Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #665 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "ui"
This commit is contained in:
Théophile Diot 2023-10-02 14:07:10 +01:00 committed by GitHub
commit d8b2561675
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1171 changed files with 77923 additions and 68283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.dockerignore
View file

@ -3,4 +3,4 @@
.vscode/
__pycache__
env
node_modules
node_modules

16
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -1,16 +0,0 @@
---
name: Bug report
about: Something is not working as expected
title: "[BUG]"
labels: bug
assignees: ""
---
**Description**
Concise description of what you're trying to do, the expected behavior and the current bug.
**How to reproduce**
Give steps on how to reproduce the bug (e.g. : commands, yaml, configs, tests, environment, version, ...).
**Logs**
The logs generated by BunkerWeb. **DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES !**

91
.github/ISSUE_TEMPLATE/bug_report.yml vendored Normal file
View file

@ -0,0 +1,91 @@
name: 🐛 Bug Report
description: Create a report to help us reproduce and fix the bug
title: "[BUG] "
labels: ["bug"]
body:
- type: markdown
attributes:
value: >
#### Before submitting a bug, please make sure the issue hasn't been already addressed by searching through [the existing and past issues](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+).
- type: textarea
id: what-happened
attributes:
label: What happened?
description: Concise description of what you're trying to do, the expected behavior and the current bug.
placeholder: Describe the bug, the expected behavior and the current behavior
validations:
required: true
- type: textarea
id: how-to-reproduce
attributes:
label: How to reproduce?
description: Concise description of how to reproduce the issue.
placeholder: Describe how to reproduce the issue
validations:
required: true
- type: textarea
id: configuration-file
attributes:
label: Configuration file(s) (yaml or .env)
description: |
Please copy and paste your configuration file or the relevant part of it.
⚠️ DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES ! ⚠️
placeholder: Configuration file
render: YAML
- type: textarea
id: logs
attributes:
label: Relevant log output
description: |
Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
⚠️ DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES ! ⚠️
placeholder: Log output
render: shell
- type: input
id: version
attributes:
label: BunkerWeb version
description: What version of BunkerWeb are you running?
placeholder: Version
value: 1.5.2
validations:
required: true
- type: dropdown
id: integration
attributes:
label: What integration are you using?
options:
- Docker
- Autoconf
- Swarm
- Kubernetes
- Linux
- Ansible
- Vagrant
default: 0
validations:
required: true
- type: input
id: linux-distribution
attributes:
label: Linux distribution (if applicable)
description: What Linux distribution are you using? (e.g. Ubuntu Server 18.04)
placeholder: Linux distribution
- type: checkboxes
id: removed-private-data
attributes:
label: Removed private data
description: |
We would like to emphasize that we are not responsible for any private data that may be inadvertently included in the logs or configuration files.
⚠️ I have removed all private data from the configuration file and the logs ⚠️
options:
- label: I have removed all private data from the configuration file and the logs
required: true
- type: checkboxes
id: terms
attributes:
label: Code of Conduct
description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
options:
- label: I agree to follow this project's Code of Conduct
required: true

13
.github/ISSUE_TEMPLATE/documentation.md vendored
View file

@ -1,13 +0,0 @@
---
name: Documentation enhancement
about: Error in the documentation or something is missing
title: "[DOC]"
labels: documentation
assignees: ""
---
**Description**
Concise description of the error or what is missing.
**Proposal (optional)**
Any proposal or ideas to fix the problem.

29
.github/ISSUE_TEMPLATE/documentation.yml vendored Normal file
View file

@ -0,0 +1,29 @@
name: 📚 Documentation enhancement
description: Suggest an idea that will improve BunkerWeb documentation or declare a bug in the documentation
title: "[DOC] "
labels: ["documentation"]
body:
- type: markdown
attributes:
value: >
#### Before submitting a documentation enhancement request, please make sure the feature hasn't been already addressed by searching through [the existing and past documentation enhancement requests](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+%5BDOC%5D+in%3Atitle).
- type: textarea
id: description
attributes:
label: Description
description: Concise description of the error or what is missing.
validations:
required: true
- type: textarea
id: proposed-solution
attributes:
label: Proposed solution (optional)
description: How it should be fixed or what should be added ?
- type: checkboxes
id: terms
attributes:
label: Code of Conduct
description: By submitting this documentation enhancement request, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
options:
- label: I agree to follow this project's Code of Conduct
required: true

13
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -1,13 +0,0 @@
---
name: Feature request
about: Suggest an idea for this project
title: "[FEATURE]"
labels: enhancement
assignees: ""
---
**What's needed and why ?**
Describe the feature you would like to see in the project and why it should be implemented.
**Implementations ideas (optional)**
How it should be used and integrated into the project ? List some posts, research papers or codes that we can use as implementation.

29
.github/ISSUE_TEMPLATE/feature_request.yml vendored Normal file
View file

@ -0,0 +1,29 @@
name: 🚀 Feature Request
description: Suggest an idea that will improve BunkerWeb
title: "[FEATURE] "
labels: ["enhancement"]
body:
- type: markdown
attributes:
value: >
#### Before submitting a feature request, please make sure the feature hasn't been already addressed by searching through [the existing and past feature requests](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+%5BFEATURE%5D+in%3Atitle).
- type: textarea
id: whats-needed-and-why
attributes:
label: What's needed and why?
description: Describe the feature you would like to see in the project and why it should be implemented.
validations:
required: true
- type: textarea
id: implementations-ideas
attributes:
label: Implementations ideas (optional)
description: How it should be used and integrated into the project ? List some posts, research papers or codes that we can use as implementation.
- type: checkboxes
id: terms
attributes:
label: Code of Conduct
description: By submitting this feature request, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
options:
- label: I agree to follow this project's Code of Conduct
required: true

5
.github/codeql.yml vendored
View file

@ -6,5 +6,8 @@ paths:
- src/ui
- src/common
paths-ignore:
- src/ui/static
- src/ui/static/js/tsparticles.bundle.min.js
- src/ui/static/js/editor
- src/ui/static/js/utils/flatpickr.js
- src/ui/static/js/utils/purify
- src/common/core/modsecurity/files

14
.github/dependabot.yml vendored
View file

@ -18,7 +18,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/bw"
target-branch: "dev"
@ -29,7 +29,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/scheduler"
target-branch: "dev"
@ -38,7 +38,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/scheduler"
target-branch: "dev"
@ -49,7 +49,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/autoconf"
target-branch: "dev"
@ -58,7 +58,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/autoconf"
target-branch: "dev"
@ -69,7 +69,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/ui"
target-branch: "dev"
@ -78,7 +78,7 @@ updates:
schedule:
interval: "daily"
assignees:
- "fl0ppy-d1sk"
- "TheophileDiot"
commit-message:
prefix: "deps/ui"
target-branch: "dev"

6
.github/workflows/beta.yml vendored
View file

@ -7,7 +7,6 @@ on:
branches: [beta]
jobs:
# Build amd64 + 386 containers images
build-containers:
strategy:
@ -145,7 +144,8 @@ jobs:
needs: [create-arm, wait-builds]
strategy:
matrix:
image: [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
image:
[bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
include:
- release: beta
- image: bunkerweb
@ -281,5 +281,3 @@ jobs:
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}

31
.github/workflows/codeql.yml vendored Normal file
View file

@ -0,0 +1,31 @@
name: CodeQL Analysis
on:
schedule:
# Weekly on Saturdays.
- cron: "30 1 * * 6"
workflow_call:
jobs:
code-security:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python", "javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"

14
.github/workflows/container-build.yml vendored
View file

@ -61,22 +61,22 @@ jobs:
SSH_IP: ${{ secrets.ARM_SSH_IP }}
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
- name: Setup Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
if: inputs.CACHE_SUFFIX != 'arm'
- name: Setup Buildx (ARM)
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
if: inputs.CACHE_SUFFIX == 'arm'
with:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
- name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
if: inputs.PUSH == true
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -84,13 +84,13 @@ jobs:
# Compute metadata
- name: Extract metadata
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v5
with:
images: bunkerity/${{ inputs.IMAGE }}
# Build cached image
- name: Build image
if: inputs.CACHE == true
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: .
file: ${{ inputs.DOCKERFILE }}
@ -103,7 +103,7 @@ jobs:
# Build non-cached image
- name: Build image
if: inputs.CACHE != true
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: .
file: ${{ inputs.DOCKERFILE }}

27
.github/workflows/create-arm.yml vendored
View file

@ -28,31 +28,43 @@ jobs:
build:
runs-on: ubuntu-latest
outputs:
json: ${{ steps.scw.outputs.json }}
id: ${{ steps.getinfo.outputs.id }}
ip: ${{ steps.getinfo.outputs.ip }}
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v4
- name: Create ARM VM
id: scw
- name: Get ARM availabilities
id: availabilities
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server create zone=fr-par-2 type=AMP2-C48 root-volume=block:50GB
save-config: true
version: v2.13.0
args: instance server-type get zone=fr-par-2
export-config: true
access-key: ${{ secrets.SCW_ACCESS_KEY }}
secret-key: ${{ secrets.SCW_SECRET_KEY }}
default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
- name: Extract ARM type
run: |
TYPE=$(echo "$JSON" | jq '.servers | with_entries(select(.key | contains("AMP"))) | with_entries(select(.value.availability != "shortage")) | keys[] | select(. | test("^AMP2-C[0-9]+$")) | sub("AMP2-C"; "") | tonumber' | sort -n | tail -n 1 | xargs -I {} echo "AMP2-C{}")
echo "Type is $TYPE"
echo "TYPE=$TYPE" >> "$GITHUB_ENV"
env:
JSON: ${{ steps.availabilities.outputs.json }}
- name: Create ARM VM
id: scw
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server create zone=fr-par-2 type=${{ env.TYPE }} root-volume=block:50GB
- name: Get info
id: getinfo
run: |
echo "id=${{ fromJson(steps.scw.outputs.json).id }}" >> "$GITHUB_OUTPUT"
echo "ip=${{ fromJson(steps.scw.outputs.json).public_ip.address }}" >> "$GITHUB_OUTPUT"
- name: Wait for VM
run: scw instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
- name: Wait for SSH
uses: iFaxity/wait-on-action@628831cec646e6dacca502f34a6c6b46e131e51d
with:
@ -72,4 +84,3 @@ jobs:
run: ssh root@$SSH_IP "curl -fsSL https://test.docker.com -o test-docker.sh ; sh test-docker.sh"
env:
SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}

4
.github/workflows/dev-update-mmdb.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
cd src/bw/misc/
CURL_RETURN_CODE=0
CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o asn.mmdb.gz https://download.db-ip.com/free/dbip-asn-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
echo "Curl connection failed when downloading asn-lite mmdb file with return code - ${CURL_RETURN_CODE}"
exit 1
else
@ -37,7 +37,7 @@ jobs:
fi
CURL_RETURN_CODE=0
CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o country.mmdb.gz https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
if [ ${CURL_RETURN_CODE} -ne 0 ]; then
echo "Curl connection failed when downloading country-lite mmdb file with return code - ${CURL_RETURN_CODE}"
exit 1
else

131
.github/workflows/dev.yml vendored
View file

@ -27,48 +27,64 @@ jobs:
uses: ./.github/workflows/container-build.yml
with:
RELEASE: dev
CACHE: true
ARCH: linux/amd64
CACHE: true
IMAGE: ${{ matrix.image }}
DOCKERFILE: ${{ matrix.dockerfile }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Python code security
code-security:
runs-on: ubuntu-latest
# Build Linux packages
build-packages:
permissions:
contents: read
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
include:
- linux: ubuntu
package: deb
- linux: debian
package: deb
- linux: fedora
package: rpm
- linux: rhel
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: dev
LINUX: ${{ matrix.linux }}
PACKAGE: ${{ matrix.package }}
TEST: true
PLATFORMS: linux/amd64
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
codeql:
uses: ./.github/workflows/codeql.yml
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
# UI tests
tests-ui:
needs: [code-security, build-containers]
needs: [codeql, build-containers]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: dev
tests-ui-linux:
needs: [codeql, build-packages]
uses: ./.github/workflows/tests-ui-linux.yml
with:
RELEASE: dev
# Core tests
prepare-tests-core:
needs: [code-security, build-containers]
needs: [codeql, build-containers, build-packages]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
@ -89,6 +105,17 @@ jobs:
with:
TEST: ${{ matrix.test }}
RELEASE: dev
tests-core-linux:
needs: prepare-tests-core
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
uses: ./.github/workflows/test-core-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: dev
secrets: inherit
# Push with dev tag
push-dev:
@ -99,12 +126,12 @@ jobs:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -129,3 +156,59 @@ jobs:
env:
FROM: "autoconf"
TO: "bunkerweb-autoconf"
# Push Linux packages
push-packages:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
arch: [amd64]
include:
- release: dev
repo: bunkerweb
- linux: ubuntu
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
separator: _
suffix: ""
version: bullseye
package: deb
- linux: fedora
separator: "-"
suffix: "1."
version: 38
package: rpm
- linux: el
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
package_arch: x86_64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}
SUFFIX: ${{ matrix.suffix }}
REPO: ${{ matrix.repo }}
LINUX: ${{ matrix.linux }}
VERSION: ${{ matrix.version }}
PACKAGE: ${{ matrix.package }}
BW_VERSION: ${{ matrix.release }}
PACKAGE_ARCH: ${{ matrix.package_arch }}
ARCH: ${{ matrix.arch }}
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

7
.github/workflows/doc-to-pdf.yml vendored
View file

@ -17,9 +17,9 @@ jobs:
- name: Install Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
python-version: "3.10"
- name: Install doc requirements
run: pip install -r docs/requirements.txt
run: pip install --no-cache-dir --require-hashes -r docs/requirements.txt
- name: Install chromium
run: sudo apt install chromium-browser
- name: Install node
@ -27,7 +27,7 @@ jobs:
with:
node-version: 18
- name: Install puppeteer
run: npm i --save puppeteer
run: cd docs && npm install
- name: Run mkdocs serve in background
run: mkdocs serve & sleep 10
- name: Run pdf script
@ -36,4 +36,3 @@ jobs:
with:
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf

34
.github/workflows/linux-build.yml vendored
View file

@ -39,22 +39,22 @@ jobs:
- name: Checkout source code
uses: actions/checkout@v4
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
- name: Extract arch
run : |
run: |
echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
env:
PLATFORMS: ${{ inputs.PLATFORMS }}
- name: Extract linux arch
if: inputs.PACKAGE == 'rpm'
run : |
run: |
echo "LARCH=${{ env.ARCH }}" | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' >> "$GITHUB_ENV"
env:
ARCH: ${{ env.ARCH }}
- name: Extract linux arch
if: inputs.PACKAGE == 'deb'
run : |
run: |
echo "LARCH=${{ env.ARCH }}" >> "$GITHUB_ENV"
env:
ARCH: ${{ env.ARCH }}
@ -70,41 +70,41 @@ jobs:
SSH_IP: ${{ secrets.ARM_SSH_IP }}
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
- name: Setup Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
if: startsWith(env.ARCH, 'arm') == false
- name: Setup Buildx (ARM)
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
if: startsWith(env.ARCH, 'arm') == true
with:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
- name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build testing package image
- name: Build package image
if: inputs.RELEASE == 'testing'
uses: docker/build-push-action@v4
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
uses: docker/build-push-action@v5
with:
context: .
load: true
file: src/linux/Dockerfile-${{ inputs.LINUX }}
platforms: ${{ inputs.PLATFORMS }}
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
cache-from: type=gha,scope=${{ inputs.LINUX }}-testing
cache-to: type=gha,scope=${{ inputs.LINUX }}-testing,mode=min
cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}
cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }},mode=min
# Build non-testing package image
- name: Build package image
if: inputs.RELEASE != 'testing'
uses: docker/build-push-action@v4
if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
uses: docker/build-push-action@v5
with:
context: .
load: true
@ -135,12 +135,12 @@ jobs:
- name: Extract metadata
if: inputs.TEST == true
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v5
with:
images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
- name: Build test image
if: inputs.TEST == true
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: .
file: tests/linux/Dockerfile-${{ inputs.LINUX }}

6
.github/workflows/push-doc.yml vendored
View file

@ -31,11 +31,11 @@ jobs:
git config --global user.email "bunkerbot@bunkerity.com"
- uses: actions/setup-python@v4
with:
python-version: '3.10'
python-version: "3.10"
- name: Install doc requirements
run: pip install -r docs/requirements.txt
run: pip install --no-cache-dir --require-hashes -r docs/requirements.txt
- name: Push doc
run: mike deploy --update-aliases --push ${{ inputs.VERSION }} ${{ inputs.ALIAS }}
run: mike deploy --update-aliases --push --no-redirect ${{ inputs.VERSION }} ${{ inputs.ALIAS }}
- name: Set default doc
if: inputs.ALIAS == 'latest'
run: mike set-default --push latest

30
.github/workflows/push-docker.yml vendored
View file

@ -6,6 +6,9 @@ on:
IMAGE:
required: true
type: string
TAGS:
required: true
type: string
CACHE_FROM:
required: true
type: string
@ -32,10 +35,16 @@ jobs:
- name: Check out repository code
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup SSH for ARM node
run: |
mkdir -p ~/.ssh
@ -47,20 +56,27 @@ jobs:
SSH_IP: ${{ secrets.ARM_SSH_IP }}
SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
- name: Setup Buildx (ARM)
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
with:
endpoint: ssh://root@arm
platforms: linux/arm64,linux/arm/v7,linux/arm/v6
# Compute metadata
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: bunkerity/${{ inputs.IMAGE }}
# Build and push
- name: Build and push
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: .
file: ${{ inputs.DOCKERFILE }}
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
push: true
tags: ${{ inputs.IMAGE }}
tags: ${{ inputs.TAGS }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=registry,ref=bunkerity/cache:${{ inputs.CACHE_FROM }}-amd64
type=registry,ref=bunkerity/cache:${{ inputs.CACHE_FROM }}-386
type=registry,ref=bunkerity/cache:${{ inputs.CACHE_FROM }}-arm
type=gha,scope=${{ inputs.CACHE_FROM }}-amd64
type=gha,scope=${{ inputs.CACHE_FROM }}-386
type=gha,scope=${{ inputs.CACHE_FROM }}-arm

7
.github/workflows/push-github.yml vendored
View file

@ -56,7 +56,7 @@ jobs:
body: |
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
Docker tags :
Docker tags :
- BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
- Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
- Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
@ -64,7 +64,7 @@ jobs:
Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
Changelog :
Changelog :
${{ steps.getchangelog.outputs.content }}
draft: true
prerelease: ${{ inputs.PRERELEASE }}
@ -82,7 +82,7 @@ jobs:
Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
Docker tags :
Docker tags :
- BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
- Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
- Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
@ -95,4 +95,3 @@ jobs:
prerelease: ${{ inputs.PRERELEASE }}
name: Testing
tag_name: ${{ inputs.VERSION }}

26
.github/workflows/release.yml vendored
View file

@ -7,6 +7,15 @@ on:
branches: [master]
jobs:
scorecards-analysis:
uses: ./.github/workflows/scorecards-analysis.yml
codeql:
uses: ./.github/workflows/codeql.yml
permissions:
actions: read
contents: read
security-events: write
# Build amd64 + 386 containers images
build-containers:
@ -117,8 +126,6 @@ jobs:
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
@ -126,7 +133,7 @@ jobs:
# Wait for all builds and extract VERSION
wait-builds:
runs-on: ubuntu-latest
needs: [build-containers, build-containers-arm, build-packages]
needs: [codeql, build-containers, build-containers-arm, build-packages]
outputs:
version: ${{ steps.getversion.outputs.version }}
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
@ -142,10 +149,14 @@ jobs:
# Push Docker images
push-images:
permissions:
contents: read
packages: write
needs: [create-arm, wait-builds]
strategy:
matrix:
image: [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
image:
[bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
include:
- release: latest
- image: bunkerweb
@ -162,7 +173,8 @@ jobs:
dockerfile: src/ui/Dockerfile
uses: ./.github/workflows/push-docker.yml
with:
IMAGE: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
IMAGE: ${{ matrix.image }}
TAGS: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }},ghcr.io/bunkerity/${{ matrix.image }}:${{ matrix.release }},ghcr.io/bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
DOCKERFILE: ${{ matrix.dockerfile }}
secrets:
@ -177,7 +189,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, el]
arch: [amd64, arm64]
include:
- release: latest
@ -280,4 +292,4 @@ jobs:
SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}

3
.github/workflows/rm-arm.yml vendored
View file

@ -26,8 +26,7 @@ jobs:
uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
with:
args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
version: v2.13.0
access-key: ${{ secrets.SCW_ACCESS_KEY }}
secret-key: ${{ secrets.SCW_SECRET_KEY }}
default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}

30
.github/workflows/scorecards-analysis.yml vendored Normal file
View file

@ -0,0 +1,30 @@
name: Scorecard analysis workflow
on:
branch_protection_rule:
schedule:
# Weekly on Saturdays.
- cron: "30 1 * * 6"
workflow_call:
permissions: read-all
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@v2.2.0
with:
results_file: results.sarif
results_format: sarif
publish_results: true
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif

2
.github/workflows/staging-create-infra.yml vendored
View file

@ -36,7 +36,7 @@ jobs:
python-version: "3.11"
cache: "pip"
- name: Install ansible
run: pip install ansible
run: pip install --no-cache-dir --require-hashes -r misc/requirements-ansible.txt
if: inputs.TYPE != 'k8s'
- name: Install ansible libs
run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general

6
.github/workflows/staging-tests.yml vendored
View file

@ -27,7 +27,7 @@ jobs:
- name: Checkout source code
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -42,7 +42,7 @@ jobs:
run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
if: inputs.TYPE == 'swarm'
- name: Install test dependencies
run: pip3 install -r tests/requirements.txt
run: pip3 install --no-cache-dir --require-hashes -r tests/requirements.txt
- uses: actions/download-artifact@v3
with:
name: tf-k8s
@ -50,7 +50,7 @@ jobs:
if: inputs.TYPE == 'k8s'
- run: |
echo "$SECRET_KEY" > /tmp/.secret_key
openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
rm -f /tmp/.secret_key
tar xf /tmp/terraform.tar -C /
mkdir /tmp/reg

94
.github/workflows/staging.yml vendored
View file

@ -7,7 +7,6 @@ on:
branches: [staging]
jobs:
# Build Docker images
build-containers:
permissions:
@ -65,33 +64,16 @@ jobs:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Code security
code-security:
runs-on: ubuntu-latest
codeql:
uses: ./.github/workflows/codeql.yml
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
# Create infrastructures
# Create infrastructures and prepare tests
create-infras:
needs: [code-security, build-containers, build-packages]
needs: [codeql, build-containers, build-packages]
strategy:
matrix:
type: [docker, autoconf, swarm, k8s, linux]
@ -102,8 +84,30 @@ jobs:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
K8S_IP: ${{ secrets.K8S_IP }}
prepare-tests-core:
needs: [codeql, build-containers, build-packages]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "::set-output name=tests::$tests"
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
# Perform tests
tests-ui:
needs: [codeql, build-containers]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: testing
tests-ui-linux:
needs: [codeql, build-packages]
uses: ./.github/workflows/tests-ui-linux.yml
with:
RELEASE: testing
staging-tests:
needs: [create-infras]
strategy:
@ -125,23 +129,6 @@ jobs:
TYPE: ${{ matrix.type }}
RUNS_ON: ${{ matrix.runs_on }}
secrets: inherit
tests-ui:
needs: [create-infras]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: testing
prepare-tests-core:
needs: [create-infras]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "::set-output name=tests::$tests"
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
tests-core:
needs: prepare-tests-core
strategy:
@ -152,6 +139,17 @@ jobs:
with:
TEST: ${{ matrix.test }}
RELEASE: testing
tests-core-linux:
needs: prepare-tests-core
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
uses: ./.github/workflows/test-core-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: testing
secrets: inherit
# Delete infrastructures
delete-infras:
@ -176,31 +174,31 @@ jobs:
packages: write
steps:
- name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to ghcr
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push BW image
run: docker pull ghcr.io/bunkerweb-tests:testing && docker tag ghcr.io/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing && docker tag bunkerity/bunkerweb:testing ghcr.io/bunkerity/bunkerweb:testing && docker push ghcr.io/bunkerity/bunkerweb:testing
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing && docker tag bunkerity/bunkerweb:testing ghcr.io/bunkerity/bunkerweb:testing && docker push ghcr.io/bunkerity/bunkerweb:testing
- name: Push scheduler image
run: docker pull ghcr.io/scheduler-tests:testing && docker tag ghcr.io/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing && docker tag bunkerity/bunkerweb-scheduler:testing ghcr.io/bunkerity/bunkerweb-scheduler:testing && docker push ghcr.io/bunkerity/bunkerweb-scheduler:testing
run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing && docker tag bunkerity/bunkerweb-scheduler:testing ghcr.io/bunkerity/bunkerweb-scheduler:testing && docker push ghcr.io/bunkerity/bunkerweb-scheduler:testing
- name: Push UI image
run: docker pull ghcr.io/ui-tests:testing && docker tag ghcr.io/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing && docker tag bunkerity/bunkerweb-ui:testing ghcr.io/bunkerity/bunkerweb-ui:testing && docker push ghcr.io/bunkerity/bunkerweb-ui:testing
run: docker pull ghcr.io/bunkerity/ui-tests:testing && docker tag ghcr.io/bunkerity/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing && docker tag bunkerity/bunkerweb-ui:testing ghcr.io/bunkerity/bunkerweb-ui:testing && docker push ghcr.io/bunkerity/bunkerweb-ui:testing
- name: Push autoconf image
run: docker pull ghcr.io/autoconf-tests:testing && docker tag ghcr.io/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing && docker tag bunkerity/bunkerweb-autoconf:testing ghcr.io/bunkerity/bunkerweb-autoconf:testing && docker push ghcr.io/bunkerity/bunkerweb-autoconf:testing
run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing && docker tag bunkerity/bunkerweb-autoconf:testing ghcr.io/bunkerity/bunkerweb-autoconf:testing && docker push ghcr.io/bunkerity/bunkerweb-autoconf:testing
# Push Linux packages
push-packages:
needs: [staging-tests, tests-ui, tests-core]
needs: [staging-tests, tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
linux: [ubuntu, debian, fedora, el]
arch: [amd64]
include:
- release: testing
@ -272,4 +270,4 @@ jobs:
uses: ./.github/workflows/push-github.yml
with:
VERSION: testing
PRERELEASE: true
PRERELEASE: true

95
.github/workflows/test-core-linux.yml vendored Normal file
View file

@ -0,0 +1,95 @@
name: Core test Linux (REUSABLE)
on:
workflow_call:
inputs:
TEST:
required: true
type: string
RELEASE:
required: true
type: string
jobs:
tests:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: "3.11"
cache: "pip"
- name: Install Firefox manually and dependencies
run: |
sudo apt purge -y firefox
sudo apt update
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip
wget -O firefox-setup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64"
sudo tar -xjf firefox-setup.tar.bz2 -C /opt/
sudo rm -f /usr/bin/firefox
sudo ln -s /opt/firefox/firefox /usr/bin/firefox
sudo chmod 755 /opt/firefox /opt/firefox/firefox
rm -f firefox-setup.tar.bz2
- name: Download geckodriver
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 20
command: |
GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull BW linux ubuntu test image
run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
- name: Copy deb file to host
run: |
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
docker cp "$container_id:/opt/bunkerweb_${{ inputs.RELEASE }}-1_amd64.deb" "/tmp/bunkerweb.deb"
docker rm "$container_id"
- name: Install BunkerWeb
run: |
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx=1.24.0-1~jammy
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
- name: Install BunkerWeb
run: sudo apt install -fy /tmp/bunkerweb.deb
- name: Edit configuration files
run: |
# Misc
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 bwadm.example.com" | sudo tee -a /etc/hosts
sudo cp ./tests/www-deb.conf /etc/php/8.1/fpm/pool.d/www.conf
sudo systemctl stop php8.1-fpm
sudo systemctl start php8.1-fpm
# BunkerWeb
echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
sudo chown nginx:nginx /etc/bunkerweb/variables.env
sudo chmod 777 /etc/bunkerweb/variables.env
- name: Run tests
run: |
cd ./tests/core/${{ inputs.TEST }}
MAKEFLAGS="-j $(nproc)" find . -name "requirements.txt" -exec pip install --no-cache-dir --require-hashes -r {} \;
./test.sh "linux"

10
.github/workflows/test-core.yml vendored
View file

@ -9,6 +9,7 @@ on:
RELEASE:
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
@ -17,7 +18,7 @@ jobs:
- name: Checkout source code
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -26,15 +27,10 @@ jobs:
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
- name: Pull Scheduler image
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
# # Temp fix "is not connected to the network" until compose v2.19.1 is available
# - name: Downgrade compose
# run: |
# sudo apt update
# sudo apt install -y --allow-downgrades moby-compose=2.18.1+azure-ubuntu22.04u2
# Run test
- name: Run test
run: |
cd ./tests/core/${{ inputs.TEST }}
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb:.*@bunkerweb-tests@" {} \;
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb-scheduler:.*@scheduler-tests@" {} \;
./test.sh
./test.sh "docker"

