Squashed 'src/deps/src/lua-resty-signal/' changes from d07163e8c..a8ed481ef

a8ed481ef enhance script 0ae3739e9 update antibot script bf6ac77bd Remove plugins_errors from main.py and plugins.html 01efb93c5 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev bb29d3b1a Fix current_endpoint shenanigans in web UI d7d660a7a start ajax on antibot core plugin e408acfa7 Refactor plugin handling in main.py ad1625a86 Refactor custom_plugin method to accept arguments/body from request bc65918fa Update plugin action feature to make it easier to implement 974c78107 Merge commit '0c3e271b0fef1dc1a1053899dcb61fdcbaea4886' into dev 0c3e271b0 Squashed 'src/deps/src/modsecurity/' changes from bbde9381cb..5f44383236 4f9f666fb Update ModSecurity to v3.0.12 044c4d259 Fix service validation in tests and update UI elements for services 92ff8000c Fix issue with empty server name in Config.py of web UI bf9a4e291 Refactor regex pattern for server name validation 7154d1f3a now clone has draft b0e5eacbb Add draft back end logic for services fa014cfef force method ui on clone 6786520ae Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 225cf84cb update service with method 2ba29f7dd Remove IS_DRAFT setting from web UI as it is used internally 544f57e28 format breadcrumb 983355bce fix new service + show plugin page 137b5ed4b add draft on service page 1eed27c14 Add git pull of the older version in core db tests in case it is not present 1c2d909ac Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 110401d8a change style order ed56e1cb7 Refactor plugin rendering in plugins.html to include the possibility of plugin pages even for core plugins in web UI 85bd03f0b add core plugins style e700f7d1f Refactor cleanup_stack function in test.sh for db core test e434ea821 Add spoofing action files for various modules cc07b9267 Refactor plugin page handling in Database.py when initializing 5f530a067 Fix typo in letsencrypt core test's docker-compose file d5eee7b6f Add letsencrypt core tests d41acc39a Update Docker images and remove unnecessary build instructions d27ee82a6 Add backward compatibility when getting ban reasons in Lua and bwcli 0cd68eac6 add core ui + update tailwind config 1677944aa Fix CVE CVE-2024-0727 1d2677c12 Merge pull request #893 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.23.2 fc45ecf95 deps/gha: bump github/codeql-action from 3.23.1 to 3.23.2 c9193cf5d Update cryptography version to 42.0.1 78af21a36 Add directory and index.html file for app2.example.com as well in web UI tests 14769ad55 Update external plugins rendering logic in web UI 3451819e0 Merge pull request #891 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.170.0 160972c65 Merge pull request #885 from bunkerity/dependabot/github_actions/dev/actions/upload-artifact-4.3.0 22ab625b6 Remove no longer testable plugin external pages in db tests 7ec4fcde1 Update regex pattern for custom header in plugin.json to accept more characters 9a4caa674 deps/gha: bump ruby/setup-ruby from 1.169.0 to 1.170.0 549f442c1 [#863] Change python executable in scheduler to python3 only 1ea6d9258 Add tests for services cloning on web UI f1d24a959 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 926482e45 clone working on multiple 5cedafd35 Refactor plugin installation and update logic e256dad99 Add automatic version upgrade tests in core DB 2db15873e road to v1.5.6 e6ee3f0a4 Refactor login redirection logic in setup.html 12714a770 Fix instance name in get_bans and get_reports methods 17ae0acbb Add random IP addresses to input fields in ui tests banned ips dd30718e0 Fix redis tests with Linux e292cb8a3 Fix linux redis test by stopping redis service properly 09873a3ed datepicker get ms but send timestamp in s 3e693a443 Add UI tests for the reporting and bans pages + Fix a few things in web UI tests ab84f03d0 update modal style 2977b5297 [#871] Add serviceAccountName to bunkerweb-ui deployment a4ce38dd1 Update quickstart guide with formatting improvements 9b8b6e4d0 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 82c0b7a91 Update database model diagram + Add it to the README c53081ff2 stamp ms to s + add default attribut efb884456 update default date to now + 1 day 70532d50d Set itemCount variable to 0 instead of 1 + Fix dropdown button styling and remove unnecessary code 440abf3d3 better ban modal + fix style 686d2e055 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 0c0c221f6 Add back-end logic for web UI reports page 3dda5b19d Update metrics logging 079f87052 remove useless html 7b0e986d4 Add Redis support for bans page in web UI 43cdf98d5 Fix UI bans page shenanigans when ban ips 8194d0f98 Add new setting DATABASE_LOG_LEVEL to control SQLAlchemy loggers separately from the main one ea7959649 Fix ban reason retrieval in utils.lua to always return a string b5918f766 deps/gha: bump actions/upload-artifact from 4.2.0 to 4.3.0 1fc79f38b bw - fix metrics core plugin dbc2d539a handle no reports too + better svg 7fa44b25e ban data + list condition b8703ea1e Update setup wizard instructions in web UI documentation 232b55142 Fix form action URLs in bans_modal.html and bans.html + Add back-end logic for ban page a737bad33 Refactor ban functionality and improve ban listing 73c2ea42f Update pre-commit-config hooks versions and apply it a0e0d4394 Fix redis-sentinel tests shenanigans 271d26230 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 862a8c715 bw - init work on metrics (wip) e854ac2e3 Update selenium version to be less than 4.17.0 61b8515d6 Update zlib version to v1.3.1 4c3d06b2a Merge commit 'f8374f66043b438bae58c850ee472cdcf5008a12' into dev f8374f660 Squashed 'src/deps/src/zlib/' changes from 09155eaa2..51b7f2abd 4067e5020 Update zlib dependency to v1.3.1 fe4a49d00 Merge pull request #881 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.169.0 0e5e9cff1 Update python deps dd0008fbf Update Python base image hash in Dockerfiles 4d3e30977 Fix customcert linux tests dcba7dc18 Update PostgreSQL database URI in test.sh 8c3ec6b24 Add better custom certificate cache handling + made a few tweaks with the jobs utils 14172ab70 Update test-core-linux.yml to optimize pip install command e8ebb053d deps/gha: bump ruby/setup-ruby from 1.168.0 to 1.169.0 43410beb9 Fix Redis tests by removing SSL verification 6f43ca663 Add CVE fixes for Autoconf and UI containers 03c08fe51 Fix CVE CVE-2023-7104 and remove old, no longer necessary CVE fixes f6e5b8956 Update dependencies versions Python + Docker 9b67a7aca Update Python base image in Dockerfiles 6b55eafc9 Update dev.yml with fail-fast strategy e6b9b7a60 Merge pull request #877 from bunkerity/dependabot/github_actions/dev/actions/upload-artifact-4.2.0 950a2920c Merge pull request #880 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.168.0 5afcfbc83 Merge pull request #873 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.23.1 b1c59bc1e enhance bans page 4f9fd8a6a Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 775653f39 update reporting 20d3f4841 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 0efc31c4d bw - refactor session handling and fix antibot 6e516b4a8 deps/gha: bump ruby/setup-ruby from 1.165.1 to 1.168.0 e1b485c87 enhance add bans 9befdb9ec update add bans 0cfb72836 start add bans + enhance buttons 13e546023 update bans d8b1cecf4 add disabled btn style 7203dd467 enhance tables 3edff5004 update bans page 7707aab9a update block request page 6fec1a47b deps/gha: bump actions/upload-artifact from 4.1.0 to 4.2.0 e21aec6d7 update block req page 723c8d17d add block requests list 8b0a39188 start bans page a7d3a2fd5 start block requests ui ceb81603d add clone service + precommit e465aca85 deps/gha: bump github/codeql-action from 3.23.0 to 3.23.1 96a4c6853 Add test for fallback certificate in customcert core tests 602a1ed5a Add Redis Sentinel support and improve logging in bwcli 9cce27228 Fix some tests and made some optimizations in redis tests cebcf5734 Add fallback to master if redis slave client connection fails b3c46acb0 Refactor redis test script to fix ACL file generation d4b0d4bf9 Add directory for BunkerWeb configuration e3467be7f Update workflow dependencies e7557adde Update test-core-linux.yml and tests-ui-linux.yml 75ec43668 Update Redis ACL files depending on the integration ce4631cb2 Fix Redis ACL file path in test.sh 36778f214 Refactor redis core tests and start adding sentinel tests 5fcdc1c7b Refactor clusterstore initialization and connection 5fd72ea63 Update Alpine base image sha256 5fd54f829 Remove connection_options.pool option from redis connection and optimize redis connections f38f775f3 redis - add REDIS_SSL_VERIFY setting 55450949f merge from 1.5.5 ebe3ed574 Add recommended dialects to databases string 48f8eeb20 Update python deps cfa8f38cd Merge pull request #864 from bunkerity/dependabot/github_actions/dev/actions/upload-artifact-4.1.0 046cbb209 deps/gha: bump actions/upload-artifact from 4.0.0 to 4.1.0 494e111c5 Merge branch 'staging' into dev 5915b808f Remove duplicated changelog in CHANGELOG.md 53bbc69ae Update CHANGELOG.md 2fe80d14b Merge commit '9117cd73047101b1201ff00f25bfc8e0a7bcb214' into dev 9117cd730 Squashed 'src/deps/src/lua-resty-core/' changes from 31fae862a1..812b2d3871 5b5940375 Update lua-resty-core to v0.1.28 656b526dc Merge pull request #845 from bunkerity/dependabot/github_actions/dev/actions/download-artifact-4.1.1 001573462 Merge pull request #842 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.23.0 615fc264b Merge pull request #838 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.5.0 c9180a9d0 Update linux base images in Dockerfiles 1b6b43c79 Fix CVE CVE-2023-6129 for Python based images 11af415c8 Merge commit 'db8fec5254f07b1413a58ca78b08b7391d6bcbf0' into dev db8fec525 Squashed 'src/deps/src/libmaxminddb/' changes from 93a7e0e562..e26013e1d2 76fd05d41 Update libmaxminddb version to v1.9.1 97773eb1e Merge commit '65e43ea60646f2b33ed5e514ed62c1a90fe9a016' into dev 65e43ea60 Squashed 'src/deps/src/lua-nginx-module/' changes from c47084b5d7..0e769b7643 0c3aea3d4 Update lua-nginx-module version to v0.10.26 2b81d69db Update dependencies and fix cloning issue 32f111b53 Merge commit '28b42bd4009801a4ff079d2ad03306d095e866f1' into dev 28b42bd40 Squashed 'src/deps/src/stream-lua-nginx-module/' changes from 309198abf..cafa6f553 62c49f116 Squashed 'src/deps/src/lua-resty-core/' changes from 812b2d387..31fae862a 74d09cb72 Merge commit '62c49f11609644272aa3a4f1f540029759f8efab' into dev 4d1e34310 Squashed 'src/deps/src/libmaxminddb/' changes from f24301d52..93a7e0e56 13927cf38 Merge commit '4d1e34310736fed571b5167807766efe1ecdf64a' into dev 8c2d0b98d Update commit check in init_deps.sh bc2af48a7 Update stream-lua-nginx-module to v0.0.14 c274489f7 Add skip update message for latest commit 9eee9523b Add conditional check for commit presence before updating dependencies 9c2e7a0e9 Update dependencies using git subtree pull 75d4b99e1 Squashed 'src/deps/src/lua-resty-core/' changes from 31fae862a..812b2d387 8c50be50e Merge commit '75d4b99e1579cd492acc6a050935ac4069e1e8ea' into dev 3595b0c77 Squashed 'src/deps/src/libmaxminddb/' changes from 93a7e0e56..f24301d52 4bf4080f9 Merge commit '3595b0c77a740fb46515463720e7abb42d3f14c4' into dev 1f867e61e Update dependencies in init_deps.sh f014a7b6d Update lua-resty-core to v0.1.28 f24301d52 Update version to v1.5.6 and fix database and ModSecurity-nginx issues e8a9a338f Update CHANGELOG.md aa4f40497 Update python deps and hashes ad4533a91 update logo size e3f318bf8 ci/cd - install new dependencies for doc ea3a1939b ci/cd - restore missing package.json file 0af69bccd ci/cd - fix ARM instance name format e69075bee ci/cd - fix wrong ARM instance code b266e5ae7 ci/cd - fix SSH timeout for ARM build 426e2aa79 fix CVE-2023-5363 and CVE-2023-5678 37987fc4c ignore CVE-2023-6129 8365cdd1b security - fix CVEs 296102cdd linux - add missing openssl dependencies 680708306 tests - increase docker/configs delay 7768940fe tests - use same domains for each tests 1ef7653bd remove useless code in utils.lua and add delay to swarm/configs tests a0cc9a440 tests - increase k8s/tls delay 1cd587efb autoconf - filter swarm events to improve performance ccb16756a deps/gha: bump actions/download-artifact from 4.1.0 to 4.1.1 e5ba468d4 autoconf - disable event filtering 4f0790a7e custom cert - fix caching issue of cert/key files e03734764 tests - fix wrong edit_tls for k8s/tls a08beb843 fix misspelled banner bc891cc2f tls - fix wrong variables when using multiple server_name 224f11d88 fix custom cert job not caching key file cf6c59ff7 autoconf - fix typo in ingress controller 88e14bcf8 reduce bunkernet "fake" errors and increase delay for autoconf/configs staging test 5e71cfc15 autoconf - filter events c8452aada fix wrong error handling for log_default and increase delay for k8s/tls test 66b1c015f tests - set log level to info and add edit_tls setting 3d2cbda6b db - increase maximum length for settings value to support base64 encoded tls cert/key a693871c5 autoconf - fix wrong parsing of tls f606de29e tests - update k8s version to 1.28.2 and fix race condition with pvc 0a3e0d795 tests - fix k8s/tls json file 05160c2ab tests - log json file c5c3d9c98 tests - add delay to k8s/ingress 24fe6da64 tests - add delay to autoconf/configs 17180da89 bw - fix LE delete return value and suppress warnings for api and default server 949bf545c fix safari home cards 8800b58bb tests - fix wrong tls CN for staging tests 2bccb5d40 Merge branch 'dev' into staging 0044e68c8 update style 0b2a78425 Merge remote-tracking branch 'origin/dev' into ui 0960d876c road to v1.5.5 6b25619c5 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev d1a8b99be fix Linux versions in README, fix UI not working when serve behind / and revert back to bullseye for tests machines f8f4db910 add go back btn on totp page 59a69773e deps/gha: bump github/codeql-action from 3.22.12 to 3.23.0 eb2042a0e tests - downgrade docker-py package to fix breaking change ecada3d70 tests - update bullseye to bookworm b585376f1 tests - update ansible version 8ad1adb92 Merge branch 'dev' into staging b7bc89ade tests - update ansible role for swarm and replace profile with account for ui 9d274afe2 tests - fix selector for account page 6a33859d2 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 0bcb4e19c edit external plugins link and fix ui tests menu selector 369972e57 add menu image to access account page 7af34f33d highlight manage account + new position 54e76dae4 update js for account page beee0bf97 safari fix + update profile 34ce47079 update doc for web UI account, add ISO format to country core and update version of plugins 80983f3fe change alert to warning fd66075e4 update doc f9553ca5e deps/gha: bump docker/metadata-action from 5.4.0 to 5.5.0 b8df6611e Update mkdocs markdown_extensions e2bfa8560 Add lost 2FA recovery procedure b1d5ab260 Update database metadata initialization logic 7e0d9c78b Add automatic DB migration between any 1.5.x version and the latest one 6d5a6a9b9 add web-ui manage profile section 7e018e984 Merge branch 'dev' into staging f2ceca82d Merge pull request #837 from bunkerity/dev aec4021b2 Fix UI tests with wrong redirection 17c3eae3e Apply pre-commit-config to all files f6d7d177a Update CLI.py with environment variable handling f4c07bca6 Downgrade prettier pre-commit hook as the latest one isn't an official release 0ec97a77c Update shebang to use env python3 c4bcaba03 Lint and format lua files + Fix luacheck warnings and errors + Update pre-commit-config hooks 4cb896cfc Merge remote-tracking branch 'origin/dev' into ui 83854838a update logo on error and misc files 2c548657e enhance ui 85e0a8292 fix country core tests and reflect changes on redis core tests 19a2c08c5 fix country core typo, add missing tls to magento tests and add local cachestore d3ba9720c Update password input field in UI tests and profile page + edit back logic with profile page form submission b3a5dfeaa tests - add tls checks on common name 748a56811 Merge pull request #835 from bunkerity/dev f843cbda5 Fix weird behavior when MULTISITE mode is set to no and the SERVER_NAME is empty 7a80516fb Fix core country test as 2.0.0.3 as country code GB and not US anymore e36dc32bc Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev b2c58a76f bw - fix colors 752317f1c Remove no longer used zope deps init 740018e26 Fix shenanigans with BunkerNet and the instance.id file a55e2699b Update gunicorn worker class to gthread 90f6ceea1 Revert "Test weird bug with ui linux tests" 46e3a10e4 Test weird bug with ui linux tests bcfe623e0 Update how the python deps are installed in linux tests (core & ui) 676afd4c1 Allow web UI to use multiple workers 309c5d0fe Fix weird shenanigans with zope python deps cff05457d Move monkey patch command in web UI and add dynamic threading ff7cb04c3 Remove useless code in web UI tests 3e63f2ad0 Fix potential python deps not being imported in web UI 413500e5d Use Python 3.12 in workflows 3e0a987a6 Remove the need for codeql job to complete before going to the next stage in dev workflow 624ed08af Update ui startup script d5732b697 Deactivate anonymous reporting at first startup 6fc5ca745 Merge pull request #816 from bunkerity/dependabot/terraform/tests/terraform/dev/scaleway/scaleway-2.35.0 dcb924f54 Merge pull request #772 from bunkerity/dependabot/terraform/tests/terraform/dev/hashicorp/kubernetes-2.24.0 fecf4a898 update version to 1.5.5 d3cfbfec6 bw - fix typo in blacklist core 0867846f8 bw - fix typo in server.conf e108d3f53 bw - init work on reason data and fix nil REDIS_SENTINEL_HOSTS for sessions 68b3d6785 bw - fix redis error when using sessions and fix redis connection pool not used d475a4e31 scheduler - fix missing custom configs when instances change 37f11eade jobs - remove certbot renew delay 3ba295d14 Fix firefox installation in linux tests 109b9cc6a add operation value cd5ee103d Add cooldown to anonymous report job 9e8afa18b add tab switch related to form ed45e2290 Update ui tests with new profile page format bba987904 Merge pull request #834 from bunkerity/dev d7c49e237 Update sqlalchemy to version 2.0.25 & update python deps hashes 957817926 Pin aquasecurity/trivy-action version in workflows 2b0540f44 Fix UI defaults with Linux Integration 7a247e643 Fix wizard redirection even when the UI isn't configured 355d67164 bw - dont retrieve ctx when using api a21ab3ca7 add profile dark mode + enhance flash 48ea94f11 update ui 2197f72be Fix ui linux tests getting the wrong id of the totp button 8d900437f Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev a8bfd0336 Update and fix the whole user management of the web UI ce8022a43 Fix bwcli shenanigans with external databases 7759338e3 Update python deps 6e70da4a5 Switch gunicorn worker_class back to gevent d4ef6fdff Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 5ad99ac82 bw - various improvements to redis sentinel beaf868fd Merge pull request #831 from bunkerity/ui d091e5299 enhance style ad2253f89 totp form name different from user one db0f23855 delete totp duplicate logo 66fa2df6c Merge remote-tracking branch 'origin/dev' into ui 0a130c404 Fix tests ui Linux env file having the default values 98b4c0631 Fix problems with ui tests and the ui.env file for Linux and the IP address of the container for DOcker 935650900 Update cached mmdb files 379cf17e7 Update tests ui linux workflow file to have the right BunkerWeb config 551a0b520 bw - clusterstore fixes aeedf30fa bw - redis sentinel support (WIP) 1b0c1cdb7 Merge commit '8f051820b9c885fd6bbe4c8fdbb0dc1f888aaae2' as 'src/deps/src/lua-resty-redis-connector' 8f051820b Squashed 'src/deps/src/lua-resty-redis-connector/' content from commit 02a29f93 af8fa60e2 bw - fix is_whitelisted function and fix typo in country core a4f72f1c1 bw - various fixes after LUA improvements 077b2c1c1 bw - various improvements and refactoring (WIP) 020ec53e0 Merge pull request #830 from bunkerity/dev aea3fae2b Update CHANGELOG.md a5e0ceed3 [#795] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies fdb01b305 Fix shenanigans with the ui user edition 91448f1f4 Add a log in the UI when a login attempt is made d1d82aa30 Add UI tests for the profile page and the Wizard 13f477b75 Merge pull request #829 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.165.1 32777c25e Merge commit 'dda63ddceeb1f4ffdd97d6aa95ac24a1a7eeede7' into dev dda63ddce Squashed 'src/deps/src/lua-resty-openssl/' changes from 5aba923e7..7f25f00ba 116ca2226 Update lua-resty-openssl to version v1.2.0 80f8d1548 Update CHANGELOG.md 22c6e1c6d Update python deps c7e690d94 deps/gha: bump ruby/setup-ruby from 1.165.0 to 1.165.1 364a779b2 Merge pull request #827 from bunkerity/ui bd23ae609 Merge pull request #826 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.165.0 b3462dc95 enhance profile page 1bd0dcbd7 deps/gha: bump ruby/setup-ruby from 1.163.0 to 1.165.0 556fc6936 update totp and profile style 1920d89b4 Add back-end logic for 2FA in UI 398be9147 fix password submit behavior 783d83094 add 2FA pages bafd3a5b6 Add more security to UI by checking client IP and UA with a session fbbe6b49d Update regex for url in wizard 5f74b357c Add profile editing logic in the UI e938d48ff enhance error page a950f55e7 Merge pull request #825 from bunkerity/ui ffbe1e3b6 Update ui tests to new formats 38eb98c39 update setup.html and popover 33211902d fix ui height + select auto submit e348e92bc Merge pull request #824 from bunkerity/dev 9eb816ef3 Add flash messages to setup.html as well aa9bcdc3d Merge pull request #823 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.163.0 a85297c61 Merge pull request #818 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.22.12 f3c4415f5 Merge pull request #817 from bunkerity/dependabot/github_actions/dev/actions/setup-node-4.0.1 3d59f7697 Update CHANGELOG.md dba906db0 Update python images in Dockerfile to 3.12.1-alpine3.18 a458e650f Update python deps dcf6fc1ce bw - various fixes for tls management and init work on shared ctx on subrequests 9d74de299 deps/gha: bump ruby/setup-ruby from 