - file: "bunkernet-register.py", - every: "hour", - reload: True, - }, - { - name: "bunkernet-data", - file: "bunkernet-data.py", - every: "day", - reload: True, - }, - ], - }, - { - id: "cors", - order: 999, - name: "CORS", - description: "Cross-Origin Resource Sharing.", - version: "0.1", - settings: { - USE_CORS: { - context: "multisite", - default: "no", - help: "Use CORS", - id: "use-cors", - label: "Use CORS", - regex: "^(yes|no)$", - type: "check", - }, - CORS_ALLOW_ORIGIN: { - context: "multisite", - default: "*", - help: "Value of the Access-Control-Allow-Origin header.", - id: "cors-allow-origin", - label: "Access-Control-Allow-Origin value", - regex: "^.*$", - type: "text", - }, - CORS_EXPOSE_HEADERS: { - context: "multisite", - default: "Content-Length,Content-Range", - help: "Value of the Access-Control-Expose-Headers header.", - id: "cors-expose-headers", - label: "Access-Control-Expose-Headers value", - regex: "^.*$", - type: "text", - }, - CORS_MAX_AGE: { - context: "multisite", - default: "86400", - help: "Value of the Access-Control-Max-Age header.", - id: "cors-max-age", - label: "Access-Control-Max-Age value", - regex: "^[0-9]+$", - type: "text", - }, - CORS_ALLOW_CREDENTIALS: { - context: "multisite", - default: "no", - help: "Send the Access-Control-Allow-Credentials header.", - id: "cors-allow-credentials", - label: "Send Access-Control-Allow-Credentials", - regex: "^(yes|no)$", - type: "check", - }, - CORS_ALLOW_METHODS: { - context: "multisite", - default: "GET, POST, OPTIONS", - help: "Value of the Access-Control-Allow-Methods header.", - id: "cors-allow-methods", - label: "Access-Control-Allow-Methods value", - regex: "^.*$", - type: "text", - }, - CORS_ALLOW_HEADERS: { - context: "multisite", - default: - "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range", - help: "Value of the Access-Control-Allow-Headers header.", - id: "cors-allow-headers", - label: "Access-Control-Allow-Headers value", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "clientcache", - order: 999, - name: "Client cache", - description: "Manage caching for clients.", - version: "0.1", - settings: { - USE_CLIENT_CACHE: { - context: "multisite", - default: "no", - help: "Tell client to store locally static files.", - id: "use-client-cache", - label: "Use client cache", - regex: "^(yes|no)$", - type: "check", - }, - CLIENT_CACHE_EXTENSIONS: { - context: "global", - default: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2", - help: "List of file extensions that should be cached.", - id: "client-cache-extensions", - label: "Extensions that should be cached by the client", - regex: "^.*$", - type: "text", - }, - CLIENT_CACHE_ETAG: { - context: "multisite", - default: "yes", - help: "Send the HTTP ETag header for static resources.", - id: "client-cache-etag", - label: "ETag", - regex: "^(yes|no)$", - type: "check", - }, - CLIENT_CACHE_CONTROL: { - context: "multisite", - default: "public, max-age=15552000", - help: "Value of the Cache-Control HTTP header.", - id: "client-cache-control", - label: "Cache-Control header", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "country", - order: 2, - name: "Country", - description: "Deny access based on the country of the client IP.", - version: "0.1", - settings: { - BLACKLIST_COUNTRY: { - context: "multisite", - default: "", - help: "Deny access if the country of the client is in the list (2 letters code).", - id: "country-blacklist", - label: "Country blacklist", - regex: "^.*$", - type: "text", - }, - WHITELIST_COUNTRY: { - context: "multisite", - default: "", - help: "Deny access if the country of the client is not in the list (2 letters code).", - id: "country-whitelist", - label: "Country whitelist", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "customcert", - order: 999, - name: "Custom HTTPS certificate", - description: "Choose custom certificate for HTTPS.", - version: "0.1", - settings: { - USE_CUSTOM_HTTPS: { - context: "multisite", - default: "no", - help: "Use custom HTTPS certificate.", - id: "use-custom-https", - label: "Use custom certificate", - regex: "^(yes|no)$", - type: "check", - }, - CUSTOM_HTTPS_CERT: { - context: "multisite", - default: "", - help: "Full path of the certificate or bundle file.", - id: "custom-https-cert", - label: "Certificate path", - regex: "^.*$", - type: "text", - }, - CUSTOM_HTTPS_KEY: { - context: "multisite", - default: "", - help: "Full path of the key file.", - id: "custom-https-key", - label: "Key path", - regex: "^.*$", - type: "text", - }, - }, - jobs: [ - { - name: "custom-cert", - file: "custom-cert.py", - every: "day", - reload: True, - }, - ], - }, - { - id: "dnsbl", - order: 2, - name: "DNSBL", - description: "Deny access based on external DNSBL servers.", - version: "0.1", - settings: { - USE_DNSBL: { - context: "multisite", - default: "yes", - help: "Activate DNSBL feature.", - id: "use-dnsbl", - label: "Activate DNSBL", - regex: "^(yes|no)$", - type: "check", - }, - DNSBL_LIST: { - context: "global", - default: - "bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org", - help: "List of DNSBL servers.", - id: "dnsbl-list", - label: "DNSBL list", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "errors", - order: 999, - name: "Errors", - description: "Manage default error pages", - version: "0.1", - settings: { - ERRORS: { - context: "multisite", - default: "", - help: "List of HTTP error code and corresponding error pages (404=/my404.html 403=/errors/403.html ...).", - id: "errors", - label: "Errors", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "gzip", - order: 999, - name: "Gzip", - description: "Compress HTTP requests with the gzip algorithm.", - version: "0.1", - settings: { - USE_GZIP: { - context: "multisite", - default: "no", - help: "Use gzip", - id: "use-gzip", - label: "Use gzip", - regex: "^(yes|no)$", - type: "check", - }, - GZIP_TYPES: { - context: "multisite", - default: - "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml", - help: "List of MIME types that will be compressed with gzip.", - id: "gzip-types", - label: "MIME types", - regex: "^.*$", - type: "text", - }, - GZIP_MIN_LENGTH: { - context: "multisite", - default: "1000", - help: "Minimum length for gzip compression.", - id: "gzip-min-length", - label: "Minimum length", - regex: "^.*$", - type: "text", - }, - GZIP_COMP_LEVEL: { - context: "multisite", - default: "5", - help: "The compression level of the gzip algorithm.", - id: "gzip-comp-level", - label: "Compression level", - regex: "^[1-9]$", - type: "select", - select: ["1", "2", "3", "4", "5", "6", "7", "8", "9"], - }, - }, - }, - { - id: "inject", - order: 999, - name: "HTML injection", - description: "Inject custom HTML code before the </body> tag.", - version: "0.1", - settings: { - INJECT_BODY: { - context: "multisite", - default: "", - help: "The HTML code to inject.", - id: "inject-body", - label: "HTML code", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "headers", - order: 999, - name: "Headers", - description: "Manage HTTP headers sent to clients.", - version: "0.1", - settings: { - CUSTOM_HEADER: { - context: "multisite", - default: "", - help: "Custom header to add (HeaderName: HeaderValue).", - id: "custom-header", - label: "Custom header (HeaderName: HeaderValue)", - regex: "^.*$", - type: "text", - multiple: "custom-headers", - }, - REMOVE_HEADERS: { - context: "multisite", - default: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version", - help: "Headers to remove (Header1 Header2 Header3 ...)", - id: "remove-headers", - label: "Remove headers", - regex: "^.*$", - type: "text", - }, - STRICT_TRANSPORT_SECURITY: { - context: "multisite", - default: "max-age=31536000", - help: "Value for the Strict-Transport-Security header.", - id: "strict-transport-security", - label: "Strict-Transport-Security", - regex: "^.*$", - type: "text", - }, - COOKIE_FLAGS: { - context: "multisite", - default: "* HttpOnly SameSite=Lax", - help: "Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).", - id: "cookie-flags", - label: "Cookie flags", - regex: "^.*$", - type: "text", - }, - COOKIE_AUTO_SECURE_FLAG: { - context: "multisite", - default: "yes", - help: "Automatically add the Secure flag to all cookies.", - id: "cookie-auto-secure-flag", - label: "Cookie auto Secure flag", - regex: "^(yes|no)$", - type: "check", - }, - CONTENT_SECURITY_POLICY: { - context: "multisite", - default: - "object-src 'none'; form-action 'self'; frame-ancestors 'self';", - help: "Value for the Content-Security-Policy header.", - id: "content-security-policy", - label: "Content-Security-Policy", - regex: "^.*$", - type: "text", - }, - REFERRER_POLICY: { - context: "multisite", - default: "strict-origin-when-cross-origin", - help: "Value for the Referrer-Policy header.", - id: "referrer-policy", - label: "Referrer-Policy", - regex: "^.*$", - type: "text", - }, - PERMISSIONS_POLICY: { - context: "multisite", - default: - "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()", - help: "Value for the Permissions-Policy header.", - id: "permissions-policy", - label: "Permissions-Policy", - regex: "^.*$", - type: "text", - }, - FEATURE_POLICY: { - context: "multisite", - default: - "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';", - help: "Value for the Feature-Policy header.", - id: "feature-policy", - label: "Feature-Policy", - regex: "^.