118
.github/workflows/tests-ui-linux.yml vendored Normal file
View file

@ -0,0 +1,118 @@
name: Core test Linux (REUSABLE)
on:
workflow_call:
inputs:
RELEASE:
required: true
type: string
jobs:
tests:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: "3.11"
cache: "pip"
- name: Install Firefox manually and dependencies
run: |
sudo apt purge -y firefox
sudo apt update
sudo apt install --no-install-recommends -y zip nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6
wget -O firefox-setup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64"
sudo tar -xjf firefox-setup.tar.bz2 -C /opt/
sudo rm -f /usr/bin/firefox
sudo ln -s /opt/firefox/firefox /usr/bin/firefox
sudo chmod 755 /opt/firefox /opt/firefox/firefox
rm -f firefox-setup.tar.bz2
- name: Download geckodriver
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 20
command: |
GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull BW linux ubuntu test image
run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
- name: Copy deb file to host
run: |
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
docker cp "$container_id:/opt/bunkerweb_${{ inputs.RELEASE }}-1_amd64.deb" "/tmp/bunkerweb.deb"
docker rm "$container_id"
- name: Install BunkerWeb
run: |
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx=1.24.0-1~jammy
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
- name: Install BunkerWeb
run: sudo apt install -fy /tmp/bunkerweb.deb
- name: Edit configuration files
run: |
# Misc
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
# BunkerWeb
echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
echo "MULTISITE=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "DISABLE_DEFAULT_SERVER=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_CLIENT_CACHE=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GZIP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "DATASTORE_MEMORY_SIZE=384m" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_USE_UI=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_SERVE_FILES=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_USE_REVERSE_PROXY=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_REVERSE_PROXY_URL=/admin" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_INTERCEPTED_ERROR_CODES=400 405 413 429 500 501 502 503 504" | sudo tee -a /etc/bunkerweb/variables.env
echo "ADMIN_USERNAME=admin" | sudo tee /etc/bunkerweb/ui.env
echo "ADMIN_PASSWORD=S\$cr3tP@ssw0rd" | sudo tee -a /etc/bunkerweb/ui.env
sudo chown nginx:nginx /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
sudo chmod 777 /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
- name: Run tests
run: |
cd ./tests/ui
MAKEFLAGS="-j $(nproc)" find . -name "requirements.txt" -exec pip install --no-cache-dir --require-hashes -r {} \;
touch test.txt
zip test.zip test.txt
rm test.txt
echo '{
"id": "discord",
"name": "Discord",
"description": "Send alerts to a Discord channel (using webhooks).",
"version": "0.1",
"stream": "no",
"settings": {}
}' | tee plugin.json
zip discord.zip plugin.json
rm plugin.json
./tests.sh "linux"
env:
MODE: ${{ inputs.RELEASE }}

6
.github/workflows/tests-ui.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
- name: Checkout source code
uses: actions/checkout@v4
- name: Login to ghcr
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -27,6 +27,8 @@ jobs:
run: docker pull ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} ui-tests
# Do tests
- name: Run tests
run: ./tests/ui/tests.sh
run: |
cd ./tests/ui
./tests.sh "docker"
env:
MODE: ${{ inputs.RELEASE }}

36
.github/workflows/ui.yml vendored
View file

@ -33,9 +33,43 @@ jobs:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Build Linux packages
build-packages:
permissions:
contents: read
packages: write
strategy:
matrix:
linux: [ubuntu]
include:
- linux: ubuntu
package: deb
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: ui
LINUX: ${{ matrix.linux }}
PACKAGE: ${{ matrix.package }}
TEST: true
PLATFORMS: linux/amd64
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
codeql:
uses: ./.github/workflows/codeql.yml
permissions:
actions: read
contents: read
security-events: write
# UI tests
tests-ui:
needs: [build-containers]
needs: [codeql, build-containers]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: ui
tests-ui-linux:
needs: [codeql, build-packages]
uses: ./.github/workflows/tests-ui-linux.yml
with:
RELEASE: ui

28
.pre-commit-config.yaml Normal file
View file

@ -0,0 +1,28 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
exclude: (^LICENSE.md$|^src/VERSION$|^src/(bw/misc/root-ca.pem$|deps/src/|common/core/modsecurity/files|ui/static/js/(editor/|utils/purify/|tsparticles\.bundle\.min\.js))|\.(svg|drawio|patch\d?|ascii|tf|tftpl)$)
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: check-case-conflict
- id: detect-private-key
- id: end-of-file-fixer
- id: requirements-txt-fixer
- id: trailing-whitespace
- repo: https://github.com/ambv/black
rev: 23.9.1
hooks:
- id: black
language_version: python3.9
- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.0
hooks:
- id: gitleaks
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.9.0
hooks:
- id: shellcheck

9
.prettierignore
View file

@ -10,5 +10,10 @@ CONTRIBUTING.md
LICENSE.md
README.md
SECURITY.md
src/ui/static
examples/*
tsparticles.bundle.min.js
flatpickr.*
src/ui/static/js/editor/*
src/ui/static/js/utils/purify/*
src/ui/templates/*
datepicker-foundation.css
examples/*

24
CHANGELOG.md
View file

@ -1,11 +1,31 @@
# Changelog
## v1.5.2 -
## v1.5.3 -
- [BUGFIX] Fix UI fetching only default values from the database (fixes no thrash button too)
- [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
- [BUGFIX] Fix Custom configs not following the service name after an update on the UI
- [BUGFIX] Fix UI clearing configs folder at startup
- [BUGFIX] Fix Database not clearing old services when not using multisite
- [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
- [MISC] Updated core dependencies
- [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
- [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
## v1.5.2 - 2023/10/10
- [BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
- [BUGFIX] Fix infinite loop when using autoconf
- [BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
- [BUGFIX] Fix logs page not working in UI on Linux integrations
- [BUGFIX] Fix settings regex that had issues in general and with the UI
- [BUGFIX] Fix scheduler error with external plugins when reloading
- [BUGFIX] Fix permissions with folders in linux integrations
- [MISC] Push Docker images to GitHub packages (ghcr.io repository)
- [MISC] Improved CI/CD
- [MISC] Updated python dependencies
- [MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
- [MISC] Add support for ModSecurity JSON LogFormat
- [MISC] Updated OWASP coreruleset to 3.3.5
## v1.5.1 - 2023/08/08

2
CODE_OF_CONDUCT.md
View file

@ -125,4 +125,4 @@ enforcement ladder](https://github.com/mozilla/diversity).
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.
https://www.contributor-covenant.org/translations.

112
README.md
View file

@ -1,26 +1,31 @@
<p align="center">
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/misc/logo.png" />
<img alt="BunkerWeb logo" src="./misc/logo.png" />
</p>
<p align="center">
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?label=stable" />
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?include_prereleases&label=latest" />
<br />
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/dev.yml?branch=dev&label=CI%2FCD%20dev" />
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/staging.yml?branch=staging&label=CI%2FCD%20staging" />
<br />
<img src="https://img.shields.io/github/issues/bunkerity/bunkerweb">
<img src="https://img.shields.io/github/issues-pr/bunkerity/bunkerweb">
<a href="https://securityscorecards.dev/viewer/?uri=github.com/bunkerity/bunkerweb">
<img src="https://api.securityscorecards.dev/projects/github.com/bunkerity/bunkerweb/badge" />
</a>
</p>
<p align="center">
📓 <a href="https://docs.bunkerweb.io">Documentation</a>
&#124;
&#124;
👨‍💻 <a href="https://demo.bunkerweb.io">Demo</a>
&#124;
🛡️ <a href="https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples">Examples</a>
&#124;
&#124;
🛡️ <a href="./examples">Examples</a>
&#124;
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
&#124;
&#124;
📝 <a href="https://github.com/bunkerity/bunkerweb/discussions">Forum</a>
&#124;
⚙️ <a href="https://config.bunkerweb.io">Configurator</a>
@ -33,14 +38,14 @@
# BunkerWeb
<p align="center">
<img alt="overview" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/intro-overview.svg" />
<img alt="Overview banner" src="./docs/assets/img/intro-overview.svg" />
</p>
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.1/integrations/#linux), [Docker](https://docs.bunkerweb.io/1.5.1/integrations/#docker), [Swarm](https://docs.bunkerweb.io/1.5.1/integrations/#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.1/integrations/#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.1/web-ui/) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.2/integrations/#linux), [Docker](https://docs.bunkerweb.io/1.5.2/integrations/#docker), [Swarm](https://docs.bunkerweb.io/1.5.2/integrations/#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.2/integrations/#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.2/web-ui/) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.1/security-tuning/) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.1/plugins/)).
BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.2/security-tuning/) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.2/plugins/)).
## Why BunkerWeb ?
@ -64,7 +69,7 @@ A non-exhaustive list of security features :
- **Block known bad IPs** with external blacklists and DNSBL
- And much more ...
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.1/security-tuning/) section of the documentation.
Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.2/security-tuning/) section of the documentation.
## Demo
@ -77,10 +82,10 @@ A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](http
# Concepts
<p align="center">
<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/concepts.svg" />
<img alt="Concepts banner" src="./docs/assets/img/concepts.svg" />
</p>
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.1/concepts).
You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.2/concepts).
## Integrations
@ -88,13 +93,13 @@ The first concept is the integration of BunkerWeb into the target environment. W
The following integrations are officially supported :
- [Docker](https://docs.bunkerweb.io/1.5.1/integrations/#docker)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.1/integrations/#docker-autoconf)
- [Swarm](https://docs.bunkerweb.io/1.5.1/integrations/#swarm)
- [Kubernetes](https://docs.bunkerweb.io/1.5.1/integrations/#kubernetes)
- [Linux](https://docs.bunkerweb.io/1.5.1/integrations/#linux)
- [Ansible](https://docs.bunkerweb.io/1.5.1/integrations/#ansible)
- [Vagrant](https://docs.bunkerweb.io/1.5.1/integrations/#vagrant)
- [Docker](https://docs.bunkerweb.io/1.5.2/integrations/#docker)
- [Docker autoconf](https://docs.bunkerweb.io/1.5.2/integrations/#docker-autoconf)
- [Swarm](https://docs.bunkerweb.io/1.5.2/integrations/#swarm)
- [Kubernetes](https://docs.bunkerweb.io/1.5.2/integrations/#kubernetes)
- [Linux](https://docs.bunkerweb.io/1.5.2/integrations/#linux)
- [Ansible](https://docs.bunkerweb.io/1.5.2/integrations/#ansible)
- [Vagrant](https://docs.bunkerweb.io/1.5.2/integrations/#vagrant)
## Settings
@ -126,7 +131,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap
## Custom configurations
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.1/plugins)), you can use custom configurations to solve your specific challenges.
Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.2/plugins)), you can use custom configurations to solve your specific challenges.
Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).
@ -137,7 +142,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall
State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :
- Settings defined for all the services
- Custom configurations
- Custom configurations
- BunkerWeb instances
- Metadata about jobs execution
- Cached files
@ -160,7 +165,7 @@ In other words, the scheduler is the brain of BunkerWeb.
## Docker
<p align="center">
<img alt="Docker" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-docker.svg" />
<img alt="Docker banner" src="./docs/assets/img/integration-docker.svg" />
</p>
We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).
@ -171,46 +176,46 @@ Docker integration key concepts are :
- **Scheduler** container to store configuration and execute jobs
- **Networks** to expose ports for clients and connect to upstream web services
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.1/integrations/#docker) of the documentation.
You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.2/integrations/#docker) of the documentation.
## Docker autoconf
<p align="center">
<img alt="Docker autoconf" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-autoconf.svg" />
<img alt="Docker autoconf banner" src="./docs/assets/img/integration-autoconf.svg" />
</p>
The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.1/integrations/#docker-autoconf) of the documentation.
You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.2/integrations/#docker-autoconf) of the documentation.
## Swarm
<p align="center">
<img alt="Swarm" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-swarm.svg" />
<img alt="Swarm banner" src="./docs/assets/img/integration-swarm.svg" />
</p>
To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.1/integrations/#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.2/integrations/#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.1/integrations/#swarm) of the documentation.
You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.2/integrations/#swarm) of the documentation.
## Kubernetes
<p align="center">
<img alt="Kubernetes" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-kubernetes.svg" />
<img alt="Kubernetes banner" src="./docs/assets/img/integration-kubernetes.svg" />
</p>
The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.1/integrations/#kubernetes) of the documentation.
You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.2/integrations/#kubernetes) of the documentation.
## Linux
<p align="center">
<img alt="Linux" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-linux.svg" />
<img alt="Linux banner" src="./docs/assets/img/integration-linux.svg" />
</p>
List of supported Linux distros :
@ -222,12 +227,12 @@ List of supported Linux distros :
Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.1/integrations/#linux) of the documentation.
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.2/integrations/#linux) of the documentation.
## Ansible
<p align="center">
<img alt="Ansible" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.1/docs/assets/img/integration-ansible.svg" />
<img alt="Ansible banner" src="./docs/assets/img/integration-ansible.svg" />
</p>
List of supported Linux distros :
@ -241,7 +246,7 @@ List of supported Linux distros :
A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.1/integrations/#ansible) of the documentation.
You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.2/integrations/#ansible) of the documentation.
## Vagrant
@ -250,11 +255,11 @@ We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following
- virtualbox
- libvirt
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.1/integrations/#vagrant) of the documentation.
You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.2/integrations/#vagrant) of the documentation.
# Quickstart guide
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.1/quickstart-guide/) that will cover the following common use cases :
Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.2/quickstart-guide/) that will cover the following common use cases :
- Protecting a single HTTP application
- Protecting multiple HTTP application
@ -265,9 +270,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo
# Security tuning
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.1/settings). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.2/settings). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.1/security-tuning) of the documentation.
You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.2/security-tuning) of the documentation.
# Settings
@ -277,12 +282,12 @@ As a general rule when multisite mode is enabled, if you want to apply settings
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
Check the [settings section](https://docs.bunkerweb.io/1.5.1/settings) of the documentation to get the full list.
Check the [settings section](https://docs.bunkerweb.io/1.5.2/settings) of the documentation to get the full list.
# Web UI
<p align="center">
<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4" target="_blank"><img alt="BunkerWeb UI demo" src="https://yt-embed.herokuapp.com/embed?v=Ao20SfvQyr4" /></a>
<iframe style="display: block;" width="560" height="315" alt="BunkerWeb UI demo" src="https://www.youtube-nocookie.com/embed/Ao20SfvQyr4" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</p>
The "Web UI" is a web application that helps you manage your BunkerWeb instance using a user-friendly interface instead of the command-line one.
@ -295,7 +300,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance
- Monitor jobs execution
- View the logs and search pattern
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.1/web-ui) of the documentation.
You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.2/web-ui) of the documentation.
# Plugins
@ -303,17 +308,17 @@ BunkerWeb comes with a plugin system to make it possible to easily add new featu
Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins) repository for more information) :
| Name | Version | Description | Link |
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
| Name | Version | Description | Link |
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------: |
| **ClamAV** | 1.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **Coraza** | 1.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **Discord** | 1.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.1 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
| **WebHook** | 1.1 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.1/plugins) of the documentation.
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.2/plugins) of the documentation.
# Support
@ -341,12 +346,17 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues)
# License
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/tree/1.5.1/LICENSE.md).
This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](./LICENSE.md).
# Contribute
If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/tree/1.5.1/CONTRIBUTING.md) to get started.
If you would like to contribute to the plugins you can read the [contributing guidelines](./CONTRIBUTING.md) to get started.
# Security policy
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/tree/1.5.1/SECURITY.md) for more information.
We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](./SECURITY.md) for more information.
# Stargazers over time
[![Stargazers over time](https://starchart.cc/bunkerity/bunkerweb.svg)](https://starchart.cc/bunkerity/bunkerweb)

2
SECURITY.md
View file

@ -14,4 +14,4 @@ Here is a non-exhaustive list of issues we consider as high risk :
## Bounty
To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.
To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.