1.162.0 to 1.163.0 34c065722 road to certificate fallback 35d46f424 deps - patch modsecurity-nginx to load it before brotli module 8b0c8de42 add defaul ssl cert and patch modsec to execute after brotli 8dfd8dc9b deps/gha: bump github/codeql-action from 3.22.11 to 3.22.12 56f350d62 deps/gha: bump actions/setup-node from 4.0.0 to 4.0.1 63a90005c Merge branch 'dev' into ui 20c2f4ffd precommit config 29c88027e enhance ui 5c10eaeb7 Merge pull request #808 from bunkerity/dependabot/github_actions/dev/github/codeql-action-3.22.11 093366d15 Merge pull request #810 from bunkerity/dependabot/github_actions/dev/actions/upload-artifact-4.0.0 ac3fc2a78 Merge pull request #815 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.4.0 4f28cfbbc Merge pull request #814 from bunkerity/dependabot/github_actions/dev/actions/download-artifact-4.1.0 cd7ef7448 Merge pull request #813 from bunkerity/dependabot/github_actions/dev/aquasecurity/trivy-action-91713af97dc80187565512baba96e4364e983601 e3d21c647 start adding aria 0e3c32213 deps/terraform: bump scaleway/scaleway in /tests/terraform 6a5616472 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 436208007 continue work on dynamic TLS cert/key with fallback 7fbf17a0e update doc 0945f2052 Merge branch 'dev' into ui aab019d17 Fix SERVER_NAME setting when not in multisite mode c39793a31 Fix shenanigans when SERVER_NAME is empty de3ba0a57 precommit done 3e51cc78f Fix error with selects when trying to add a new settings in the database init_tables 809c5f45e deps/gha: bump docker/metadata-action from 5.3.0 to 5.4.0 c344b302c deps/gha: bump actions/download-artifact from 3.0.2 to 4.1.0 504aeb9d0 enhance ui b41bd619c lighter error file 73f3a7ac8 deps/gha: bump aquasecurity/trivy-action 1dd85364d add example and test for k8s/tls support 53a143d71 init work on supporting tls ingress on k8s 62449f84c continue work on ssl/tls fallback and management 8efcd2b8a ssl refactoring - wip 946e292b3 ssl refactoring - wip c5d9c6936 docs - add ecosystem section to intro and fix social cards text color 98ac205ea deps/gha: bump actions/upload-artifact from 3.1.3 to 4.0.0 056eb0375 fix some style cab17e061 add profile page 5b5898eac Add support for soft database update when updating the version 18adaee07 deps/gha: bump github/codeql-action from 2.22.10 to 3.22.11 71acbbc0b docs - add social cards 549bbe170 fix news + enhance style 6c5169473 Update settings.md ed06c513c udpate ui and utm 0657b7b29 Update CHANGELOG.md da9fb7af7 Add support for fallback Referrer-Policies 747cbe13e Merge pull request #807 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.10 a9ac4f298 Update python deps a478905be Update BunkerWeb logo and ascii b08c53365 Soft merge branch "ui" into branch "dev" 0811d2821 deps/gha: bump github/codeql-action from 2.22.9 to 2.22.10 cf2a5ed84 add panel on about and trouble dc55beaab add ecosystem page on doc 4f43f6165 Merge pull request #805 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.162.0 5f72dbf6f Merge pull request #803 from bunkerity/dependabot/docker/src/autoconf/dev/python-3.12.1-alpine3.18 ce728cf90 Merge pull request #802 from bunkerity/dependabot/docker/src/scheduler/dev/python-3.12.1-alpine3.18 83b06abe7 Merge pull request #801 from bunkerity/dependabot/docker/src/ui/dev/python-3.12.1-alpine3.18 f7d250504 Merge pull request #800 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.7.2 e4888197a Merge pull request #799 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.9 02d6c4111 add utm 716e69027 deps/gha: bump ruby/setup-ruby from 1.161.0 to 1.162.0 47350f5f0 update compose to test ui ea45f3c11 docs - update logos 6ef1513d7 start adding banner 5b236e769 Merge branch 'dev' into ui e6c5df12d add utm 8eff772fe deps/autoconf: bump python in /src/autoconf 0f2bf17a5 deps/scheduler: bump python in /src/scheduler de30a734f deps/ui: bump python in /src/ui 10f0ee7ee deps/gha: bump rickstaa/action-create-tag from 1.7.1 to 1.7.2 456b6a424 update utm readme 5eb5625a2 docs - add basic info about bw panel cb76d1c09 deps/gha: bump github/codeql-action from 2.22.8 to 2.22.9 e9737dcf4 Update API endpoint URL of anonymous report 2ee63c0dd Merge pull request #798 from bunkerity/dev 607a201c7 Update CHANGELOG.md cfc32af85 Squashed 'src/deps/src/modsecurity/' changes from ccc2d9b536..bbde9381cb d3752d25f Merge commit 'cfc32af85c09dcebe4a185e7f1252bfba460bebb' into dev 4f6c6ae6c Update ModSecurity version to v3.0.11 9dd2b9537 Merge pull request #797 from bunkerity/dev 2b11f24a3 Fix db core test a0765085d Revert "Test CVE fixes on bw" 220450d4a Test CVE fixes on bw c471ccbf6 Remove no longer necessary CVE fixes dfae6be47 Merge pull request #792 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.3.0 531555941 Merge pull request #796 from bunkerity/dependabot/github_actions/dev/actions/setup-python-5.0.0 ff0f61136 Test CVE fixes 74dff7665 Add anonymous-report job 4c7bc9f99 Update python deps 25cba9feb deps/gha: bump actions/setup-python from 4.7.1 to 5.0.0 a5e403426 ci/cd - update linux versions when pushing packages b9ff3911f v1.5.4 release e1210137b deps/gha: bump docker/metadata-action from 5.2.0 to 5.3.0 588d04c7d Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging 0d5ea43ff linux - fix nginx version dependency for rpm builds 1fbd3dd51 ci/cd - fix k8s/configs test and fix haproxy not working with debian 12 82fcff293 Add Linux dependencies for Docker in dependabot.yml d3672e6d7 tests - show logs when haproxy fails in linux tests a26ff09da update php-fpm version for debian tests and add libcap dep to linux packages e1c185cdc linux - add libpcre3 dep to debian package fe8d9b5f4 linux - reflect changes for debian 12 support 7f832117d linux - update supported versions 4d967492b Remove no longer existing "—no-redirect" argument in mike command 3270131f4 ci/cd - fix mike deploy breaking change 91f0a9bbc Merge branch 'dev' into staging b89f2d560 road to v1.5.4 🚀 bb9aa5c96 Merge pull request #789 from bunkerity/dev 8302bee4d Merge pull request #788 from bunkerity/ui f5d45d237 Update CHANGELOG.md and docs for setup wizard 589df19c1 Add check endpoint and remove USE_CORS flag a283c35a2 Add CORS support and update redirect behavior 3779cc5dc update setup UI ff65d0081 Fix potential issue with config saver and non Docker and Linux integrations 4c109bfe5 Update mmdb files a818e6fa9 Merge pull request #787 from bunkerity/ui 35bfda5b3 Add ui_host variable to form in wizard 700b434f4 Merge pull request #786 from bunkerity/dev 7f030d893 Handle start and stop event of BunkerWeb with the scheduler in Docker aa3fd4edf Merge pull request #784 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5.2.0 bb41e8597 deps/gha: bump docker/metadata-action from 5.0.0 to 5.2.0 f5ed1b5d2 update setup ui f159b17ee Add HTML files to linguist-vendored list 18ab9cebc Merge branch 'dev' into ui ff9566b49 Update Python base image SHA256 c439488ea Update bcrypt version to 4.1.1 1e1245ff2 Add Python 3.9 setup and install dependencies for codeQL workflow f8dc2f818 Fix plugin system link in README.md 3920ce03d Fix formatting and remove unused code 43c288046 ui - add CORS to wizard check endpoint c22646de1 Fix regex pattern for REVERSE_PROXY_PATH bf5dadb43 Refactor User class to use property decorator for password_hash c1e25a64a Add random URL generation for setup.html 1daa4103f Fix server name validation bug 1e52dd9fb Merge branch 'ui' into dev 53706a75e fix print and remove cdn afeb5e454 Update wizard back logic and tweak setup.html b3e0a9e8c Update python dependencies cbb595e1c deps/terraform: bump hashicorp/kubernetes in /tests/terraform c16e95471 update setup html 9917fbd86 setup in-page style and image 97f9048bd Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 49b745a2a ui - init work on /setup endpoint on default server 7778bd106 Merge pull request #769 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.8 aca470332 Merge branch 'dev' into ui 68a8f8eb0 Merge branch 'ui' into dev 834d4568e Refactor database session handling 2ec0c7e39 deps/gha: bump github/codeql-action from 2.22.7 to 2.22.8 3269e7ec5 Fix missing admin_password_check validation in setup form dead40ec6 Squashed 'src/deps/src/lua-resty-openssl/' changes from 89195843c..5aba923e7 ddb3daae3 Merge commit 'dead40ec6d1b5907f2803a6bb55f006dd27203ba' into dev 0142ba1d2 Update lua-resty-openssl version to v1.0.2 97a78650e Update dependencies versions 10e5dc4f4 Merge pull request #766 from bunkerity/dependabot/github_actions/dev/docker/build-push-action-5.1.0 18aab10df Update Firefox installation in Linux workflows b8145f3f2 Add website link to README.md f92e32757 add confirm password cdd436bf8 add reverse proxy inp setup 4fe52d0f0 Merge branch 'dev' into ui efaaf454e Add conditional block for open file cache configuration 3a1b779b5 deps/gha: bump docker/build-push-action from 5.0.0 to 5.1.0 76c848ed4 add server name input 57b0787dc ci/cd - add more logs when k8s fails b4d790aad Create web UI wizard functionality (backside) d457a6f03 Merge pull request #765 from bunkerity/dev 2964669d9 Merge pull request #764 from bunkerity/dev f7bc0d872 Squashed 'src/deps/src/lua-nginx-module/' changes from 11ab5315b..c47084b5d eb160334f Merge commit 'f7bc0d87200a0ec786c88091530734f265a6a8c2' into dev e1c67363e Merge commit 'c7f7669a8cbbcf7f7ce0fc2a294bd7e316522236' into dev c7f7669a8 Squashed 'src/deps/src/headers-more-nginx-module/' changes from 576cb8197..bea1be3bb 8da04e022 Merge commit '6ed1ec58b1acdc1acb00e840df89311812ee8422' into dev 6ed1ec58b Squashed 'src/deps/src/luajit/' changes from aa038d259..4182d6bf3 dab004604 Update LuaJIT to version v2.1-20231117 e5e7db36e Merge pull request #763 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.7 984a3de5c add setup template f36d2d0c9 Merge branch 'dev' into ui bc9979785 deps/gha: bump github/codeql-action from 2.22.6 to 2.22.7 a1695cf3b Merge pull request #762 from bunkerity/dev 69a570bca Merge pull request #760 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.6 e66b7b79b Remove urllib3[socks] from requirements.in files ... Update Dockerfiles to fix errors when installing deps de4173878 Merge commit '5d2b6eef6e0c83bc3e1b14e48233e423f2f8c37d' into dev 5d2b6eef6 Squashed 'src/deps/src/lua-nginx-module/' changes from c47084b5d7..11ab5315b0 d75296b5a Squashed 'src/deps/src/headers-more-nginx-module/' changes from bea1be3bbf..576cb81979 a09c899de Merge commit 'd75296b5a55889c4425f2b2274b50eabc5b96b3e' into dev f583d996a Squashed 'src/deps/src/luajit/' changes from 492cfdd0d8..aa038d2599 11ab5315b Merge commit 'f583d996a108a58166fc986bf4227a3cea432a07' into dev f8429d6e4 Update LuaJIT to v2.1-20231021 576cb8197 Merge commit 'c473aa40807f32438ffe34bdfe07f8f0485a6aa4' into dev c473aa408 Squashed 'src/deps/src/lua-resty-openssl/' changes from b23c072a4..89195843c 456e6a33d Update lua-resty-openssl to v1.0.1 805e5c9ce Squashed 'src/deps/src/libmaxminddb/' changes from ac4d0d248..93a7e0e56 11c4fde61 Merge commit '805e5c9cee2a72af6b6297b2993109511b42d485' into dev afcf420ee Update libmaxminddb to v1.8.0 7aa6affe1 Merge commit 'e3f305a953ef5dbf6802090c7013f4c38d762449' into dev e3f305a95 Squashed 'src/deps/src/ngx_devel_kit/' changes from b4642d6ca..91e30eb05 cba20187c Update Nginx devel kit to v0.3.3 10a58377b Fix multiple CVEs related to libpq * CVE-2023-5869 * CVE-2023-5868 * CVE-2023-5870 7c564e4cb Update pre-commit hooks to latest versions fe0249454 deps/gha: bump github/codeql-action from 2.22.5 to 2.22.6 bff775f00 Fix issues with the Linux integration and external databases 71db00281 Merge pull request #759 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.161.0 940eecd06 deps/gha: bump ruby/setup-ruby from 1.160.0 to 1.161.0 42f7ef486 Update user interface demo image in README.md b2a56a82a Update BunkerWeb UI demo to use thumbnail image 0d0bad79b Update Python version in Dockerfiles b539a97ad Fix CVE CVE-2023-5678 in Dockerfiles 05da26f01 Update dependencies to latest versions e153c33aa Update maxminddb and other dependencies versions 8d024a099 Merge pull request #751 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.7.1 ca6271c60 Merge pull request #750 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.160.0 fbbec2f7f deps/gha: bump rickstaa/action-create-tag from 1.6.6 to 1.7.1 9c6f5289d deps/gha: bump ruby/setup-ruby from 1.159.0 to 1.160.0 bcded8f7c Add refurb as a pre-commit-config hook and apply pre-commit-config 966a78da9 Update Git attributes to ignore text and end-of-line settings for vendored files f111124b3 Update dependencies versions d2b82b29d Fix CVEs CVE-2023-43787, CVE-2023-43785 and CVE-2023-43786 dc5a7b8b2 Update mmdb files c32522ae2 Update Certbot module to version 2.7.4 + Update python deps hashes 54ead4e49 Merge pull request #744 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.6.6 d83536969 deps/gha: bump rickstaa/action-create-tag from 1.6.4 to 1.6.6 b79b6548b Merge pull request #741 from bunkerity/dependabot/github_actions/dev/hashicorp/setup-terraform-3.0.0 b05b98185 docs - update plugins to 1.2 e8803e346 cache linux test images, fix linux example of proxy protocol and add more logs to k8s tests 7565b2df5 Merge branch 'dev' into staging c817f45ab add ready checks to limit and redis core tests and fix wrong http port for behind reverse proxy linux test f9f616a66 Merge branch 'dev' into staging 4871185dc Update python deps and pin Flask-Login version cd773b6e8 add ready checks to reversecan and sessions tests 898ef2eff deps/gha: bump hashicorp/setup-terraform from 2.0.3 to 3.0.0 fa628cb7d linux - add default API_LISTEN_IP 18d682b5a linux - add missing API_LISTEN_IP initial setting and perform only hot reload 4fbd974d2 tests - set trace verbosity for geckodriver logs a7c343369 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 7d69b9105 tests - fix missing geckodriver log file in ui tests 29d7d94b2 [#739] Fix potential issue when fetching docker instances in the web UI 84eb94720 tests - add geckodriver log file for ui tests 40e118a71 tests - add more logs to ui linux tests 0e3d8e59c tests - retry UI access in case of network exception 86875f486 tests - fix misc ready check when using https and add ready checks for linux ui d4a2ba5fc tests - add ready checks to customcert and misc 3020c5c8e tests - add ready check for customcert core test c1562bc89 Merge pull request #737 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.5 322cfd217 deps/gha: bump github/codeql-action from 2.22.4 to 2.22.5 caf732be1 Merge pull request #736 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.159.0 667620b52 deps/gha: bump ruby/setup-ruby from 1.158.0 to 1.159.0 fb21786b8 linux - fixing nginx service not disabled and fix another missing error log path in UI 5887b894f ui - fix wrong error path when starting nginx 4e820f6de linux - remove sudo command when reloading nginx 35d16233c ci/cd - ignore ready conf for db tests and fix linux path for ready conf 9775cd5bb ci/cd - fix missing string in /ready endpoint and add /ready endpoint to linux tests 274a8cdfb ci/cd - trying to fix race condition for core tests d73a5d0f4 Merge pull request #735 from bunkerity/dev ed0e156bc Update Werkzeug to version 3.0.1 in web UI 8ec9a7df4 Fix compatibility issue with Docker Compose v2 2.23.0 in examples and docs 72d856abe Update certbot to version 2.7.3 + regenerate hashes for db and scheduler ab76c458e Merge pull request #732 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.158.0 6edf97a0d deps/gha: bump ruby/setup-ruby from 1.157.0 to 1.158.0 58d6b8142 use cap in Linux and add openssf badge a83a74cfa Merge pull request #729 from bunkerity/dev 0975de123 [#717] Add a pool_recycle database engine arg to avoid losing connection with database 762092e5e Remove no longer necessary retrying module 8963cb4d1 Update python deps c2252503d Merge pull request #721 from bunkerity/dependabot/github_actions/dev/ossf/scorecard-action-2.3.1 626f10b4c Merge pull request #722 from bunkerity/dependabot/github_actions/dev/actions/setup-node-4.0.0 f2b9fc0f8 Merge pull request #724 from bunkerity/dependabot/docker/src/autoconf/dev/python-a5d1738 c8eae49e5 deps/autoconf: bump python from `dc2e889` to `a5d1738` in /src/autoconf ab320794a Merge pull request #723 from bunkerity/dependabot/docker/src/ui/dev/python-a5d1738 572436f20 Merge pull request #720 from bunkerity/dependabot/docker/src/scheduler/dev/python-a5d1738 6f366450b deps/ui: bump python from `dc2e889` to `a5d1738` in /src/ui f6d2e205c deps/scheduler: bump python in /src/scheduler 50a60382a Fix CVE CVE-2023-5363 989c14ae7 Fix CVE CVE-2023-5363 a847f7778 deps/gha: bump actions/setup-node from 3.8.1 to 4.0.0 8708ad70c deps/gha: bump ossf/scorecard-action from 2.3.0 to 2.3.1 eeda7a18c Update python deps + add retrying module to db 5193d6cd1 Update docker images 09ee05083 Merge pull request #719 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.157.0 0afed0621 Merge pull request #718 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.4 8919592f5 deps/gha: bump ruby/setup-ruby from 1.156.0 to 1.157.0 d253b4438 deps/gha: bump github/codeql-action from 2.22.3 to 2.22.4 f798a9ef9 Merge pull request #715 from bunkerity/dev cd902eba3 prepare for 1.5.3 🚀 029217ff4 Fix update-version.sh script 10db67b87 Merge pull request #714 from bunkerity/dev c7543df86 Add an handler when the ui test is reaching an error page due to a connectionFailure 1f5a1beac [#645] Fix web UI not keeping the data when changing the sub server names + Fix custom cert when the server name have multiple domains ff1fc9280 [#712] Fix custom configuration changes not taking effect immediately 838dcb17c Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev b18dbddcd Merge pull request #713 from bunkerity/dependabot/pip/src/scheduler/dev/certbot-2.7.2 ca6938dfe Update ConfigFiles to use the correct name regex in web UI 643ea7c21 deps/scheduler: bump certbot from 2.7.1 to 2.7.2 in /src/scheduler e41ce10e3 Merge pull request #711 from bunkerity/dev b265cbad5 ci/cd - trying to fix azure/kubectl action 7e3aad9f0 [#645] Fix impossible to edit the server_name of an already existing service if the primary one was unchanged in web UI 60d43d0ce Handle service creation and editing more elegantly in web UI 2df85b2c9 Updated python:3.12.0-alpine image's sha256 3a3255e7b Merge pull request #709 from bunkerity/staging 4c273fe84 Merge pull request #708 from bunkerity/dev 9964f42e6 Fix magento k8s tests b2cf8986f Tweak magento tests to use latest version back 7f219bea0 Fix CHANGELOG release date for v1.5.2 b9f05ad16 Downgrade magento versions to working ones bd6065af8 Update python deps and pin urllib3 version to 1.26.18 + Update pre-commit-config to format requirements.in files as well + Apply pre-commit 619e5644f Remove pip caching when setting up python in workflows to avoid errors 3c3643021 Merge pull request #707 from bunkerity/dev 7598dbc54 Update python deps f3982367a Update dependabot script to add reviewers and tweak the schedule d4f65903e Update dependabot config file to include terraform and other python deps paths 38429efac Merge pull request #705 from bunkerity/dependabot/github_actions/dev/actions/checkout-4.1.1 d92e9a07a Fix k8s terraform script 6738b9552 deps/gha: bump actions/checkout from 4.1.0 to 4.1.1 0da22f44b Update k8s terraform file and update scaleway terraform version d77f6a72c Fix README.md links and versions 7bf8be324 Try to fix magento k8s tests with static versioning b9c5d3277 Fix timeout in ui tests and access_page function b1b1ab868 Fix wrong values in helm chart values file for elasticsearch in k8s magento example 530b8a945 Fix allow empty values when saving a config in web UI 22552c5b8 [#694] Optimize certbot renew script to renew all domains in one command db0dd5dae [#694] Fix rare bug where database is locked f89456cd4 Merge pull request #699 from Crazy3lf/master 34d68e8b7 Update regex for email 476d86706 Fix magento k8s tests by removing elasticsearch 4a10ec8c3 Merge pull request #701 from bunkerity/dev 66b1d6bfb Merge pull request #700 from bunkerity/dev c4b873e3f Fix /etc/bunkerweb dir missing in linux core tests bcaa8faa7 Replace deprecated `set-output` command with the new format 08944b901 Tweak test-core-linux to fix potential bugs 13be6a43c Add more logs when an url file is in cache and gets deleted 2737fe7ce Update python deps 2823fa2ab Update plugin.json 001246b38 Merge pull request #697 from bunkerity/ui 1a43380d2 Merge pull request #696 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.3 0b319d1aa Merge pull request #695 from bunkerity/dependabot/github_actions/dev/rickstaa/action-create-tag-1.6.4 7a15f8a65 deps/gha: bump github/codeql-action from 2.22.1 to 2.22.3 a4a413eec deps/gha: bump rickstaa/action-create-tag from 1.6.3 to 1.6.4 7e3dabc5f Update patch commands in deps.json to skip Reversed warning 29737209b Squashed 'src/deps/src/luajit/' changes from e598aeb74..492cfdd0d 8093c6161 Merge commit '29737209b138a1485d55c53acf1a6783b6e60167' into dev 85913d6b2 Update luajit to v2.1-20231006 15d3180b6 move disabled inp msg 522527f0a Merge pull request #690 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.156.0 85ef4e4de Merge pull request #691 from bunkerity/dev 46d8acf7b Update dummy-plugin to new standards 77bfe2697 Add StyLua and luacheck to precommit config file and apply it da2a1eaa5 deps/gha: bump ruby/setup-ruby from 1.155.0 to 1.156.0 cd1f87b9a Update pre-commit config hooks version e25fab28b fix disabled msg behavior c125a9bdd Merge pull request #689 from bunkerity/dev 10fd431fb Tweak update python deps script to make it more elegant 309689185 Update pythons deps 799756176 Merge pull request #684 from bunkerity/dependabot/github_actions/dev/github/codeql-action-2.22.1 a12e5ca89 Merge pull request #683 from bunkerity/dependabot/github_actions/dev/stefanzweifel/git-auto-commit-action-5.0.0 15ad3a625 Merge pull request #681 from bunkerity/dependabot/github_actions/dev/ossf/scorecard-action-2.3.0 c57d725f4 Merge pull request #680 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.155.0 95389260a Merge pull request #688 from bunkerity/dev 6e5dd5557 Fix CVE CVE-2023-44487 565f4e3f7 Merge pull request #687 from bunkerity/dev f39adcab5 Update CHANGELOG.md a3ec85b57 Fix often occurring error with ace script in web ui b063ac8a3 [#652] Fix error when deleting a service that have custom configs on web UI ff85f1c2b Update CHANGELOG.md 4a9fdba42 [#645] Fix errors when using a server name with multiple values in web UI 47a7e1680 Fix secure_scheme_headers shenanigans with web ui 453108da9 Update mmdb files 2cbb10b3a Revert "Test Aqua security vulnerabilities with BW" d4d9f8745 Test Aqua security vulnerabilities with BW 899484c38 deps/gha: bump github/codeql-action from 2.21.9 to 2.22.1 d461f3745 deps/gha: bump stefanzweifel/git-auto-commit-action from 4.16.0 to 5.0.0 cd0ceb48b deps/gha: bump ossf/scorecard-action from 2.2.0 to 2.3.0 dc92ae825 deps/gha: bump ruby/setup-ruby from 1.154.0 to 1.155.0 f5fe685d4 Fix children classes of Test f4ce2c68f Fix bw api not returning the reason of bans d1a0f66c9 Merge pull request #677 from bunkerity/dev 6935d1cb8 Merge pull request #676 from bunkerity/dev 7ac66a6c6 Update python deps 2aa9f46ef Fix default values in whitelist job 8f456722e Augment delay in WebDriverWait in ui tests 8ae7b8f43 Fix redirect tests docker-compose file 9b4a9277d Add libpq as a dependency for the Database to be able to connect with postgres 172874d1c Fix redirect tests on docker a518f47b9 Update CHANGELOG.md 0cee41867 [#656] Fix ACME renewal fails on redirection enabled Service e956e03ba Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev c08fd07a6 Update linguist-vendored to add modsecurity files and non patch deps files 466c8e584 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 27d3ca1cd autoconf - fix wrong types for dynamic settings 410557009 Add .gitattributes to override linguist-vendored paths e7498279c Revert Docker image update for tests fe87486f9 Merge pull request #673 from bunkerity/dev c2db157bb Update python docker image to 3.12.0 eb8088164 Tweak Dockerfiles to make the build nicer 202698f41 Fix python deps conflicts and update them 0eb18cb31 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev f12a01410 autoconf - update settings from db 628068e9a Lint files with prettier f3694f0cc Add prettier as a precommit hook b56cce63f Fix codespell typos in README.md 87ca17663 Fix typos raised by codespell eea5dd9b7 Add codespell precommit hook 8fbe69261 Fix mkdocs.yml file duplicate copyright key cf82e73e9 Fix swarm postgres ui integration example 6b2df3585 Tweak py file to respect flake8 rules 508c728b6 Tweak pre-commit config and pyproject.toml file + Add flake8 as linter in precommit config 75e8c8339 Update CHANGELOG.md 07676a3d0 Use hashes instead of versions in github workflows f0761eed2 Revert "Add fuzzing tests in CI/CD" 4babce974 Add fuzzing tests in CI/CD a263f1f4f Update cron for dev-update-mmdb 31a839968 Merge pull request #666 from bunkerity/dev d8b256167 Merge pull request #665 from bunkerity/dev 87d2f04eb Remove no longer necessary temp fix for Flask-login c006e5088 Update python deps + Update Flask-Login to include the compatibility with Flask 3.0.0 df9bf1f56 Merge pull request #664 from bunkerity/dev 6b0e623e5 Update Dockerfiles to install pip and its deps before the project ones 85068bfee Add temp fix to support Werkzeug>=3.0.0 with Flask-login 5a7f9147f Update python deps and update script 358905770 Fix bunkerweb-ui.sh script with variables not being exported correctly 5ed595be6 Fix shellcheck tests failing e21e0c812 Add shellcheck and gitleaks to pre-commit-config + tweak excluded paths 1b7e1840c Fix blacklist core tests' requirements.txt file 1f90d3668 Add a pre-commit-config file and passed all checks f3fc69110 Fix typos in Dockerfile when installing python dependencies 073e8575e Updated Dockerfile, python deps and npm package to use pinned dependencies cd4d529d7 Merge pull request #660 from bunkerity/dev b4a320afa Made ui tests better 8ed656068 Small fixes on linux paths creating unnecessary folders 8fa7adb61 Small refactor on how the autoconf updates the config 4ec754143 Handle changes more elegantly with the scheduler 0f7df13df Optimize save_config script 48096d711 Optimize the way the UI handles services creation and edition c0816bb11 Fix potential cross-site scripting vulnerability in plugins.js in the UI 18e5f7bff Merge pull request #659 from bunkerity/dev ece5ce1cd Add HTML sanitization when injecting code in pages in the UI 4d5002674 Extract codeQL workflow to have a separate one + Add scorecards analysis workflow file + Add UI tests for the UI branch 1c71572f4 Update tsparticles in the UI + remove unused static files 685cb9809 Update README to fix a few links and add the security scorecard badge 65d0aa3a8 Merge pull request #658 from bunkerity/dev 6e2db5991 Add a sleep before changing from cache page to log page to avoid errors in ui tests 1db769c32 Remove bugged UI tests check in linux db99d1687 Update the condition that checks the integration in core tests 579c80357 Update UI starting script and ui tests script on linux b901d2971 Update python deps e23f931bd Replace gevent with gthread in UI for security reasons 15eef6ef5 Try to fix python deps issues with linux and try to have more logs in linux ui tests cc0167f42 Fix ui linux tests when waiting for the ui to be ready fd4c147b8 Update how the scripts wait for the UI to get ready before starting the tests 95afba879 Change how the ui tests waits for the ui to be ready ea5cb0db2 Try to fix ui linux test by adding more sleeps cb3250e4e Fix UI linux test (again) 153e9fecf Fix bunkerweb linux scripts 81b5e80da Try to fix deps permissions with linux ui tests (again) 6a162d725 Fix linux permissions with ui tests be5fe2830 Try to fix ui python deps in ui linux tests 380e609ab Change ui linux tests command into development mode 93006cf5c Fix Firefox installation in core and ui linux tests 39f17bce6 Try to fix permission issues with Linux and ui python deps 94c7c832e Fix permissions with python deps in ui linux tests 42be334e4 Fix permissions with ui tests on linux cad3012e6 Try to fix python dependencies error with test ui linux a04282d3f Fix test core redis with linux c757f5d49 Re generate requirements.txt file for the UI with python3.9 052e06022 Fix core and ui workflow file for staging tests e71b71146 Merge pull request #655 from bunkerity/dev b90da0f90 Add better health check in linux ui tests 5c1fafe51 Updated CHANGELOG.md c964d68f9 Add more tries when the dnsbl server isn't found 78a29e65e Tweak reversescan core test to avoid false negative 0e9f29cc5 Revert "Fix UI shenanigans with python deps" 70ab9740d Fix UI shenanigans with python deps 0303a8f7b Update staging workflow file to include core and ui linux tests 16d4c1133 Optimize the way errors are being checked in linux core tests 2ddc8cec7 Update dnsbl list regex to accept an empty one 6534a429a Fix looking for error in the wrong place in test code linux 25eb8de01 Try to fix a few shenanigans with linux core tests 2065d688f Fix ui tests with docker checking the wrong containers if healthy 87f84d438 Add a retry on nginx error in linux core tests 99b30af8e Fix reverse scan python script 1ff2aed68 Fix UI docker tests docker compose file 48bcb1198 Rearrange imports for blacklist init core test ae9450d0d Add whitelist and greylist linux core tests 9a17e92d6 Fix typos in dnsbl core test 2244f734f Add dnsbl linux test a29ac80e4 Add country linux tests cff5c7767 Fix sessions core test for linux 6ae6764f2 Fix blacklist core tests docker compose 27959e1aa Fix sessions permissions issues with python requirements 47e8f20f8 Fix CVE CVE-2023-38039 6283ce2dd Add linux tests for blacklist and bunkernet f3d6f860e Remove old cached files if urls are empty 61c8ef73b Fix permission issues with sessions core test with linux be25ae8e0 Fix failing linux core tests + add more logs when an error occur in ui tests 33e200f65 Fix UI using the wrong database when generating the new config 57374ecc2 Fix tests ui with linux 601f0fde6 Fix tests ui linux not starting the ui service fdb9a7c29 Fix errors linux tests permission issues df1205882 Fix tests ui linux executing the wrong file db404a62c Fix ui tests misconfiguration a0aced3e5 Fix tests ui linux workflow file e378be9a9 Fix typo in tests ui linux file name + add more logs in ui docker tests 432d1587c Add linux ui tests 2ad886178 Fix selfsigned job with cryptography not being found da4390b48 Fix python modules version conflict with web ui 7bd48203a Fix and update python deps ce2fa3d36 Fix a few core tests for linux bca36e296 Update self-signed job to regenerate the cert if the subject or the date has changed 06da40bf1 Added more linux core tests 84a27a3fc Fix DB core test with docker 9e3425182 Fix path issues with db core test init c90cd7399 Fix permission issues in tests core linux 91e5528a3 Fix already existing tests core linux aeee38ad3 Fix misc problems related to linux d97326656 Fix Database not clearing old services when not using multisite 8a6e14d8c Added linux tests to a few core plugins 0ece8fda0 Fix permission issues when starting BunkerWeb in antibot linux tests e93513224 ci/cd Try to fix permission problems with Firefox in test core linux 761c01af6 ci/cd Fix test core linux shenanigans with Firefox 0d9349611 ci/cd Try to fix errors with firefox in test core linux 094d5d5df ci/cd Fix a few things with test core linux + finish antibot linux core tests fdae4549c ci/cd Fix permission issues (again) with test core linux d59cf1835 ci/cd fix permissions issue in test core linux + fix shenanigans with antibot linux core tests 43b1a038f ci/cd clear out firefox before reinstalling it in test core linux d192fbb82 ci/cd Install Firefox manually in test core linux 0239ca64b ci/cd test core linux remove dns resolvers override 1dd1caeea ci/cd Fix Firefox installation for test core linux a0516f773 ci/cd Install firefox from apt instead of snap + fix antibot core tests for linux 480c680f1 ci/cd Fix timeout in geckodriver download for test core linux a94dab208 ci/cd fix retry job when downloading the geckodriver in test core linux d0a1aab15 ci/cd Fix perms issues (again) and optimize some things in test core linux dd0c4c93a ci/cd Install requirements and deps in test core linux 294402dbf ci/cd fix perms issues with test core linux cd35d35c2 ci/cd Fix perms in variables.env for test core linux 4cce8385c ci/cd fix write in /etc/hosts file in test core linux 990b6336e ci/cd Fix test core linux with dpkg versioning ccc5eb304 ci/cd Fix version error with ubuntu and test core linux 6a3839040 ci/cd Fix tee command not being ran as sudo in tests core linux 453cfc2dc ci/cd Fix BunkerWeb installation job with linux core tests 0b14f8a5d ci/cd Fix install command in linux core tests 624f4b5bb ci/cd Fix path of the .deb file 61bc8a3b1 ci/cd fix .deb fetching in Linux core tests fa91bf6c6 ci/cd change needs and logic in test core linux b54c7eb61 ci/cd test secret inherit for ubuntu private test image 30cba0a77 ci/cd fix dev.yml 80d56fcca ci/cd start working on linux core tests 69307fba6 Fix issues with GitHub rejecting the requests 7c5177bf4 [#643] Fix UI clearing configs folder at startup b5bd17d4d Merge pull request #641 from bunkerity/dev ad65e01a8 Update CHANGELOG.md 1259fb67d Merge pull request #634 from bunkerity/dependabot/github_actions/dev/docker/setup-buildx-action-3 b9e752f12 Merge pull request #636 from bunkerity/dependabot/github_actions/dev/docker/login-action-3 278eb0c8a Merge pull request #635 from bunkerity/dependabot/github_actions/dev/docker/build-push-action-5 dec97c8c3 Merge pull request #637 from bunkerity/dependabot/github_actions/dev/docker/metadata-action-5 9222420b7 [#640] Fix shenanigans when executing docker compose restart 07fb7cf16 [#638] When renaming a service in the UI, migrate the custom configurations as well f83b2278d Fix versions conflict between greenlet and gevent with UI e51e17835 Update python deps 3c95971e3 Fix CVE CVE-2023-4863 35d13d7a0 Squashed 'src/deps/src/zlib/' changes from 04f42ceca..09155eaa2 bb7ef35ae Merge commit '35d13d7a097dd094cdbe993f18f29de0b08f1f2b' into dev d96253878 Merge commit '4430cf47ddc1f3647b3bc129f46fed2d7a145f8c' into dev 4430cf47d Squashed 'src/deps/src/luasec/' changes from fddde111f..4c0628705 37a2343e2 Merge commit 'd8ee65aa70e9737330c8a83301fd66c7dc8a8d7a' into dev d8ee65aa7 Squashed 'src/deps/src/lua-resty-session/' changes from 8b5f8752f..5f2aed616 6752b3647 Merge commit 'd7bde18da2a8a81f2d5f256bc975b1fb5b546107' into dev d7bde18da Squashed 'src/deps/src/lua-ffi-zlib/' changes from 1fb69ca50..61e95cb43 e0a89a2fc Squashed 'src/deps/src/modsecurity/' changes from 205dac0e8..ccc2d9b53 af902fc4e Merge commit 'e0a89a2fcd1d0dd4cc103fc054242e8e8b10b7bf' into dev 5ec7eb53a Squashed 'src/deps/src/luajit/' changes from 04f33ff0..e598aeb7 26d3d6c6c Merge commit '5ec7eb53a1fa30beb59d3358f16716483787b02e' into dev 0aaede4d6 Update core deps 955c7e063 deps/gha: bump docker/metadata-action from 4 to 5 8ea823e06 deps/gha: bump docker/login-action from 2 to 3 a6efa5205 deps/gha: bump docker/build-push-action from 4 to 5 a6b30f6a6 deps/gha: bump docker/setup-buildx-action from 2 to 3 1144a7381 make logs optional in issues, change assignee for dependabot and edit sitemap URL of the doc c364e4666 ci/cd - disable redirect when pushing doc d4f38cc79 ci/cd - fix error when parsing ARM types b6d49865b ci/cd - get ARM type availability d0a8cc381 ci/cd - use volume id instead of index for arm instance 30c952e9e ci/cd - set boot volume for arm instance 2382fdd37 ci/cd - start arm server after creation 05ecf558c ci/cd - use latest scw cli version 2b7ce389b ci/cd - reflect changes on release tf from refactoring d5d7364b1 Merge pull request #632 from bunkerity/dev 3adbd8757 [#628] Fix scheduler generating the wrong configuration with Linux fd7950863 Merge pull request #631 from bunkerity/dev 3ae9636d5 Fix error with the CSP header override of the antibot f99349900 Merge pull request #630 from bunkerity/dev ea6ae5253 Update ANTIBOT_HCAPTCHA_SECRET setting's regex to support new format 5811dc549 Merge pull request #629 from bunkerity/dev 6404b701c Update changelog 2b5654ba3 Update coreruleset to version 3.3.5 c948e449a [#622] Handle configs dir more nicely in Linux fb5a8dc4f [#622] Fix permissions with folders in linux integrations 5f19b3fda Merge pull request #627 from bunkerity/dev 2fce08b72 Upgrade issue templates 2ed6584dd Update python deps hashes d6a14b671 Merge pull request #626 from bunkerity/dev b3c398cb5 Remove jinja2 from requirements.txt as it creates conflicts 6334a3d63 Merge pull request #623 from bunkerity/dev 8ab4ea2e2 Update id of ui.conf rules to avoid conflicts 11664cc1d Fix wrong variable name in limit core tests 9535c0414 Fix shinanigans with both multiple and global settings not being stored correctly in datastore 8cafded89 Fix variables that are both multiple and multisite not being stored properly in datastore c6b2199dd prepare for 1.5.2 🚀 c418acdcf Update CHANGELOG.md 9d0d72ba0 [#576] Add support for ModSecurity JSON LogFormat cbc625938 Update mmdb files f57fc5d3f Fix menu.html dark_mode attribute in UI c7e834a0d Update python deps 673ee921f Lint files 9fb8dfca4 Fix Scheduler running two times for no reason 4787400d7 [#615] Fix BunkerWeb not being able to start after a restart because of the /var/run/bunkerweb directory missing in Linux f59476c26 Merge pull request #621 from bunkerity/dev 4be53d0cb Merge pull request #620 from bunkerity/ui 55ba29cd5 Fix UI error when values are empty 947690af8 Fix UI workflow 5cdf0ecf4 Merge pull request #619 from bunkerity/ui d1dd1fbae Fix shinanigans with the /data volume in the doc 1b84c6202 [#613] Fix logs with web-ui and Linux a2e0f1fe6 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 639eed8d0 Deactivate BunkerNet on first start with linux 500c3564a ci/cd - perform staging tests again 448efc0ef Merge branch 'staging' into dev 1b660691d ci/cd - fix typos for docker/packages pushes e62b7c9d1 Remove unused js files in web-ui b87316d7c Merge pull request #617 from bunkerity/ui 4cff39f49 Merge pull request #616 from bunkerity/dev bceb28602 Lint files d9d6ed9bb Fix settings regex with web-ui 01be5baea Merge pull request #611 from bunkerity/dev 059afec43 Update rhel docker image e564d8407 Merge pull request #610 from bunkerity/dev 2c15b3746 Fix rhel typos "el" instead of "rhel" 6f26c42c8 Merge pull request #609 from bunkerity/dev c5059ab22 Update doc to include TLS as well as HTTPS in some sections a7a317b5b Merge pull request #487 from bunkerity/dependabot/github_actions/dev/scaleway/action-scw-c718eca1fcb9fec1fb1433752d61599c6a0ad2e9 0681cf2c9 Update actions/checkout to v4 3a02c0ca5 Add more delays in badbehavior core test 040d44714 Change SQLite config to avoid locking 07725356b Merge branch 'staging' into dev 6a995723c autoconf - fix changes check bug with same variable name 47bf7299a Lint py files 656c5008d scheduler - ignore changes on first loop c206daf9d add basic config lock between autoconf and scheduler + remove reverse-proxy tests for linux cf55ade15 ci/cd - various fixes for k8s tests d28432e5f Fix API_SERVER_NAME regex b5638aae1 ci/cd - move k8s login in staging-tests job 4450762b8 ci/cd - fix image name in k8s tests 6e1660cd0 autoconf - fix wrong config update cb4c99f45 ci/cd - fix docker tag command for linux tests 64d2ed91e ci/cd - fix secret key 0e2420cff ci/cd - add timeout for cleanup jobs fa165522e ci/cd - use same md for openssl commands b03680388 ci/cd - remove double untar for k8s tests bae27806b ci/cd - fix tf state upload/download again 11794da8c ci/cd - fix tf artefact command c52e54b81 ci/cd - fix tf files again e5c37a00a ci/cd - fix k8s tf 9a3c26bf6 Merge branch 'dev' into staging 56422bca4 Update python deps regex for UI ee47407df Merge pull request #606 from bunkerity/dev 936b1e88f Remove old CVE fixes for nginx image f9f5b6570 Remove old CVE fixes for python images 8e8e042c2 Testing CVE on bw 1676ebeb7 Test CVE on autoconf 637573e59 Update docker images and python deps c3a4847de Update startup and temp env in bash files 3db7904d4 ci/cd - fix wrong image tag for Linux test images 037e1ba56 docs - add ghcr.io d6aa6a9b0 ci/cd - staging improvements 9aba00673 Fix oddities with the scheduler and the Database f7d9af9d6 Fix potential infinite loop when waiting for a configuration from the autoconf 95c796c1e ci/cd - delete temp compose downgrade 423e3b4a3 ci/cd - log to ghcr before getting tests containers 511597b7e ci/cd - fix tests image names bb77dcedf ci/cd - edit username for ghcr auth 3d0f17808 ci/cd - add dummy username for ghcr auth 5a9836fec ci/cd - fix nested permissions e1edfe4a7 ci/cd - fix missing permissions in wf e81ab4ff9 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 87b405340 ci/cd - use gh cache for docker cache and pushes to ghcr.io 45a81203e Update python deps 9feb66710 autoconf - force updating first configuration 3d13cf345 autoconf - only update data when needed and atomic changed metadata update 00cb6c1a8 tests - fix regex for geckodriver version 898ee7ec8 tests - tweak dpkg before installing BW 643b30f99 tests - ignore wrong testing version in deb packages 69e944d56 Revert "Fix LinuxTest package installation commands" 2b7f627d8 Merge pull request #602 from bunkerity/dev 82fb7b277 Fix LinuxTest package installation commands 1042e546b Merge pull request #601 from bunkerity/dev 6d1d464e1 Remove tries limit in wget commands (defaulting to 20 tries) b5de52ead Add more retries when testing the newly created service in ui tests 267522749 Merge pull request #599 from bunkerity/dev 4f82856b4 Update staging-create-infra to use a static version for monolithprojects.github_actions_runner == 1.18.1 d670b409b Merge pull request #486 from bunkerity/dependabot/github_actions/dev/docker/build-push-action-4 0b93916a3 Merge branch 'dev' into dependabot/github_actions/dev/docker/build-push-action-4 76408cf04 Merge pull request #598 from bunkerity/dev f7cd7d9da Add dependency on tests-ui to not fail to push the testing image 8632dd324 Fix exit code for ui tests fbf0232d5 Update python deps 5b6f00dfc Revert "Remove unused imports in ui tests" 681def5f0 Remove unused imports in ui tests a844b235b Remove geckodriver.log 73e31ca62 Add wget to fix error with tests d82136f04 Fix UI tests not exiting if container fails to start 55fd17790 Fix wget command when downloading the geckodriver sometimes fails d8c95869e Fix database with multisite variables f24802b21 ci/cd - perform staging tests again 758fc13c3 ci/cd - replace version string for testing release cd825cd34 ci/cd - fix wrong VERSION path for testing release c03b1bb20 ci/cd - update VERSION file for testing release a5e50d0f7 ci/cd - fix linux package name for staging 1a57e0a20 ci/cd - remove linux arm64 packages pushes de568f335 ci/cd - temp disable staging tests 244b91247 ci/cd - fix syntax error in push-github wf 08ce31bb0 ci/cd - prepare for testing releases 7f47ac18c Fix plugins errors when reloading with a select and upgrade check b6b87fcb0 Update python deps 8bada2a02 Update update-version script and bw version in after-remove scripts b8778de08 use nightly tag for docker-socket-proxy b42b732d7 Merge branch 'staging' into dev fc1c81ce2 linux - add python3 dev dependency when building packages 76d36f3b9 v1.5.1 release 63355bb88 tests - increase radarr delay (again) 0ecf47876 Merge pull request #592 from bunkerity/staging 59dfb728f Fix DNS_RESOLVERS regex to be more open 47c560dd3 Merge pull request #591 from bunkerity/dev ff1e6cc28 k8s - use same namespace as ingress for services 81c2c3187 Fix config synchronization in scheduler + Remove MULTISITE variables being fetched when MULTISITE is set to no 7f3f3ac7e Add delay to radarr automatic tests 58d69ec20 Merge pull request #590 from bunkerity/dev 012bc3b43 Merge pull request #589 from bunkerity/staging 600ea7e16 Update python deps 18ee15971 lint python files eee26b5d7 tests - add delay for reverse-proxy-singlesite c00157ef3 fix wrong instances when using docker mode and add delay to