*$", - type: "text", - }, - X_FRAME_OPTIONS: { - context: "multisite", - default: "SAMEORIGIN", - help: "Value for the X-Frame-Options header.", - id: "x-frame-options", - label: "X-Frame-Options", - regex: "^.*$", - type: "text", - }, - X_CONTENT_TYPE_OPTIONS: { - context: "multisite", - default: "nosniff", - help: "Value for the X-Content-Type-Options header.", - id: "x-content-type-options", - label: "X-Content-Type-Options", - regex: "^.*$", - type: "text", - }, - X_XSS_PROTECTION: { - context: "multisite", - default: "1; mode=block", - help: "Value for the X-XSS-Protection header.", - id: "x-xss-protection", - label: "X-XSS-Protection", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "jobs", - order: 999, - name: "Jobs", - description: "Fake core plugin for internal jobs.", - version: "0.1", - settings: {}, - jobs: [ - { - name: "mmdb-country", - file: "mmdb-country.py", - every: "week", - reload: True, - }, - { name: "mmdb-asn", file: "mmdb-asn.py", every: "week", reload: True }, - { - name: "download-plugins", - file: "download-plugins.py", - every: "once", - reload: False, - }, - ], - }, - { - id: "letsencrypt", - order: 1, - name: "Let's Encrypt", - description: - "Automatic creation, renewal and configuration of Let's Encrypt certificates.", - version: "0.1", - settings: { - AUTO_LETS_ENCRYPT: { - context: "multisite", - default: "no", - help: "Activate automatic Let's Encrypt mode.", - id: "auto-lets-encrypt", - label: "Automatic Let's Encrypt", - regex: "^(yes|no)$", - type: "check", - }, - EMAIL_LETS_ENCRYPT: { - context: "multisite", - default: "", - help: "Email used for Let's Encrypt notification and in certificate.", - id: "email-lets-encrypt", - label: "Email Let's Encrypt", - regex: "^.*$", - type: "text", - }, - USE_LETS_ENCRYPT_STAGING: { - context: "multisite", - default: "no", - help: "Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.", - id: "use-lets-encrypt-staging", - label: "Use Let's Encrypt Staging", - regex: "^(yes|no)$", - type: "check", - }, - }, - jobs: [ - { - name: "certbot-new", - file: "certbot-new.py", - every: "once", - reload: False, - }, - { - name: "certbot-renew", - file: "certbot-renew.py", - every: "day", - reload: True, - }, - ], - }, - { - id: "limit", - order: 3, - name: "Limit", - description: "Limit maximum number of requests and connections.", - version: "0.1", - settings: { - USE_LIMIT_REQ: { - context: "multisite", - default: "yes", - help: "Activate limit requests feature.", - id: "use-limit-req", - label: "Activate limit requests", - regex: "^(yes|no)$", - type: "check", - }, - LIMIT_REQ_URL: { - context: "multisite", - default: "/", - help: "URL where the limit request will be applied.", - id: "limit-req-url", - label: "URL", - regex: "^.*$", - type: "text", - multiple: "limit-req", - }, - LIMIT_REQ_RATE: { - context: "multisite", - default: "2r/s", - help: "Rate to apply to the URL (s for second, m for minute, h for hour and d for day).", - id: "limit-req-rate", - label: "Rate", - regex: "^.*$", - type: "text", - multiple: "limit-req", - }, - USE_LIMIT_CONN: { - context: "multisite", - default: "yes", - help: "Activate limit connections feature.", - id: "use-limit-conn", - label: "Activate limit connections", - regex: "^(yes|no)$", - type: "check", - }, - LIMIT_CONN_MAX_HTTP1: { - context: "multisite", - default: "10", - help: "Maximum number of connections per IP when using HTTP/1.X protocol.", - id: "limit-conn-max-http1", - label: "Maximum number of HTTP/1.X connections", - regex: "^.*$", - type: "text", - }, - LIMIT_CONN_MAX_HTTP2: { - context: "multisite", - default: "100", - help: "Maximum number of streams per IP when using HTTP/2 protocol.", - id: "limit-conn-max-http2", - label: "Maximum number of HTTP/2 streams", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "misc", - order: 999, - name: "Miscellaneous", - description: "Miscellaneous settings.", - version: "0.1", - settings: { - DISABLE_DEFAULT_SERVER: { - context: "global", - default: "no", - help: "Close connection if the request vhost is unknown.", - id: "disable-default-server", - label: "Disable default server", - regex: "^(yes|no)$", - type: "check", - }, - REDIRECT_HTTP_TO_HTTPS: { - context: "multisite", - default: "no", - help: "Redirect all HTTP request to HTTPS.", - id: "redirect-http-to-https", - label: "Redirect HTTP to HTTPS", - regex: ".*", - type: "text", - }, - AUTO_REDIRECT_HTTP_TO_HTTPS: { - context: "multisite", - default: "yes", - help: "Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.", - id: "auto-redirect-http-to-https", - label: "Auto redirect HTTP to HTTPS", - regex: ".*", - type: "text", - }, - ALLOWED_METHODS: { - context: "multisite", - default: "GET|POST|HEAD", - help: "Allowed HTTP methods to be sent by clients.", - id: "allowed-methods", - label: "Allowed methods", - regex: ".*", - type: "text", - }, - MAX_CLIENT_SIZE: { - context: "multisite", - default: "10m", - help: "Maximum body size (0 for infinite).", - id: "max-client-size", - label: "Maximum body size", - regex: ".*", - type: "text", - }, - SERVE_FILES: { - context: "multisite", - default: "yes", - help: "Serve files from the local folder.", - id: "serve-files", - label: "Serve files", - regex: "^(yes|no)$", - type: "check", - }, - ROOT_FOLDER: { - context: "multisite", - default: "", - help: "Root folder containing files to serve (/opt/bunkerweb/www/{server_name} if unset).", - id: "root-folder", - label: "Root folder", - regex: "^.*$", - type: "text", - }, - HTTPS_PROTOCOLS: { - context: "multisite", - default: "TLSv1.2 TLSv1.3", - help: "The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.", - id: "https-protocols", - label: "HTTPS protocols", - regex: ".*", - type: "text", - }, - HTTP2: { - context: "multisite", - default: "yes", - help: "Support HTTP2 protocol when HTTPS is enabled.", - id: "http2", - label: "HTTP2", - regex: ".*", - type: "check", - }, - LISTEN_HTTP: { - context: "multisite", - default: "yes", - help: "Respond to (insecure) HTTP requests.", - id: "http-listen", - label: "HTTP listen", - regex: "^(yes|no)$", - type: "check", - }, - USE_OPEN_FILE_CACHE: { - context: "multisite", - default: "no", - help: "Enable open file cache feature", - id: "use-open-file-cache", - label: "Use open file cache", - regex: "^(yes|no)$", - type: "check", - }, - OPEN_FILE_CACHE: { - context: "multisite", - default: "max=1000 inactive=20s", - help: "Open file cache directive", - id: "open-file-cache", - label: "Use open file cache", - regex: "^.*$", - type: "text", - }, - OPEN_FILE_CACHE_ERRORS: { - context: "multisite", - default: "yes", - help: "Enable open file cache for errors", - id: "open-file-cache-errors", - label: "Open file cache errors", - regex: "^(yes|no)$", - type: "text", - }, - OPEN_FILE_CACHE_MIN_USES: { - context: "multisite", - default: "2", - help: "Enable open file cache minimum uses", - id: "open-file-cache-min-uses", - label: "Open file cache min uses", - regex: "^([1-9]+)$", - type: "text", - }, - OPEN_FILE_CACHE_VALID: { - context: "multisite", - default: "30s", - help: "Open file cache valid time", - id: "open-file-cache-valid", - label: "Open file cache valid time", - regex: "^\\d+(ms|s|m|h|d|w|M|y)$", - type: "text", - }, - EXTERNAL_PLUGIN_URLS: { - context: "global", - default: "", - help: "List of external plugins URLs (direct download to .zip file) to download and install (URLs are separated with space).", - id: "external-plugin-urls", - label: "External plugin URLs", - regex: "^.*$", - type: "text", - }, - DENY_HTTP_STATUS: { - context: "global", - default: "403", - help: "HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection.", - id: "deny-http-status", - label: "Deny HTTP status", - regex: "^(403|444)$", - type: "select", - select: ["403", "444"], - }, - }, - }, - { - id: "modsecurity", - order: 999, - name: "ModSecurity", - description: "Management of the ModSecurity WAF.", - version: "0.1", - settings: { - USE_MODSECURITY: { - context: "multisite", - default: "yes", - help: "Enable ModSecurity WAF.", - id: "use-modsecurity", - label: "Use ModSecurity", - regex: "^(yes|no)$", - type: "check", - }, - USE_MODSECURITY_CRS: { - context: "multisite", - default: "yes", - help: "Enable OWASP Core Rule Set.", - id: "use-modsecurity-crs", - label: "Use Core Rule Set", - regex: "^(yes|no)$", - type: "check", - }, - MODSECURITY_SEC_AUDIT_ENGINE: { - context: "multisite", - default: "RelevantOnly", - help: "SecAuditEngine directive of ModSecurity.", - id: "modsecurity-sec-audit-engine", - label: "SecAuditEngine", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "php", - order: 999, - name: "PHP", - description: "Manage local or remote PHP-FPM.", - version: "0.1", - settings: { - REMOTE_PHP: { - context: "multisite", - default: "", - help: "Hostname of the remote PHP-FPM instance.", - id: "remote-php", - label: "Remote PHP", - regex: "^.*$", - type: "text", - }, - REMOTE_PHP_PATH: { - context: "multisite", - default: "", - help: "Root folder containing files in the remote PHP-FPM instance.", - id: "remote-php-path", - label: "Remote PHP path", - regex: "^.*$", - type: "text", - }, - LOCAL_PHP: { - context: "multisite", - default: "", - help: "Path to the PHP-FPM socket file.", - id: "local", - label: "Local PHP", - regex: "^.