2
docs/Dockerfile
View file

@ -1,4 +1,4 @@
FROM squidfunk/mkdocs-material
FROM squidfunk/mkdocs-material@sha256:e5f28aa0c3ac8206f93e44a0c52ea85616b0d6c674319cd1d87a241594788355
COPY mkdocs.yml /docs
COPY docs /docs/docs

6
docs/concepts.md
View file

@ -81,7 +81,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no
!!! info "Going further"
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples) directory of the repository.
You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/examples) directory of the repository.
## Custom configurations
@ -95,7 +95,7 @@ By leveraging custom configurations, you unlock a world of possibilities to tail
!!! info "Going further"
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples) directory of the repository.
You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/examples) directory of the repository.
## Database
@ -143,4 +143,4 @@ In essence, the scheduler serves as the brain of BunkerWeb, orchestrating variou
Depending on the integration approach, the execution environment of the scheduler may differ. In container-based integrations, the scheduler is executed within its dedicated container, providing isolation and flexibility. On the other hand, for Linux-based integrations, the scheduler is self-contained within the bunkerweb service, simplifying the deployment and management process.
By employing the scheduler, BunkerWeb streamlines the automation and coordination of essential tasks, enabling efficient and reliable operation of the entire system.
By employing the scheduler, BunkerWeb streamlines the automation and coordination of essential tasks, enabling efficient and reliable operation of the entire system.

84
docs/integrations.md
View file

@ -21,13 +21,13 @@ By accessing these prebuilt images from Docker Hub, you can quickly pull and run
Whether you're conducting tests, developing applications, or deploying BunkerWeb in production, the Docker containerization option provides flexibility and ease of use. Embracing this method empowers you to take full advantage of BunkerWeb's features while leveraging the benefits of Docker technology.
```shell
docker pull bunkerity/bunkerweb:1.5.1
docker pull bunkerity/bunkerweb:1.5.2
```
Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address :
```shell
docker pull ghcr.io/bunkerity/bunkerweb:1.5.1
docker pull ghcr.io/bunkerity/bunkerweb:1.5.2
```
Alternatively, if you prefer a more hands-on approach, you have the option to build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb). Building the image from source gives you greater control and customization over the deployment process. However, please note that this method may take some time to complete, depending on your hardware configuration.
@ -57,7 +57,7 @@ When integrating BunkerWeb with Docker, there are key concepts to keep in mind,
- **Networks**: Docker networks play a vital role in the integration of BunkerWeb. These networks serve two main purposes: exposing ports to clients and connecting to upstream web services. By exposing ports, BunkerWeb can accept incoming requests from clients, allowing them to access the protected web services. Additionally, by connecting to upstream web services, BunkerWeb can efficiently route and manage the traffic, providing enhanced security and performance.
!!! info "Database backend"
Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) folder of the repository for more information.
### Environment variables
@ -67,7 +67,7 @@ Settings are passed to BunkerWeb using Docker environment variables :
...
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
labels:
- "bunkerweb.INSTANCE"
environment:
@ -86,7 +86,7 @@ Please note that the `bunkerweb.INSTANCE` is mandatory to make sure the schedule
The [scheduler](concepts.md#scheduler) is executed in its own container which is also available on Docker Hub :
```shell
docker pull bunkerity/bunkerweb-scheduler:1.5.1
docker pull bunkerity/bunkerweb-scheduler:1.5.2
```
Alternatively, you can build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb) (less coffee ☕ needed than BunkerWeb image) :
@ -103,7 +103,7 @@ A volume is needed to store the SQLite database that will be used by the schedul
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
volumes:
- bw-data:/data
...
@ -136,15 +136,15 @@ volumes:
```
For example, if you have a value of **100000**, the mapped UID/GID will be **100100** (100000 + 100) :
```shell
mkdir bw-data && \
sudo chgrp 100100 bw-data && \
chmod 770 bw-data
```
Or if the folder already exists :
```shell
sudo chgrp -R 100100 bw-data && \
chmod -R 770 bw-data
@ -165,7 +165,7 @@ You will need to create the Docker API proxy container, mount the socket and set
...
services:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
env:
- DOCKER_HOST=tcp://bw-docker:2375
...
@ -188,7 +188,7 @@ By default, BunkerWeb container is listening (inside the container) on **8080/tc
!!! warning "Privileged ports in rootless mode or when using podman"
If you are using [Docker in rootless mode](https://docs.docker.com/engine/security/rootless) and want to redirect privileged ports (< 1024) like 80 and 443 to BunkerWeb, please refer to the prerequisites [here](https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports).
If you are using [podman](https://podman.io/) you can lower the minimum number for unprivileged ports :
```shell
sudo sysctl net.ipv4.ip_unprivileged_port_start=1
@ -213,7 +213,7 @@ To secure the communication between the scheduler and BunkerWeb API, it is impor
...
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -222,7 +222,7 @@ services:
- bw-universe
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
networks:
- bw-universe
- bw-docker
@ -252,7 +252,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -266,7 +266,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -326,7 +326,7 @@ By adopting this approach, you can enjoy real-time reconfiguration of BunkerWeb
The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](concepts.md#multisite-mode) of the documentation for more information.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) folder of the repository for more information.
To enable automated configuration updates, include an additional container called `bw-autoconf` in the stack. This container hosts the autoconf service, which manages dynamic configuration changes for BunkerWeb. To support this functionality, use a dedicated "real" database backend (e.g., MariaDB, MySQL, or PostgreSQL) for synchronized configuration storage. By integrating `bw-autoconf` and a suitable database backend, you establish the infrastructure for seamless automated configuration management in BunkerWeb.
@ -335,7 +335,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -352,7 +352,7 @@ services:
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.1
image: bunkerity/bunkerweb-autoconf:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -365,7 +365,7 @@ services:
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -464,8 +464,8 @@ Since multiple instances of BunkerWeb are running, a shared data store implement
As for the database volume, the documentation does not specify a specific approach. Choosing either a shared folder or a specific driver for the database volume is dependent on your unique use-case and is left as an exercise for the reader.
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) folder of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
Here is the stack boilerplate that you can deploy using `docker stack deploy` :
@ -475,7 +475,7 @@ version: "3.5"
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- published: 80
target: 8080
@ -505,7 +505,7 @@ services:
- "bunkerweb.INSTANCE"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.1
image: bunkerity/bunkerweb-autoconf:1.5.2
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -537,7 +537,7 @@ services:
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -637,8 +637,8 @@ For an optimal setup, it is recommended to define BunkerWeb as a **[DaemonSet](h
Given the presence of multiple BunkerWeb instances, it is necessary to establish a shared data store implemented as a [Redis](https://redis.io/) service. This Redis service will be utilized by the instances to cache and share data among themselves. Further information about the Redis settings can be found [here](settings.md#redis).
!!! info "Database backend"
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) folder of the repository for more information.
Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) folder of the repository for more information.
Clustered database backends setup are out-of-the-scope of this documentation.
Please ensure that both the scheduler and autoconf services have access to the Kubernetes API. It is recommended to utilize [RBAC authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for this purpose.
@ -698,7 +698,7 @@ spec:
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -768,7 +768,7 @@ spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.1
image: bunkerity/bunkerweb-autoconf:1.5.2
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -795,7 +795,7 @@ spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -978,14 +978,14 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
!!! warning "Testing version"
If you use the `testing` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
And finally install BunkerWeb 1.5.1 :
And finally install BunkerWeb 1.5.2 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.5.1
sudo apt install -y bunkerweb=1.5.2
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
```shell
@ -1015,14 +1015,14 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
!!! warning "Testing version"
If you use the `testing` version, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing BunkerWeb.
And finally install BunkerWeb 1.5.1 :
And finally install BunkerWeb 1.5.2 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \
sudo apt update && \
sudo apt install -y bunkerweb=1.5.1
sudo apt install -y bunkerweb=1.5.2
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command :
```shell
@ -1037,14 +1037,14 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
sudo dnf install -y nginx-1.24.0
```
And finally install BunkerWeb 1.5.1 :
And finally install BunkerWeb 1.5.2 :
```shell
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | \
sed 's/yum install -y pygpgme --disablerepo='\''bunkerity_bunkerweb'\''/yum install -y python-gnupg/g' | \
sed 's/pypgpme_check=`rpm -qa | grep -qw pygpgme`/python-gnupg_check=`rpm -qa | grep -qw python-gnupg`/g' | sudo bash && \
sudo dnf makecache && \
sudo dnf install -y bunkerweb-1.5.1
sudo dnf install -y bunkerweb-1.5.2
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -1081,13 +1081,13 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
```shell
sudo dnf install nginx-1.24.0
```
And finally install BunkerWeb 1.5.1 :
And finally install BunkerWeb 1.5.2 :
```shell
dnf install -y epel-release && \
curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \
sudo dnf check-update && \
sudo dnf install -y bunkerweb-1.5.1
sudo dnf install -y bunkerweb-1.5.2
```
To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command :
@ -1165,7 +1165,7 @@ the configuration of BunkerWeb is done by using specific role variables :
| Name | Type | Description | Default value |
| :-------------------: | :--------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.5.1` |
| `bunkerweb_version` | string | Version of BunkerWeb to install. | `1.5.2` |
| `nginx_version` | string | Version of NGINX to install. | `1.24.0` |
| `freeze_versions` | boolean | Prevent upgrade of BunkerWeb and NGINX when performing packages upgrades. | `true` |
| `variables_env` | string | Path of the variables.env file to configure BunkerWeb. | `files/variables.env` |
@ -1188,7 +1188,7 @@ the configuration of BunkerWeb is done by using specific role variables :
List of supported providers :
- virtualbox
- virtualbox
- libvirt
!!! note "Supported Base Images"
@ -1253,4 +1253,4 @@ Vagrant.configure("2") do |config|
# For libvirt
# config.vm.provider "libvirt"
end
```
```

4
docs/migrating.md
View file

@ -2,7 +2,7 @@
!!! warning "Read this if you were a 1.4.X user"
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) folder of the repository.
A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) folder of the repository.
## Scheduler
@ -38,4 +38,4 @@ See the list of [redis settings](settings.md#redis) and the corresponding docume
## Default values and new settings
The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.
The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.

4
docs/misc/pdf.js
View file

@ -13,7 +13,7 @@ console.log('Saving', url, 'to', pdfPath);
// totalPages total pages in the document
headerHtml = `
<div style="font-size: 10px; text-align: center; width: 100%;">
<span>${title}</span>
<span>${title}</span>
</div>`;
footerHtml = `<div style="font-size: 10px; text-align: center; width: 100%;"><span class="pageNumber"></span> / <span class="totalPages"></span></div>`;
@ -46,4 +46,4 @@ footerHtml = `<div style="font-size: 10px; text-align: center; width: 100%;"><sp
});
await browser.close();
})();
})();

2
docs/overrides/main.html
View file

@ -19,4 +19,4 @@
data-domain="docs.bunkerweb.io"
src="https://data.bunkerity.com/js/script.js"
></script>
{% endblock %}
{% endblock %}

1115
docs/package-lock.json generated Normal file
View file

File diff suppressed because it is too large Load diff

5
docs/package.json Normal file
View file

@ -0,0 +1,5 @@
{
"dependencies": {
"puppeteer": "^21.3.6"
}
}

16
docs/plugins.md
View file

@ -58,7 +58,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
volumes:
- ./bw-data:/data
...
@ -95,7 +95,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
volumes:
- ./bw-data:/data
...
@ -134,7 +134,7 @@ The first step is to install the plugin by putting the plugin files inside the c
services:
...
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
volumes:
- /shared/bw-plugins:/data/plugins
...
@ -181,7 +181,7 @@ The first step is to install the plugin by putting the plugin files inside the c
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -218,7 +218,7 @@ The first step is to install the plugin by putting the plugin files inside the c
=== "Ansible"
When using the [Ansible integration](integrations.md#ansible), you can use the `plugins` variable to set a local folder containing your plugins that will be copied to your BunkerWeb instances.
Let's assume that you have plugins inside the `bunkerweb-plugins` folder :
```shell
@ -231,7 +231,7 @@ The first step is to install the plugin by putting the plugin files inside the c
[mybunkers]
192.168.0.42 ... custom_plugins="{{ playbook_dir }}/bunkerweb-plugins"
```
Or alternatively, in your playbook file :
```yaml
@ -262,7 +262,7 @@ The first step is to install the plugin by putting the plugin files inside the c
!!! tip "Existing plugins"
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
The first step is to create a folder that will contain the plugin :
@ -507,7 +507,7 @@ end
!!! tip "More examples"
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/src/bw/lua/bunkerweb) of the repository.
If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/src/bw/lua/bunkerweb) of the repository.
### Jobs