docker-configs tests 6047a4335 set default value for ports in bw entrypoint, fix core db tests and fix missing PYTHONPATH for certbot job ee2aeda13 tests - add static delay for linux tests and fix core db tests bb6fd3073 linux - force kill nginx if graceful one doesn't work 6e6c08a71 ui - various edits 5df2a74ca improved LE certificates checks and fix missing full SERVER_NAME when MULTISITE=no 843c02370 tests - fix wrong command in linux tests 8f7833413 linux - fix letsencryt not working and fix permissions on /etc/bunkerweb/configs for tests 0ccd75781 linux - add missing pip to rhel adbed77f7 linux - install pip the official way ef7a6ac42 linux - fix fedora dockerfile 31ca183b1 Merge branch 'dev' into staging a763879c1 doc - update settings 03ba91e96 autoconf - fix deadlock with k8s 38ab5ea21 redirect - custom status code ee5397df5 bw - add HTTP and HTTPS port to temp config 9efd7a5a5 sessions - fix infinite loop when session checks fail 784ce643f db - disable connection pooling for one shot tasks f3081e3c3 scheduler - fix parent setter call 26a1ef689 Update mmdb files e2fe947cb ci/cd - fix tests UI not showing logs bf9cd367d fix missing Strict-Transport-Policy header, fix X-Forwarded-Prefix with regex URLs and print logs when UI tests failed 26f2852e5 scheduler - fix typo in fstring e93b2f65f cache dev container images, fix CVE-2023-35945 and force scheduler to reload when instances change f3ba16be9 add instances changes check to scheduler and auto push dev container images d9394567e add missing ctx arg in core plugins, always add X-Forwarded-Prefix header and add doc about timezone in containers d59b305f1 fix concepts image in doc, revert clientcache update and refactor headers ad45bbb4d Update python deps and fix error with PyYAML compilation db03aa9c7 Merge pull request #565 from bunkerity/dev bb14be820 Update python deps updater bedcf0c17 Fix bug with newer version of PyYAML by downgrading 68e9b057d Merge pull request #564 from bunkerity/dev 810340a49 [#559] Fix typos for custom-cert's settings in docs and examples a4db7c294 Fix CVE CVE-2023-2975 758901dfc Fix CVE CVE-2023-2975 9216becb5 Update python deps db413cc03 Merge pull request #555 from bunkerity/dev a4f4dfe4e remove unused imports in save_config.py 0d554a5f5 Update SERVER_NAME regex to be more open c11b44285 Merge pull request #554 from bunkerity/dev 25af02e4a FIx prevent the `DATABASE_URI` setting from being saved inside the database 9eec9e26c [#552] Fix scheduler not changing databases on linux 845364b2b Update log paths for linux based integrations 3dac0aef0 tests - temp fix for compose network errors 08f9e5f20 Fix bad behavior core tests by adding a custom subnet to the bw-docker network fccb25bee Add automatic bw-docker network removal between each try d6407b818 Fix db core tests by making the network bw-docker entirely external 1cf281ef8 Update core tests to be even more verbose 3a714b9a3 Update core tests to be more verbose 864619542 Fix core db tests (again) be46f7a8d Optimize db core tests 559039dfd Lint .conf files that contains lua code + remove useless comments aa0769dde Merge pull request #549 from bunkerity/dev ae6ccfcff Apply patch to luajit-geoip ed234fd63 Apply post_install script to lua-resty-openssl 09ae6da55 Apply patch to lua-resty-ipmatcher b516ca2ea Apply patch to lua-ffi-zlib 1e7f92af8 Apply patches to Modsecurity-nginx 008dc09a6 Stop checking return code of post_install scripts in init_deps.sh fcd230192 Fix init_deps.sh f3809bc69 Add -R to pull commands in init_deps.sh 96586d4a6 Apply post_install script to Modsecurity a75b90f52 Squashed 'src/deps/src/modsecurity/' changes from bbccedbdd..205dac0e8 948182ffd Merge commit 'a75b90f525b90bd74c090702034e02fdd6250e0e' into dev 544b4040e Add post_install scripts to init_deps.sh and update install.sh 6e146e2a5 Squashed 'src/deps/src/modsecurity/' changes from 205dac0e8..bbccedbdd 847ff5a3d Merge commit '6e146e2a54cb29eb0ac1bc9d65766fe90d30fa4f' into dev bbccedbdd Change tags into hashes in deps.json 14d69fa59 Update mmdb files d5e358b72 Merge pull request #548 from bunkerity/dev e0055328a Fix add missing deps for core db tests c93d5a2fc Fix CVE CVE-2023-3316 5631e2737 Merge pull request #547 from bunkerity/subtrees 3505c0d18 Remove clone.sh file 7b566b885 Squashed 'src/deps/src/zlib/' content from commit 04f42ceca ffd310031 Merge commit '7b566b885e99301b243c5f61360e65238035e048' as 'src/deps/src/zlib' 2ab324a69 Squashed 'src/deps/src/stream-lua-nginx-module/' content from commit 309198abf 45dca7b44 Merge commit '2ab324a69f219b4051b2e77d211ee1a7fb1462b5' as 'src/deps/src/stream-lua-nginx-module' f85f86e46 Merge commit 'c1073460677ba8aa2e325a1c57c3db1458f9fde5' as 'src/deps/src/luasocket' c10734606 Squashed 'src/deps/src/luasocket/' content from commit 95b7efa9d a7d4cc5bb Squashed 'src/deps/src/luasec/' content from commit fddde111f bd600e0d0 Merge commit 'a7d4cc5bbaabf8683b3b5cc1f42f9bd145cf1aa8' as 'src/deps/src/luasec' d15662693 Merge commit '2d86912af87048b94c2921a60b3a8a5a0953e132' as 'src/deps/src/lualogging' 2d86912af Squashed 'src/deps/src/lualogging/' content from commit 465c99478 1fb404757 Merge commit 'f3ceeb73a958e774b1e2fa55d2607cdd3eb419ca' as 'src/deps/src/luajit-geoip' f3ceeb73a Squashed 'src/deps/src/luajit-geoip/' content from commit fde33e045 f81788c00 Merge commit '2678b91586e9183b47327fbb0f11ad23020f195f' as 'src/deps/src/lua-resty-upload' 2678b9158 Squashed 'src/deps/src/lua-resty-upload/' content from commit 03704aee4 2d06f2d7a Merge commit 'bc06cd71b8896c6e7a1aac4610c9c3f878956238' as 'src/deps/src/lua-resty-template' bc06cd71b Squashed 'src/deps/src/lua-resty-template/' content from commit c08c6bc9e a6379356e Merge commit '3038a0b027f09090e1cd8f101d2ee8c52c383070' as 'src/deps/src/lua-resty-string' 3038a0b02 Squashed 'src/deps/src/lua-resty-string/' content from commit b192878f6 fdf0050a9 Merge commit 'ee5198ba2810e33e08ff987ede5abe10fc74f6e3' as 'src/deps/src/lua-resty-signal' ee5198ba2 Squashed 'src/deps/src/lua-resty-signal/' content from commit d07163e8c a3cd342f3 Squashed 'src/deps/src/lua-resty-session/' content from commit 8b5f8752f 6f8ff3f12 Merge commit 'a3cd342f3e1fffd7b16b83a24e03bb9ed501b319' as 'src/deps/src/lua-resty-session' 2f1cde097 Merge commit 'eca8662cfe981f66ab92b53bbf83af65da02b2b7' as 'src/deps/src/lua-resty-redis' eca8662cf Squashed 'src/deps/src/lua-resty-redis/' content from commit d7c25f1b3 0b94df087 Merge commit 'e59161ec204c7a95e4751b1c0e9a6bead7fcab39' as 'src/deps/src/lua-resty-random' e59161ec2 Squashed 'src/deps/src/lua-resty-random/' content from commit 17b604f7f a28005988 Squashed 'src/deps/src/lua-resty-openssl/' content from commit b23c072a4 38fdd39d0 Merge commit 'a2800598825bb5a03b577cca2874ff1cfae863f4' as 'src/deps/src/lua-resty-openssl' c2fa53ca1 Merge commit '31bf774f63b8b46a3c7b53028853036fff6fa0b8' as 'src/deps/src/lua-resty-mlcache' 31bf774f6 Squashed 'src/deps/src/lua-resty-mlcache/' content from commit f140f5666 7b2273aeb Merge commit 'c82b0bdd27762d2d4a9901a187506d2e5abd74f5' as 'src/deps/src/lua-resty-lrucache' c82b0bdd2 Squashed 'src/deps/src/lua-resty-lrucache/' content from commit a79615ec9 3dc8cc87c Merge commit '746a6e16d027ab3bddfc610c987e5d61ab9b69d0' as 'src/deps/src/lua-resty-lock' 746a6e16d Squashed 'src/deps/src/lua-resty-lock/' content from commit 9dc550e56 62e740a0b Merge commit '19515d9b26f2f4886ca117b91384509087f0ff3a' as 'src/deps/src/lua-resty-ipmatcher' 19515d9b2 Squashed 'src/deps/src/lua-resty-ipmatcher/' content from commit 7fbb618f7 e566b98af Merge commit '7160fd94e3dc22299ee3c9f8b0e71a5e2c1bb501' as 'src/deps/src/lua-resty-http' 7160fd94e Squashed 'src/deps/src/lua-resty-http/' content from commit 4ab4269cf cdd42bf25 Merge commit '1a7d4e58be28238599df3f5c15c56380c3e99732' as 'src/deps/src/lua-resty-env' 1a7d4e58b Squashed 'src/deps/src/lua-resty-env/' content from commit adb294def 49db9c24d Merge commit '0f4a0cb0ef514bee6b810f6d6cf982c5ef0abfca' as 'src/deps/src/lua-resty-dns' 0f4a0cb0e Squashed 'src/deps/src/lua-resty-dns/' content from commit 869d2fbb0 fd02afef8 Squashed 'src/deps/src/lua-resty-core/' content from commit 31fae862a fe76b6830 Merge commit 'fd02afef8ec1ceb8a816dc202d05c6ece9887d31' as 'src/deps/src/lua-resty-core' 36023392a Squashed 'src/deps/src/lua-nginx-module/' content from commit c47084b5d 29d135bdb Merge commit '36023392a6e3c8fb6aebb46140db759e61da220e' as 'src/deps/src/lua-nginx-module' b01aa0b15 Merge commit '32485e2860c2ea31fcef5b575f446c7a3036a550' as 'src/deps/src/lua-gd' 32485e286 Squashed 'src/deps/src/lua-gd/' content from commit 2ce8e478a c46cd666a Squashed 'src/deps/src/lua-ffi-zlib/' content from commit 1fb69ca50 909841ea6 Merge commit 'c46cd666ab76bad7bd05c6261d692cda5b380f32' as 'src/deps/src/lua-ffi-zlib' 47ee3884f Merge commit '4f9b885a2e8b7a10653653fee3bb91cf5102b0ef' as 'src/deps/src/lua-cjson' 4f9b885a2 Squashed 'src/deps/src/lua-cjson/' content from commit 881accc8f bb450ac96 Squashed 'src/deps/src/libmaxminddb/' content from commit ac4d0d248 e13868c63 Merge commit 'bb450ac96595432625ac34de8f7f42b3d06a5b30' as 'src/deps/src/libmaxminddb' 772e05d37 Merge commit '4a7228d2dcb7fe62526016b90a7c497fb6531e76' as 'src/deps/src/libinjection' 4a7228d2d Squashed 'src/deps/src/libinjection/' content from commit 49904c42a 209d4a461 Merge commit 'ae8d8b233d52cbfdee68bd3ba21713149f5659c8' as 'src/deps/src/lbase64' ae8d8b233 Squashed 'src/deps/src/lbase64/' content from commit c261320ed 1d1739b4e Squashed 'src/deps/src/headers-more-nginx-module/' content from commit bea1be3bb 992710650 Merge commit '1d1739b4eaa274c25c52b8ceb79ebdc717633ec0' as 'src/deps/src/headers-more-nginx-module' e43880b08 Squashed 'src/deps/src/ngx_devel_kit/' content from commit b4642d6ca a09d5eb2c Merge commit 'e43880b08395df25663560da3d8154226a167a77' as 'src/deps/src/ngx_devel_kit' 8973eb029 Merge commit '26773844e7bd57df1216bd74360a62ec2dc976e3' as 'src/deps/src/nginx_cookie_flag_module' 26773844e Squashed 'src/deps/src/nginx_cookie_flag_module/' content from commit 4e48acf13 79d1b4459 Merge commit '22e69251d9b5cd2611abf77ef7352abfa4d409d7' as 'src/deps/src/ngx_brotli' 22e69251d Squashed 'src/deps/src/ngx_brotli/' content from commit 6e975bcb0 4cd57ab8f Merge commit 'b99663928782619ef854b4bf10a2bf7450d75266' as 'src/deps/src/nginx' b99663928 Squashed 'src/deps/src/nginx/' content from commit 84cd72177 d7f25398a Merge commit 'a676d333fda890838d8fc4766720cc3f1d4c5389' as 'src/deps/src/modsecurity-nginx' a676d333f Squashed 'src/deps/src/modsecurity-nginx/' content from commit d59e4ad12 7e8f4adc3 Squashed 'src/deps/src/modsecurity/' content from commit 205dac0e8 999fb6b8e Merge commit '7e8f4adc3b2b2a655640c73198fb920a5e8441d5' as 'src/deps/src/modsecurity' 6c0468f62 Squashed 'src/deps/src/luajit/' content from commit 04f33ff0 6d05b14eb Merge commit '6c0468f62b1120497a6fd0d21101dc41f29e7397' as 'src/deps/src/luajit' 1141afd20 Fix install.sh for nginx dynamic modules 97406bff4 Add libinjection deps back a58ad9b50 Remove duplicate lua-ffi-zlib in deps 831ae129c Make init_deps.sh executable 451648fa7 Remove old deps temporarily except lua 185d75076 Update how the deps are initialized 6a048e68f Update how the deps are managed 129e8f7e0 Merge pull request #546 from bunkerity/dev 265123835 Update python deps b0bc9a1bf Update the documentation 2f7ed064f docs - Fix typo in webhook link in plugins.md 7d6116163 Merge pull request #544 from bunkerity/dev deed39a1f Update lua-resty-openssl to version 0.8.23 dd295729b Add deps project submodules b27f38349 Update lua-resty-session to version 4.0.4 and remove lua-pack deps as it's no longer needed aeca252d9 Bump lua-resty-core version to 0.1.27 and lua-nginx-module version to 0.10.25 1ec21261c Revert "Init work with submodules" 718a9305d Revert "Fix .gitmodules file" a253f4a59 Revert "Remove old folders that are now submodules" 2e1e9a08c Revert "Initialize submodules" e2f1aba3c Revert "Add other projects to submodules" d9a98c6fa Revert "Update commit SHA for submodule libinjection" 5ed3ba1d5 Revert "Fix path resolution for modules and remove nginx submodule" b529d8525 Revert "Update checkout part of workflow to include submodules" 43783edb9 Revert "Add nginx as a submodule" 8417ed132 Add nginx as a submodule ded0ec66d Merge pull request #542 from bunkerity/dev 6cbbd0d56 Update timeout for wordpress tests to 120 seconds d687b228e Fix PERMISSIONS_POLICY authorizing self and links to be aside without spaces bcc9fdef9 [#533] Fix SERVER_NAME regex to limit domains' size individually instead of the whole setting's value 524a140d2 [#534] [#504] Update ALLOWED_METHODS regex to accept more methods a197e20d2 [#531] Fix typo in documentation about SSL 252a5831b Merge pull request #541 from bunkerity/dev 07ed136af Update setup-kubernetes of wordpress example 2eb73d15a Merge pull request #537 from bunkerity/dev 30fec8a14 Remove python submodule, will add it back in the next major 4b4e0f8b3 Update checkout part of workflow to include submodules c2cfd4dd9 Remove checkout from dev.yml 642da402b Fix dev workflow 4bb6d40a5 Update dev workflow to checkout the code and submodules first 3bcdd9ca2 Merge pull request #536 from bunkerity/submodules 28d59221b Fix path resolution for modules and remove nginx submodule c8e25bcde Update commit SHA for submodule libinjection e1a5782a3 Update how the dependencies are being cleaned up 68bea47ed Add other projects to submodules 2cd5c7f45 Initialize submodules d7d3e2429 Remove old folders that are now submodules a74727891 Fix .gitmodules file b5fffc1f3 Init work with submodules 8c4c99e65 Merge pull request #530 from bunkerity/dev ddc337394 Update log location for nginx and letsencrypt 1c362d078 Remove the deletion of let's encrypt lib and log folders after the job is finished 95c9bad8e Remove unused enums in database model 7a972274f Add database schema to concepts.md in the docs 561499536 Revert "Update README.md links to use local branch files" 4536e328e Update README.md links to use local branch files 89070cfb7 Merge pull request #529 from bunkerity/ui d6942a46e Update where the scheduler copies its config 8a98da898 Merge pull request #528 from bunkerity/ui 26f831cb4 Merge branch 'dev' into ui 81f3914fc Merge pull request #527 from bunkerity/dev 162198bb9 Update db core tests to ignore the added value for env custom configs 7a524b43e Revert back to 30 seconds of sleep in tests ui after creating a custom config b007916d6 Optimize the scheduler and gen even more (we love threads) 0661916ff Update ui tests to wait more after creating a custom config 2105dc0f3 Update core db tests to use the right hash for plugins_page files 823119821 Fix rare error when hashing dictionaries in the scheduler 1e62626ac Fix KeyError in scheduler 57eaedd8e Merge pull request #526 from bunkerity/dev 4d984f623 Update CHANGELOG d0fd6884c Fix shinanigans with the custom configs and plugins jobs 8e6de2bdf Augment authelia timeout 3565dd7b3 Update CHANGELOG.md 145df1df4 Merge pull request #525 from bunkerity/dev df1359e87 Add possibility to download lists and plugins from a file path + Update python deps + Plugins now support tar and tar.gz as well b756b2d7d Lint py files f57b6dad1 fix cursor gap on ace editor 91c33f1d4 Merge branch 'dev' into ui ed2a54d16 Merge pull request #524 from bunkerity/dev 3e871efed Update python deps d27edab35 Merge pull request #523 from bunkerity/dev 9982ec36d Remove useless import 80033642c Add reverse proxy headers back 0836d4ee9 Merge pull request #522 from bunkerity/dev 2a2b7b6f5 Merge pull request #521 from bunkerity/staging 78236abe8 Check Aqua Security c5ff63a40 Fix CVE CVE-2023-3138 78ef5c482 Fix problems when creating custom configs or plugins and removing them completely 2c190ee96 add writeable /var/run/bunkerweb directory to hardened example 94867d0d6 letsencrypt - use same job name when retrieving data from db 9e00b9dd1 letsencrypt - use same job_name for both new and renew jobs 9adb209a8 lua - fix missing multisite variables in LRU fdd3367a6 Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging dcf156135 prepare for 1.5.1 🚀 4023e6dc6 road to v1.5.1 af9e125c8 linux - merge change for debian packager ab6025ec9 linux - fix missing zope modules 7e221eb89 debian working f1435f231 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev b14dba775 bw - fix multiple variables not loaded in LUA 81bb9ede1 Removing python 3.11 from linux 7e66c577f Removing python 3.11 in linux 236572f58 ui - remove python 3.11 import for Linux integrations 73060e42a Fix limit core tests df0c03cef Fix UI wrong import 5d7ef69c9 Update limit core tests to avoid false negative 855ae8936 Update limit core tests to avoid false positive 16a1916db Remove useless imports in lua code + lint 605e237fd Remove 404 from Bad behavior status codes fc8d76f33 Rollback on hcaptcha passive feature c08e8d151 Update settings.md 44097cad0 Move the COEP, COOP and CORP headers to Cors plugin and change default values 3446e5f9b Upgrade antibot to add a custom CSP on each pages + update plugins order 70f227feb Fix error with multisite variables when requesting default server f81b0bb4d Fix multisite variables not being added in helpers 978697500 Fix has_variable method of utils 5b0b183a4 Remove no longer needed decode for plugin order from datastore a2759e377 Add small tweaks on the datastore b6d879257 Fix how we fetch plugins_order in the default server 94964a910 Update how we handle custom configs 6a1ff499c Fix Lets'encrypt plugin api and internal API 179a7aa34 Fix lua sessions with antibot a1385fe9b fix ctx usage in reverse proxy + remove useless log in limit 23f9f14a4 Remove old CVEs fixes from Dockerfile f77150bc2 Test Aqua Security CVEs ec48e6601 Fix return value when no plugins have been found in api.lua 6ab48d9dd Update python image to tag 3.11.4-alpine ce24a0482 apply changes to current core 02d940393 perf - ctx caching and per worker LRU for readonly variables a7069bd60 Update UI to stop using env variables but werkzeug middleware + Send X-Forwarded-Prefix headers to UI service c39dd78ae Update cors plugin tests 3b459b0e2 Fix shinanigans with API (again) 718310312 Fix shinanigans with the API 5deeacc3d Fix letsencrypt jobs c18f743d4 Fix PosixPath in jobs 85a53278e Add a charset to cors Content-Type header e01c14f11 Add Cross-Origin-*-Policy headers management and default values 0b3c1a8a0 Update KEEP_UPSTREAM_HEADERS setting's default value 95f673c1d Update doc about headers cee7672b5 Update settings.md in the doc d5ea95da9 Increase load-balancer example test timeout 39e6821a4 Lint lua code 64aa12b70 Update python deps c392a0b5f Update mmdb files f93dd34f6 Extend KEEP_UPSTREAM_HEADERS setting to clientcache and reverseproxy core plugins a23d189d3 Merge pull request #516 from bunkerity/dev df47ba0e9 Merge pull request #515 from bunkerity/dev 0ca7de1de Add CVEs fixes back 84fcfb726 Test Aqua Security 2 c20bd05d3 Test Aqua Security c85a4183d Fix Strict-Transport-Security not being sent 654172f43 Update headers core plugin lua code afe6da4cf Automatically add Content-Security-Policy header to response headers in the UI 5c7cd38b5 Edit headers core plugins to use lua Code + Add new setting KEEP_UPSTREAM_HEADERS 299a0b5c2 Remove apk update at beginning of each Dockerfile 6cc20efe7 Update bad behavior test BAD_BEHAVIOR_COUNT_TIME to 30 seconds e2a3bfb10 Bad behavior core tests change the ban time to 60 seconds 4bbddf797 Merge pull request #509 from bunkerity/dev 1eeefead9 Core tests sleep between each request 9829ef752 Update UI to automatically set SCRIPT_NAME and ABSOLUTE_URI b27958a19 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 410a64810 core - patch modsec to use access phase instead of preaccess f7d986d6a Change the way linux starts and the scheduler 95d4f0f87 Small tweaks on core jobs 4f324231d Fix tmp variables path (again) dc18f9884 Edit start.sh 3b36965f4 Fix tmp_variables_path in scheduler ccc051e78 Fix /var/run/bunkerweb in fpm args 8b2517cdf Remove ui cache download test - to much unstable d1138855e Fix gunicorn config for Docker and Linux 0c8bc97fa Fix UI on Linux not using the right user a68fb0c06 Refactor to make more sens and avoid specific errors fff21746a Correcting: Dockerfile-ubuntu End of statement block Jinja 3ab4a59b6 Update debian Dockerfiles to avoid updating apt packages only once 760ec3b3b Add /var/run/bunkerweb removal script when uninstalling BunkerWeb be459d240 Update pid files paths to /var/run/bunkerweb 8b697d87d Fix Scheduler errors with the internal apis 89a3c8b0b Update bunkerweb-ui file according to the new gunicorn usage 5e237d0d0 Update gunicorn to use a config file as well + Fix headers error + Small fixes a424d59b1 Add apk update at the beginning of each Dockerfile 1d14db7e1 Update custom cert job to not duplicate certs if the cert is global 7efb82a7e Update python deps e920cba43 Fix CVE CVE-2023-2650 413b75b04 Fix customcert plugin to accept multisite certs as well 87a9545d9 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev c53394845 various fixes aca0d6da4 Small refactor on the ApiCaller and the Scheduler 1bd40a877 Removing vmware support in doc 612333d2a Merge pull request #508 from bunkerity/dev 474ecbb41 Fix typo in phases list in plugin.lua 5fa21b3c8 Fix CVE CVE-2023-29491 16a459bf7 Lint antibot html files fd06a1e71 Add Turnstile antibot d5e64320c Fix small typo in misc.lua 4d6d95037 Merge pull request #507 from bunkerity/dev b60657e21 Merge pull request #506 from gin-gitaxias/patch-3 1f2c973a3 Fix docker-compose file for custom cert job b314f4349 Update integrations to add LOG_LEVEL=warning env variable to docker proxy 0edfb2db3 Update example to add a LOG_LEVEL=warning to the docker proxy 83413aef2 Remove open ports from core tests docker compose files 334be4346 Fix custom-cert core plugin 953128be6 Update scheduler changes check to reduce CPU usage bb7dcda48 Refactor paths resolutions for core plugins 108827952 whitelist - remove unused IPs of duckduckgo crawler 665b110c6 [#504] Fix ALLOWED_METHODS regex 5a2aa20bc Update plugins.md 168dfc439 Refactor paths resolutions for UI + optimizations on the plugin upload 6e80c7b8d Fix variable being ignored instead of saved inside the database when the value is empty 8dad7a0b7 Starting work on paths resolution refactor b5a78c3aa Test Acqua Security vulns (2) ed6bee69c Test Acqua Security vulns 3dba058b4 Fix custom configs not being cleared out once created d9b093dab Fix plugin example in documentation 162f1d978 Merge pull request #502 from bunkerity/ui 1f2fa95e7 Remove useless line in the head.html file + lint HTML files 1cd356781 Add multiple plugin upload in one compressed folder support for the UI 29673f918 fix font 180493616 Fix CVE CVE-2023-1999 7fe7a997f Merge pull request #501 from bunkerity/ui 5b75894d4 Fix UI latest version checking & Fix conditions in quick settings for services 1f6b3d59a Merge pull request #500 from bunkerity/dev 548630e3e Update python deps aa299f085 Update plugin update and add to get only the necessary keys f0126b6d6 Fix update-check job 8585007bc deps/gha: bump scaleway/action-scw a7535c300 docs - fix yt preview in readme 340b4a492 change arm server flavor e7ea3952b ui - add missing dep for docker/x86 a586b5b6b deps/gha: bump docker/build-push-action from 3 to 4 3b7d8b6c1 Merge branch 'staging' into dev 6666a25fc edit version, update images on docs and fix bug in Linux script f84af3402 Add error ignoring when using the rmtree function 0b082bdab Add handling of stderr being None in the scheduler 1f2b550f6 ci/cd - fix swarm examples and init work on release workflow d5fcc6969 Merge branch 'dev' into staging eda275589 Merge pull request #485 from bunkerity/dev 7506768c4 Merge branch 'ui' into dev be3d40f18 Fix CLIENT_CACHE_CONTROL setting's regex to also work with JS 41059fb28 Merge pull request #484 from Hado-K3n/patch-16 88f85b282 Merge branch 'dev' into patch-16 e5e031b6b Merge pull request #483 from Hado-K3n/patch-15 2dbadbd29 Merge pull request #482 from Hado-K3n/patch-14 95c7b5410 Merge pull request #481 from Hado-K3n/patch-13 00739a5ab Merge pull request #480 from Hado-K3n/patch-12 a9f4be475 Merge pull request #479 from Hado-K3n/patch-11 f85f73678 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev f1efe06e9 ci/cd - fix /opt/actions-runner perms for self-hosted runners ad71be460 login now use local font dcb800d2b Update k8s.postgres.ui.yml 5a7f7f3c6 Update k8s.postgres.yml e1f60127e Update k8s.postgres.ui.yml 7553ffb63 fix client_cache_control regex 9324648f2 Update k8s.mysql.yml eafe006a6 Update k8s.mysql.ui.yml 62a8ec975 Update k8s.mysql.ui.yml dfcaba9ad Merge pull request #478 from bunkerity/dev 737b999cd Set CLIENT_CACHE_CONTROL setting's regex 9339af44c Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 78f7570e1 core - Fix bwcli condition when checking bans 40e30ed44 use shared redis connection pool in cachestore when we can d6ca98ed1 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 10a4cefd0 update lua-resty-openssl deps and replace nginx -s calls with signals 97723185b core - Add bwcli tests ab3b3ea8f ui-tests - update waiting time after creating a custom conf 5adec84d5 fix redis not contacted in subsequent phases and reflect changes on stream configs 1624c4e76 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev eea6d32cd share common objects during the phase and add threading to DNSBL and reverse scan 99f8f69fa Merge pull request #477 from bunkerity/ui 9b58b397c Fix ui tests (again) ace88d865 Fix plugins fetching for the UI 69b35636e Fix UI tests (once again) 5dfe35b7b Update how the plugins are being fetched by the UI b75690fdf Change the way python deps are installed b19ebbe6a Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev c0c646aae Merge pull request #476 from bunkerity/dev edd6e2ded improved session management and add IP/UA checks c7ca5a822 Fix Database overriding services_settings if a global_value is set e1883a04b Merge pull request #475 from bunkerity/dev af19cc226 core - Add redis tests 0087ae583 Update python deps 8133c134e core - Fix db tests by removing "order" key check f725d0fe6 Update keys name in datastore 05c478e83 Edit COOKIE_FLAGS regex b5aaf6266 add forward reverse DNS to whitelist, disable redis in cachestore when sockets are not enabled, fix typo in cachestore and improve dns/rdns caching 8a8dd6fb7 db - remove order from plugin model 93c766e56 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 179beea4d improved core plugin execution order 1d126e1d0 core - fix cors tests with the preflight request dbb884099 core - Update allowed_methods test method to GET 62cb85453 core - Remove cert verification when testing allowed methods in misc tests 04919e8a0 Fix multiple CVEs b32f31891 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 4962f786b fix wrong env parsing in init phase, bypass modsec/crs when method is not allowed, refactor ALLOWED_METHODS and improve error page management 10bdf551a core - Add misc tests 7158e7e9a core - Optimize cors tests 3f51f59bc Add check when plugins are configured + Add Semaphore to accelerate jobs execution + Code optimization 4c4fa44fb ci/cd - fix core/cors tests 84d43c84d Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev b58798746 Update mmdb download to check the checksum at start a9be973d5 use PCRE regex instead of LUA pattern and edit cors doc 4378f18cc fix typo in bunkernet.lua, add missing Origin header in cors tests and fix allow origin expected value 7d84e03a1 fix header plugin phase not called for internal request (fixes CORS), fix bunkernet init_worker bug where ngx.ctx.bw is not available, add CORS_DENY_REQUEST setting and edit values for core/cors tests 838662141 Lint Lua code 36fdec105 core - fix sessions tests ab54b18e0 core - fix reverse scan cache retrieval 9c6ca6a86 cors - various improvements 991f7ff8d Fix tests core reverse scan wasn't using the image 9c77f77fa Fix test core DB 9ee74aef4 Add up back when retrying to up the stack + remove useless print 7bf4c11bc When docker up fails in core tests retry one time 82aadfa38 Update core db tests to add the settings.json file and optimizations 2a78d2c05 ci/cd - perform all core tests even if one failed e3fc55be9 deps - add missing hash for python dep async-timeout 5f668aeca ci/cd - fix syntax error in test core wf e5e336c4f Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 9a2e37984 ci/cd core tests and antibot refactoring 2ac77ee49 Fix deps not being synced 394f5fe4b Move back to images in the whitelist tests b06210bdf Remove unused files in tests core e6bb9fb55 Add tests for core plugins 29f020f15 Update python deps 051923b6f fix deprecated external network in compose files, various fixes in the documentation and add ipv6 to doc 2e1296d9a show useful info in BW logs after startup/reload and reduce container images size a686562f1 performance - cache empty rdns results e36c743c7 performance - cache dns responses 75f3d6490 init IPv6 support, add missing healthcheck script in UI and purge local cache on init a258612e4 add global data on settings filter bc3ea0ed3 change select method check ab71c484e add global condition for disabled state 5c415afa1 various fixes - ttl on /bans api, dnsbl undercover bug, greylist, whitelist and wrong path in realip job 5c50f57f1 Revert "regular inp and multiple global=true are enabled" 9ceaaa874 regular inp and multiple global=true are enabled 3dde3ac0a Fix no longer save SERVER_NAME when MULTISITE is set to "no" c01b493c9 Increase compression level of tar files being saved in the database 4f4a8b508 Fix default global values being added to database when MULTISITE is set to "no" 408806718 Add external plugins being updated at the start of the scheduler 402ff16c8 Add "global" key to settings when fetching methods as well dcdb43cf0 Merge pull request #473 from bunkerity/dev ca8c56aaa Remove unused function in UI src.Config 905946463 Fix scheduler restarting for no reason when having an external database 8a308b1a8 Fix database not providing the right SERVER_NAME setting value cf26d7aa2 Fix database saving default values to global_values when multisite was set to "no" 8bb6f63fa Merge pull request #472 from bunkerity/dev 64789276a Update python deps 30194f959 Fix Access-Control-Allow-Credentials not being set to the right value when deactivated 50ee37db0 cors - refactoring b8d89fe79 Fix customcert plugin 63f4e44c6 Fix CORS when sending an OPTIONS request ac2e4dd64 Merge branch 'staging' into dev e14475de4 ci/cd - fix missing version in linux package name 136f68cd3 ci/cd - fix typo in beta wf d83730cf7 ci/cd - fix linux package name in upload/download steps ae042854f Fix blacklist download jobs where ignore urls were not being downloaded 86053d3dc Update RDNS regex in jobs files b2e26fc8f Revert "Revert "Update RDNS regex"" 48354fb26 Revert "Update RDNS regex" a544f18e2 Update update-check job to add stars so that the end of line shows c6f304b37 Update RDNS regex 14ca85cdb ci/cd - fix package.sh name in linux build wf dc1cb6a6f ci/cd - fix scp command in linux build wf 73acbe085 ci/cd - fix typo in linux build wf 45c90527c ci/cd - fix linux package generation when arch is ARM f4590749d linux - fix arch in rhel package image 141f5a1d5 ci/cd - fix typo in beta wf (again) 6e82fde8a ci/cd - fix typo in beta wf 00ba46ebf prepare for 1.5.0-beta update 9a1c09c56 Merge branch 'staging' into beta df787c75d linux - add pcre dep to fedora package 93e567bb6 linux - fix fedora deps name and add architecture to fpm config 8b6d788c2 ci/cd - fix bitnami chart values 541b64698 increase drupal delay time for tests, fix tmp dir not created for realip-download job and fix has_*_variable check when multisite is yes 59324526c speedup build process for python deps and fix default env value for autoconf/k8s a58e5c60c deps - upgrade python dependencies 27b1dddb0 linux - pin pip version fd056102d fix centos repo command in rhel dockerfiles and fix delete infras order for staging wf fb0373343 ci/cd - use single quote in linux build wf 43cbc79c7 ci/cd - move ARM_* to secrets in linux build wf 7592e5a84 ci/cd - fix typo in staging.yml 39ace8175 fix load-balancer example and add server_name to cache keys when required 48d7e72e5 Merge branch 'dev' into ui 66921b007 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 819ad60a4 fix hcaptcha antibot and refactor ci/cd for staging 20913808c Add .mypy_cache to .gitignore file a086ff690 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev a286e7bd3 fix wrong container in autoconf/k8s, init work on linux arm and ci/cd refactoring 5a233ff90 Fix Database model types 18b3d7148 Update db model to use SmallIntegers b36cd924f Add `bw_` prefix to database table names 63ce1afcd Handle errors more gently when API requests fails d4934cfee Remove test-ui service in the main docker compose file as it's been extracted 500d58e50 Separate the compose file back 21dc67b68 Update test.sh for ui-tests an the compose file 75d2be7db Update tests-ui to fix them 041b7f71e Update ui-tests to make a valid password 1245b8b01 Update regex in ui + Add regex module to requirements 913e9a2c2 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 97dc6540e ci/cd - fix typo in dev wf b75ba601b Merge branch 'staging' into dev 573fe8fee Change UI admin password check to a regex 51514df57 Remove not needed file in linux scripts 9ff64426b Fix ui tests with the external plugins 74fe9d5c1 Lint jobs py files 97b362bb1 Fix let's encrypt error when deactivated 964d31893 Fix wrong attribute value when checking for external plugins 914686e78 Fix often occurring bug when testing the web UI 58db1352f Revert "Fix often occurring bug when testing UI" 987af951d Fix often occurring bug when testing UI 1c74c5d8d ci/cd - refactoring 1cc9f5773 prepare for v1.5.0-beta fixes ac94e5072 fix double .conf suffix in custom conf, migrate /etc/letsencrypt to /var/cache/letsencrypt, fix bunkernet jobs and lua code and fix reload for jobs 773874154 move /etc/letsencrypt to /var/cache/bunkerweb/letsencrypt (wip) 75ca603b7 WIP - fix bunkernet and missing reload for scheduled jobs 027605452 Fix bunkernet initial message when checking connection + add TODO bddfb58a0 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev c7ab00208 Merge pull request #462 from bunkerity/testmmdb ef551846b ci/cd Update mmdb - Let only the schedule and change branch to push on f41c096ec Merge branch 'testmmdb' of https://github.com/bunkerity/bunkerweb into testmmdb a7b7c2031 ci/cd Update mmdb - Add check for curl commands fb5529566 Monthly mmdb update 0afb250b9 ci/cd mmdb update - Changed branch to push on 019a927b0 ci/cd remove secret required for auto mmdb update 283a63f16 ci/cd try fixing workflow auto download mmdb 42707ad46 ci/cd test mmdb update cd57eb423 ci/cd - fix automatic push of doc 01fbacf0f ci/cd - fix pdf path for draft release + fix missing git fetch before deploying doc d693d065f ci/cd - allow to update release tag, add PDF to release and fix multiline CHANGELOG in release aa2ada0a0 ci/cd - update git user/mail for push doc wf a47d7df40 ci/cd - execute apt install as root for doc to pdf workflow c4093a2d7 ci/cd - increase ARM node storage 01e599493 ci/cd - concurrent builds for ARM + fix version string for RPM packages aaa070165 linux - fix VERSION path in package script 0b93c6e10 ci/cd - add more cores to ARM instance 88db3fa34 ci/cd - fix build rhel var 5c01bd3f7 ci/cd - various fixes for push workflows 604d4c1a0 Merge pull request #459 from bunkerity/dev bed6d742f Decrease the compression level when sending configs to BunkerWeb 57cb6e9c4 Update python deps 0d1580cff Small code refactor of the jobs and the scheduler's function that generates configs 766ca0e9c Merge pull request #458 from bunkerity/dev 0ab07678d Merge pull request #457 from bunkerity/ui 5412e6d24 fix logs checkbox ba7422218 ci/cd - fix push workflows fda2948e0 ci/cd - fix typo in push docker wf 59e5b1d54 ci/cd - fix push workflows 7ca7d7847 Merge branch 'beta' of github.com:bunkerity/bunkerweb into beta 939545644 add missing postgresql-dev build deps for ARM images 0b5746aba ci/cd - add missing inputs for build arm 94dc501c1 ci/cd - remove load image in buildkit for ARM archs because of docker limitation 8ffaa7cf7 ci/cd - force shutdown when deleting ARM node 6e99e7a98 cicd - fix docker buildx arm driver 2eef2b8bb ci/cd - fix variable share for ARM (again) 406c686e4 ci/cd - fix variable share for ARM 6cecc70c3 ci/cd - fix ssh command for ARM builder 2f992baab Lint py files with black 7befd927d Update python deps a4ae0d517 Update cached mmdb files c3d0d7ca7 Add workflow that automatically update cached mmdb files d4ceb7c10 Remove dev comments for ui tests b37c86e62 Fix ui tests problem with the logs page a7b07c959 Fix wrong condition when fetching the logs on Docker 3b237ed3c Fix UI tests a55a0df5d ci/cd - remove useless condition in create ARM workflow ae33ca52e ci/cd - fix wait-on variable 8867eb23b ci/cd - fix wrong json keys from scw api 1b79e291e ci/cd - various fixes for arm build 98ce5041d ci/cd - use fixed sha1 commit for scw action in rm arm workflow 66d7216dc ci/cd - fix typo in create arm workflow 45fa4d1c2 ci/cd - ignore /root/.cargo dir for security checks, use fixed sha1 commit for scw actions and add missing deps for ui/arm 9cd13990e ci/cd - pass ARM ID as secret 266383abb ci/cd - dynamic arm build node 4e0d2fce5 add missing dependencies when prebuilt crypto package is not present 823c09195 ci/cd - add missing var for ARM builds e71dc132e ci/cd - fix typo in container build workflow 0db5f7cf0 ci/cd - fix typo in beta workflow 4bfc5b693 ci/cd - fix wrong cache name in container build workflow 93d0a991a ci/cd - fix typo in push doc workflow 1c178ed75 ci/cd - fix version output for beta/release workflows ab7e1f624 ci/cd - add missing runs-on in beta/release workflows 0f499c9d3 ci/cd - fix typo in push packagecloud workflow d0f6d59f6 road to v1.5.0-beta 🚀 408662869 ci/cd - fix typo in doc-to-pdf 312757594 ci/cd - fix typo in beta/release (again) 11f86ea75 ci/cd - fix typo in beta/release ad1606742 use proper links in docs, automatic doc push and add pdf to releases 08e1d157d Fix ui-tests by removing no longer present checks c8908695b Remove unnecessary prints 641a27f5e ci/cd - remove useless needs for ui branch 468407081 ci/cd - fix typo in staging workflow 6784bd691 ci/cd - fix wrong condition for container-build workflow ef1897de8 ci/cd - add missing needs to tests-ui staging 9815f22d7 ci/cd fix typo in container-build workflow 65c6e48e9 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 14a4db8bd use current_bw_version for docs, add automatic tests to ui branch and fix letsencrypt permissions for linux f6b8d23fb Fix ui tests by editing the attributes name to the new ones 58fd04430 ci/cd - fix typo in staging.yml 54a17c775 init work on CI/CD for generic beta releases, remove useless autoconf examples and fix linux postinstall script 4f2c58bd7 temp disable authelia test for k8s and add missing folders for LE on Linux 5e4ce4579 various fixes fa67c5d7b ci/cd - fix missing arg for copytree 04db308c9 ci/cd - edit staging workflow 5d2045803 ci/cd - edit staging workflow e7717ba7f Merge branch 'ui' into dev bbaaad848 docs - last polish 0658230e2 enhance responsive f5c28b27d Merge branch 'ui' into dev 575312336 harmonize all titles dark color 2f336be77 enhance file manager and jobs svg 81a37a377 enhance actions btns c3119f04e docs - plugins ffa91933e docs - add YT demo 5741dce6d Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 7695a839f docs - web UI 5fe0e0bfd Merge pull request #454 from Hado-K3n/patch-7 8c71f7d27 Merge pull request #455 from Hado-K3n/patch-8 124378d7c Merge pull request #456 from Hado-K3n/patch-9 c6a184d90 fix ui integrations and fix stream support in db d8b7db167 merge from ui ddd83a808 docs - add stream support info and plugin description to settings page 289b58567 docs - add stream support info on security tuning page 4dda54a11 enhance style 0ca473c69 fix style issue between load and page transition 1145b798f fix filter setting from custom selectors 63e7ccf13 better centering loading logo with text 001a63efc continue custom selectors + fix script + style 4144faa93 fix create service issue + remove stash 72bc9e4bb start creating custom selectors 98de3fc2f docs - quickstart f118f992f merge from ui 5285a2f4a force stash 1d354c9c6 docs - quickstart (wip) 55a7c8fee force stash 64a9fe4db fix checkbox + style issues + script duplicate a90d9e627 ui - fix default value for inputs 7e1efcbc6 Merge branch 'ui' into dev b5f0fe856 docks quickstart wip 01d8c65c9 remove hidden input checkbox + fix script b7f63450e add special method for mode bc47f1fa5 Merge branch 'ui' into dev 7089e8b4d fix checked state d4fd4c473 fix checkbox + template db5789fcb Merge branch 'ui' into dev ab20f83b2 Update k8s.postgres.ui.yml bbea8ba3f Update k8s.mysql.ui.yml 9a2005d1a Update k8s.mariadb.ui.yml 9512de630 docs - quickstart guide (wip) 956a7bd23 Merge pull request #453 from gin-gitaxias/patch-2 f8c5543fd Update plugins.md 667bb3003 docs - quickstart guide (wip) 6b76596a8 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 78c2e16ea add missing cluster config for ui/k8s and start quickstart guide doc 1e6cfe8b0 fix filter disabled issue + reset on modal open 574ecbd6b Lower the environnement variable for the mode aa3ce13a8 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 6f39fce6d docs - integrations 92fc5d981 Remove ascii art showing in UI logs ae7e3ddd9 Fix how the ApiCaller is initialized for UI instances df94bc4af Merge pull request #452 from bunkerity/dev bf29fa2f9 Show how many plugins there are correctly in the home page 509bd21b0 Add log when deleting plugin 1530745a7 Merge pull request #451 from bunkerity/ui a87abf3ce update home dark mode + variable 8a5836dd9 add popup darkmode 3a4a6ee5f new service doesn't force method="default" 1321a76c0 update service submit name for new or edit action 53e145b91 show method involved in disabled setting on hover ceec21faa update web-ui INTERCEPTED_ERROR_CODES 63ba00180 Fix logic when saving a service in the UI 479f18b17 Merge pull request #450 from bunkerity/ui ab43bf84a Make it so the UI and the scheduler no longer run as root in Linux a7849a6e7 Fix mic mac with config files and UI 9009859aa Merge pull request #449 from gin-gitaxias/patch-1 0bf2116c4 docs - concepts 3616a9f20 Update security-tuning.md 435aae7cf docs - index and migrating c0e649d68 fix logs + select custom 1c3bbf1bc stream - add example and fix ssl support 37ebde363 fix logs and plugins dropdown + margin b64e55f75 Add bigger timeout to loading.html da4bb8dce Fix condition in helpers.lua ab509c270 Fix UI with Linux 6916a81c5 bunkerweb is now W3C friendly c7bc493e3 stream - fix various errors bc1dbe18a Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev bd577cfb2 country fix (again) and init work on stream a829528c3 Add bwcli to scheduler and fix it for the autoconf 9d829ebca Finish updating bwcli 94b97a6bb Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 780c0c8c5 api - fix errors in calls and use ngx.ctx instead of ngx.var 5fb0be70a Merge pull request #447 from Hado-K3n/patch-6 6843902db Merge pull request #446 from Hado-K3n/patch-5 3419dca98 Update k8s.postgres.ui.yml 38c71cf94 Update k8s.mysql.ui.yml b7c260561 [WIP] Update bwcli 995ff250f Update python deps + add redis for the gen a04490b47 Replace unnecessary import 5112ed46e Merge pull request #445 from Hado-K3n/patch-4 8558785b1 Update k8s.mariadb.ui.yml 95e64d6c8 bw - fix black/grey/whitelist rdns check and country check 8ea94a2e4 Merge pull request #444 from bunkerity/dev 9f1405d69 Remove unnecessary {-raw-} in index.html when loading 9a2f7e9ab Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 93b471444 Add marging to antibot files hcaptcha and recaptcha 93c0cd437 Merge pull request #443 from bunkerity/ui e7d61a67c update antibot and default template 5d05eaeae Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev a77d233ec bw - add zlib dependency 9a69ca135 Merge pull request #442 from bunkerity/ui 823c12823 fix SERVER_NAME + fix delete form + enhance 52806afe7 Merge pull request #441 