*$", - type: "text", - }, - LOCAL_PHP_PATH: { - context: "multisite", - default: "", - help: "Root folder containing files in the local PHP-FPM instance.", - id: "local-php-path", - label: "Local PHP path", - regex: "^.*$", - type: "text", - }, - }, - }, - { - id: "realip", - order: 999, - name: "Real IP", - description: - "Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.", - version: "0.1", - settings: { - USE_REAL_IP: { - context: "multisite", - default: "no", - help: "Retrieve the real IP of client.", - id: "use-real-ip", - label: "Use real ip", - regex: "^(yes|no)$", - type: "check", - }, - USE_PROXY_PROTOCOL: { - context: "multisite", - default: "no", - help: "Enable PROXY protocol communication.", - id: "use-proxy-protocol", - label: "Use PROXY protocol", - regex: "^(yes|no)$", - type: "check", - }, - REAL_IP_FROM: { - context: "multisite", - default: "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8", - help: "List of trusted IPs / networks where proxied requests come from.", - id: "real-ip-from", - label: "Real IP from", - regex: "^.*$", - type: "text", - }, - REAL_IP_FROM_URLS: { - context: "global", - default: "", - help: "List of URLs containing trusted IPs / networks where proxied requests come from.", - id: "real-ip-from-urls", - label: "Real IP from URLs", - regex: "^.*$", - type: "text", - }, - REAL_IP_HEADER: { - context: "multisite", - default: "X-Forwarded-For", - help: "HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.", - id: "real-ip-header", - label: "Real IP header", - regex: "^.*$", - type: "text", - }, - REAL_IP_RECURSIVE: { - context: "multisite", - default: "yes", - help: "Perform a recursive search in the header container IP address.", - id: "real-ip-header", - label: "Real IP recursive", - regex: "^(yes|no)$", - type: "check", - }, - }, - jobs: [ - { - name: "realip-download", - file: "realip-download.py", - every: "hour", - reload: True, - }, - ], - }, - { - id: "redirect", - order: 999, - name: "Redirect", - description: "Manage HTTP redirects.", - version: "0.1", - settings: { - REDIRECT_TO: { - context: "multisite", - default: "", - help: "Redirect a whole site to another one.", - id: "redirect-to", - label: "Redirect to", - regex: "^.*$", - type: "text", - }, - REDIRECT_TO_REQUEST_URI: { - context: "multisite", - default: "no", - help: "Append the requested URI to the redirect address.", - id: "redirect-to", - label: "Append request URI", - regex: "^(yes|no)$", - type: "check", - }, - }, - }, - { - id: "reverseproxy", - order: 999, - name: "Reverse proxy", - description: "Manage reverse proxy configurations.", - version: "0.1", - settings: { - USE_REVERSE_PROXY: { - context: "multisite", - default: "no", - help: "Activate reverse proxy mode.", - id: "use-reverse-proxy", - label: "Use reverse proxy", - regex: "^(yes|no)$", - type: "check", - }, - REVERSE_PROXY_INTERCEPT_ERRORS: { - context: "multisite", - default: "yes", - help: "Intercept and rewrite errors.", - id: "reverse-proxy-intercept-errors", - label: "Intercept errors", - regex: "^(yes|no)$", - type: "check", - }, - REVERSE_PROXY_HOST: { - context: "multisite", - default: "", - help: "Full URL of the proxied resource (proxy_pass).", - id: "reverse-proxy-host", - label: "Reverse proxy host", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_URL: { - context: "multisite", - default: "", - help: "Location URL that will be proxied.", - id: "reverse-proxy-url", - label: "Reverse proxy url", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_WS: { - context: "multisite", - default: "no", - help: "Enable websocket on the proxied resource.", - id: "reverse-proxy-ws", - label: "Reverse proxy WS", - regex: "^(yes|no)$", - type: "check", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_HEADERS: { - context: "multisite", - default: "", - help: "List of HTTP headers to send to proxied resource separated with ; (values for proxy_set_header directive).", - id: "reverse-proxy-headers", - label: "Reverse proxy headers", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_HEADERS_CLIENT: { - context: "multisite", - default: "", - help: "List of HTTP headers to send to client separated with ; (values for add_header directive).", - id: "reverse-proxy-headers-client", - label: "Reverse proxy headers-client", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_BUFFERING: { - context: "multisite", - default: "yes", - help: "Enable or disable buffering of responses from proxied resource.", - id: "reverse-proxy-buffering", - label: "Reverse proxy buffering", - regex: "^(yes|no)$", - type: "check", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_KEEPALIVE: { - context: "multisite", - default: "no", - help: "Enable or disable keepalive connections with the proxied resource.", - id: "reverse-proxy-keepalive", - label: "Reverse proxy keepalive", - regex: "^(yes|no)$", - type: "check", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_AUTH_REQUEST: { - context: "multisite", - default: "", - help: "Enable authentication using an external provider (value of auth_request directive).", - id: "reverse-proxy-auth-request", - label: "Reverse proxy auth request", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: { - context: "multisite", - default: "", - help: "Redirect clients to signin URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401).", - id: "reverse-proxy-auth-request-signin-url", - label: "Auth request signin URL", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_AUTH_REQUEST_SET: { - context: "multisite", - default: "", - help: "List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).", - id: "reverse-proxy-auth-request-set", - label: "Reverse proxy auth request set", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - USE_PROXY_CACHE: { - context: "multisite", - default: "no", - help: "Enable or disable caching of the proxied resources.", - id: "use-proxy-cache", - label: "Reverse proxy cache", - regex: "^(yes|no)$", - type: "check", - }, - PROXY_CACHE_PATH_LEVELS: { - context: "global", - default: "1:2", - help: "Hierarchy levels of the cache.", - id: "proxy-cache-path-levels", - label: "Hierarchy levels", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_PATH_ZONE_SIZE: { - context: "global", - default: "10m", - help: "Maximum size of cached metadata when caching proxied resources.", - id: "proxy-cache-path-zone-size", - label: "Reverse proxy cache zone size", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_PATH_PARAMS: { - context: "global", - default: "max_size=100m", - help: "Additional parameters to add to the proxy_cache directive.", - id: "proxy-cache-path-params", - label: "Reverse proxy cache params", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_METHODS: { - context: "multisite", - default: "GET HEAD", - help: "HTTP methods that should trigger a cache operation.", - id: "proxy-cache-methods", - label: "Reverse proxy cache methods", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_MIN_USES: { - context: "multisite", - default: "2", - help: "The minimimum number of requests before a response is cached.", - id: "proxy-cache-min-uses", - label: "Reverse proxy cache minimum uses", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_KEY: { - context: "multisite", - default: "$scheme$host$request_uri", - help: "The key used to uniquely identify a cached response.", - id: "proxy-cache-key", - label: "Reverse proxy cache key", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_VALID: { - context: "multisite", - default: "200=24h 301=1h 302=24h", - help: "Define the caching time dependending on the HTTP status code (list of status=time).", - id: "proxy-cache-valid", - label: "Reverse proxy cache valid", - regex: "^.*$", - type: "text", - }, - PROXY_NO_CACHE: { - context: "multisite", - default: "$http_pragma $http_authorization", - help: "Conditions to disable caching of responses.", - id: "proxy-no-cache", - label: "Reverse proxy no cache", - regex: "^.*$", - type: "text", - }, - PROXY_CACHE_BYPASS: { - context: "multisite", - default: "0", - help: "Conditions to bypass caching of responses.", - id: "proxy-cache-bypass", - label: "Reverse proxy bypass", - regex: "^.*$", - type: "text", - }, - REVERSE_PROXY_CONNECT_TIMEOUT: { - context: "multisite", - default: "60s", - help: "Timeout when connecting to the proxied resource.", - id: "reverse-proxy-connect-timeout", - label: "Reverse proxy connect timeout", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_READ_TIMEOUT: { - context: "multisite", - default: "60s", - help: "Timeout when reading from the proxied resource.", - id: "reverse-proxy-read-timeout", - label: "Reverse proxy read timeout", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - REVERSE_PROXY_SEND_TIMEOUT: { - context: "multisite", - default: "60s", - help: "Timeout when sending to the proxied resource.", - id: "reverse-proxy-send-timeout", - label: "Reverse proxy send timeout", - regex: "^.*$", - type: "text", - multiple: "reverse-proxy", - }, - }, - }, - { - id: "selfsigned", - order: 999, - name: "Self-signed certificate", - description: "Generate self-signed certificate.", - version: "0.1", - settings: { - GENERATE_SELF_SIGNED_SSL: { - context: "multisite", - default: "no", - help: "Generate and use self-signed certificate.", - id: "generate-self-signed-ssl", - label: "Activate self-signed certificate", - regex: "^(yes|no)$", - type: "check", - }, - SELF_SIGNED_SSL_EXPIRY: { - context: "multisite", - default: "365", - help: "Self-signed certificate expiry.", - id: "self-signed-ssl-expiry", - label: "Certificate expiry", - regex: "^.