92
docs/quickstart-guide.md
View file

@ -4,7 +4,7 @@
We assume that you're already familiar with the [core concepts](concepts.md) and you have followed the [integrations instructions](integrations.md) for your environment.
!!! tip "Going further"
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples) of the repository to get real-world examples.
To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/examples) of the repository to get real-world examples.
## Protect HTTP applications
@ -35,7 +35,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -52,7 +52,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -280,7 +280,7 @@ You will find more settings about reverse proxy in the [settings section](settin
[mybunkers]
192.168.0.42 variables_env="{{ playbook_dir }}/my_variables.env"
```
Or alternatively, in your playbook file :
```yaml
@ -355,7 +355,7 @@ You will find more settings about reverse proxy in the [settings section](settin
```shell
curl -H "Host: app1.example.com" http://ip-or-fqdn-of-server
```
If you are using HTTPS, you will need to play with SNI :
```shell
@ -386,7 +386,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -406,7 +406,7 @@ You will find more settings about reverse proxy in the [settings section](settin
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -716,7 +716,7 @@ You will find more settings about reverse proxy in the [settings section](settin
[mybunkers]
192.168.0.42 variables_env="{{ playbook_dir }}/my_variables.env"
```
Or alternatively, in your playbook file :
```yaml
@ -822,7 +822,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
...
environment:
- USE_REAL_IP=yes
@ -837,7 +837,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
...
environment:
- USE_REAL_IP=yes
@ -852,7 +852,7 @@ REAL_IP_HEADER=X-Forwarded-For
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
...
environment:
- USE_REAL_IP=yes
@ -972,7 +972,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
...
environment:
- USE_REAL_IP=yes
@ -988,7 +988,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
...
environment:
- USE_REAL_IP=yes
@ -1004,7 +1004,7 @@ REAL_IP_HEADER=proxy_protocol
```yaml
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
...
environment:
- USE_REAL_IP=yes
@ -1150,7 +1150,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080 # Keep it if you want to use Let's Encrypt automation
- 10000:10000 # app1
@ -1172,7 +1172,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -1221,12 +1221,12 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080 # Keep it if you want to use Let's Encrypt automation
- 10000:10000 # app1
- 20000:20000 # app2
...
```
@ -1279,7 +1279,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
# Keep it if you want to use Let's Encrypt automation
- published: 80
@ -1450,14 +1450,14 @@ Some integrations provide more convenient ways to apply configurations, such as
=== "Docker"
When using the [Docker integration](integrations.md#docker), you have two choices for the addition of custom configurations :
- Using specific settings `*_CUSTOM_CONF_*` as environment variables (recommended)
- Writing .conf files to the volume mounted on /data of the scheduler
**Using settings**
The settings to use must follow the pattern `<SITE>_CUSTOM_CONF_<TYPE>_<NAME>` :
- `<SITE>` : optional primary server name if multisite mode is enabled and the config must be applied to a specific service
- `<TYPE>` : the type of config, accepted values are `HTTP`, `DEFAULT_SERVER_HTTP`, `SERVER_HTTP`, `MODSEC`, `MODSEC_CRS`, `STREAM` and `SERVER_STREAM`
- `<NAME>` : the name of config without the .conf suffix
@ -1467,7 +1467,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
...
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
environment:
- |
CUSTOM_CONF_SERVER_HTTP_hello-world=
@ -1510,7 +1510,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
volumes:
- ./bw-data:/data
...
@ -1529,9 +1529,9 @@ Some integrations provide more convenient ways to apply configurations, such as
When using labels with the Docker autoconf integration, you can only apply custom configurations for the corresponding web service. Applying **http**, **default-server-http**, **stream** or any global configurations (like **server-http** or **server-stream** for all services) is not possible : you will need to mount files for that purpose.
The labels to use must follow the pattern `bunkerweb.CUSTOM_CONF_<TYPE>_<NAME>` :
- `<TYPE>` : the type of config, accepted values are `SERVER_HTTP`, `MODSEC`, `MODSEC_CRS` and `SERVER_STREAM`
- `<NAME>` : the name of config without the .conf suffix
- `<NAME>` : the name of config without the .conf suffix
Here is a dummy example using a docker-compose file :
@ -1553,13 +1553,13 @@ Some integrations provide more convenient ways to apply configurations, such as
**Using files**
The first thing to do is to create the folders :
```shell
mkdir -p ./bw-data/configs/server-http
```
You can now write your configurations :
```shell
echo "location /hello {
default_type 'text/plain';
@ -1568,7 +1568,7 @@ Some integrations provide more convenient ways to apply configurations, such as
}
}" > ./bw-data/configs/server-http/hello-world.conf
```
Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
```shell
@ -1580,7 +1580,7 @@ Some integrations provide more convenient ways to apply configurations, such as
```yaml
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
volumes:
- ./bw-data:/data
...
@ -1813,7 +1813,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
volumes:
- ./www:/var/www/html
ports:
@ -1836,7 +1836,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -1906,7 +1906,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
find ./www -type f -exec chmod 0640 {} \; && \
find ./www -type d -exec chmod 0750 {} \;
```
When you start the BunkerWeb autoconf stack, mount the `www` folder into `/var/www/html` for the BunkerWeb container :
```yaml
@ -1914,7 +1914,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
volumes:
- ./www:/var/www/html
labels:
@ -1928,7 +1928,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -2064,7 +2064,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
find /shared/www -type f -exec chmod 0640 {} \; && \
find /shared/www -type d -exec chmod 0750 {} \;
```
When you start the BunkerWeb stack, mount the `/shared/www` folder into `/var/www/html` for the BunkerWeb container :
```yaml
@ -2072,7 +2072,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
volumes:
- /shared/www:/var/www/html
...
@ -2249,14 +2249,14 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma
app3.example.com_LOCAL_PHP=/run/php/php-fpm.sock
app3.example.com_LOCAL_PHP_PATH=/var/www/html/app3.example.com
```
The `custom_site` variable can be used to specify a directory containing your application files (e.g : `www`) that will be copied to `/var/www/html` and the `custom_www_owner` variable contains the owner that should be set for the files and folders. Here is an example using the Ansible inventory (replace `www-data` with the user running the PHP-FPM service):
```ini
[mybunkers]
192.168.0.42 variables_env="{{ playbook_dir }}/my_variables.env" custom_www="{{ playbook_dir }}/my_app" custom_www_owner="www-data"
```
Or alternatively, in your playbook file :
```yaml
@ -2351,10 +2351,10 @@ By default, BunkerWeb will only listen on IPv4 adresses and won't use IPv6 for n
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
environment:
- USE_IPv6=yes
...
networks:
@ -2396,10 +2396,10 @@ By default, BunkerWeb will only listen on IPv4 adresses and won't use IPv6 for n
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
environment:
- USE_IPv6=yes
...
networks:
@ -2410,6 +2410,6 @@ By default, BunkerWeb will only listen on IPv4 adresses and won't use IPv6 for n
config:
- subnet: fd00:13:37::/48
gateway: fd00:13:37::1
...
```
```

5
docs/requirements.in Normal file
View file

@ -0,0 +1,5 @@
mkdocs==1.5.3
mkdocs-material==9.4.3
pytablewriter==1.1.0
mike==1.1.2
mkdocs-print-site-plugin==2.3.6

521
docs/requirements.txt
View file

@ -1,6 +1,515 @@
mkdocs==1.5.2
mkdocs-material==9.2.5
pytablewriter==1.0.0
mike==1.1.2
jinja2<3.1.0
mkdocs-print-site-plugin==2.3.6
#
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --allow-unsafe --generate-hashes --strip-extras requirements.in
#
babel==2.12.1 \
--hash=sha256:b4246fb7677d3b98f501a39d43396d3cafdc8eadb045f4a31be01863f655c610 \
--hash=sha256:cc2d99999cd01d44420ae725a21c9e3711b3aadc7976d6147f622d8581963455
# via mkdocs-material
certifi==2023.7.22 \
--hash=sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082 \
--hash=sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9
# via requests
chardet==5.2.0 \
--hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \
--hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970
# via mbstrdecoder
charset-normalizer==3.3.0 \
--hash=sha256:02673e456dc5ab13659f85196c534dc596d4ef260e4d86e856c3b2773ce09843 \
--hash=sha256:02af06682e3590ab952599fbadac535ede5d60d78848e555aa58d0c0abbde786 \
--hash=sha256:03680bb39035fbcffe828eae9c3f8afc0428c91d38e7d61aa992ef7a59fb120e \
--hash=sha256:0570d21da019941634a531444364f2482e8db0b3425fcd5ac0c36565a64142c8 \
--hash=sha256:09c77f964f351a7369cc343911e0df63e762e42bac24cd7d18525961c81754f4 \
--hash=sha256:0d3d5b7db9ed8a2b11a774db2bbea7ba1884430a205dbd54a32d61d7c2a190fa \
--hash=sha256:1063da2c85b95f2d1a430f1c33b55c9c17ffaf5e612e10aeaad641c55a9e2b9d \
--hash=sha256:12ebea541c44fdc88ccb794a13fe861cc5e35d64ed689513a5c03d05b53b7c82 \
--hash=sha256:153e7b6e724761741e0974fc4dcd406d35ba70b92bfe3fedcb497226c93b9da7 \
--hash=sha256:15b26ddf78d57f1d143bdf32e820fd8935d36abe8a25eb9ec0b5a71c82eb3895 \
--hash=sha256:1872d01ac8c618a8da634e232f24793883d6e456a66593135aeafe3784b0848d \
--hash=sha256:187d18082694a29005ba2944c882344b6748d5be69e3a89bf3cc9d878e548d5a \
--hash=sha256:1b2919306936ac6efb3aed1fbf81039f7087ddadb3160882a57ee2ff74fd2382 \
--hash=sha256:232ac332403e37e4a03d209a3f92ed9071f7d3dbda70e2a5e9cff1c4ba9f0678 \
--hash=sha256:23e8565ab7ff33218530bc817922fae827420f143479b753104ab801145b1d5b \
--hash=sha256:24817cb02cbef7cd499f7c9a2735286b4782bd47a5b3516a0e84c50eab44b98e \
--hash=sha256:249c6470a2b60935bafd1d1d13cd613f8cd8388d53461c67397ee6a0f5dce741 \
--hash=sha256:24a91a981f185721542a0b7c92e9054b7ab4fea0508a795846bc5b0abf8118d4 \
--hash=sha256:2502dd2a736c879c0f0d3e2161e74d9907231e25d35794584b1ca5284e43f596 \
--hash=sha256:250c9eb0f4600361dd80d46112213dff2286231d92d3e52af1e5a6083d10cad9 \
--hash=sha256:278c296c6f96fa686d74eb449ea1697f3c03dc28b75f873b65b5201806346a69 \
--hash=sha256:2935ffc78db9645cb2086c2f8f4cfd23d9b73cc0dc80334bc30aac6f03f68f8c \
--hash=sha256:2f4a0033ce9a76e391542c182f0d48d084855b5fcba5010f707c8e8c34663d77 \
--hash=sha256:30a85aed0b864ac88309b7d94be09f6046c834ef60762a8833b660139cfbad13 \
--hash=sha256:380c4bde80bce25c6e4f77b19386f5ec9db230df9f2f2ac1e5ad7af2caa70459 \
--hash=sha256:3ae38d325b512f63f8da31f826e6cb6c367336f95e418137286ba362925c877e \
--hash=sha256:3b447982ad46348c02cb90d230b75ac34e9886273df3a93eec0539308a6296d7 \
--hash=sha256:3debd1150027933210c2fc321527c2299118aa929c2f5a0a80ab6953e3bd1908 \
--hash=sha256:4162918ef3098851fcd8a628bf9b6a98d10c380725df9e04caf5ca6dd48c847a \
--hash=sha256:468d2a840567b13a590e67dd276c570f8de00ed767ecc611994c301d0f8c014f \
--hash=sha256:4cc152c5dd831641e995764f9f0b6589519f6f5123258ccaca8c6d34572fefa8 \
--hash=sha256:542da1178c1c6af8873e143910e2269add130a299c9106eef2594e15dae5e482 \
--hash=sha256:557b21a44ceac6c6b9773bc65aa1b4cc3e248a5ad2f5b914b91579a32e22204d \
--hash=sha256:5707a746c6083a3a74b46b3a631d78d129edab06195a92a8ece755aac25a3f3d \
--hash=sha256:588245972aca710b5b68802c8cad9edaa98589b1b42ad2b53accd6910dad3545 \
--hash=sha256:5adf257bd58c1b8632046bbe43ee38c04e1038e9d37de9c57a94d6bd6ce5da34 \
--hash=sha256:619d1c96099be5823db34fe89e2582b336b5b074a7f47f819d6b3a57ff7bdb86 \
--hash=sha256:63563193aec44bce707e0c5ca64ff69fa72ed7cf34ce6e11d5127555756fd2f6 \
--hash=sha256:67b8cc9574bb518ec76dc8e705d4c39ae78bb96237cb533edac149352c1f39fe \
--hash=sha256:6a685067d05e46641d5d1623d7c7fdf15a357546cbb2f71b0ebde91b175ffc3e \
--hash=sha256:70f1d09c0d7748b73290b29219e854b3207aea922f839437870d8cc2168e31cc \
--hash=sha256:750b446b2ffce1739e8578576092179160f6d26bd5e23eb1789c4d64d5af7dc7 \
--hash=sha256:7966951325782121e67c81299a031f4c115615e68046f79b85856b86ebffc4cd \
--hash=sha256:7b8b8bf1189b3ba9b8de5c8db4d541b406611a71a955bbbd7385bbc45fcb786c \
--hash=sha256:7f5d10bae5d78e4551b7be7a9b29643a95aded9d0f602aa2ba584f0388e7a557 \
--hash=sha256:805dfea4ca10411a5296bcc75638017215a93ffb584c9e344731eef0dcfb026a \
--hash=sha256:81bf654678e575403736b85ba3a7867e31c2c30a69bc57fe88e3ace52fb17b89 \
--hash=sha256:82eb849f085624f6a607538ee7b83a6d8126df6d2f7d3b319cb837b289123078 \
--hash=sha256:85a32721ddde63c9df9ebb0d2045b9691d9750cb139c161c80e500d210f5e26e \
--hash=sha256:86d1f65ac145e2c9ed71d8ffb1905e9bba3a91ae29ba55b4c46ae6fc31d7c0d4 \
--hash=sha256:86f63face3a527284f7bb8a9d4f78988e3c06823f7bea2bd6f0e0e9298ca0403 \
--hash=sha256:8eaf82f0eccd1505cf39a45a6bd0a8cf1c70dcfc30dba338207a969d91b965c0 \
--hash=sha256:93aa7eef6ee71c629b51ef873991d6911b906d7312c6e8e99790c0f33c576f89 \
--hash=sha256:96c2b49eb6a72c0e4991d62406e365d87067ca14c1a729a870d22354e6f68115 \
--hash=sha256:9cf3126b85822c4e53aa28c7ec9869b924d6fcfb76e77a45c44b83d91afd74f9 \
--hash=sha256:9fe359b2e3a7729010060fbca442ca225280c16e923b37db0e955ac2a2b72a05 \
--hash=sha256:a0ac5e7015a5920cfce654c06618ec40c33e12801711da6b4258af59a8eff00a \
--hash=sha256:a3f93dab657839dfa61025056606600a11d0b696d79386f974e459a3fbc568ec \
--hash=sha256:a4b71f4d1765639372a3b32d2638197f5cd5221b19531f9245fcc9ee62d38f56 \
--hash=sha256:aae32c93e0f64469f74ccc730a7cb21c7610af3a775157e50bbd38f816536b38 \
--hash=sha256:aaf7b34c5bc56b38c931a54f7952f1ff0ae77a2e82496583b247f7c969eb1479 \
--hash=sha256:abecce40dfebbfa6abf8e324e1860092eeca6f7375c8c4e655a8afb61af58f2c \
--hash=sha256:abf0d9f45ea5fb95051c8bfe43cb40cda383772f7e5023a83cc481ca2604d74e \
--hash=sha256:ac71b2977fb90c35d41c9453116e283fac47bb9096ad917b8819ca8b943abecd \
--hash=sha256:ada214c6fa40f8d800e575de6b91a40d0548139e5dc457d2ebb61470abf50186 \
--hash=sha256:b09719a17a2301178fac4470d54b1680b18a5048b481cb8890e1ef820cb80455 \
--hash=sha256:b1121de0e9d6e6ca08289583d7491e7fcb18a439305b34a30b20d8215922d43c \
--hash=sha256:b3b2316b25644b23b54a6f6401074cebcecd1244c0b8e80111c9a3f1c8e83d65 \
--hash=sha256:b3d9b48ee6e3967b7901c052b670c7dda6deb812c309439adaffdec55c6d7b78 \
--hash=sha256:b5bcf60a228acae568e9911f410f9d9e0d43197d030ae5799e20dca8df588287 \
--hash=sha256:b8f3307af845803fb0b060ab76cf6dd3a13adc15b6b451f54281d25911eb92df \
--hash=sha256:c2af80fb58f0f24b3f3adcb9148e6203fa67dd3f61c4af146ecad033024dde43 \
--hash=sha256:c350354efb159b8767a6244c166f66e67506e06c8924ed74669b2c70bc8735b1 \
--hash=sha256:c5a74c359b2d47d26cdbbc7845e9662d6b08a1e915eb015d044729e92e7050b7 \
--hash=sha256:c71f16da1ed8949774ef79f4a0260d28b83b3a50c6576f8f4f0288d109777989 \
--hash=sha256:d47ecf253780c90ee181d4d871cd655a789da937454045b17b5798da9393901a \
--hash=sha256:d7eff0f27edc5afa9e405f7165f85a6d782d308f3b6b9d96016c010597958e63 \
--hash=sha256:d97d85fa63f315a8bdaba2af9a6a686e0eceab77b3089af45133252618e70884 \
--hash=sha256:db756e48f9c5c607b5e33dd36b1d5872d0422e960145b08ab0ec7fd420e9d649 \