from bunkerity/dev 2ea726c22 Merge branch 'ui' into dev dffc770a9 fix and enhance 12f8b8197 bw - add missing lua-ffi-zlib dependency, fix syntax error for white/black/greylist, fix error for dnsbl and fix limit request not working in local mode 4871a2104 api - add missing ctx fill bcc5e6bb5 bw - add missing json decode in api and add missing require in country 83428d6cc bw - fix resolvers nil error when doing dns checks 7eefcb8f8 antibot - manage direct access to challenge page a372ffd52 fix invalid session error handling and remove debug log in whitelist e55912b34 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 5f9f1e54f load inline multisite values for white/black/grey list core 3b4882d82 Revert "Remove no longer present CVEs fix because these are already fix in the images" c2e0e5106 limit - use atomic script for redis case 4bc0771d9 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev edf7e06e0 various redis fixes and display ready log a93d9a7d9 Remove no longer present CVEs fix because these are already fix in the images e4465d9a1 Fix jobs cache when a database is used c9af9457e Fix wrong condition when sending files 17a3d933b Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev a60b6f3ad bad behavior - fix 500 error and do not pass objects with another lifetime to timers c0e8e93ab Fix documentation mistakes when soft merging 1.4 into dev f1a868c66 Fix when the cache from jobs is saved into DB + sleep 5 seconds when waiting for the database for the UI d32102376 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 510938fc2 antibot - fix bugs related to session ed9605c10 Update python script that generates settings.md 3dabd42df Update python deps 834fbaf01 remove antibot back btn + update raw 95c231515 antibot - various fixes, not fully fixed yet 56028b087 update antibot / loading / default page 502d4fcc0 Add back the fact that we don't download the mmdb country if we don't blacklist or whitelist a country ccd56d3b6 change antibot and misc template style c949c0232 Update the security tuning's blacklist category according to the settings 671543e6e Add more ignored variables for missing setting name warning dbd5739ab Fix wrong setting names under `Custom certificate` category 5f26ebc69 Fix php-cookie-flags example bba26b548 Reorder core plugins to stop having the warning at startup db166c434 Add small fixes and lint to the error.html page 08f3d93ab Update jobs will now also check and save the cache in the db 63b1fb947 Fix CVE CVE-2023-1255 d5b11b8bb Merge pull request #440 from Hado-K3n/patch-3 92744c091 Merge pull request #439 from Hado-K3n/patch-2 d46337f60 Merge pull request #438 from Hado-K3n/patch-1 9b52a5c3c clusterstore - various bug fixes 3f9d606e1 Update k8s.postgres.ui.yml 7e2f53c8c Update k8s.msql.ui.yml 1f5d8bfab Update k8s.mariadb.ui.yml 7a7d83a75 various fixes for redis/clusterstore - still WIP a5e08e1c6 refactor of session management 0fdb108fe core - do not execute init() if BW is in loading state 00b50c162 various fixes for core plugins 4ba5d6659 use ngx.ctx to store common values 860cc1a92 Merge branch 'dev' into ui 881d3a00d fix git issue on windows 76a2ff656 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 28ef546a9 refactor - start to use ngx.ctx for per-request data ed495b99f Add CODE_OF_CONDUCT.md 0bd3e273b Update compression_level of sent tarfiles to 5 instead of 9 348ab7a1e Add feature that allow the copy of code blocks in markdown + Update copyright cf2938bf2 Update web-ui docs according to the next major version 79a46e2cf Update the logic behind the check for linux os 9a325c7a9 Add new check for integrations in BunkerNet job 707256076 Add now the scheduler will pass his own env as well to jobs 9578ace02 Remove not used INTEGRATION file in BunkerWeb container 8c919c676 Update links in the home page of the web UI ad64ce22e Remove no longer needed packages that were fixing old CVEs 29cb6fe16 fix header phase and fix error template d3d18e15a Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev a83254bf2 fix wrong log in access 859343e18 Merge pull request #437 from bunkerity/dev 50829293c Merge branch 'ui' into dev 8e22b1f21 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 9849ce10c fix wrong error check on phases and add missing ttl for *list cache items 3b5c083fc Soft merge branch "1.4" into "dev" + changing versions 4d95e32f1 update error page 1da4b78f0 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 915b51c3b fix error pages for default http server 535f1a055 Merge pull request #436 from bunkerity/staging 0afe038aa WIP Ui 3b6c3815e fix default-server-http.conf b5fa473ae Merge branch 'refactor' into staging 2fddbd862 refactor - disable asn checks for non global IPs, use resty.template with antibot and various fixes 8d63e3974 refactor - fix various errors and add missing dependencies 23725d483 Update prod shields.io link in README.md 303f380c7 Update demo.gif file 3c375039e Optimization on the download of mmdb files a7773dae2 Update intro-overview.svg 5eb884fe9 Fix bug when showing cache files for services in the UI 3fac889ff Remove no longer used modsec rules for the UI c3106e70e Update README.md and edit the demo GIF + edit the .prettierignore file 928ed2d6c refactoring and road to nginx 1.24.0 34ab94640 Update python image in Dockerfiles + Add gevent to requirements for the UI aa96c8503 update css 649d29b05 change news base url 217d1aa50 enhance style + menu script e6ff51e20 Refactoring and Linting of py files and json 666b7a1ba refactor - blacklist, errors, greylist, letsencrypt and redis 496edb83a Adding thel documentation ee83cea7f Add ascii art showing randomly when starting 6d1914d62 Update python deps 648f15e42 Add new core plugin update-check 2075a5d4c refactor - badbehavior, blacklist, bunkernet, cache, cors, country and dnsbl 5dd52186b Fully adding vagrant in the doc 3a03f07f1 Changing vagrant integration 64997bae8 Adding vagrant integration 03ec271e2 refactor - improve clusterstore interface and automatically retrieve variables for plugins 29c57915c antibot inherit from plugin 840c29568 continue work on refactoring 1ec83f256 renamed session to sessions 8c2908157 save work afc0ac198 init work on refactoring 4cd3fc644 Merge pull request #434 from syrk4web/staging bfc872be2 change flash logic when login 049e9c1ea Update python deps bf9b94ebf Avoid Autoconf from running in root 92e698458 magento - fix docker example (again) a771bdb18 magento - fix docker example 7c21b3da2 deps - update lua-resty-session to v4.0.3 d4fae4b57 session - add missing settings a85044220 init work on redis session 986f506e7 add missing API_WHITELIST_IP in mattermost and moodle examples 41e8f5c93 fix wrong init of counter in badbehavior and fix nextcloud/docker example 8e7205062 ci/cd - reduce dynamic subdomains for k8s tests because of annotation size limit of 63 chars 1bc42204d ci/cd - use dynamic random subdomains to bypass LE rate limit a1e44f6e4 Merge pull request #431 from gin-gitaxias/staging 7ccd3ef92 fix moodle/swarm example and disable reverse-proxy-websocket test 8b54073a7 fix missing backslashes in autoconf custom configs and add missing full reload after custom configs update 622f2eb2a autoconf - check if service exists before adding config 5d14813be fix typos after basic testing 9f7060564 autoconf - add missing import and fix double lock release 937cd10ee refactoring and various improvements 6af3b985a fix deadlock in autoconf/swarm and fix missing favicon in default and loading pages f6ed21b3b autoconf - fix global custom configs not supported in k8s/swarm mode eee03c4ae autoconf - fix variable typo in k8s watch ecf4e77b3 autoconf - fix deadlock in watch loop 0b71819d2 watch services for autoconf/k8s and support real IP in default http server d3d0136bf various redis fixes and improvements e80965ca9 lua - fix wrong variable name in access 220374db4 ci/cd - fix syntax error in jobs 9b8606d40 fix redis hostname for k8s files and only append tasks with a desired state of running for autoconf/swarm c843be074 reverse proxy - allow all chars for URL settings 6a65104e7 fix return value of clusterstore.connect and disable auth basic for LE challenges b429201ec add missing LUA import for clusterstore and fix prestashop docker example a9ce32c26 added a more precise scan response and modified .json like asked f4442b642 ci/cd - fix syntax error in k8s test class 1c3c0d63b ci/cd - fix missing k8s create infra job e8c6d04aa ci/cd - various fixes for k8s tests 1caa9a1e7 adding reverse-scan 5d41a5b98 Merge pull request #1 from gin-gitaxias/reverse-scan 77fb8c420 Add files via upload 1bb79b155 linux - add geoip deps to rhel rpm cf8644602 Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging ea1394b04 ci/cd - add linux/rhel tests, fix docker/behind-reverse-proxy, fix missing stream module for linux/fedora and remove placement constraints for swarm 87bd26da0 Add threatmap to README b3eb64745 ci/cd - temp disable autoconf tests and add missing packages for linux/centos 202f21aab fix syntax error in ApiCaller 55a36f719 fix docker/joomla, fix autoconf/nextcloud and fix API calls for swarm tasks 1c3f094cd ci/cd - fix wrong yaml edit for swarm and append LE settings for k8s f07c0e66a ci/cd - various fixes e8ee460ef fix CVE-2023-0464 and CVE-2023-0465 dd2c8cbcd Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging 2d11a1c72 fix nextcloud modsec rule id, fix k8s pvc definition and remove useless logs from linux/start.sh 4f334a577 Add sleep between BunkerNet registering and ping to the API to avoid being rate limited 283828e8f Fix Now support WebDAV methods in the ALLOWED_METHODS setting's regex e50c92250 various fixes b8b50b165 Remove check for messages after creating the service - tests-UI e88406b5d Fix ui tests with the new UI 922b32b2e Merge pull request #429 from syrk4web/staging 671db37f7 fix autoconf/cors, fix docker/wordpress, fix wrong image name for k8s/scheduler and upgrade tests instances for swarm/k8s be71b0781 format logs instance to avoid error 9e1876fea logs fix + checkbox fix 4d245f9fe change cache/download to jobs/download 6d16a766f fix service delete + change style 5e598e90c fix bw-data volume not reused between docker tests, fix wrong bw-data volume path for autoconf tests, add let's encrypt to autoconf tests and fix temp env not generated for linux dc8b7dbe7 fix form input bf22faddc remove php-cookie-flags from tests, use HTTP(S)_PORT for temp nginx on linux and fix wrong volume path for autoconf tests 6c6845a79 enhance some responsive + change api 461789aed ci/cd - fix BW CVEs and fix Linux restart 318228e59 change and fix service logic fa7c7ac91 ci/cd - add www volumes for autoconf f88eced33 Handle services settings sent to the UI better 357dc3e3a Merge pull request #428 from syrk4web/staging 283306a07 Remove CVEs fix, it's no longer needed for now 276a96c55 Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging 19870f154 various fixes for linux and get ui tests exit code from container 2485a47b2 Update python deps bd88f9743 fix id rename error 82d8180d8 Merge branch 'staging' of https://github.com/syrk4web/bunkerweb into staging 41f43c46d fix multiple 0f632803f Merge branch 'staging' of https://github.com/syrk4web/bunkerweb into staging 53f480a66 enhance multiple logic + fix conflict 1cf4a5665 disable healthy checks for docker-poryx and dummy app in ui tests, add --no-reload-linux flag to generator and fix missing self arg in autoconf 041142a4f add healthchecks to ui and autoconf docker images 4f9748cc2 earlier init autoconf in DB, healthcheck for scheduler and fix syntax error in linux/start.sh 54813ecd4 Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging d97b5e104 various fixes 8031c5060 Start handling disabled checkboxes + multiples 58ab870b2 increase cors/k8s/swarms timeout and fix tests/ui container names cceda705b update flash count on remove e91f3dc22 Add a log when database is ready in UI + Small refactor of the Configurator 1e9a55c24 Add small tweaks to the UI and scheduler Dockerfiles 7dc26dafa Fix disabled checkboxes no longer always have the value no with the UI 7dc25b3a5 fix redmine/docker example, remove double AUTOCONF_MODE in integrations, remove useless backslash in start.sh/linux, rename container for ui/tests 55d24a8d1 Change mmdb-country job to download the file only if needed 9e009f7be Merge branch 'staging' of github.com:bunkerity/bunkerweb into staging 73b640bd3 fix cors/docker example, add missing AUTOCONF_MODE=yes to integrations YMLs, proper save_config for Linux and fix image name for UI tests 87bccaad6 Add `AUTOCONF_MODE` setting to scheduler in integrations examples d331131c0 increase timeout for php-multisite, add API_LISTEN_IP setting, edit default variables.env for Linux and add more logs for tests 578a1a8c8 Add more precise logs in the jobs plugins cb808c0ad Fix bunkernet-ip.list file not being created in case of an error (same as 1.4) c8d39ba6b Fix scheduler no longer running as root + Fix permission errors with downloaded plugins 4a67a5f56 Merge pull request #426 from syrk4web/staging 4dea680ac enhance style + some fix d81088272 Change the category if the user needs to log in in the UI e003b751d Fix when saving plugins with pages b829e4edf Fix false positive error with plugin page in web UI fc3ef3346 Add UI logs into console ce85bc6b8 Fix openssl no longer prints progression in the console 2e144bf46 Merge pull request #424 from syrk4web/staging defb2c333 Change the way the error page is rendered 2ae37ce8d Fix regex for ANTIBOT_HCAPTCHA_SITEKEY setting f335364fc Lint antibot.lua 16842fef1 Fix errors with missing % symbol + fix errors because of the symbol 5f5a5a890 Fix css in antibot html files ccde5c74f fix real ip jobs d3402ff3f change loading, error and test files a02218bc8 end examples refactoring 5845446b9 Revert "Fix errors regex, authorize same path for multiple errors" be0df4160 Fix errors regex, authorize same path for multiple errors 89812362a continue examples refactoring 5d214497b Fix don't try to add an instance when saving the configuration with the UI 808b7b220 Update jobs connect to the database only when needed aa0eff749 Fix regex in redis plugin that was breaking the UI + fix ui.conf missing comma + remove unused variables in templates 1ac434a5b Update python deps 9c22f1e97 Refactor the py files cfe5c6063 examples refactoring e37e6c346 Fix mixup of swarm and kubernetes when reading env variables + refactoring 0356250d9 Fix problem with the bunkerweb container and plugins 548d157fe Fix check if the Database is on read-only before trying to write 7c5aa4897 Update version string size to support new format 61b9517a8 Fix error when multiple jobs are trying to write in db at the same time 8c67d08ae Lint code 966f57cea init work on examples refactoring 0210ddd88 Add realip settings values to the initial BunkerWeb settings 6f29756dd ci/cd - pull only interesting images for UI tests 2b1dbb1d4 fix default cert path again and ignore pull errors for UI tests 74a11c2ed fix wrong cert/key path for default server b3769b6e3 fix missing then in blacklist.lua, disable site search in redis.init(), remove counter from reverse-proxy/stream config and fix ui tests compose pull c7d8b7dc1 update resty core and http lua to support latest version of stream lua and various fixes related to ci/cd a62ef9f54 add missing init-stream-lua.conf and various fixes for ci/cd 65611020d fix duplicate datastore http/stream, fix missing /var/www/html for linux and various fixes in tests b28668d68 ci/cd - revert back to old condition for pulling images 706305917 ci/cd - fix wrong autoconf local image name, add missing secrets for tests-ui, fix wrong IMAGE_TAG for tests-k8s and try to fix pcre issue on linux 2d440d26e ci/cd - add missing runs-on for reusable tests-ui 93945f391 ci/cd - add ui tests 5e31b6c4a fix CVE-2022-1304 for autoconf, add missing load_module for ngx_stream_lua_module.so and fix missing -lpcre in configure step 01fab4162 ci/cd - fix CVE-2022-1304 and wrong TEST_DOMAINS aa614b75a ci/cd - replace Test.py with latest one, fix yaml paths, print logs when k8s stack is not healthy and fix wrong linux docker image name 88a295517 ci/cd - fix log() call b95d1bc6d ci/cd - add missing log() and fix TYPE for linux tests 2604d9a56 ci/cd - trying a hack to support dynamic runs-on ed4d94529 ci/cd - trying to fix runs-on problem 53410e831 ci/cd - remove steps 609210021 ci/cd - inherit secrets for tests workflow a168f2bce ci/cd - fix rhel build and runs-on for tests 8bf211bc5 ci/cd - fix linux package generation (again) 9250faa52 ci/cd - fix linux package generation 139eaa2dd ci/cd - add missing scripts 7149a34cc ci/cd - add empty .trivyignore and rename redhat to rhel 5c5dbcfc7 ci/cd - fix type in push-packagecloud workflow e826c619f ci/cd - fix wrong quotes in delete-infra workflow b24cbf73d ci/cd - fix wrong quotes in tests workflow 99e27c430 ci/cd - add missing input in tests workflow ee0e608de ci/cd - fix negative conditions 10f9658f5 ci/cd - fix wrong jobs name in needs 27bac0382 ci/cd - trying to fix dynamic runs-on 97627cf83 ci/cd - pass runs-on to reusable workflows 8969b1e72 ci/cd - remove version from reusable workflows 8ca292fb3 ci/cd - change reusable workflow paths 8e73eb87c ci/cd - fix syntax errors 46e3078dd ci/cd - crash test incoming 95c5e2e47 ci/cd - move dynamic runs-on from reusable to staging workflow 131857a9b ci/cd - fix wrong indent in staging/delete-infra-* fc1cab1af ci/cd - remove subfolder and continue work on staging 25729fda7 ci/cd - init work bb2d868fa Refactor tests 5e3dadbfe Refactor ui 7fe168892 Refactor scheduler 36b5c372e Refactor Instance and remove unused method 596258559 Accept incoming changes for misc jobs c5a10aaa3 merge default-server-cert job 06acae405 rename *CUSTOM_HTTPS* to *CUSTOM_SSL* and continue work on stream support 6bf59b59a Refactor the plugins jobs 7a8a75901 Fix multiple CVEs (see comment) (finally) 10ec01e7b Fix wrong env var name in realip plugin 947ecf81f stream - add is_stream variable to check if we are in stream or http mode 4f4c8ebf0 init work on stream support 79036e975 add ngx_devel_kit and lua-resty-env deps, support set_by_lua hook for plugins and init work on whitelisting support with modsecurity c2402b118 fix duplicate root error when bw is starting, add modesec rule to core ui and init work on k8s/swarm integration files dbd052e9a Remove unnecessary import and use parent list of supported custom conf instead fb917960b Revert changes on the custom conf regex for the autoconf 26de0a233 Lint files 0faa34ac7 Add a regex to the setting REDIS_HOST 1d9459202 misc - add missing page.conf 1b113236a Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 29b373148 misc - default pages for default server 6cb714be0 Start adding integrations examples 99b85ec8a Fix Apicaller error with swarm 37114ee2f Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 902fe6ad0 bw - init work on redis 7bf034fc9 Fix being able to delete autoconf services from UI (shouldn't be) 916caf2d6 Merge (soft) 1.4 branch into dev branch f8e31f287 Update mattermost to use a static image 0f35c05ee Ignore multiple CVEs due to missing deps in python:3.11-alpine 846e26e41 Fix multiple CVEs (again) ebc7fbbce Fix multiple CVEs (see comment) f4081ebd3 Handle more errors with Bunkernet job 3b01b5144 Upgrade the way the jobs run_once are executed 8fa94d6a5 Edit DockerController regex to handle more custom confs and fix modsec conf mixing c92d4224f Update python deps + add cryptography for autoconf and MySQL 579975899 Fix checkbox not being sent when unchecked + double settings tab in UI 935805721 Fix CVE CVE-2023-22490 and CVE-2023-23946 c671ccf7a Add unauthorized_handler to UI 5ac64758e Merge pull request #417 from syrk4web/dev fdd0da35d Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 34d12cd55 Fix file manager always use the database now + create log file for UI if not exists 47ccd9f04 Log events back in the UI 39b0f3f19 fix + show one mult group 7828c0225 add checkbox fallback + DL script e425eef9a Fix weird shinanigans when saving services config b75bc0344 Adjusting upgrade on file variables.env 79dabf763 Change the way bunkernet check on which instance type it is 3f462fb3b Optimize logger 84f3a894f Fix cache files not showing on UI 93933bde7 Fix custom conf MODSEC CRS being interpreted as MODSEC only c22bccc76 Correcting nginx version for debian installation 8bedc9ce6 Correcting doc 3a60b3463 Modifying doc for packagecloud problem 9efa21709 Correcting fedora packagecloud problem e3410058f Correcting Ubuntu/Debian 60ac00f5f fix inp value 6b13fbb84 change svg c89205016 Adding Rhel integration cb77a7010 change logs datepicker 8b0d8a9d3 remove log + fix service tab facb597ee fix float buttons 89930f1a3 Remove encoding from Database engine args 6122d59d8 Update python deps d3a02be59 Rhel cannot be supported yet a51aa27e4 Add some checks and solutions to rare syntax error ae8e65057 Fedora upgrade working Correcting backup during upgrade Database backuped TroubleShooting some errors with OS Centos working 77f41a059 Backuping old confs working 8fcba30ab Upgrade Debian/Ubuntu working 2e9a0c79e fix select hover style 64961e395 Remove unused imports b662d8453 Update python deps and remove oracledb e9d981a56 Fix checkbox being disabled every time 39418790a fix popover content 3d96fdb34 update dashboard 580f33e56 new file el is hidden on nav 4f6244e74 Lint code 1f2076756 Update Python deps dcf9e301e Fix UI not exiting correctly with gunicorn f1a28b01b Merge pull request #408 from syrk4web/dev 5739144e3 Fix bwcli /bans command df7bbb960 Update VERSION to 1.5.0 dd0f56bb0 Add password type for settings d83d3aa3d Fedora working Modifying centos systemd Adding %postun to rpm Modifying postun deb Centos working b85e6ee6b Updating to Fedora 37 ca0d88fcc Upgrading script: Ubuntu & Debian working 835f85d5d enhance input field style c4b5ddb95 Add setting to intercept specifics error codes 86c81a621 Merge pull request #407 from syrk4web/dev e6cb5b0b0 Made the UI independent + update job download