*$", - type: "text", - }, - SELF_SIGNED_SSL_SUBJ: { - context: "multisite", - default: "/CN=www.example.com/", - help: "Self-signed certificate subject.", - id: "self-signed-ssl-subj", - label: "Certificate subject", - regex: "^.*$", - type: "text", - }, - }, - jobs: [ - { - name: "self-signed", - file: "self-signed.py", - every: "day", - reload: True, - }, - ], - }, - { - id: "ui", - order: 999, - name: "UI", - description: "Integrate easily the BunkerWeb UI.", - version: "0.1", - settings: { - USE_UI: { - context: "multisite", - default: "no", - help: "Use UI", - id: "use-ui", - label: "Use UI", - regex: "^(yes|no)$", - type: "check", - }, - }, - }, - { - id: "whitelist", - order: 2, - name: "Whitelist", - description: - "Allow access based on internal and external IP/network/rDNS/ASN whitelists.", - version: "0.1", - settings: { - USE_WHITELIST: { - context: "multisite", - default: "yes", - help: "Activate whitelist feature.", - id: "use-whitelist", - label: "Activate whitelisting", - regex: "^(yes|no)$", - type: "check", - }, - WHITELIST_IP_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing good IP/network to whitelist.", - id: "whitelist-ip-urls", - label: "Whitelist IP/network URLs", - regex: "^.*$", - type: "text", - }, - WHITELIST_IP: { - context: "multisite", - default: - "20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8", - help: "List of IP/network, separated with spaces, to whitelist.", - id: "whitelist-ip", - label: "Whitelist IP/network", - regex: "^.*$", - type: "text", - }, - WHITELIST_RDNS: { - context: "multisite", - default: - ".google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com", - help: "List of reverse DNS suffixes, separated with spaces, to whitelist.", - id: "whitelist-rdns", - label: "Whitelist reverse DNS", - regex: "^.*$", - type: "text", - }, - WHITELIST_RDNS_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.", - id: "whitelist-rdns-urls", - label: "Whitelist reverse DNS URLs", - regex: "^.*$", - type: "text", - }, - WHITELIST_RDNS_GLOBAL: { - context: "multisite", - default: "yes", - help: "Only perform RDNS whitelist checks on global IP addresses.", - id: "whitelist-rdns-global", - label: "Whitelist reverse DNS global IPs", - regex: "^.*$", - type: "text", - }, - WHITELIST_ASN: { - context: "multisite", - default: "32934", - help: "List of ASN numbers, separated with spaces, to whitelist.", - id: "whitelist-asn", - label: "Whitelist ASN", - regex: "^.*$", - type: "text", - }, - WHITELIST_ASN_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing ASN to whitelist.", - id: "whitelist-rdns-urls", - label: "Whitelist ASN URLs", - regex: "^.*$", - type: "text", - }, - WHITELIST_USER_AGENT: { - context: "multisite", - default: "", - help: "List of User-Agent, separated with spaces, to whitelist.", - id: "whitelist-user-agent", - label: "Whitelist User-Agent", - regex: "^.*$", - type: "text", - }, - WHITELIST_USER_AGENT_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing good User-Agent to whitelist.", - id: "whitelist-user-agent-urls", - label: "Whitelist User-Agent URLs", - regex: "^.*$", - type: "text", - }, - WHITELIST_URI: { - context: "multisite", - default: "", - help: "List of URI, separated with spaces, to whitelist.", - id: "whitelist-uri", - label: "Whitelist URI", - regex: "^.*$", - type: "text", - }, - WHITELIST_URI_URLS: { - context: "global", - default: "", - help: "List of URLs, separated with spaces, containing bad URI to whitelist.", - id: "whitelist-uri-urls", - label: "Whitelist URI URLs", - regex: "^.*$", - type: "text", - }, - }, - jobs: [ - { - name: "whitelist-download", - file: "whitelist-download.py", - every: "hour", - reload: True, - }, - ], - }, -]; +const plugins = [ + { + id: "antibot", + order: 4, + name: "Antibot", + description: "Bot detection by using a challenge.", + version: "0.1", + settings: { + USE_ANTIBOT: { + context: "multisite", + default: "no", + help: "Activate antibot feature.", + id: "use-antibot", + label: "Antibot challenge", + regex: "^(no|cookie|javascript|captcha|recaptcha|hcaptcha)$", + type: "select", + select: [ + "no", + "cookie", + "javascript", + "captcha", + "recaptcha", + "hcaptcha", + ], + }, + ANTIBOT_URI: { + context: "multisite", + default: "/challenge", + help: "Unused URI that clients will be redirected to solve the challenge.", + id: "antibot-uri", + label: "Antibot URL", + regex: "^.*$", + type: "text", + }, + ANTIBOT_SESSION_SECRET: { + context: "global", + default: "random", + help: "Secret used to encrypt sessions variables for storing data related to challenges.", + id: "antibot-session-secret", + label: "Session secret", + regex: "^.*$", + type: "text", + }, + ANTIBOT_SESSION_NAME: { + context: "global", + default: "random", + help: "Name of the cookie used by the antibot feature.", + id: "antibot-session-name", + label: "Session name", + regex: "^.*$", + type: "text", + }, + ANTIBOT_RECAPTCHA_SCORE: { + context: "multisite", + default: "0.7", + help: "Minimum score required for reCAPTCHA challenge.", + id: "antibot-recaptcha-score", + label: "reCAPTCHA score", + regex: "^.*$", + type: "text", + }, + ANTIBOT_RECAPTCHA_SITEKEY: { + context: "multisite", + default: "", + help: "Sitekey for reCAPTCHA challenge.", + id: "antibot-recaptcha-sitekey", + label: "reCAPTCHA sitekey", + regex: "^.*$", + type: "text", + }, + ANTIBOT_RECAPTCHA_SECRET: { + context: "multisite", + default: "", + help: "Secret for reCAPTCHA challenge.", + id: "antibot-recaptcha-secret", + label: "reCAPTCHA secret", + regex: "^.*$", + type: "text", + }, + ANTIBOT_HCAPTCHA_SITEKEY: { + context: "multisite", + default: "", + help: "Sitekey for hCaptcha challenge.", + id: "antibot-hcaptcha-sitekey", + label: "hCaptcha sitekey", + regex: "^.*$", + type: "text", + }, + ANTIBOT_HCAPTCHA_SECRET: { + context: "multisite", + default: "", + help: "Secret for hCaptcha challenge.", + id: "antibot-hcaptcha-secret", + label: "hCaptcha secret", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "authbasic", + order: 999, + name: "Auth basic", + description: + "Enforce login before accessing a resource or the whole site using HTTP basic auth method.", + version: "0.1", + settings: { + USE_AUTH_BASIC: { + context: "multisite", + default: "no", + help: "Use HTTP basic auth", + id: "use-auth-basic", + label: "Use HTTP basic auth", + regex: "^(yes|no)$", + type: "check", + }, + AUTH_BASIC_LOCATION: { + context: "multisite", + default: "sitewide", + help: "URL of the protected resource or sitewide value.", + id: "auth-basic-location", + label: "Location", + regex: "^.*$", + type: "text", + }, + AUTH_BASIC_USER: { + context: "multisite", + default: "changeme", + help: "Username", + id: "auth-basic-user", + label: "Username", + regex: "^.*$", + type: "text", + }, + AUTH_BASIC_PASSWORD: { + context: "multisite", + default: "changeme", + help: "Password", + id: "auth-basic-password", + label: "Password", + regex: "^.*$", + type: "text", + }, + AUTH_BASIC_TEXT: { + context: "multisite", + default: "Restricted area", + help: "Text to display", + id: "auth-basic-text", + label: "Text", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "badbehavior", + order: 2, + name: "Bad behavior", + description: + "Ban IP generating too much 'bad' HTTP status code in a period of time.", + version: "0.1", + settings: { + USE_BAD_BEHAVIOR: { + context: "multisite", + default: "yes", + help: "Activate Bad behavior feature.", + id: "use-bad-behavior", + label: "Activate bad behavior", + regex: "^(yes|no)$", + type: "check", + }, + BAD_BEHAVIOR_STATUS_CODES: { + context: "multisite", + default: "400 401 403 404 405 429 444", + help: "List of HTTP status codes considered as 'bad'.", + id: "bad-behavior-status-code", + label: "Bad status codes", + regex: "^.*$", + type: "text", + }, + BAD_BEHAVIOR_BAN_TIME: { + context: "multisite", + default: "86400", + help: "The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.", + id: "bad-behavior-ban-time", + label: "Ban duration (in seconds)", + regex: "^.*$", + type: "text", + }, + BAD_BEHAVIOR_THRESHOLD: { + context: "multisite", + default: "10", + help: "Maximum number of 'bad' HTTP status codes within the period of time before IP is banned.", + id: "bad-behavior-threshold", + label: "Threshold", + regex: "^.*$", + type: "text", + }, + BAD_BEHAVIOR_COUNT_TIME: { + context: "multisite", + default: "60", + help: "Period of time where we count 'bad' HTTP status codes.", + id: "bad-behavior-period", + label: "Period (in seconds)", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "blacklist", + order: 2, + name: "Blacklist", + description: + "Deny access based on internal and external IP/network/rDNS/ASN blacklists.", + version: "0.1", + settings: { + USE_BLACKLIST: { + context: "multisite", + default: "yes", + help: "Activate blacklist feature.", + id: "use-blacklist", + label: "Activate blacklisting", + regex: "^(yes|no)$", + type: "check", + }, + BLACKLIST_IP_URLS: { + context: "global", + default: "https://www.dan.me.uk/torlist/?exit", + help: "List of URLs, separated with spaces, containing bad IP/network to block.", + id: "blacklist-ip-urls", + label: "Blacklist IP/network URLs", + regex: "^.