--hash=sha256:dc45229747b67ffc441b3de2f3ae5e62877a282ea828a5bdb67883c4ee4a8810 \
--hash=sha256:e0fc42822278451bc13a2e8626cf2218ba570f27856b536e00cfa53099724828 \
--hash=sha256:e39c7eb31e3f5b1f88caff88bcff1b7f8334975b46f6ac6e9fc725d829bc35d4 \
--hash=sha256:e46cd37076971c1040fc8c41273a8b3e2c624ce4f2be3f5dfcb7a430c1d3acc2 \
--hash=sha256:e5c1502d4ace69a179305abb3f0bb6141cbe4714bc9b31d427329a95acfc8bdd \
--hash=sha256:edfe077ab09442d4ef3c52cb1f9dab89bff02f4524afc0acf2d46be17dc479f5 \
--hash=sha256:effe5406c9bd748a871dbcaf3ac69167c38d72db8c9baf3ff954c344f31c4cbe \
--hash=sha256:f0d1e3732768fecb052d90d62b220af62ead5748ac51ef61e7b32c266cac9293 \
--hash=sha256:f5969baeaea61c97efa706b9b107dcba02784b1601c74ac84f2a532ea079403e \
--hash=sha256:f8888e31e3a85943743f8fc15e71536bda1c81d5aa36d014a3c0c44481d7db6e \
--hash=sha256:fc52b79d83a3fe3a360902d3f5d79073a993597d48114c29485e9431092905d8
# via requests
click==8.1.7 \
--hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
--hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
# via mkdocs
colorama==0.4.6 \
--hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
--hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
# via mkdocs-material
dataproperty==1.0.1 \
--hash=sha256:0b8b07d4fb6453fcf975b53d35dea41f3cfd69c9d79b5010c3cf224ff0407a7a \
--hash=sha256:723e5729fa6e885e127a771a983ee1e0e34bb141aca4ffe1f0bfa7cde34650a4
# via
# pytablewriter
# tabledata
ghp-import==2.1.0 \
--hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \
--hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343
# via mkdocs
idna==3.4 \
--hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \
--hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2
# via requests
importlib-metadata==6.8.0 \
--hash=sha256:3ebb78df84a805d7698245025b975d9d67053cd94c79245ba4b3eb694abe68bb \
--hash=sha256:dbace7892d8c0c4ac1ad096662232f831d4e64f4c4545bd53016a3e9d4654743
# via
# markdown
# mkdocs
jinja2==3.1.2 \
--hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \
--hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61
# via
# mike
# mkdocs
# mkdocs-material
markdown==3.4.4 \
--hash=sha256:225c6123522495d4119a90b3a3ba31a1e87a70369e03f14799ea9c0d7183a3d6 \
--hash=sha256:a4c1b65c0957b4bd9e7d86ddc7b3c9868fb9670660f6f99f6d1bca8954d5a941
# via
# mkdocs
# mkdocs-material
# pymdown-extensions
markupsafe==2.1.3 \
--hash=sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e \
--hash=sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e \
--hash=sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431 \
--hash=sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686 \
--hash=sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c \
--hash=sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559 \
--hash=sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc \
--hash=sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb \
--hash=sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939 \
--hash=sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c \
--hash=sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0 \
--hash=sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4 \
--hash=sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9 \
--hash=sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575 \
--hash=sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba \
--hash=sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d \
--hash=sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd \
--hash=sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3 \
--hash=sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00 \
--hash=sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155 \
--hash=sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac \
--hash=sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52 \
--hash=sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f \
--hash=sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8 \
--hash=sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b \
--hash=sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007 \
--hash=sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24 \
--hash=sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea \
--hash=sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198 \
--hash=sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0 \
--hash=sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee \
--hash=sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be \
--hash=sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2 \
--hash=sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1 \
--hash=sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707 \
--hash=sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6 \
--hash=sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c \
--hash=sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58 \
--hash=sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823 \
--hash=sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779 \
--hash=sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636 \
--hash=sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c \
--hash=sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad \
--hash=sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee \
--hash=sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc \
--hash=sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2 \
--hash=sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48 \
--hash=sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7 \
--hash=sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e \
--hash=sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b \
--hash=sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa \
--hash=sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5 \
--hash=sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e \
--hash=sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb \
--hash=sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9 \
--hash=sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57 \
--hash=sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc \
--hash=sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc \
--hash=sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2 \
--hash=sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11
# via
# jinja2
# mkdocs
mbstrdecoder==1.1.3 \
--hash=sha256:d66c1ed3f2dc4e7c5d87cd44a75be10bc5af4250f95b38bbaedd7851308ce938 \
--hash=sha256:dcfd2c759322eb44fe193a9e0b1b86c5b87f3ec5ea8e1bb43b3e9ae423f1e8fe
# via
# dataproperty
# pytablewriter
# typepy
mergedeep==1.3.4 \
--hash=sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8 \
--hash=sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307
# via mkdocs
mike==1.1.2 \
--hash=sha256:4c307c28769834d78df10f834f57f810f04ca27d248f80a75f49c6fa2d1527ca \
--hash=sha256:56c3f1794c2d0b5fdccfa9b9487beb013ca813de2e3ad0744724e9d34d40b77b
# via -r requirements.in
mkdocs==1.5.3 \
--hash=sha256:3b3a78e736b31158d64dbb2f8ba29bd46a379d0c6e324c2246c3bc3d2189cfc1 \
--hash=sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2
# via
# -r requirements.in
# mike
# mkdocs-material
mkdocs-material==9.4.3 \
--hash=sha256:3274a47a4e55a541b25bd8fa4937cf3f3c82a51763453511661e0052062758b9 \
--hash=sha256:5c9abc3f6ba8f88be1f9f13df23d695ca4dddbdd8a3538e4e6279c055c3936bc
# via
# -r requirements.in
# mkdocs-print-site-plugin
mkdocs-material-extensions==1.2 \
--hash=sha256:27e2d1ed2d031426a6e10d5ea06989d67e90bb02acd588bc5673106b5ee5eedf \
--hash=sha256:c767bd6d6305f6420a50f0b541b0c9966d52068839af97029be14443849fb8a1
# via mkdocs-material
mkdocs-print-site-plugin==2.3.6 \
--hash=sha256:01ccb1ceccc87f29e1612bebb77c3bf9980809fbce750fc2113f9d6acea589d4 \
--hash=sha256:82e5cabcfb7fe3074daecea018f28ccb4bff086f965e3103fe91019a76752f22
# via -r requirements.in
packaging==23.2 \
--hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
--hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
# via
# mkdocs
# typepy
paginate==0.5.6 \
--hash=sha256:5e6007b6a9398177a7e1648d04fdd9f8c9766a1a945bceac82f1929e8c78af2d
# via mkdocs-material
pathspec==0.11.2 \
--hash=sha256:1d6ed233af05e679efb96b1851550ea95bbb64b7c490b0f5aa52996c11e92a20 \
--hash=sha256:e0d8d0ac2f12da61956eb2306b69f9469b42f4deb0f3cb6ed47b9cce9996ced3
# via mkdocs
pathvalidate==3.2.0 \
--hash=sha256:5e8378cf6712bff67fbe7a8307d99fa8c1a0cb28aa477056f8fc374f0dff24ad \
--hash=sha256:cc593caa6299b22b37f228148257997e2fa850eea2daf7e4cc9205cef6908dee
# via pytablewriter
platformdirs==3.10.0 \
--hash=sha256:b45696dab2d7cc691a3226759c0d3b00c47c8b6e293d96f6436f733303f77f6d \
--hash=sha256:d7c24979f292f916dc9cbf8648319032f551ea8c49a4c9bf2fb556a02070ec1d
# via mkdocs
pygments==2.16.1 \
--hash=sha256:13fc09fa63bc8d8671a6d247e1eb303c4b343eaee81d861f3404db2935653692 \
--hash=sha256:1daff0494820c69bc8941e407aa20f577374ee88364ee10a98fdbe0aece96e29
# via mkdocs-material
pymdown-extensions==10.3 \
--hash=sha256:77a82c621c58a83efc49a389159181d570e370fff9f810d3a4766a75fc678b66 \
--hash=sha256:94a0d8a03246712b64698af223848fd80aaf1ae4c4be29c8c61939b0467b5722
# via mkdocs-material
pytablewriter==1.1.0 \
--hash=sha256:3e0f05c6479f0817ca8cdfb27d509026a6894031170760cf99b31a2d1c24c21a \
--hash=sha256:95938cc210f7905895c1b62c465176da1ef7bb7b9e3fa7d25a6fad6bcb1903ed
# via -r requirements.in
python-dateutil==2.8.2 \
--hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
--hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
# via
# ghp-import
# typepy
pytz==2023.3.post1 \
--hash=sha256:7b4fddbeb94a1eba4b557da24f19fdf9db575192544270a9101d8509f9f43d7b \
--hash=sha256:ce42d816b81b68506614c11e8937d3aa9e41007ceb50bfdcb0749b921bf646c7
# via typepy
pyyaml==6.0.1 \
--hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
--hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
--hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
--hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
--hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
--hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
--hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
--hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
--hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
--hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
--hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
--hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
--hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
--hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
--hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
--hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
--hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
--hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
--hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
--hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
--hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
--hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
--hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
--hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
--hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
--hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
--hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
--hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
--hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
--hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
--hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
--hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
--hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
--hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
--hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
--hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
--hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
--hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
--hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
--hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
--hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
--hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
--hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
--hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
--hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
--hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
--hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
--hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
--hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
--hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
# via
# mike
# mkdocs
# pymdown-extensions
# pyyaml-env-tag
pyyaml-env-tag==0.1 \
--hash=sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb \
--hash=sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069
# via mkdocs
regex==2023.8.8 \
--hash=sha256:0085da0f6c6393428bf0d9c08d8b1874d805bb55e17cb1dfa5ddb7cfb11140bf \
--hash=sha256:06c57e14ac723b04458df5956cfb7e2d9caa6e9d353c0b4c7d5d54fcb1325c46 \
--hash=sha256:09b7f4c66aa9d1522b06e31a54f15581c37286237208df1345108fcf4e050c18 \
--hash=sha256:0c59122ceccb905a941fb23b087b8eafc5290bf983ebcb14d2301febcbe199c7 \
--hash=sha256:1005c60ed7037be0d9dea1f9c53cc42f836188227366370867222bda4c3c6bd7 \
--hash=sha256:14898830f0a0eb67cae2bbbc787c1a7d6e34ecc06fbd39d3af5fe29a4468e2c9 \
--hash=sha256:14dc6f2d88192a67d708341f3085df6a4f5a0c7b03dec08d763ca2cd86e9f559 \
--hash=sha256:1e7d84d64c84ad97bf06f3c8cb5e48941f135ace28f450d86af6b6512f1c9a71 \
--hash=sha256:2162ae2eb8b079622176a81b65d486ba50b888271302190870b8cc488587d280 \
--hash=sha256:22283c769a7b01c8ac355d5be0715bf6929b6267619505e289f792b01304d898 \
--hash=sha256:239c3c2a339d3b3ddd51c2daef10874410917cd2b998f043c13e2084cb191684 \
--hash=sha256:293352710172239bf579c90a9864d0df57340b6fd21272345222fb6371bf82b3 \
--hash=sha256:2ae54a338191e1356253e7883d9d19f8679b6143703086245fb14d1f20196be9 \
--hash=sha256:2e73e5243af12d9cd6a9d6a45a43570dbe2e5b1cdfc862f5ae2b031e44dd95a8 \
--hash=sha256:2e9216e0d2cdce7dbc9be48cb3eacb962740a09b011a116fd7af8c832ab116ca \
--hash=sha256:3026cbcf11d79095a32d9a13bbc572a458727bd5b1ca332df4a79faecd45281c \
--hash=sha256:3611576aff55918af2697410ff0293d6071b7e00f4b09e005d614686ac4cd57c \
--hash=sha256:3ae646c35cb9f820491760ac62c25b6d6b496757fda2d51be429e0e7b67ae0ab \
--hash=sha256:3b8e6ea6be6d64104d8e9afc34c151926f8182f84e7ac290a93925c0db004bfd \
--hash=sha256:3d370ff652323c5307d9c8e4c62efd1956fb08051b0e9210212bc51168b4ff56 \
--hash=sha256:3f7454aa427b8ab9101f3787eb178057c5250478e39b99540cfc2b889c7d0586 \
--hash=sha256:40f029d73b10fac448c73d6eb33d57b34607f40116e9f6e9f0d32e9229b147d7 \
--hash=sha256:423adfa872b4908843ac3e7a30f957f5d5282944b81ca0a3b8a7ccbbfaa06103 \
--hash=sha256:4873ef92e03a4309b3ccd8281454801b291b689f6ad45ef8c3658b6fa761d7ac \
--hash=sha256:48c640b99213643d141550326f34f0502fedb1798adb3c9eb79650b1ecb2f177 \
--hash=sha256:4ae594c66f4a7e1ea67232a0846649a7c94c188d6c071ac0210c3e86a5f92109 \
--hash=sha256:4b694430b3f00eb02c594ff5a16db30e054c1b9589a043fe9174584c6efa8033 \
--hash=sha256:51d8ea2a3a1a8fe4f67de21b8b93757005213e8ac3917567872f2865185fa7fb \
--hash=sha256:54de2619f5ea58474f2ac211ceea6b615af2d7e4306220d4f3fe690c91988a61 \
--hash=sha256:551ad543fa19e94943c5b2cebc54c73353ffff08228ee5f3376bd27b3d5b9800 \
--hash=sha256:5543c055d8ec7801901e1193a51570643d6a6ab8751b1f7dd9af71af467538bb \