plugins 0ce5f216d handle password inp 44ce5381c Fix CVEs 12b4cfa22 Merge pull request #406 from syrk4web/dev d7ee3ad66 fix file manager dropdown efbcfd0e2 Beginning of automation testing for linux packages 50b83790a Merge pull request #405 from syrk4web/dev bf1d19f33 remove prefix multiple input 4d49f2f4b Improving and correcting problems on packages f5d87849a Fix errors in the UI when a service have multiple domains d6d1dd1ce Merge pull request #403 from syrk4web/dev 0f5a73430 add condition for services a5256dd80 Fix IPv4/Ipv6 CIDR regex 591a20cd8 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev c56fccbf2 Adjustements to upgrade a3a5c1c74 Add ui tests requirements to the updated python deps b1c99e408 Add tests for the UI 65f2bf09b Remove the idea to store logs inside the database 7beb400b4 Fix stop gathering all the logs every time with the auto update ab163ce13 Fix services settings saves and plugins deletion 6932f3ded Add a new script to update python deps and update python deps d14372075 Fix tar error when sending /etc/nginx to BW 9edf789ab Update python deps 4b3b9b326 Merge pull request #397 from syrk4web/dev 557db479c refactorise logs script 13f1dadf5 Merge pull request #396 from syrk4web/dev adf96cadc remove useless files d2a634e7f plugins + global_config fix 1aaac2dcf Add regex for settings.json 871807b80 Add small fixes and tweaks 4c5172eda Correction of problems 331d58324 Fixing details e9c1b0cf8 Adjusting some details c220e5997 Linux UI fix 13fbbfb67 Update job database while locking the threads ea4ceae7b Fix isPage logic in menu (UI) 8ee0ec88f Remove test files in UI d81c52654 Lint ui files and change .prettierignore file 5cc80d2ba Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev a6295248c Merge pull request #394 from syrk4web/dev 38b59954a Lint yml files 146338de6 Refactor every .py file fcd8d8746 open another tab for doc 051192791 change style 9c80cdb32 add plugin page logic to menu 7689dac76 Filter CVEs fixes in Dockerfiles 0c8dfaaab Update bw and autoconf Dockerfiles for let's encrypt c5d3e77c1 Fix letsencrypt permission error and optimize the ownership commands in scheduler 8304116fd Send more variables to the home page front 4379e21ea Show dirs of every services even if they don't have a custom config 148d9d2d4 Remove user override in the job scheduler when executing jobs c6498eda7 Add new php-cookie-flags example f97e056ff Update jobs 13fe4b6ee Edit core plugins regex + make COOKIE_FLAGS multiple + edit DB model accordingly 2b2eadf44 Merge pull request #392 from syrk4web/dev 342fe956f change data creating new service bb7ca889c enhance darkmode + fix + factorisation cdc3cfc81 add toggle multiples + style 191c88238 Merge pull request #388 from syrk4web/dev dbe49bb8f Update intro image 7bdc46057 Change how the edit works in the config (UI) 364ef13b5 Fix error by calling a method on the wrong variable 1142ace55 Fix rare error with the jobs return code 477e87a2f news script + multiples groups a04f983a0 Merge pull request #385 from syrk4web/dev e5574fbdc change flash messages style b1ca47253 Small tweaks and handle services variables better 98bda4d1e Remove unused line in Templator 0b1be727f Optimized the storage in the Database 47526dc8a Merge pull request #384 from syrk4web/dev 00d3073b0 get custom method and check disabled state 02d10f619 Fix datepicker.js not being found because of the caps da634af4a Accelerate send_files method be0ee60cd handle stop signals with the web-ui 064f9eef9 Remove lines that will never be use in save_config ec15a4e88 Handle stop signals from Docker in the scheduler c49f50da2 Move BunkerWeb entrypoint to the correct dir 48bbb5e39 Merge pull request #382 from syrk4web/dev b944de9e8 change service multiple script 07ab3deb0 Remove unused lines in selfsigned job a4e863f09 Update authentik and migrate the example to the 1.5 eeb810546 Migrate authelia example to the 1.5 e2b2505d8 Fix saving config for multiple settings a0c2db7a0 Fix how the config is get from the database 4595295bd fix tab focus style + dark mode style 0bd6d5655 add flash script to login + enhance style 6f5aab11d fix footer padding 37380b977 fix get multiple settings only 3f6432f4b Merge pull request #381 from TheophileDiot/dev ff84656cd Update examples + add static versions 0e29d9f1f enhance and fix c195ffc86 Fix autoconf not working properly with the shared volume 291d64e29 Update community example + linting 4346322f7 fix services settings on modal open f2daf7368 Merge pull request #380 from TheophileDiot/dev ba9c16a5d Merge branch 'dev' into dev 0db1550f2 Changed the way jobs' cache files are downloaded fa54ebd49 Made a few tweaks + change the plugins for the services modals 0290f509e add plugin_name (change values) 77931b623 add plugin_name 6560ca086 test 0d0f1aa95 Merge pull request #378 from TheophileDiot/dev 03e98985e Migrate more examples and lint 016a8cd6d changes 5263be27d Change the way jobs are downloaded + folder created in configs 7813b51db Merge pull request #377 from TheophileDiot/dev c4bd535ac Add autogen back for docker and the autoconf 243c4ca78 Merge pull request #376 from TheophileDiot/dev e9687a5b1 Remove unnecessary comments 8537eea89 Merge pull request #375 from TheophileDiot/dev 3c9574dae Linux: Updating nginx to 1.22 9f84e02d8 refactoring services modal logic b105896b2 add rename form ff83b342d fix issues 8e31672ac Merge pull request #374 from TheophileDiot/dev b3d80d7a6 Generate requirements with python3.9 + use new resolver 6bbbe70ee Merge pull request #373 from TheophileDiot/dev e33bad4b9 Fix comments + updated passbolt to support the 1.5 37f21c5d4 Temporarily comment the post fetching 343d9d09e Show plugin pages even if there are none 0a4f0eb57 Fix error with jobs wrapper 1d4998356 Fix darkmode + Add new variables to pass to the front 547021e7b Fix job fetching for never ran jobs 0954e82f4 Fixes some bugs in the UI related to the plugins 3c5f6002d filter script + manage files + fix css + enhance e988aacf3 Merge pull request #371 from TheophileDiot/dev cce181a29 Update customcert job 9ba06b64d Update README 7f2eadacc Update python version for the scheduler and requirements 8d6c3d0b8 Fix db get_config cc748a048 enhance responsive + add loader 3bafe137d refactorisation e9dfb59f3 handle settings type multiple (fetch, add, remove) on services 8e5dda520 Changed the way the config is get from db 368122181 start multiple add and delete logic fee59a51e separate multiple from others inputs 50ba22914 upload plugins + jobs template + global enhance 94b0e6a0d Changes on the flashed messages 2e0a733cd Merge pull request #370 from TheophileDiot/dev 103e4a0ae Update modsec CRS to v3.3.4 f0f9d7dcf Merge pull request #369 from TheophileDiot/dev 4dabe6dae Advancements in the examples migration to 1.5 115bfbdc1 Merge pull request #368 from TheophileDiot/dev 81ad9e9ac Update examples and add docker-proxy 82ab6c7c4 Revert "Remove unsafe deps in the requirements and install setuptools manually" b578823a1 Remove unsafe deps in the requirements and install setuptools manually 7fb61b5ef No longer dump the jobs to the front 37ece3de1 Merge pull request #367 from TheophileDiot/dev 719d779e0 Start updating the examples to the 1.5 2889b2638 Merge pull request #366 from TheophileDiot/dev 3c3bb7f20 Fix the way we fetch the config from the database (with suffixes) f0d0dac91 Add the variables back instead of the "_" so it doesn't create an error 62ab9944c Fix scheduler errors with sqlite in autoconf 739190051 Make the bunkernet not run in a thread to avoid errors 840ef8cf8 Fix typo in selfsigned job 5a95e6703 Edit the way the UI updates the config 34b5aba1c Merge pull request #364 from TheophileDiot/dev b7f60dbdc Update deps and requirements a0634b573 Merge pull request #363 from TheophileDiot/dev c0efdf9c0 Replace /usr/sbin/nginx with nginx db35e575e Rename variables so they make more sens b22cc44d8 Change the way jobs are sent from the database 4e96e57e0 Make certbot compatible with 1.5 aaeda5300 Change the jobs logic + add support for arm 657722922 enhance templates 844b06e28 Fix how the jobs are sent to the front 3a0727b5c login template done 0f5756cfb enhance logs + prepare jinja variables 08e7c2104 plugins done + add name to settings 6b5d6e07e Revert changes on the check_settings function 3ccc12d78 add dropdown + responsive 3ed3fbe99 Autotonf now update the instances too e56f96d04 Update database model + Save instances to database + add the option to add logs into the database c87c3637d start plugins template 3a5d14952 Made few tweaks with the home page + remove useless functions 55e76b280 Fix path for dropzone's scripts 64d261acc Change the way logs are parsed f13455d11 send timestamp with ms 7aac0c352 fix ms fb2e41c11 logs params 2967ed98c fix fetch 4f9b2120e test f1e614fae change ternary operator for fetch fa5719db7 fetch logs + liveUpdate filter 2a2f2f1e9 Fix scheduler error 208716722 Merge pull request #361 from TheophileDiot/dev fa98003f2 Thread the jobs run_once 89e8839bb Optimize the regex for the core lists 51c5836ae change logs script/template + continue jobs f61b4428b Merge pull request #360 from TheophileDiot/1.5 a96771881 Change the logs date format + start editing the logs endpoint d30adf670 Changing rhel bf19cfe3d Migrating Linux to 1.5. Still some details to adjust to be perfect 0cd6ed1af When downloading new plugins, update the database properly + update job every time now 8f75af3d6 edit the .dockerignore 4f4beeef9 Create the database variable even when passing the variables, just in case 7347fe9bc update jobs only once b509ce16e Copy the files after installing the requirements 64601ebf5 Remove useless warnings c9238f993 Merge custom configs generation to avoid repetition 192c6755c Update db for the jobs that are ran only once c14765c6c Change the way jobs are sent and how we update external plugins 888bedd51 Change how jobs are send from the database babb1c72c Revert "indentation" 44c74f9be Revert "indentation" 984b6c5f0 ci/cd - speedup codeql by ignoring some folders not containing python files 355c947a4 start jobs template + enhance menu 272de0b8b ci/cd - fix codeql config path d9fc713c4 ci/cd - move codeql config to file c2503d63d ci/cd - add codeql b098478bd enhance service + darkmode script fa1739439 ci/cd - init work on dependabot 82df3f17f ci/cd - init work f02adf300 indentation c1031cb2c indentation e8581ecb4 enhance news/menu/base + logs scripts eb99d00da Revert "enhance news, menu + end logs scripts" a7d3d0452 enhance news, menu + end logs scripts c7556a39a Merge pull request #358 from TheophileDiot/1.5 e02e9c9ec Edit how plugins work with the UI f1d7add73 Merge pull request #357 from TheophileDiot/1.5 1252d1651 Add the jobs feature and add the link when using sqlite 2154c7f54 Update database default DATABASE_URI 7957f63b8 Merge pull request #356 from TheophileDiot/1.5 73668b476 Optimize plugin gathering b3cfc1f01 Remove unnecessary lines and add plugins_errors endpoint b57e50db2 Send needed settings with the services in ui a0e66ab30 Change Database default path for the sqlite file fdd393826 add ui work in progress 6b9a6a7e3 Merge branch '1.5' of https://github.com/TheophileDiot/bunkerweb into 1.5 277e37bce Revert "add ui" 05d4b77bb Merge branch '1.5' of https://github.com/TheophileDiot/bunkerweb into 1.5 e7e43e64d Add dark_mode to ui d40a93cb7 Revert "add ui" d102f027f add ui b70d97671 add ui 7db7aee7c Merge pull request #355 from TheophileDiot/1.5 70844ca60 Fix database with autoconf 1a7d8978b Merge pull request #353 from TheophileDiot/1.5 93c74154a fix fedora python deps bug f2eabc0df fix centos python dep bug d199f124b remove exits in ingress controller 3ec15eb4b Update the docs from dev 5a8f81256 Merge branch 'dev' (softly) d214352b7 Merge pull request #352 from TheophileDiot/1.5 891757dab Add support for arm + change scheduler python version 8dd377562 Merge pull request #351 from TheophileDiot/1.5 630cf8b88 Change the way services are sent to the UI b0c09b4de Merge pull request #350 from TheophileDiot/1.5 fa655e6f0 Remove no longer used install.sh and uninstall.sh c8fbcbeae Merge pull request #349 from TheophileDiot/1.5 32101c3dc Move UI deps, Make the DB compatible with PostgreSQL, MySQL and Oracle 035eed8f6 ui - add custom PYTHONPATH in Dockerfile 2a3e24bd2 Merge pull request #348 from TheophileDiot/1.5 3984c4b0d Separate deps and change prettierignore file and pyproject 47afdc88e Merge pull request #347 from TheophileDiot/1.5 01bb6f5e6 Stop converting the files content to base64 when sending them to front c35874797 Return dumps of settings instead of the dict a8f27ccb1 Merge pull request #346 from TheophileDiot/1.5 edce79936 Update the structure and the paths 04578aab3 Changing path Linux folder 5ae714fc7 Merge pull request #344 from TheophileDiot/1.5 f65a4cdd6 SMall tweaks on the UI + edit the ConfigFiles edits 06aa73fcf Merge pull request #343 from TheophileDiot/1.5 0811aad7f Edit scheduler and change DB 858f6e00f Change python version b279d0240 Fix BunkerWeb gen on start ef7fa5b4f Merge pull request #342 from TheophileDiot/1.5 11bcd9824 Merge branch '1.5' into 1.5 bacef768c Add integration manually in bunkerweb 5ec179aff The UI get the custom configs from the database 0e6a5f3f9 Merge pull request #341 from TheophileDiot/1.5 eec00ba2b Update the Database and make it easier to gen 479b556fb Merge pull request #340 from TheophileDiot/1.5 375776e7d Fix UI path_to_dict with the cache files df62fd410 Merge pull request #339 from TheophileDiot/1.5 1f58d0c51 Edit dockerfiles 6c07f9967 Merge pull request #338 from TheophileDiot/1.5 069b45f37 Add some tweaks 850530cd0 Merge pull request #337 from TheophileDiot/1.5 01b414552 Make the Database support every feature + updates a12d013fc Merge pull request #334 from TheophileDiot/1.5 5f8353c11 Adapt everything so that the UI can work with every integration (some more tests are needed) fe8962592 Merge pull request #333 from TheophileDiot/1.5 66fb266f8 Centralize Database and optimize requests 7a03ed33f Update pip in Dockerfiles every time b09c05d3b Update BunkerWeb deps 9c02d5f9e Merge pull request #330 from TheophileDiot/1.5 7d743e198 Update the database and the core plugins accordingly ce6f01cf0 Merge pull request #329 from TheophileDiot/1.5 9140dc324 Optimize Database connection and ApiCaller 81307c82c Merge pull request #328 from TheophileDiot/1.5 0edef7c52 Use Python 3.11 where we can fe774e000 temp nginx is dead, long live to the IS_LOADING setting 0bf402fd7 Merge pull request #327 from TheophileDiot/1.5 48242b9a3 Get all config with generator 0b73ea856 Merge pull request #326 from TheophileDiot/1.5 09378458d db.get_config() get entire config and doesn't filter anymore 100849023 Merge pull request #325 from TheophileDiot/1.5 8b54762fc Fix db init with autoconf cfaeb1013 Merge pull request #324 from TheophileDiot/1.5 7e53bfe55 Fix gen for Docker integration 54530d535 Merge pull request #323 from TheophileDiot/1.5 79eea0e99 Linting + starting to migrate bunkerweb to the 1.5 316b84ad3 Merge pull request #318 from TheophileDiot/Feature-specific-order-for-plugins ba56c9f55 Merge pull request #317 from TheophileDiot/Fix-scheduler-error-reload-nginx-linux a8f79e58f Merge pull request #303 from TheophileDiot/Fix-custom-conf-disappearing b2a7e053b Merge pull request #314 from TheophileDiot/Feature-blacklist-ignore 96e656273 fix indent 01cecf14e Merge pull request #313 from TheophileDiot/Feature-max-client-size-edit-modsec 873ccad9b Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS (#292) 97bf473e1 deps - add update checker for deps (#293) 5af2fb778 Complex example using autoconf (#271) bd4c94e83 Add specific order for core plugins and check them a96a8a8c2 Fix incorrect message while reloading nginx + more details on error 446ff93a4 Add ignore blacklist feature 5fdcc9e58 add g/G to the available file measurement units d207aa4bf Variable MAX_CLIENT_SIZE change the SecRequestBodyLimit value 57ad9d7ee Fix old custom configs where never deleted 7860aeab9 Merge pull request #312 from TheophileDiot/dev cac220023 Fix small typo in autoconf integration 5d9dc88cc Merge pull request #307 from TheophileDiot/Restrict-access-IP-NET 40863f28a Merge branch 'dev' into Restrict-access-IP-NET 67d514b53 Merge branch 'master' into dev 51e96416d Merge pull request #304 from TheophileDiot/Fix-Endless-loading-after-update-service ace1dfca2 Merge pull request #308 from TheophileDiot/Fix-doc b9e5badd9 Fix last typos a9865f850 Fix typo in plugins.md e3d0120a0 Fix minor typos in the doc 9214bb939 Merge pull request #309 from TheophileDiot/Fix-flask-dev 80c1b225b Replace flask development server with gunicorn de0954fac Fix typos in the docs 27b4ff330 Add the greylisting feature 06f65ffe2 Change the exposed port to 7000 b0a887a15 Fix errors and warnings when editing a service 803ff8cb5 Fix CUSTOM_CONF_SERVER_HTTP disappearing after 60 minutes (autoconf) 94ce249d7 [#290] Fix typos in docs 478e98018 ci/cd - temp disable k8s test 8f44e108b ci/cd - add docker system prune 72caf907a ci/cd - temp disable swarm tests 01acb1cf3 ci/cd - temp disable nextcloud/swarm fc3c7892d ci/cd - add missing prepare for prod tests 2a04a5642 ci/cd - update ruby version for CentOS builder 6afdb298f lua - fix pcall for asn/country mmdb lookup 04019a617 tests - fix nextcloud/swarm 34649bf33 docs - add Ansible to README 469a5343e ci/cd - remove old linux packages before building 4244399eb road to v1.4.3 🚀 66029a316 tests - edit prod workflow d0c245ba8 tests - fix bug when testing if a swarm stack is healthy 5633d5ff5 tests - remove mongo-express/swarm 61d57b4eb tests - fix mongo-express/swarm 76f035e21 fix wrong DENY_HTTP_STATUS setting in docs, fix autoconf ghost/prestashop tests and some UI warns/errors b35dbdffc tests - fix ghost/docker 7e226301d tests - fix prestashop/docker 8f273a929 ci/cd - fix missing comment chars 45f4e06ac road to v1.4.3 7fe58ddd5 tests - disable systemd start limit 561e64a89 tests - road to debian 29933fdeb tests - add unzip package to linux container 7915da6df docker - fix CVE-2022-3209 d8f6c2756 tests - fix configs perms for linux cb56e7d04 tests - add chown for custom linux configs e84734314 tests - fix linux/drupal (again) 4caae414d tests - fix linux/drupal 8a23b96bf tests - disable linux/moodle a4fd701d5 tests - temp disable linux/proxy-protocol 39ed524f0 tests - add missing variables.env for moodle/linux d0e3f3ae2 tests - call cleanup-linux.sh b0fa57b05 tests - replace restart with stop+start for linux tests ec1136085 tests - print logs when setup_test fails 3be348ebe tests - add haproxy cleanup for linux tests 884ca0f6d tests - add missing variables.env files for linux e4321629f tests - road to linux tests 🚀 c277a33e9 tests - add missing which command for fedora 512c60c51 tests - add some debug info when linux/setup fail e64cc29a8 tests - create /run/php folder for rpm linux distros 42d29743b linux - fix 755 perm on /opt/bunkerweb 505d5c2ae tests - fix behind-reverse-proxy/linux 70992a0b5 tests - fix haproxy logging again 7e5465c59 tests - fix haproxy logging again f5606b693 tests - fix haproxy directive 265742cd9 tests - haproxy add logs 0580662cc linux - copy current variables.env to make temp one 8e15e2a40 linux - set /opt/bunkerweb permissions to 755 17801caeb temp disable arm 552588adf temp disable arm 5849c66e6 tests - fix www.conf 052dc2346 tests - increase php logs verbosity for linux tests 331c7e954 tests - add debug log file for PHP f71ad0f65 php - fix fastcgi_params path 34c648830 trying to fix PHP bug in Linux 5c99a4b0e refactor linux/start.sh and fix tests/cors www copy eb6f0d673 tests - fix purging wrong folder for linux tests 6ea38b1f7 bunkernet - fix wrong import in register job b5c07dda0 tests - add cleanup for linux tests 17b6b0fdc tests - fix PHP www.conf for Linux 512ed7200 tests - add cors/linux d8071e4c4 tests - install php-fpm 790fa37ae tests - fix behind-reverse-proxy/linux 6005a8f73 tests - fix behind-reverse-proxy/linux again and again 09f56a1c6 tests - fix behind-reverse-proxy/linux again 0c4d2edf1 tests - fix behind-reverse-proxy/linux d53c54d4b tests - add behind-reverse-proxy/linux 093d426bc better management of registration with BunkerNet and fix syntax error in LinuxTest 3762c3874 tests - copy variables.env for Linux tests 55525abf1 tests - fix mattermost/k8s 23f8ec957 UI - fix container CVEs a38ca5138 docker - dont generate config if already present e92938f00 autoconf - fix container CVEs c2ad79a79 Docker - fix CVE-2022-37434 8eefb4bf5 examples - fix mattermost/k8s 6d1ef606f examples - fix nextcloud/k8s 95c4ce723 enable bad behavior on default server and various k8s fixes e295b020e tests - increase redmine timeout and add pvc cleanups 1e499db50 examples - fix gogs/k8s a64276136 disable bad behavior if client is whitelisted and fix redmine/reverse-proxy-multisite examples 115d517c7 tests - add delays 7c1474cd8 examples - fix moodle/k8s port number 305870cc2 examples - edit moodle/k8s port number 3df0f8505 tests - add delay to moodle 897528b73 tests - fix magento/k8s again 4f4c446f7 examples - fix magento/k8s again 69848dccc examples - fix magento/k8s 0516f0a83 tests - assign bunkerweb-controller to srv1 41524a9e3 tests - force pv 0d44b098f tests - fix prestashop URL 0e315dc5f tests - edit prestashopHost value 5741391de tests - change k8s service type of prestashop to clusterip 6adff9ceb tests - increase timeout and remove pvc for prestashop/k8s 97a2caf06 tests - fix Kubernetes missing variable assign 865f4f1b5 tests - fix prestashop/kubernetes e8305b0b6 tests - fix missing prestashop/kubernetes.yml 840b875f7 docs - edit plugins page 978bbe9ca examples - fix missing configs subfolder in nextcloud/bw-data 502c9f2fe examples - fix radarr/swarm 1c4f8bf55 tests - automatic volumes prune for swarm tests b6e2ad22a tests - fix joomla/swarm 216686fc8 tests - add delay parameter d648b1fbe tests - increase magento timeout d3b725294 tests - wait until swarm services are running a48200bc0 examples - fix reverse-proxy-singlesite/swarm b429dd804 tests - increase timeout for swarm healthy