*$", + type: "text", + }, + BLACKLIST_IP: { + context: "multisite", + default: "", + help: "List of IP/network, separated with spaces, to block.", + id: "blacklist-ip", + label: "Blacklist IP/network", + regex: "^.*$", + type: "text", + }, + BLACKLIST_RDNS: { + context: "multisite", + default: ".shodan.io .censys.io", + help: "List of reverse DNS suffixes, separated with spaces, to block.", + id: "blacklist-rdns", + label: "Blacklist reverse DNS", + regex: "^.*$", + type: "text", + }, + BLACKLIST_RDNS_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing reverse DNS suffixes to block.", + id: "blacklist-rdns-urls", + label: "Blacklist reverse DNS URLs", + regex: "^.*$", + type: "text", + }, + BLACKLIST_RDNS_GLOBAL: { + context: "multisite", + default: "yes", + help: "Only perform RDNS blacklist checks on global IP addresses.", + id: "blacklist-rdns-global", + label: "Blacklist reverse DNS global IPs", + regex: "^.*$", + type: "text", + }, + BLACKLIST_ASN: { + context: "multisite", + default: "", + help: "List of ASN numbers, separated with spaces, to block.", + id: "blacklist-asn", + label: "Blacklist ASN", + regex: "^.*$", + type: "text", + }, + BLACKLIST_ASN_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing ASN to block.", + id: "blacklist-rdns-urls", + label: "Blacklist ASN URLs", + regex: "^.*$", + type: "text", + }, + BLACKLIST_USER_AGENT: { + context: "multisite", + default: "", + help: "List of User-Agent, separated with spaces, to block.", + id: "blacklist-user-agent", + label: "Blacklist User-Agent", + regex: "^.*$", + type: "text", + }, + BLACKLIST_USER_AGENT_URLS: { + context: "global", + default: + "https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list", + help: "List of URLs, separated with spaces, containing bad User-Agent to block.", + id: "blacklist-user-agent-urls", + label: "Blacklist User-Agent URLs", + regex: "^.*$", + type: "text", + }, + BLACKLIST_URI: { + context: "multisite", + default: "", + help: "List of URI, separated with spaces, to block.", + id: "blacklist-uri", + label: "Blacklist URI", + regex: "^.*$", + type: "text", + }, + BLACKLIST_URI_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing bad URI to block.", + id: "blacklist-uri-urls", + label: "Blacklist URI URLs", + regex: "^.*$", + type: "text", + }, + }, + jobs: [ + { + name: "blacklist-download", + file: "blacklist-download.py", + every: "hour", + reload: True, + }, + ], + }, + { + id: "brotli", + order: 999, + name: "Brotli", + description: "Compress HTTP requests with the brotli algorithm.", + version: "0.1", + settings: { + USE_BROTLI: { + context: "multisite", + default: "no", + help: "Use brotli", + id: "use-brotli", + label: "Use brotli", + regex: "^(yes|no)$", + type: "check", + }, + BROTLI_TYPES: { + context: "multisite", + default: + "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml", + help: "List of MIME types that will be compressed with brotli.", + id: "brotli-types", + label: "MIME types", + regex: "^.*$", + type: "text", + }, + BROTLI_MIN_LENGTH: { + context: "multisite", + default: "1000", + help: "Minimum length for brotli compression.", + id: "brotli-min-length", + label: "Minimum length", + regex: "^.*$", + type: "text", + }, + BROTLI_COMP_LEVEL: { + context: "multisite", + default: "6", + help: "The compression level of the brotli algorithm.", + id: "brotli-comp-level", + label: "Compression level", + regex: "^([1-9]|10|11)$", + type: "select", + select: ["1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"], + }, + }, + }, + { + id: "bunkernet", + order: 2, + name: "BunkerNet", + description: + "Share threat data with other BunkerWeb instances via BunkerNet.", + version: "0.1", + settings: { + USE_BUNKERNET: { + context: "multisite", + default: "yes", + help: "Activate BunkerNet feature.", + id: "use-bunkernet", + label: "Activate BunkerNet", + regex: "^(yes|no)$", + type: "check", + }, + BUNKERNET_SERVER: { + context: "global", + default: "https://api.bunkerweb.io", + help: "Address of the BunkerNet API.", + id: "bunkernet-server", + label: "BunkerNet server", + regex: "^.*$", + type: "text", + }, + }, + jobs: [ + { + name: "bunkernet-register", + file: "bunkernet-register.py", + every: "hour", + reload: True, + }, + { + name: "bunkernet-data", + file: "bunkernet-data.py", + every: "day", + reload: True, + }, + ], + }, + { + id: "cors", + order: 999, + name: "CORS", + description: "Cross-Origin Resource Sharing.", + version: "0.1", + settings: { + USE_CORS: { + context: "multisite", + default: "no", + help: "Use CORS", + id: "use-cors", + label: "Use CORS", + regex: "^(yes|no)$", + type: "check", + }, + CORS_ALLOW_ORIGIN: { + context: "multisite", + default: "*", + help: "Value of the Access-Control-Allow-Origin header.", + id: "cors-allow-origin", + label: "Access-Control-Allow-Origin value", + regex: "^.*$", + type: "text", + }, + CORS_EXPOSE_HEADERS: { + context: "multisite", + default: "Content-Length,Content-Range", + help: "Value of the Access-Control-Expose-Headers header.", + id: "cors-expose-headers", + label: "Access-Control-Expose-Headers value", + regex: "^.*$", + type: "text", + }, + CORS_MAX_AGE: { + context: "multisite", + default: "86400", + help: "Value of the Access-Control-Max-Age header.", + id: "cors-max-age", + label: "Access-Control-Max-Age value", + regex: "^[0-9]+$", + type: "text", + }, + CORS_ALLOW_CREDENTIALS: { + context: "multisite", + default: "no", + help: "Send the Access-Control-Allow-Credentials header.", + id: "cors-allow-credentials", + label: "Send Access-Control-Allow-Credentials", + regex: "^(yes|no)$", + type: "check", + }, + CORS_ALLOW_METHODS: { + context: "multisite", + default: "GET, POST, OPTIONS", + help: "Value of the Access-Control-Allow-Methods header.", + id: "cors-allow-methods", + label: "Access-Control-Allow-Methods value", + regex: "^.*$", + type: "text", + }, + CORS_ALLOW_HEADERS: { + context: "multisite", + default: + "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range", + help: "Value of the Access-Control-Allow-Headers header.", + id: "cors-allow-headers", + label: "Access-Control-Allow-Headers value", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "clientcache", + order: 999, + name: "Client cache", + description: "Manage caching for clients.", + version: "0.1", + settings: { + USE_CLIENT_CACHE: { + context: "multisite", + default: "no", + help: "Tell client to store locally static files.", + id: "use-client-cache", + label: "Use client cache", + regex: "^(yes|no)$", + type: "check", + }, + CLIENT_CACHE_EXTENSIONS: { + context: "global", + default: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2", + help: "List of file extensions that should be cached.", + id: "client-cache-extensions", + label: "Extensions that should be cached by the client", + regex: "^.*$", + type: "text", + }, + CLIENT_CACHE_ETAG: { + context: "multisite", + default: "yes", + help: "Send the HTTP ETag header for static resources.", + id: "client-cache-etag", + label: "ETag", + regex: "^(yes|no)$", + type: "check", + }, + CLIENT_CACHE_CONTROL: { + context: "multisite", + default: "public, max-age=15552000", + help: "Value of the Cache-Control HTTP header.", + id: "client-cache-control", + label: "Cache-Control header", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "country", + order: 2, + name: "Country", + description: "Deny access based on the country of the client IP.", + version: "0.1", + settings: { + BLACKLIST_COUNTRY: { + context: "multisite", + default: "", + help: "Deny access if the country of the client is in the list (2 letters code).", + id: "country-blacklist", + label: "Country blacklist", + regex: "^.*$", + type: "text", + }, + WHITELIST_COUNTRY: { + context: "multisite", + default: "", + help: "Deny access if the country of the client is not in the list (2 letters code).", + id: "country-whitelist", + label: "Country whitelist", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "customcert", + order: 999, + name: "Custom HTTPS certificate", + description: "Choose custom certificate for HTTPS.", + version: "0.1", + settings: { + USE_CUSTOM_HTTPS: { + context: "multisite", + default: "no", + help: "Use custom HTTPS certificate.", + id: "use-custom-https", + label: "Use custom certificate", + regex: "^(yes|no)$", + type: "check", + }, + CUSTOM_HTTPS_CERT: { + context: "multisite", + default: "", + help: "Full path of the certificate or bundle file.", + id: "custom-https-cert", + label: "Certificate path", + regex: "^.*$", + type: "text", + }, + CUSTOM_HTTPS_KEY: { + context: "multisite", + default: "", + help: "Full path of the key file.", + id: "custom-https-key", + label: "Key path", + regex: "^.