--hash=sha256:5cd9cd7170459b9223c5e592ac036e0704bee765706445c353d96f2890e816c8 \
--hash=sha256:5ec4b3f0aebbbe2fc0134ee30a791af522a92ad9f164858805a77442d7d18570 \
--hash=sha256:67ecd894e56a0c6108ec5ab1d8fa8418ec0cff45844a855966b875d1039a2e34 \
--hash=sha256:6ab2ed84bf0137927846b37e882745a827458689eb969028af8032b1b3dac78e \
--hash=sha256:704f63b774218207b8ccc6c47fcef5340741e5d839d11d606f70af93ee78e4d4 \
--hash=sha256:7098c524ba9f20717a56a8d551d2ed491ea89cbf37e540759ed3b776a4f8d6eb \
--hash=sha256:7aed90a72fc3654fba9bc4b7f851571dcc368120432ad68b226bd593f3f6c0b7 \
--hash=sha256:7ce606c14bb195b0e5108544b540e2c5faed6843367e4ab3deb5c6aa5e681208 \
--hash=sha256:7eb95fe8222932c10d4436e7a6f7c99991e3fdd9f36c949eff16a69246dee2dc \
--hash=sha256:80b80b889cb767cc47f31d2b2f3dec2db8126fbcd0cff31b3925b4dc6609dcdb \
--hash=sha256:82cd0a69cd28f6cc3789cc6adeb1027f79526b1ab50b1f6062bbc3a0ccb2dbc3 \
--hash=sha256:83215147121e15d5f3a45d99abeed9cf1fe16869d5c233b08c56cdf75f43a504 \
--hash=sha256:88900f521c645f784260a8d346e12a1590f79e96403971241e64c3a265c8ecdb \
--hash=sha256:91129ff1bb0619bc1f4ad19485718cc623a2dc433dff95baadbf89405c7f6b57 \
--hash=sha256:920974009fb37b20d32afcdf0227a2e707eb83fe418713f7a8b7de038b870d0b \
--hash=sha256:9233ac249b354c54146e392e8a451e465dd2d967fc773690811d3a8c240ac601 \
--hash=sha256:941460db8fe3bd613db52f05259c9336f5a47ccae7d7def44cc277184030a116 \
--hash=sha256:942f8b1f3b223638b02df7df79140646c03938d488fbfb771824f3d05fc083a8 \
--hash=sha256:964b16dcc10c79a4a2be9f1273fcc2684a9eedb3906439720598029a797b46e6 \
--hash=sha256:9691a549c19c22d26a4f3b948071e93517bdf86e41b81d8c6ac8a964bb71e5a6 \
--hash=sha256:96979d753b1dc3b2169003e1854dc67bfc86edf93c01e84757927f810b8c3c93 \
--hash=sha256:987b9ac04d0b38ef4f89fbc035e84a7efad9cdd5f1e29024f9289182c8d99e09 \
--hash=sha256:988631b9d78b546e284478c2ec15c8a85960e262e247b35ca5eaf7ee22f6050a \
--hash=sha256:9a96edd79661e93327cfeac4edec72a4046e14550a1d22aa0dd2e3ca52aec921 \
--hash=sha256:9b7408511fca48a82a119d78a77c2f5eb1b22fe88b0d2450ed0756d194fe7a9a \
--hash=sha256:9dd6082f4e2aec9b6a0927202c85bc1b09dcab113f97265127c1dc20e2e32495 \
--hash=sha256:a2ad5add903eb7cdde2b7c64aaca405f3957ab34f16594d2b78d53b8b1a6a7d6 \
--hash=sha256:a8c65c17aed7e15a0c824cdc63a6b104dfc530f6fa8cb6ac51c437af52b481c7 \
--hash=sha256:aadf28046e77a72f30dcc1ab185639e8de7f4104b8cb5c6dfa5d8ed860e57236 \
--hash=sha256:b076da1ed19dc37788f6a934c60adf97bd02c7eea461b73730513921a85d4235 \
--hash=sha256:b2aeab3895d778155054abea5238d0eb9a72e9242bd4b43f42fd911ef9a13470 \
--hash=sha256:b82edc98d107cbc7357da7a5a695901b47d6eb0420e587256ba3ad24b80b7d0b \
--hash=sha256:b8a0ccc8f2698f120e9e5742f4b38dc944c38744d4bdfc427616f3a163dd9de5 \
--hash=sha256:b993b6f524d1e274a5062488a43e3f9f8764ee9745ccd8e8193df743dbe5ee61 \
--hash=sha256:bb34d1605f96a245fc39790a117ac1bac8de84ab7691637b26ab2c5efb8f228c \
--hash=sha256:bd3366aceedf274f765a3a4bc95d6cd97b130d1dda524d8f25225d14123c01db \
--hash=sha256:c12f6f67495ea05c3d542d119d270007090bad5b843f642d418eb601ec0fa7be \
--hash=sha256:c662a4cbdd6280ee56f841f14620787215a171c4e2d1744c9528bed8f5816c96 \
--hash=sha256:c884d1a59e69e03b93cf0dfee8794c63d7de0ee8f7ffb76e5f75be8131b6400a \
--hash=sha256:ca339088839582d01654e6f83a637a4b8194d0960477b9769d2ff2cfa0fa36d2 \
--hash=sha256:cd2b6c5dfe0929b6c23dde9624483380b170b6e34ed79054ad131b20203a1a63 \
--hash=sha256:ce0f9fbe7d295f9922c0424a3637b88c6c472b75eafeaff6f910494a1fa719ef \
--hash=sha256:cf0633e4a1b667bfe0bb10b5e53fe0d5f34a6243ea2530eb342491f1adf4f739 \
--hash=sha256:cf9273e96f3ee2ac89ffcb17627a78f78e7516b08f94dc435844ae72576a276e \
--hash=sha256:d909b5a3fff619dc7e48b6b1bedc2f30ec43033ba7af32f936c10839e81b9217 \
--hash=sha256:d9b6627408021452dcd0d2cdf8da0534e19d93d070bfa8b6b4176f99711e7f90 \
--hash=sha256:de35342190deb7b866ad6ba5cbcccb2d22c0487ee0cbb251efef0843d705f0d4 \
--hash=sha256:e51c80c168074faa793685656c38eb7a06cbad7774c8cbc3ea05552d615393d8 \
--hash=sha256:e6bd1e9b95bc5614a7a9c9c44fde9539cba1c823b43a9f7bc11266446dd568e3 \
--hash=sha256:e7a9aaa5a1267125eef22cef3b63484c3241aaec6f48949b366d26c7250e0357 \
--hash=sha256:e951d1a8e9963ea51efd7f150450803e3b95db5939f994ad3d5edac2b6f6e2b4 \
--hash=sha256:e9941a4ada58f6218694f382e43fdd256e97615db9da135e77359da257a7168b \
--hash=sha256:f0640913d2c1044d97e30d7c41728195fc37e54d190c5385eacb52115127b882 \
--hash=sha256:f0ccf3e01afeb412a1a9993049cb160d0352dba635bbca7762b2dc722aa5742a \
--hash=sha256:f2181c20ef18747d5f4a7ea513e09ea03bdd50884a11ce46066bb90fe4213675 \
--hash=sha256:f2200e00b62568cfd920127782c61bc1c546062a879cdc741cfcc6976668dfcf \
--hash=sha256:fcbdc5f2b0f1cd0f6a56cdb46fe41d2cce1e644e3b68832f3eeebc5fb0f7712e
# via mkdocs-material
requests==2.31.0 \
--hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
--hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
# via importlib-metadata
# The following packages are considered to be unsafe in a requirements file:
setuptools==68.2.2 \
--hash=sha256:4ac1475276d2f1c48684874089fefcd83bd7162ddaafb81fac866ba0db282a87 \
--hash=sha256:b454a35605876da60632df1a60f736524eb73cc47bbc9f3f1ef1b644de74fd2a
# via mkdocs-material
six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
# via python-dateutil
tabledata==1.3.3 \
--hash=sha256:4abad1c996d8607e23b045b44dc0c5f061668f3c37585302c5f6c84c93a89962 \
--hash=sha256:c90daaba9a408e4397934b3ff2f6c06797d5289676420bf520c741ad43e6ff91
# via pytablewriter
tcolorpy==0.1.4 \
--hash=sha256:d0926480aa5012f34877d69fc3b670f207dc165674e68ad07458fa6ee5b12724 \
--hash=sha256:f0dceb1cb95e554cee63024b3cd2fd8d4628c568773de2d1e6b4f0478461901c
# via pytablewriter
typepy==1.3.1 \
--hash=sha256:892566bff279368d63f02901aba0a3ce78cd7a319ec1f2bf6c8baab3520207a3 \
--hash=sha256:dfc37b888d6eed8542208389efa60ec8454e06fd84b276b45b2e33897f9d7825
# via
# dataproperty
# pytablewriter
# tabledata
urllib3==2.0.5 \
--hash=sha256:13abf37382ea2ce6fb744d4dad67838eec857c9f4f57009891805e0b5e123594 \
--hash=sha256:ef16afa8ba34a1f989db38e1dbbe0c302e4289a47856990d0682e374563ce35e
# via requests
verspec==0.1.0 \
--hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d481cda100f11c31 \
--hash=sha256:c4504ca697b2056cdb4bfa7121461f5a0e81809255b41c03dda4ba823637c01e
# via mike
watchdog==3.0.0 \
--hash=sha256:0e06ab8858a76e1219e68c7573dfeba9dd1c0219476c5a44d5333b01d7e1743a \
--hash=sha256:13bbbb462ee42ec3c5723e1205be8ced776f05b100e4737518c67c8325cf6100 \
--hash=sha256:233b5817932685d39a7896b1090353fc8efc1ef99c9c054e46c8002561252fb8 \
--hash=sha256:25f70b4aa53bd743729c7475d7ec41093a580528b100e9a8c5b5efe8899592fc \
--hash=sha256:2b57a1e730af3156d13b7fdddfc23dea6487fceca29fc75c5a868beed29177ae \
--hash=sha256:336adfc6f5cc4e037d52db31194f7581ff744b67382eb6021c868322e32eef41 \
--hash=sha256:3aa7f6a12e831ddfe78cdd4f8996af9cf334fd6346531b16cec61c3b3c0d8da0 \
--hash=sha256:3ed7c71a9dccfe838c2f0b6314ed0d9b22e77d268c67e015450a29036a81f60f \
--hash=sha256:4c9956d27be0bb08fc5f30d9d0179a855436e655f046d288e2bcc11adfae893c \
--hash=sha256:4d98a320595da7a7c5a18fc48cb633c2e73cda78f93cac2ef42d42bf609a33f9 \
--hash=sha256:4f94069eb16657d2c6faada4624c39464f65c05606af50bb7902e036e3219be3 \
--hash=sha256:5113334cf8cf0ac8cd45e1f8309a603291b614191c9add34d33075727a967709 \
--hash=sha256:51f90f73b4697bac9c9a78394c3acbbd331ccd3655c11be1a15ae6fe289a8c83 \
--hash=sha256:5d9f3a10e02d7371cd929b5d8f11e87d4bad890212ed3901f9b4d68767bee759 \
--hash=sha256:7ade88d0d778b1b222adebcc0927428f883db07017618a5e684fd03b83342bd9 \
--hash=sha256:7c5f84b5194c24dd573fa6472685b2a27cc5a17fe5f7b6fd40345378ca6812e3 \
--hash=sha256:7e447d172af52ad204d19982739aa2346245cc5ba6f579d16dac4bfec226d2e7 \
--hash=sha256:8ae9cda41fa114e28faf86cb137d751a17ffd0316d1c34ccf2235e8a84365c7f \
--hash=sha256:8f3ceecd20d71067c7fd4c9e832d4e22584318983cabc013dbf3f70ea95de346 \
--hash=sha256:9fac43a7466eb73e64a9940ac9ed6369baa39b3bf221ae23493a9ec4d0022674 \
--hash=sha256:a70a8dcde91be523c35b2bf96196edc5730edb347e374c7de7cd20c43ed95397 \
--hash=sha256:adfdeab2da79ea2f76f87eb42a3ab1966a5313e5a69a0213a3cc06ef692b0e96 \
--hash=sha256:ba07e92756c97e3aca0912b5cbc4e5ad802f4557212788e72a72a47ff376950d \
--hash=sha256:c07253088265c363d1ddf4b3cdb808d59a0468ecd017770ed716991620b8f77a \
--hash=sha256:c9d8c8ec7efb887333cf71e328e39cffbf771d8f8f95d308ea4125bf5f90ba64 \
--hash=sha256:d00e6be486affb5781468457b21a6cbe848c33ef43f9ea4a73b4882e5f188a44 \
--hash=sha256:d429c2430c93b7903914e4db9a966c7f2b068dd2ebdd2fa9b9ce094c7d459f33
# via mkdocs
zipp==3.17.0 \
--hash=sha256:0e923e726174922dce09c53c59ad483ff7bbb8e572e00c7f7c46b88556409f31 \
--hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0
# via pytablewriter

2
docs/robots.txt
View file

@ -1,4 +1,4 @@
User-agent: *
Allow: /latest/
Sitemap: https://docs.bunkerweb.io/sitemap.xml
Sitemap: https://docs.bunkerweb.io/latest/sitemap.xml

2
docs/security-tuning.md
View file

@ -484,7 +484,7 @@ You can quickly protect sensitive resources like the admin area for example, by
### Auth request
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/examples).
You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/examples).
**Auth request settings are related to reverse proxy rules.**

1
docs/settings.md
View file

@ -539,4 +539,3 @@ Allow access based on internal and external IP/network/rDNS/ASN whitelists.
|`WHITELIST_USER_AGENT_URLS`| |global |no |List of URLs, separated with spaces, containing good User-Agent to whitelist. |
|`WHITELIST_URI` | |multisite|no |List of URI (PCRE regex), separated with spaces, to whitelist. |
|`WHITELIST_URI_URLS` | |global |no |List of URLs, separated with spaces, containing bad URI to whitelist. |

4
docs/troubleshooting.md
View file

@ -273,7 +273,7 @@ You can manually unban an IP which can be useful when doing some tests but it ne
```shell
sudo bwcli unban 1.2.3.4
```
## Whitelisting
If you have bots that need to access your website, the recommended way to avoid any false positive is to whitelist them using the [whitelisting feature](security-tuning.md#blacklisting-and-whitelisting). We don't recommend using the `WHITELIST_URI*` or `WHITELIST_USER_AGENT*` settings unless they are set to secret and unpredictable values. Common use cases are :
@ -284,4 +284,4 @@ If you have bots that need to access your website, the recommended way to avoid
## Timezone
When using container-based integrations, the timezone of the container may not match the one of the host machine. To resolve that, you can set the `TZ` environment variable to the timezone of your choice on your containers (e.g. `TZ=Europe/Paris`). You will find the list of timezone identifers [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).
When using container-based integrations, the timezone of the container may not match the one of the host machine. To resolve that, you can set the `TZ` environment variable to the timezone of your choice on your containers (e.g. `TZ=Europe/Paris`). You will find the list of timezone identifers [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).

40
docs/web-ui.md
View file

@ -60,7 +60,7 @@ Because the web UI is a web application, the recommended installation procedure
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) of the repository.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -69,7 +69,7 @@ Because the web UI is a web application, the recommended installation procedure
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -93,7 +93,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -115,7 +115,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.1
image: bunkerity/bunkerweb-ui:1.5.2
depends_on:
- bw-docker
environment:
@ -180,7 +180,7 @@ Because the web UI is a web application, the recommended installation procedure
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) of the repository.
Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -189,7 +189,7 @@ Because the web UI is a web application, the recommended installation procedure
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -206,7 +206,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-services
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.1
image: bunkerity/bunkerweb-autoconf:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -219,7 +219,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-docker
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- bunkerweb
- bw-docker
@ -254,7 +254,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-docker
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.1
image: bunkerity/bunkerweb-ui:1.5.2
networks:
bw-docker:
bw-universe:
@ -315,7 +315,7 @@ Because the web UI is a web application, the recommended installation procedure
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) of the repository.
Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -324,7 +324,7 @@ Because the web UI is a web application, the recommended installation procedure
services:
bunkerweb:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- published: 80
target: 8080
@ -354,7 +354,7 @@ Because the web UI is a web application, the recommended installation procedure
- "bunkerweb.INSTANCE"
bw-autoconf:
image: bunkerity/bunkerweb-autoconf:1.5.1
image: bunkerity/bunkerweb-autoconf:1.5.2
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -382,7 +382,7 @@ Because the web UI is a web application, the recommended installation procedure
- "node.role == manager"
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
environment:
- SWARM_MODE=yes
- DOCKER_HOST=tcp://bw-docker:2375
@ -409,7 +409,7 @@ Because the web UI is a web application, the recommended installation procedure
- bw-universe
bw-ui:
image: bunkerity/bunkerweb-ui:1.5.1
image: bunkerity/bunkerweb-ui:1.5.2
environment:
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
- DOCKER_HOST=tcp://bw-docker:2375
@ -462,7 +462,7 @@ Because the web UI is a web application, the recommended installation procedure
!!! info "Database backend"
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.1/misc/integrations) of the repository.
If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.2/misc/integrations) of the repository.
Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -517,7 +517,7 @@ Because the web UI is a web application, the recommended installation procedure
containers:
# using bunkerweb as name is mandatory
- name: bunkerweb
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
imagePullPolicy: Always
securityContext:
runAsUser: 101
@ -587,7 +587,7 @@ Because the web UI is a web application, the recommended installation procedure
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.5.1
image: bunkerity/bunkerweb-autoconf:1.5.2
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -614,7 +614,7 @@ Because the web UI is a web application, the recommended installation procedure
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-scheduler
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
@ -698,7 +698,7 @@ Because the web UI is a web application, the recommended installation procedure
spec:
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.1
image: bunkerity/bunkerweb-ui:1.5.2
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
@ -945,4 +945,4 @@ Because the web UI is a web application, the recommended installation procedure
```shell
systemctl restart bunkerweb
```
```

4
examples/authelia/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.4"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -44,7 +44,7 @@ services:
- app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/authelia/setup-linux.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi

2
examples/authelia/variables.env
View file

@ -30,4 +30,4 @@ app2.example.com_REVERSE_PROXY_HOST=http://app2.example.com
app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri
app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email
app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email
app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email

2
examples/authentik/.env
View file

@ -2,4 +2,4 @@ PG_PASS=changeme
AUTHENTIK_SECRET_KEY=changeme
AUTHENTIK_COOKIE_DOMAIN=example.com
AUTHENTIK_BOOTSTRAP_PASSWORD=changeme
AUTHENTIK_BOOTSTRAP_TOKEN=changeme
AUTHENTIK_BOOTSTRAP_TOKEN=changeme

4
examples/authentik/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3.4"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -53,7 +53,7 @@ services:
- app2.example.com_REVERSE_PROXY_HEADERS=X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/behind-reverse-proxy/cleanup-linux.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi

4
examples/behind-reverse-proxy/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
environment:
- SERVER_NAME=www.example.com # replace with your domains
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

8
examples/behind-reverse-proxy/setup-linux.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
@ -8,9 +8,9 @@ fi
DNF=$(which dnf)
APT=$(which apt)
if [ ! -z $DNF ] ; then
if [ -n "$DNF" ] ; then
dnf install -y haproxy
elif [ ! -z $APT ] ; then
elif [ -n "$APT" ] ; then
apt install -y haproxy
fi
@ -21,4 +21,4 @@ systemctl stop bunkerweb
systemctl stop haproxy
systemctl start haproxy
echo "hello" > /var/www/html/index.html
echo "hello" > /var/www/html/index.html

2
examples/behind-reverse-proxy/variables.env
View file

@ -3,4 +3,4 @@ DNS_RESOLVERS=8.8.8.8 8.8.4.4
SERVER_NAME=www.example.com
# real IP settings
USE_REAL_IP=yes
REAL_IP_FROM=127.0.0.0/8
REAL_IP_FROM=127.0.0.0/8

6
examples/bigbluebutton/docker-compose.yml
View file

@ -27,7 +27,7 @@ services:
...
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -50,7 +50,7 @@ services:
bw-universe:
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:
@ -84,4 +84,4 @@ networks:
driver: default
config:
- subnet: 10.20.30.0/24
bw-docker:
bw-docker:

4
examples/certbot-dns-cloudflare/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/certbot-dns-cloudflare/entrypoint.sh
View file

@ -2,7 +2,7 @@
echo "Certbot started, domains = $DOMAINS"
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
if [ "$EMAIL" = "" ] ; then
EMAIL="contact@${first_domain}"
fi

4
examples/certbot-dns-digitalocean/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/certbot-dns-digitalocean/entrypoint.sh
View file

@ -2,7 +2,7 @@
echo "Certbot started, domains = $DOMAINS"
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
if [ "$EMAIL" = "" ] ; then
EMAIL="contact@${first_domain}"
fi

4
examples/certbot-dns-google/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/certbot-dns-google/entrypoint.sh
View file

@ -2,7 +2,7 @@
echo "Certbot started, domains = $DOMAINS"
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
if [ "$EMAIL" = "" ] ; then
EMAIL="contact@${first_domain}"
fi

4
examples/certbot-dns-ovh/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

4
examples/certbot-dns-ovh/entrypoint.sh
View file

@ -2,7 +2,7 @@
echo "Certbot started, domains = $DOMAINS"
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
if [ "$EMAIL" = "" ] ; then
EMAIL="contact@${first_domain}"
fi
@ -20,4 +20,4 @@ chown -R 0:101 /etc/letsencrypt && chmod -R 770 /etc/letsencrypt
echo "Certbot ended, sleeping for 24 hours"
sleep 86400
sleep 86400

4
examples/certbot-dns-route53/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -33,7 +33,7 @@ services:
- bw-services
bbw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/certbot-dns-route53/entrypoint.sh
View file

@ -2,7 +2,7 @@
echo "Certbot started, domains = $DOMAINS"
first_domain="$(echo -n $DOMAINS | cut -d ',' -f 1 | sed 's/*\.//g')"
first_domain="$(echo "$DOMAINS" | tr -d '\n' | cut -d ',' -f 1 | sed 's/*\.//g')"
if [ "$EMAIL" = "" ] ; then
EMAIL="contact@${first_domain}"
fi

4
examples/cors/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -38,7 +38,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

4
examples/cors/setup-autoconf.sh
View file

@ -1,10 +1,10 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
chown -R 33:101 ./www
find ./www -type f -exec chmod 0640 {} \;
find ./www -type d -exec chmod 0750 {} \;
find ./www -type d -exec chmod 0750 {} \;

4
examples/cors/setup-docker.sh
View file

@ -1,10 +1,10 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
chown -R 33:101 ./www
find ./www -type f -exec chmod 0640 {} \;
find ./www -type d -exec chmod 0750 {} \;
find ./www -type d -exec chmod 0750 {} \;

4
examples/cors/setup-linux.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
@ -16,4 +16,4 @@ fi
cp -r ./www/* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;
find /var/www/html -type d -exec chmod 0750 {} \;
find /var/www/html -type d -exec chmod 0750 {} \;

2
examples/cors/variables.env
View file

@ -16,4 +16,4 @@ app1.example.com_LOCAL_PHP_PATH=/var/www/html/app1.example.com
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
app2.example.com_LOCAL_PHP_PATH=/var/www/html/app2.example.com
app3.example.com_LOCAL_PHP=/run/php/php-fpm.sock
app3.example.com_LOCAL_PHP_PATH=/var/www/html/app3.example.com
app3.example.com_LOCAL_PHP_PATH=/var/www/html/app3.example.com

4
examples/docker-configs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -53,7 +53,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/drupal/bw-data/configs/modsec-crs/drupal.conf
View file

@ -4,4 +4,4 @@ SecAction \
nolog,\
pass,\
t:none,\
setvar:tx.crs_exclusions_drupal=1"
setvar:tx.crs_exclusions_drupal=1"

4
examples/drupal/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

8
examples/drupal/setup-linux.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi
@ -16,11 +16,11 @@ fi
curl https://ftp.drupal.org/files/projects/drupal-9.5.3.tar.gz -Lo /tmp/drupal.tar.gz
tar -xzf /tmp/drupal.tar.gz -C /tmp
current_dir="$(pwd)"
cd /tmp/drupal-*
cp -r * /var/www/html
cd /tmp/drupal-* || exit 1
cp -r ./* /var/www/html
chown -R $user:nginx /var/www/html
find /var/www/html -type f -exec chmod 0640 {} \;
find /var/www/html -type d -exec chmod 0750 {} \;
cd "$current_dir"
cd "$current_dir" || exit 1
cp -r ./bw-data/configs/* /etc/bunkerweb/configs
chown -R nginx:nginx /etc/bunkerweb/configs

2
examples/drupal/setup-swarm.sh
View file

@ -10,4 +10,4 @@
docker config rm cfg_drupal_modsec_crs
# create configs
docker config create -l bunkerweb.CONFIG_TYPE=modsec-crs -l bunkerweb.CONFIG_SITE=www.example.com cfg_drupal_modsec_crs ./bw-data/configs/modsec-crs/drupal.conf
docker config create -l bunkerweb.CONFIG_TYPE=modsec-crs -l bunkerweb.CONFIG_SITE=www.example.com cfg_drupal_modsec_crs ./bw-data/configs/modsec-crs/drupal.conf

2
examples/drupal/variables.env
View file

@ -10,4 +10,4 @@ USE_GZIP=yes
LIMIT_REQ_URL_1=/core/install.php
LIMIT_REQ_RATE_1=5r/s
LOCAL_PHP=/run/php/php-fpm.sock
LOCAL_PHP_PATH=/var/www/html
LOCAL_PHP_PATH=/var/www/html

4
examples/ghost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -24,7 +24,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/gogs/bw-data/configs/modsec-crs/gogs.conf
View file

@ -4,4 +4,4 @@ SecAction \
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain| |application/x-git-upload-pack-request| |application/x-git-receive-pack-request|'"

4
examples/gogs/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/gogs/setup-swarm.sh
View file

@ -10,4 +10,4 @@
docker config rm cfg_gogs_modsec_crs
# create configs
docker config create -l bunkerweb.CONFIG_TYPE=modsec-crs -l bunkerweb.CONFIG_SITE=www.example.com cfg_gogs_modsec_crs ./bw-data/configs/modsec-crs/gogs.conf
docker config create -l bunkerweb.CONFIG_TYPE=modsec-crs -l bunkerweb.CONFIG_SITE=www.example.com cfg_gogs_modsec_crs ./bw-data/configs/modsec-crs/gogs.conf

4
examples/hardened/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
# dropping all capabilities
cap_drop:
- ALL
@ -39,7 +39,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

4
examples/joomla/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -28,7 +28,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/joomla/setup-linux.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi

2
examples/joomla/variables.env
View file

@ -12,4 +12,4 @@ LIMIT_REQ_RATE_1=8r/s
LIMIT_REQ_URL_2=/installation/index.php
LIMIT_REQ_RATE_2=8r/s
LOCAL_PHP=/run/php/php-fpm.sock
LOCAL_PHP_PATH=/var/www/html
LOCAL_PHP_PATH=/var/www/html

4
examples/load-balancer/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -31,7 +31,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

4
examples/magento/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -29,7 +29,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/magento/setup-swarm.sh
View file

@ -10,4 +10,4 @@
docker config rm cfg_magento_server_http
# create configs
docker config create -l bunkerweb.CONFIG_TYPE=server-http -l bunkerweb.CONFIG_SITE=www.example.com cfg_magento_server_http ./bw-data/configs/server-http/buffering.conf
docker config create -l bunkerweb.CONFIG_TYPE=server-http -l bunkerweb.CONFIG_SITE=www.example.com cfg_magento_server_http ./bw-data/configs/server-http/buffering.conf

4
examples/mattermost/docker-compose.yml
View file

@ -2,7 +2,7 @@ version: "3"
services:
mybunker:
image: bunkerity/bunkerweb:1.5.1
image: bunkerity/bunkerweb:1.5.2
ports:
- 80:8080
- 443:8443
@ -44,7 +44,7 @@ services:
- bw-services
bw-scheduler:
image: bunkerity/bunkerweb-scheduler:1.5.1
image: bunkerity/bunkerweb-scheduler:1.5.2
depends_on:
- mybunker
environment:

2
examples/mattermost/setup-autoconf.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi

2
examples/mattermost/setup-docker.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
if [ $(id -u) -ne 0 ] ; then
if [ "$(id -u)" -ne 0 ] ; then
echo "❌ Run me as root"
exit 1
fi

2
examples/mongo-express/bw-data/configs/modsec/mongo-express.conf
View file

@ -1 +1 @@
SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"
SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"

Some files were not shown because too many files have changed in this diff Show more