*$", + type: "text", + }, + }, + jobs: [ + { + name: "custom-cert", + file: "custom-cert.py", + every: "day", + reload: True, + }, + ], + }, + { + id: "dnsbl", + order: 2, + name: "DNSBL", + description: "Deny access based on external DNSBL servers.", + version: "0.1", + settings: { + USE_DNSBL: { + context: "multisite", + default: "yes", + help: "Activate DNSBL feature.", + id: "use-dnsbl", + label: "Activate DNSBL", + regex: "^(yes|no)$", + type: "check", + }, + DNSBL_LIST: { + context: "global", + default: + "bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org", + help: "List of DNSBL servers.", + id: "dnsbl-list", + label: "DNSBL list", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "errors", + order: 999, + name: "Errors", + description: "Manage default error pages", + version: "0.1", + settings: { + ERRORS: { + context: "multisite", + default: "", + help: "List of HTTP error code and corresponding error pages (404=/my404.html 403=/errors/403.html ...).", + id: "errors", + label: "Errors", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "gzip", + order: 999, + name: "Gzip", + description: "Compress HTTP requests with the gzip algorithm.", + version: "0.1", + settings: { + USE_GZIP: { + context: "multisite", + default: "no", + help: "Use gzip", + id: "use-gzip", + label: "Use gzip", + regex: "^(yes|no)$", + type: "check", + }, + GZIP_TYPES: { + context: "multisite", + default: + "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml", + help: "List of MIME types that will be compressed with gzip.", + id: "gzip-types", + label: "MIME types", + regex: "^.*$", + type: "text", + }, + GZIP_MIN_LENGTH: { + context: "multisite", + default: "1000", + help: "Minimum length for gzip compression.", + id: "gzip-min-length", + label: "Minimum length", + regex: "^.*$", + type: "text", + }, + GZIP_COMP_LEVEL: { + context: "multisite", + default: "5", + help: "The compression level of the gzip algorithm.", + id: "gzip-comp-level", + label: "Compression level", + regex: "^[1-9]$", + type: "select", + select: ["1", "2", "3", "4", "5", "6", "7", "8", "9"], + }, + }, + }, + { + id: "inject", + order: 999, + name: "HTML injection", + description: "Inject custom HTML code before the </body> tag.", + version: "0.1", + settings: { + INJECT_BODY: { + context: "multisite", + default: "", + help: "The HTML code to inject.", + id: "inject-body", + label: "HTML code", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "headers", + order: 999, + name: "Headers", + description: "Manage HTTP headers sent to clients.", + version: "0.1", + settings: { + CUSTOM_HEADER: { + context: "multisite", + default: "", + help: "Custom header to add (HeaderName: HeaderValue).", + id: "custom-header", + label: "Custom header (HeaderName: HeaderValue)", + regex: "^.*$", + type: "text", + multiple: "custom-headers", + }, + REMOVE_HEADERS: { + context: "multisite", + default: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version", + help: "Headers to remove (Header1 Header2 Header3 ...)", + id: "remove-headers", + label: "Remove headers", + regex: "^.*$", + type: "text", + }, + STRICT_TRANSPORT_SECURITY: { + context: "multisite", + default: "max-age=31536000", + help: "Value for the Strict-Transport-Security header.", + id: "strict-transport-security", + label: "Strict-Transport-Security", + regex: "^.*$", + type: "text", + }, + COOKIE_FLAGS: { + context: "multisite", + default: "* HttpOnly SameSite=Lax", + help: "Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).", + id: "cookie-flags", + label: "Cookie flags", + regex: "^.*$", + type: "text", + }, + COOKIE_AUTO_SECURE_FLAG: { + context: "multisite", + default: "yes", + help: "Automatically add the Secure flag to all cookies.", + id: "cookie-auto-secure-flag", + label: "Cookie auto Secure flag", + regex: "^(yes|no)$", + type: "check", + }, + CONTENT_SECURITY_POLICY: { + context: "multisite", + default: + "object-src 'none'; form-action 'self'; frame-ancestors 'self';", + help: "Value for the Content-Security-Policy header.", + id: "content-security-policy", + label: "Content-Security-Policy", + regex: "^.*$", + type: "text", + }, + REFERRER_POLICY: { + context: "multisite", + default: "strict-origin-when-cross-origin", + help: "Value for the Referrer-Policy header.", + id: "referrer-policy", + label: "Referrer-Policy", + regex: "^.*$", + type: "text", + }, + PERMISSIONS_POLICY: { + context: "multisite", + default: + "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()", + help: "Value for the Permissions-Policy header.", + id: "permissions-policy", + label: "Permissions-Policy", + regex: "^.*$", + type: "text", + }, + FEATURE_POLICY: { + context: "multisite", + default: + "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';", + help: "Value for the Feature-Policy header.", + id: "feature-policy", + label: "Feature-Policy", + regex: "^.*$", + type: "text", + }, + X_FRAME_OPTIONS: { + context: "multisite", + default: "SAMEORIGIN", + help: "Value for the X-Frame-Options header.", + id: "x-frame-options", + label: "X-Frame-Options", + regex: "^.*$", + type: "text", + }, + X_CONTENT_TYPE_OPTIONS: { + context: "multisite", + default: "nosniff", + help: "Value for the X-Content-Type-Options header.", + id: "x-content-type-options", + label: "X-Content-Type-Options", + regex: "^.*$", + type: "text", + }, + X_XSS_PROTECTION: { + context: "multisite", + default: "1; mode=block", + help: "Value for the X-XSS-Protection header.", + id: "x-xss-protection", + label: "X-XSS-Protection", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "jobs", + order: 999, + name: "Jobs", + description: "Fake core plugin for internal jobs.", + version: "0.1", + settings: {}, + jobs: [ + { + name: "mmdb-country", + file: "mmdb-country.py", + every: "week", + reload: True, + }, + { name: "mmdb-asn", file: "mmdb-asn.py", every: "week", reload: True }, + { + name: "download-plugins", + file: "download-plugins.py", + every: "once", + reload: False, + }, + ], + }, + { + id: "letsencrypt", + order: 1, + name: "Let's Encrypt", + description: + "Automatic creation, renewal and configuration of Let's Encrypt certificates.", + version: "0.1", + settings: { + AUTO_LETS_ENCRYPT: { + context: "multisite", + default: "no", + help: "Activate automatic Let's Encrypt mode.", + id: "auto-lets-encrypt", + label: "Automatic Let's Encrypt", + regex: "^(yes|no)$", + type: "check", + }, + EMAIL_LETS_ENCRYPT: { + context: "multisite", + default: "", + help: "Email used for Let's Encrypt notification and in certificate.", + id: "email-lets-encrypt", + label: "Email Let's Encrypt", + regex: "^.*$", + type: "text", + }, + USE_LETS_ENCRYPT_STAGING: { + context: "multisite", + default: "no", + help: "Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.", + id: "use-lets-encrypt-staging", + label: "Use Let's Encrypt Staging", + regex: "^(yes|no)$", + type: "check", + }, + }, + jobs: [ + { + name: "certbot-new", + file: "certbot-new.py", + every: "once", + reload: False, + }, + { + name: "certbot-renew", + file: "certbot-renew.py", + every: "day", + reload: True, + }, + ], + }, + { + id: "limit", + order: 3, + name: "Limit", + description: "Limit maximum number of requests and connections.", + version: "0.1", + settings: { + USE_LIMIT_REQ: { + context: "multisite", + default: "yes", + help: "Activate limit requests feature.", + id: "use-limit-req", + label: "Activate limit requests", + regex: "^(yes|no)$", + type: "check", + }, + LIMIT_REQ_URL: { + context: "multisite", + default: "/", + help: "URL where the limit request will be applied.", + id: "limit-req-url", + label: "URL", + regex: "^.*$", + type: "text", + multiple: "limit-req", + }, + LIMIT_REQ_RATE: { + context: "multisite", + default: "2r/s", + help: "Rate to apply to the URL (s for second, m for minute, h for hour and d for day).", + id: "limit-req-rate", + label: "Rate", + regex: "^.*$", + type: "text", + multiple: "limit-req", + }, + USE_LIMIT_CONN: { + context: "multisite", + default: "yes", + help: "Activate limit connections feature.", + id: "use-limit-conn", + label: "Activate limit connections", + regex: "^(yes|no)$", + type: "check", + }, + LIMIT_CONN_MAX_HTTP1: { + context: "multisite", + default: "10", + help: "Maximum number of connections per IP when using HTTP/1.X protocol.", + id: "limit-conn-max-http1", + label: "Maximum number of HTTP/1.X connections", + regex: "^.*$", + type: "text", + }, + LIMIT_CONN_MAX_HTTP2: { + context: "multisite", + default: "100", + help: "Maximum number of streams per IP when using HTTP/2 protocol.", + id: "limit-conn-max-http2", + label: "Maximum number of HTTP/2 streams", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "misc", + order: 999, + name: "Miscellaneous", + description: "Miscellaneous settings.", + version: "0.1", + settings: { + DISABLE_DEFAULT_SERVER: { + context: "global", + default: "no", + help: "Close connection if the request vhost is unknown.", + id: "disable-default-server", + label: "Disable default server", + regex: "^(yes|no)$", + type: "check", + }, + REDIRECT_HTTP_TO_HTTPS: { + context: "multisite", + default: "no", + help: "Redirect all HTTP request to HTTPS.", + id: "redirect-http-to-https", + label: "Redirect HTTP to HTTPS", + regex: ".*", + type: "text", + }, + AUTO_REDIRECT_HTTP_TO_HTTPS: { + context: "multisite", + default: "yes", + help: "Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.", + id: "auto-redirect-http-to-https", + label: "Auto redirect HTTP to HTTPS", + regex: ".*", + type: "text", + }, + ALLOWED_METHODS: { + context: "multisite", + default: "GET|POST|HEAD", + help: "Allowed HTTP methods to be sent by clients.", + id: "allowed-methods", + label: "Allowed methods", + regex: ".*", + type: "text", + }, + MAX_CLIENT_SIZE: { + context: "multisite", + default: "10m", + help: "Maximum body size (0 for infinite).", + id: "max-client-size", + label: "Maximum body size", + regex: ".*", + type: "text", + }, + SERVE_FILES: { + context: "multisite", + default: "yes", + help: "Serve files from the local folder.", + id: "serve-files", + label: "Serve files", + regex: "^(yes|no)$", + type: "check", + }, + ROOT_FOLDER: { + context: "multisite", + default: "", + help: "Root folder containing files to serve (/opt/bunkerweb/www/{server_name} if unset).", + id: "root-folder", + label: "Root folder", + regex: "^.*$", + type: "text", + }, + HTTPS_PROTOCOLS: { + context: "multisite", + default: "TLSv1.2 TLSv1.3", + help: "The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.", + id: "https-protocols", + label: "HTTPS protocols", + regex: ".*", + type: "text", + }, + HTTP2: { + context: "multisite", + default: "yes", + help: "Support HTTP2 protocol when HTTPS is enabled.", + id: "http2", + label: "HTTP2", + regex: ".*", + type: "check", + }, + LISTEN_HTTP: { + context: "multisite", + default: "yes", + help: "Respond to (insecure) HTTP requests.", + id: "http-listen", + label: "HTTP listen", + regex: "^(yes|no)$", + type: "check", + }, + USE_OPEN_FILE_CACHE: { + context: "multisite", + default: "no", + help: "Enable open file cache feature", + id: "use-open-file-cache", + label: "Use open file cache", + regex: "^(yes|no)$", + type: "check", + }, + OPEN_FILE_CACHE: { + context: "multisite", + default: "max=1000 inactive=20s", + help: "Open file cache directive", + id: "open-file-cache", + label: "Use open file cache", + regex: "^.*$", + type: "text", + }, + OPEN_FILE_CACHE_ERRORS: { + context: "multisite", + default: "yes", + help: "Enable open file cache for errors", + id: "open-file-cache-errors", + label: "Open file cache errors", + regex: "^(yes|no)$", + type: "text", + }, + OPEN_FILE_CACHE_MIN_USES: { + context: "multisite", + default: "2", + help: "Enable open file cache minimum uses", + id: "open-file-cache-min-uses", + label: "Open file cache min uses", + regex: "^([1-9]+)$", + type: "text", + }, + OPEN_FILE_CACHE_VALID: { + context: "multisite", + default: "30s", + help: "Open file cache valid time", + id: "open-file-cache-valid", + label: "Open file cache valid time", + regex: "^\\d+(ms|s|m|h|d|w|M|y)$", + type: "text", + }, + EXTERNAL_PLUGIN_URLS: { + context: "global", + default: "", + help: "List of external plugins URLs (direct download to .zip file) to download and install (URLs are separated with space).", + id: "external-plugin-urls", + label: "External plugin URLs", + regex: "^.*$", + type: "text", + }, + DENY_HTTP_STATUS: { + context: "global", + default: "403", + help: "HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection.", + id: "deny-http-status", + label: "Deny HTTP status", + regex: "^(403|444)$", + type: "select", + select: ["403", "444"], + }, + }, + }, + { + id: "modsecurity", + order: 999, + name: "ModSecurity", + description: "Management of the ModSecurity WAF.", + version: "0.1", + settings: { + USE_MODSECURITY: { + context: "multisite", + default: "yes", + help: "Enable ModSecurity WAF.", + id: "use-modsecurity", + label: "Use ModSecurity", + regex: "^(yes|no)$", + type: "check", + }, + USE_MODSECURITY_CRS: { + context: "multisite", + default: "yes", + help: "Enable OWASP Core Rule Set.", + id: "use-modsecurity-crs", + label: "Use Core Rule Set", + regex: "^(yes|no)$", + type: "check", + }, + MODSECURITY_SEC_AUDIT_ENGINE: { + context: "multisite", + default: "RelevantOnly", + help: "SecAuditEngine directive of ModSecurity.", + id: "modsecurity-sec-audit-engine", + label: "SecAuditEngine", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "php", + order: 999, + name: "PHP", + description: "Manage local or remote PHP-FPM.", + version: "0.1", + settings: { + REMOTE_PHP: { + context: "multisite", + default: "", + help: "Hostname of the remote PHP-FPM instance.", + id: "remote-php", + label: "Remote PHP", + regex: "^.*$", + type: "text", + }, + REMOTE_PHP_PATH: { + context: "multisite", + default: "", + help: "Root folder containing files in the remote PHP-FPM instance.", + id: "remote-php-path", + label: "Remote PHP path", + regex: "^.*$", + type: "text", + }, + LOCAL_PHP: { + context: "multisite", + default: "", + help: "Path to the PHP-FPM socket file.", + id: "local", + label: "Local PHP", + regex: "^.*$", + type: "text", + }, + LOCAL_PHP_PATH: { + context: "multisite", + default: "", + help: "Root folder containing files in the local PHP-FPM instance.", + id: "local-php-path", + label: "Local PHP path", + regex: "^.*$", + type: "text", + }, + }, + }, + { + id: "realip", + order: 999, + name: "Real IP", + description: + "Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.", + version: "0.1", + settings: { + USE_REAL_IP: { + context: "multisite", + default: "no", + help: "Retrieve the real IP of client.", + id: "use-real-ip", + label: "Use real ip", + regex: "^(yes|no)$", + type: "check", + }, + USE_PROXY_PROTOCOL: { + context: "multisite", + default: "no", + help: "Enable PROXY protocol communication.", + id: "use-proxy-protocol", + label: "Use PROXY protocol", + regex: "^(yes|no)$", + type: "check", + }, + REAL_IP_FROM: { + context: "multisite", + default: "192.168.0.0/16 172.16.0.0/12 10.0.0.0/8", + help: "List of trusted IPs / networks where proxied requests come from.", + id: "real-ip-from", + label: "Real IP from", + regex: "^.*$", + type: "text", + }, + REAL_IP_FROM_URLS: { + context: "global", + default: "", + help: "List of URLs containing trusted IPs / networks where proxied requests come from.", + id: "real-ip-from-urls", + label: "Real IP from URLs", + regex: "^.*$", + type: "text", + }, + REAL_IP_HEADER: { + context: "multisite", + default: "X-Forwarded-For", + help: "HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.", + id: "real-ip-header", + label: "Real IP header", + regex: "^.*$", + type: "text", + }, + REAL_IP_RECURSIVE: { + context: "multisite", + default: "yes", + help: "Perform a recursive search in the header container IP address.", + id: "real-ip-header", + label: "Real IP recursive", + regex: "^(yes|no)$", + type: "check", + }, + }, + jobs: [ + { + name: "realip-download", + file: "realip-download.py", + every: "hour", + reload: True, + }, + ], + }, + { + id: "redirect", + order: 999, + name: "Redirect", + description: "Manage HTTP redirects.", + version: "0.1", + settings: { + REDIRECT_TO: { + context: "multisite", + default: "", + help: "Redirect a whole site to another one.", + id: "redirect-to", + label: "Redirect to", + regex: "^.*$", + type: "text", + }, + REDIRECT_TO_REQUEST_URI: { + context: "multisite", + default: "no", + help: "Append the requested URI to the redirect address.", + id: "redirect-to", + label: "Append request URI", + regex: "^(yes|no)$", + type: "check", + }, + }, + }, + { + id: "reverseproxy", + order: 999, + name: "Reverse proxy", + description: "Manage reverse proxy configurations.", + version: "0.1", + settings: { + USE_REVERSE_PROXY: { + context: "multisite", + default: "no", + help: "Activate reverse proxy mode.", + id: "use-reverse-proxy", + label: "Use reverse proxy", + regex: "^(yes|no)$", + type: "check", + }, + REVERSE_PROXY_INTERCEPT_ERRORS: { + context: "multisite", + default: "yes", + help: "Intercept and rewrite errors.", + id: "reverse-proxy-intercept-errors", + label: "Intercept errors", + regex: "^(yes|no)$", + type: "check", + }, + REVERSE_PROXY_HOST: { + context: "multisite", + default: "", + help: "Full URL of the proxied resource (proxy_pass).", + id: "reverse-proxy-host", + label: "Reverse proxy host", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_URL: { + context: "multisite", + default: "", + help: "Location URL that will be proxied.", + id: "reverse-proxy-url", + label: "Reverse proxy url", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_WS: { + context: "multisite", + default: "no", + help: "Enable websocket on the proxied resource.", + id: "reverse-proxy-ws", + label: "Reverse proxy WS", + regex: "^(yes|no)$", + type: "check", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_HEADERS: { + context: "multisite", + default: "", + help: "List of HTTP headers to send to proxied resource separated with ; (values for proxy_set_header directive).", + id: "reverse-proxy-headers", + label: "Reverse proxy headers", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_HEADERS_CLIENT: { + context: "multisite", + default: "", + help: "List of HTTP headers to send to client separated with ; (values for add_header directive).", + id: "reverse-proxy-headers-client", + label: "Reverse proxy headers-client", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_BUFFERING: { + context: "multisite", + default: "yes", + help: "Enable or disable buffering of responses from proxied resource.", + id: "reverse-proxy-buffering", + label: "Reverse proxy buffering", + regex: "^(yes|no)$", + type: "check", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_KEEPALIVE: { + context: "multisite", + default: "no", + help: "Enable or disable keepalive connections with the proxied resource.", + id: "reverse-proxy-keepalive", + label: "Reverse proxy keepalive", + regex: "^(yes|no)$", + type: "check", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_AUTH_REQUEST: { + context: "multisite", + default: "", + help: "Enable authentication using an external provider (value of auth_request directive).", + id: "reverse-proxy-auth-request", + label: "Reverse proxy auth request", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: { + context: "multisite", + default: "", + help: "Redirect clients to signin URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401).", + id: "reverse-proxy-auth-request-signin-url", + label: "Auth request signin URL", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_AUTH_REQUEST_SET: { + context: "multisite", + default: "", + help: "List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).", + id: "reverse-proxy-auth-request-set", + label: "Reverse proxy auth request set", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + USE_PROXY_CACHE: { + context: "multisite", + default: "no", + help: "Enable or disable caching of the proxied resources.", + id: "use-proxy-cache", + label: "Reverse proxy cache", + regex: "^(yes|no)$", + type: "check", + }, + PROXY_CACHE_PATH_LEVELS: { + context: "global", + default: "1:2", + help: "Hierarchy levels of the cache.", + id: "proxy-cache-path-levels", + label: "Hierarchy levels", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_PATH_ZONE_SIZE: { + context: "global", + default: "10m", + help: "Maximum size of cached metadata when caching proxied resources.", + id: "proxy-cache-path-zone-size", + label: "Reverse proxy cache zone size", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_PATH_PARAMS: { + context: "global", + default: "max_size=100m", + help: "Additional parameters to add to the proxy_cache directive.", + id: "proxy-cache-path-params", + label: "Reverse proxy cache params", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_METHODS: { + context: "multisite", + default: "GET HEAD", + help: "HTTP methods that should trigger a cache operation.", + id: "proxy-cache-methods", + label: "Reverse proxy cache methods", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_MIN_USES: { + context: "multisite", + default: "2", + help: "The minimimum number of requests before a response is cached.", + id: "proxy-cache-min-uses", + label: "Reverse proxy cache minimum uses", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_KEY: { + context: "multisite", + default: "$scheme$host$request_uri", + help: "The key used to uniquely identify a cached response.", + id: "proxy-cache-key", + label: "Reverse proxy cache key", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_VALID: { + context: "multisite", + default: "200=24h 301=1h 302=24h", + help: "Define the caching time dependending on the HTTP status code (list of status=time).", + id: "proxy-cache-valid", + label: "Reverse proxy cache valid", + regex: "^.*$", + type: "text", + }, + PROXY_NO_CACHE: { + context: "multisite", + default: "$http_pragma $http_authorization", + help: "Conditions to disable caching of responses.", + id: "proxy-no-cache", + label: "Reverse proxy no cache", + regex: "^.*$", + type: "text", + }, + PROXY_CACHE_BYPASS: { + context: "multisite", + default: "0", + help: "Conditions to bypass caching of responses.", + id: "proxy-cache-bypass", + label: "Reverse proxy bypass", + regex: "^.*$", + type: "text", + }, + REVERSE_PROXY_CONNECT_TIMEOUT: { + context: "multisite", + default: "60s", + help: "Timeout when connecting to the proxied resource.", + id: "reverse-proxy-connect-timeout", + label: "Reverse proxy connect timeout", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_READ_TIMEOUT: { + context: "multisite", + default: "60s", + help: "Timeout when reading from the proxied resource.", + id: "reverse-proxy-read-timeout", + label: "Reverse proxy read timeout", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + REVERSE_PROXY_SEND_TIMEOUT: { + context: "multisite", + default: "60s", + help: "Timeout when sending to the proxied resource.", + id: "reverse-proxy-send-timeout", + label: "Reverse proxy send timeout", + regex: "^.*$", + type: "text", + multiple: "reverse-proxy", + }, + }, + }, + { + id: "selfsigned", + order: 999, + name: "Self-signed certificate", + description: "Generate self-signed certificate.", + version: "0.1", + settings: { + GENERATE_SELF_SIGNED_SSL: { + context: "multisite", + default: "no", + help: "Generate and use self-signed certificate.", + id: "generate-self-signed-ssl", + label: "Activate self-signed certificate", + regex: "^(yes|no)$", + type: "check", + }, + SELF_SIGNED_SSL_EXPIRY: { + context: "multisite", + default: "365", + help: "Self-signed certificate expiry.", + id: "self-signed-ssl-expiry", + label: "Certificate expiry", + regex: "^.*$", + type: "text", + }, + SELF_SIGNED_SSL_SUBJ: { + context: "multisite", + default: "/CN=www.example.com/", + help: "Self-signed certificate subject.", + id: "self-signed-ssl-subj", + label: "Certificate subject", + regex: "^.*$", + type: "text", + }, + }, + jobs: [ + { + name: "self-signed", + file: "self-signed.py", + every: "day", + reload: True, + }, + ], + }, + { + id: "ui", + order: 999, + name: "UI", + description: "Integrate easily the BunkerWeb UI.", + version: "0.1", + settings: { + USE_UI: { + context: "multisite", + default: "no", + help: "Use UI", + id: "use-ui", + label: "Use UI", + regex: "^(yes|no)$", + type: "check", + }, + }, + }, + { + id: "whitelist", + order: 2, + name: "Whitelist", + description: + "Allow access based on internal and external IP/network/rDNS/ASN whitelists.", + version: "0.1", + settings: { + USE_WHITELIST: { + context: "multisite", + default: "yes", + help: "Activate whitelist feature.", + id: "use-whitelist", + label: "Activate whitelisting", + regex: "^(yes|no)$", + type: "check", + }, + WHITELIST_IP_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing good IP/network to whitelist.", + id: "whitelist-ip-urls", + label: "Whitelist IP/network URLs", + regex: "^.*$", + type: "text", + }, + WHITELIST_IP: { + context: "multisite", + default: + "20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8", + help: "List of IP/network, separated with spaces, to whitelist.", + id: "whitelist-ip", + label: "Whitelist IP/network", + regex: "^.*$", + type: "text", + }, + WHITELIST_RDNS: { + context: "multisite", + default: + ".google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com", + help: "List of reverse DNS suffixes, separated with spaces, to whitelist.", + id: "whitelist-rdns", + label: "Whitelist reverse DNS", + regex: "^.*$", + type: "text", + }, + WHITELIST_RDNS_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.", + id: "whitelist-rdns-urls", + label: "Whitelist reverse DNS URLs", + regex: "^.*$", + type: "text", + }, + WHITELIST_RDNS_GLOBAL: { + context: "multisite", + default: "yes", + help: "Only perform RDNS whitelist checks on global IP addresses.", + id: "whitelist-rdns-global", + label: "Whitelist reverse DNS global IPs", + regex: "^.*$", + type: "text", + }, + WHITELIST_ASN: { + context: "multisite", + default: "32934", + help: "List of ASN numbers, separated with spaces, to whitelist.", + id: "whitelist-asn", + label: "Whitelist ASN", + regex: "^.*$", + type: "text", + }, + WHITELIST_ASN_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing ASN to whitelist.", + id: "whitelist-rdns-urls", + label: "Whitelist ASN URLs", + regex: "^.*$", + type: "text", + }, + WHITELIST_USER_AGENT: { + context: "multisite", + default: "", + help: "List of User-Agent, separated with spaces, to whitelist.", + id: "whitelist-user-agent", + label: "Whitelist User-Agent", + regex: "^.*$", + type: "text", + }, + WHITELIST_USER_AGENT_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing good User-Agent to whitelist.", + id: "whitelist-user-agent-urls", + label: "Whitelist User-Agent URLs", + regex: "^.*$", + type: "text", + }, + WHITELIST_URI: { + context: "multisite", + default: "", + help: "List of URI, separated with spaces, to whitelist.", + id: "whitelist-uri", + label: "Whitelist URI", + regex: "^.*$", + type: "text", + }, + WHITELIST_URI_URLS: { + context: "global", + default: "", + help: "List of URLs, separated with spaces, containing bad URI to whitelist.", + id: "whitelist-uri-urls", + label: "Whitelist URI URLs", + regex: "^.*$", + type: "text", + }, + }, + jobs: [ + { + name: "whitelist-download", + file: "whitelist-download.py", + every: "hour", + reload: True, + }, + ], + }, +]; diff --git a/src/ui/templates/components/input.html b/src/ui/templates/components/input.html index 7be2613ea..96dd6a9db 100644 --- a/src/ui/templates/components/input.html +++ b/src/ui/templates/components/input.html @@ -1,9 +1,9 @@ - + diff --git a/src/ui/templates/components/static.html b/src/ui/templates/components/static.html index 96860d95c..dfea6d1e4 100644 --- a/src/ui/templates/components/static.html +++ b/src/ui/templates/components/static.html @@ -1,569 +1,1140 @@ - - - - -
- - - - - - - - - - - - - - - - - - -
- -
-
- -
-
- - -
- -
- - - -
-
- - -
- -
-

- Today's Users -

-
2,300
-
- - -
- -
- -
- - - - - - - -
-
- -
- - - - \ No newline at end of file + + + + +
+ + + + + + + + + + + + + + + + + +
+ +
+
+ +
+
+ + +
+ + + +
+
+ +
+ +
+

+ Today's Users +

+
2,300
+
+ + +
+ +
+ +
+ + + + + +
+
+ +
+ + + diff --git a/src/ui/templates/components/text.html b/src/ui/templates/components/text.html index 48bdf4c27..ee86e94fb 100644 --- a/src/ui/templates/components/text.html +++ b/src/ui/templates/components/text.html @@ -1,10 +1,10 @@ - - - - - - - Document - - - + + + + + + + Document + + +