check 0440c61d0 examples - fix gogs/swarm ae36b9899 docs - quick edit on PHP 9a83fadd8 examples - fix gogs/setup.swarm.sh permissions 09141f204 examples - fix magento/swarm edf5421bf examples - fix permissions for magento/setup-swarm.sh c67564c7c tests - increase timeout when doing requests b07637009 examples - fix mongo-express/swarm ec35b0a54 examples - fix mattermost/autoconf 95e3022eb examples - fix autoconf/reverse-proxy-singlesite d63538fd5 examples - fix wordpress custom conf variable name for docker/autoconf e01b24072 tests - ignore error when replacing patterns in files (binary files) 217924fe4 examples - fix reverse-proxy-singlesite regex bb6d02e0f examples - escape dollars in reverse-proxy-singlesite compose files 5c42fb58d tests - fix reverse-proxy-singlesite 2f8c5a1e9 examples - fix host for reverse-proxy-multisite af866e825 edit docs/integrations for ansible and fix examples/mongo-express compose file e90d4cc7e tests - fix json for reverse-proxy-multisite 70ac3c01b tests - fix missing arg no_copy_container 07a962466 tests - inline configs for docker/autoconf 87c57c67c tests - refactoring on the road, still needs some work 8fb03a317 tests - on the road of refactoring dc8570ca8 tests - add status type 151378570 tests - refactor mattermost example 4e7d795ea tests - support custom cleanup-kubernetes.sh script and refactor some k8s tests with helm charts cc9d228ab update compose version to 3.3 for swarm examples so config directive is supported 181957147 remove trailing space in DockerController and add missing bunkerweb prefix for autoconf-configs example 324feb593 autoconf - fix missing configs update for DockerController 22398d567 cors - fix typos in autoconf.yml 5119c8da7 gogs - missing setting for autoconf 0fca93e3e tests - sleep 30s between autoconf tests 17e14f4d5 tests - fix wildcard with sudo 3a46d318e tests - remove only content of subfolders 4eff0c3f9 tests - fix behind reverse proxy url bf58a17b8 gogs - add setup-docker 08d8bc880 tests - remove whole subfolders in bw-data b38f7c54e tests - add kubernetes-configs and fix missing s in urls 06f7fb096 tests - fix docker-configs (again) b7101eb47 tests - fix docker-configs a08b51bd0 tests - fix gogs expected string b2bcfb8c7 tests - fix hardened expected string d3014b42f examples - refactoring in progress 7eae49719 tests - prevent default rate limit be21b3933 tests - fix sudo cp again 7bb881aa3 tests - fix rename a607bd67c tests - replace python cp with sudo cp 6d06a32cc tests - list example_data as root c5526ef2f Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 75b2ae868 tests - fix example_data path for docker 72965e230 Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 201e2cf0f Correction logs Linux 203397444 tests - init cors and fix example_data path for autoconf d8c8ceab3 tests - fix LinuxTest setup and init work on integrating examples with the new test system c02d888b3 examples - rename setup scripts for drupal 9a9f9ebf3 examples - fix linux-setup.sh for drupal 6e381ee02 tests - disable copying bw-data files for k8s and swarm tests 0ee09d47d tests - force removing directories with AutoconfTest da2f6cb4f tests - force removing directories with DockerTest d1d2e51a3 cleanup tests directory and init tests refactoring for drupal c14b08faa examples - edit authelia configuration.yml file for Linux integration 80fee58e4 bunkernet - add default api server in jobs 37690a7a4 configs - enable default server if TEMP_NGINX is set b3fdd109a linux - fix wrong variables.env path when running jobs once 193449512 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev f5ede7897 examples - fix authelia variables.env 767a7ab31 Adjustements doc Ansible/Linux 81b370366 wait until Linux test container is initialized and fix variables.env for authelia 44fbf0315 authelia - extract tarball to tmp 02db54ce0 examples - follow redirect when downloading authelia for linux 14d61854e add sudo to linux dependencies and curl to linux test images 6f35561fa tests - fix cp and end_fun for LinuxTest 2505bc015 tests - add linux to authelia kinds b1df38374 tests - temp enable docker 410212b15 tests - run docker cp in a shell f2ac7bca7 tests - fix typo in LinuxTest a0948923e tests - copy local files for Linux tests 458ebe07f tests - dynamically find deb/rpm name 2205043e7 tests - fix LinuxTest.docker_exec() d370f1b05 tests - add missing chmod import to LinuxTest bf6dd93aa tests - replace rmdir with rmtree for LinuxTest 773517311 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 850a8057c ignore CVE-2022-30065 until we have a fix e6271ccd6 Final proofreading FPM f0ddb8328 docker - fix CVE-2022-30065 for autoconf f260bcf23 Small adjustements fa319ec10 tests - fix argv len check 029406453 tests - fix typo in LinuxTest f47ab0adc tests - integrated LinuxTest eca010231 FPM Linux/Ansible Doc 4d61e96e4 tests - LinuxTest on the road c9c730346 tests - fix linux.sh 58a82ddcd tests - copy Linux packages to local directory 8062d043c tests - fix Linux dockerfile path 0a09f8a75 fix CVE-2022-29458 bb425bc36 tests - init work on Linux tests aa729daeb examples - remove double $ from kubernetes authelia 7edd55544 fix k8s example for authelia and ignore error code when doing debug_fail for k8s tests 0fd77a809 examples - fix typo in kubernetes authelia 720f36f47 tests - init kubernetes refactoring ea98b453d tests - use unique domains for swarm tests 4bd0129e4 tests - also edit root domain 6e47b2991 tests - add sleep in the end of SwarmTest.init() abc500a4d tests - fix domains for SwarmTest 378047794 examples - fix authelia swarm compose version 4a5e50005 fix typo in SwarmTest and fix authelia swarm example 3b73c50c3 tests - ignore docker stack ps return code ba6fddb56 tests - init swarm refactoring 9ecd2bd98 examples - add missing network aliases to authelia autoconf 7bbf77b7a fix authelia autoconf example and debug fail before cleaning tests f02fe1ed9 tests - remove only subdirectory on new tests and add cleanup when test failed 0383cadd6 tests - fix compose filename for autoconf tests aeba0ba72 tests - add missing AutoconfTest object 67608a463 tests - add missing decode 8b3b1291c tests - from replace/rename functions to class method 1c5c81d2c tests - add missing import fa2d52d80 tests - remove useless log and return boolean from Test.end 68bf5ef85 tests - remove wrong cleanup call 424b37bec tests - change permissions as root 2780ee190 tests - add debug_fail function 07b0bb38d docker - fix CVE-2022-29187 for ui and autoconf b47c2696e docker - fix CVE-2022-29187 fdb8ca3ca tests - replace internal _log with logger.log eb59a9377 tests - init refactoring for autoconf 2e0542dbb tests - ignore case when performing test 0a996bf12 tests - replace match with search 48a6ba632 tests - fix rm command 991ddb9eb tests - remove file as root 1e1d7d7f1 tests - replace variable typo in get request ebc94f515 tests - add missing char when replacing Docker volumes e4f6017d6 tests - replace example domains with test domains dfc5f2e79 tests - export runner env c07f85a42 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev ab57be657 tests - fix missing copytree import and self parameter 5f79aea4b fpm single/multiple docker&autoconf cc760a646 tests - fix datetime import again db2c35cb3 tests - fix datetime import 28f1b4f73 tests - rename variable e1183a0d4 fix tests.json for authelia and exit when test exception occurs 16573a397 tests - do not run as root de8cee491 tests - add missing imports 56afbd457 tests - run as root 590ad46cd tests - fix missing chmod import and Test.init log call 8d580bc16 tests - fix missing Test import a91fc7307 tests - fix indent and isfile import 773a37d45 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev b64af8526 tests - DockerTest on the road 0d3e1e2a1 Update the plugins docs 85217b57c Fix a typo in the plugin page in the docs ba75154d0 Add url_for function to custom plugins templates c055ec7ec Fix duplication in plugins 2c4efe9d0 Add Plugin Pages feature 795dfc077 Add static map files 8b4b3f3b0 ansible docs 2e4758e94 tests - DockerTest improvement c155227ec tests - init work on refactoring dde185141 tests - increase timeout for magento e62523d1d lua - use pcall with mmdb functions 658ab7504 docs - add ansible diagram 8d6397a6b Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev f5c86cc4e examples - add cors example 8760110fb Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev cc4f0b26a Quickstart Ansible and integration 7b769361a cors - init work on core plugin for CORS 97e607110 linux - rename bunkerweb-ui.env to ui.env c3ee7929b docs - change target of the web UI demo link to blank 969a1e5d7 Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev 5bf59c85d docs - replace web UI gif with YT video 430f665cd Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev 5be21f9bf Adding www folder afdd4de5a fix regex checks with *_CUSTOM_CONF_* setting, add doc about DENY_STATUS_CODE 5586b3733 misc - add DENY_HTTP_STATUS setting (403 or 444) 90e58f261 fix ui.env path for Linux integration and add docs for autoconf with rootless docker a00607af2 docs - add instructions for podman e880b7d59 docs - add infos about Docker in rootless mode fc925ccb1 edit docs typo for UI and variable typo in autoconf 571422131 ui - fix CVE-2022-2097 287e763e0 autoconf - fix CVE-2022-2097 89f81140a container - fix CVE-2022-2097 (again) a5c98f709 container - fix CVE-2022-2097 429214727 tests - fix data folder permissions (again) 6b1c5a93e tests - fix data folder permissions fb85d1d2d autoconf - fix typo in variable fdcbc8d36 custom conf - fix wrong path with multisite configs b2bb93bcf examples - fix docker-configs again 2b59086f6 examples - fix docker-configs e09d4901e containers - fix regex for *^CUSTOM_CONF_* 3594618e4 examples - fix typo in docker-configs (again) e44311281 examples - fix typo in docker-configs 738e3b6e1 containers - use python hack to get env var values from string 5ac80a135 containers - replace compgen command with a python hack because compgen -e do not display var with dots 8f258486e fix multiple CVE with curl/libcurl and add autoconf/docker CUSTOM_CONF configs examples 2dc18a794 autoconf - support both configs from files and autoconf e0a700506 autoconf - init support of custom variables using labels 385b7c413 docs - add docs for custom config using labels e25babe3d custom conf - docker a5457a164 custom conf - init setting support 0a1e8be71 examples - add missing setup.sh for mattermost 70c60f2a9 tests - add mattermost and radarr f2dfb0172 examples - edit mattermost and add radarr 1a8eef2c8 fix autoconf import for IngressController and init work on mattermost example cb106a112 autoconf - fix indent in IngressController 492648eeb autoconf - fix 410 exceptions (k8s) 1425ad0b4 docs - update settings list f7290b2c7 v1.4.2 release c0a8a356c linux - include bwcli in /usr/local/bin 40007b086 add slack to official plugins and init work on EXTERNAL_PLUGIN_URLS setting 6478512e4 scheduler - only send /data folder if apis are present 7aa6852d3 autoconf - fix missing scheduler in autoconf mode and missing apis list 7bba81b16 autoconf - fix wrong variable name for environment 5cb61380d autoconf - add missing call to ConfigCaller constructor b2758cea7 autoconf - init work on _get_static_services method a18d77aee autoconf - init work on static server configs as env var 4a699ef6c fix missing local Linux images import in ci/cd, and fix bug related to jobs in Linux integration 5690a58ab fix IFS checking permissions e55928a37 fix bwcli commands when using Linux integration 0f2388b1f fix permissions check when file has space in the name 2b43a9cbf Merge branch 'dev' of https://github.com/bunkerity/bunkerized-nginx into dev 5ecf39ee0 Fix web-ui example with X-Script-Name ad091493c examples - add various certbot-dns examples a65606c36 examples - add certbot-dns-ovh cd0d70b8f cache dev Linux images in ci/cd and disable site config generation for autoconf/swarm/k8s e21a35017 plugins - support log_default() hook, same as log() but for default server c563731e8 autoconf - fix overwrite configs file when using Docker autoconf 3c417d2ff linux - fix fedora NGINX version in Dockerfile, fix missing arg when building DEB/RPM and force NGINX version DEB deps 970082f92 linux - force NGINX version in RPM deps 4a2504c3b reflect ci/cd changes to dev fd0c7b1e5 ci/cd - add automatic build for Linux images 1e6d62ce7 fix packagecloud yank name 1a4e21481 docs - edit supported architectures for prebuilt Docker images bcaca6f03 v1.4.1 release 424214fd5 add changelog and add missing s in authentik url 82b42d5b9 Merge pull request #259 from Brawdunoir/master db4e2cf26 update linux docs, minor fix in ingress example and update default value for bunkernet job 0ef82619b temp disable automatic tests for authentik and test automatic arm build on dedicated hardware f2655e331 remove arm build again, fix proxy_*_timeout directives and add authelia example d51ae1c1b Remove USE_ before authbasic plugin settings cd0438b8c support REVERSE_PROXY_*_TIMEOUT settings, remove useless push in CI/CD and try to build arm on GH runners f9a042526 add docs about compiling BW from source on Linux, add docs about packages pinning on Linux and fix regex for REVERSE_PROXY_AUTH_REQUEST and REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL 15ac64b05 let's encrypt - fix bug when AUTOCONF_MODE=yes e0f8895e9 init support for auth_request and add authentik example e85229835 don't send local IP to BunkerNet on default server, fix certbot new when MULTISITE=no and fix unknown reason in get_reason 972a284ef docker - drop support for prebuilt arm images 5258d8e58 docs - edit linux install procedure acb4bea97 reflect CI/CD changes for master pushes 42067e864 GHA - temp disable armv7 build until we have a fix for cryptography dependency 217bddabf GHA - different caches for armv7 and armv8 images c5fba1367 fix GHA typos 1b21f9eac fix UI tag in GHA jobs 389e05094 fix links in docs and change cache location for GHA jobs 05a89c303 fix registry URL in GHA jobs a0ed8a27e add debug flag to GHA buildx steps d0ac5e305 update GHA actions version b16f8f11a update GHA actions version a23ed06e6 fix typo in GHA jobs 6b9be078b refactoring of GHA jobs 8e198ed82 linux - fix documentation link in systemd unit files c3b527afe actions - fix RPMs path 972e5471d actions - fix linux deb/rpm generation b246c6d7e fix wrong branch name in actions and image name for linux tests b78fd5542 fix freetype CVE 945241339 actions - rename main branch to master 1af2264fa temp stop push to private repo 6f28708c1 docs - add missing setting a9f886804 bunkerweb 1.4.0 3a078326c Merge pull request #199 from Myzel394/patch-1 d43b82b75 remote API - only do action if 403 3850cacb9 prepare for v1.3.2 c00c7f46a lua - verify certs when doing HTTPS requests 163af4a49 prepare for v1.3.2 98e85eb99 docs - update security tuning sections : distributed blacklist and request limit 2e63bb025 docs - reflect kubernetes/swarm changes into the doc 6546a0edb disable country ban if IP is local, update default values of PERMISSIONS_POLICY and FEATURE_POLICY, upgrade archlinux packages before testing ab0038174 ui - fix ROOT_FOLDER bug in serve-files.conf 9f7097de0 request limit - fix some LUA code 24d6337a5 limit req - multiple url support bfb5319c1 limit req - add burst and delay parameters 4c77a1482 use annotations as env var in Ingress definition, fix cidr parsing for reserved ips, fix missing empty when job is external, fix ping check for remote api and init work hour/day support for request limit 4e45fa387 integrations - acme without shared folder when using k8s/swarm a9a26b82d fixed typo 00d91dcaa jobs - move certbot hooks to python 650ad7ea4 integrations - fix missing acme folder when using Swarm or Kubernetes 7045c0c2b jobs - fix encoding error on CentOS f0f432487 remote API - ban IP from distributed DB fdc02be05 remote API - basic send of bad IPs fb799765a jobs - fix str/bytes hell d53f02b5b api - client side (untested) 7b9722fac jobs - add remote API 31ed4ff83 centos - update ca-certificates in install script bc5f3ee88 fix CVEs and add init to Debian test image a6b21aae8 fix typo in settings.json, bump Debian to bullseyes, init support of Arch Linux 64aa9c253 init work remote API 5d94cc8f4 docs - init changes about storageless e7ee21cbb antibot - fix path for templates and data a0f8cbdac antibot - fix LUA typo in recaptcha mode 178d7a684 Merge pull request #182 from Nakinox/patch-2 ca81535bb swarm/k8s - less storage, more API 062fa3e78 integration - continue work on storageless config for k8s and swarm 95f2d2af9 Update docker-compose.yml e55dff812 api - init work on storageless configuration f0f1c79d4 v1.3.1 release 3d2f5e238 conf - add REVERSE_PROXY_KEEPALIVE b079c99fb Merge branch 'patch-15' of github.com:thelittlefireman/bunkerized-nginx into keepalive 2e403c6eb config - add CUSTOM_HEADER f75a05584 config - add REVERSE_PROXY_BUFFERING 148edf681 tests - add github token to trivy scanner a19d8aa04 Merge pull request #180 from vepito/vepito-patch-1 480cff86b Merge pull request #179 from thelittlefireman/patch-16 35df3423d missing blank line 29f4069de switch the use cases 72e438459 Fix typo related to non-HTTP configuration a4a264773 jobs - fix docker reload and only do cron jobs when necessary 892e53369 Missmatch in docs with modsec folder a05614160 deps - use ModSecurity v3.0.4 instead of v3.0.5 to avoid memory leak 0772a9ba8 docs - edit badge version 33e0ffd5b Merge branch 'master' into dev 4cb3e089e linux - git SHA1 commit in install.sh 8808f161c docs - dev to master links and VERSION upgrade 1c60ec980 tests - fix volume wait with linux tests b13ff3456 add REDIRECT_TO_REQUEST_URI variable and edit environment variables docs 58f2926e9 docs - various examples fixes 9de628f3e Missing proxy_set_header for keep alive 6cc1abc89 Allow keep alive connection when ws is off a824e1568 linux - rename cron fd52bb7c8 linux - fix cron jobs 0938b20eb UI - use sudo for Linux integration b948e08bd UI - use systemctl on Linux fde14d162 linux - fix unknown scheme error and do nginx reload as root in UI 8a4eb3f2a remove .site files (gen), uninstall remove folder at the end (linux) and run jobs when reloading local instances (UI) 2a0b84074 ui - fix bug when Docker is used but Swarm is disabled, add jobs from API /reload and fix docker-compose doc aec22d1a8 ui - edit docs and fix CSRF 028fc61b4 docs - add dns_resolvers and permissions to Linux a903960b4 docs - fix missing subfolder in Linux quickstart guide a28f06f08 linux - run temp nginx to solve let's encrypt challenges 6c8bc6b34 tests - fix Linux systemd bug when writing to /tmp folder 2b3b4a5c3 linux - systemd support 57e4247ea linux - systemd unit file f9d4e9089 docs - edit k8s php service port and append suffix to hosts 4f024ec56 docs - add DNS_RESOLVERS for k8s integration bc46fc3d4 append suffix to ingress hosts 0be1da18a remove old conf before generation, dynamic DNS for PHP and reverse proxy and swarm fixes in quickstart guide 3cedc0ae1 quickstart guide fixes f1d5c07cc autoconf - various kubernetes fixes c9a6b6c27 autoconf - fixed infinite lock b199464a7 various bug fixes related to Swarm integration 4a9d64d9d add favicon to web UI and fix some tech docs 31536a3fe linux - reload as root 7b47c7304 examples - minor fixes in architecture images 83e7ce9cd examples - polishing before next release 0ad5159a3 docs - add changelog for next version 6240d8e28 ui - read variables.env when Linux is used 2f80f64dd docs - last polish e98da9b63 docs polishing and fix install.sh gpg --verify d9f770696 docs - web UI 75f299978 docs - special folders ef34b2cec docs quickstart / multisite 9b9110214 docs - quickstart guide / php 9e2a8070e docs - quickstart guide / reverse proxy 733136ac1 docs - init quickstart fa172ce5a docs - linux integration f6a9184ae docs - k8s integration d37dc2b62 docs - swarm integration f7c115edf docs - add autoconf doc to Docker section dfbb09136 docs - init integrations/Docker 8e4a65fec fix global.env generation and add web UI gif to README 0573ba7b5 ui - centering things without breaking sticky navbar and menu bcd421de0 ui - various bug fixes more or less related to UI 2ec28c79c docs - fix README toc fec60a4b1 ui - minor styling fixes dd7d1a2c7 ui - fix example, subpath behind reverse proxy and add socket proxy rights for swarm 0c1883472 docs - edit kubernetes overview image and add configuration section on the readme 4e6eab794 docs - fix wrong swarm image b23135b66 docs - add docker and kubernetes images ace9be397 docs - add autoconf and swarm images 8958e5107 docs - add overview image b2cfc15c2 security - add security policy 94bef079a examples - add architecture images 50266c228 examples - add the last missing README.md stubs 22e2fe869 examples improvement - added some README.md stubs 55186bbef examples improvement - hardened, joomla, kubernetes, load-balancer and moodle d8286ced7 examples improvement - certbot cloudflare and wildcard, clamav, crowdsec, ghost and gogs 44de2253d examples improvement - traefik alternative, autoconf reverse proxy and basic website 6d73fbded examples - update authelia and autoconf-php b6809266a autoconf - let's encrypt support for ingress controller 4e178b474 autoconf - basic ingress controller support for kubernetes 021147f9d autoconf - fix wait and redis 5a26d06c8 autoconf - fix infinite lock and honor DOCKER_HOST env var bc01427de ignore CVE-2021-36159 and redirect job logs as root when using autoconf 652614f41 autoconf - use DNS for Swarm instances discovery 24d9cce82 autoconf - various bug fixes in Swarm mode f866ef632 autoconf - minor fixes, prepare Swarm testing 1a32e7c02 autoconf - various bug fixes with DockerController 7180378d0 autoconf - init Config refactoring 6e66571fb various cleaning f44e41ced jobs - lock and reload management 26db144df autoconf refactoring and fix CVE-2021-36159 a68ad53c3 autoconf - controller classes 01bba1d3f autoconf - init refactoring before k8s integration 059707443 k8s - init work on parsing ingress rules, helpers to setup on k8s, basic examples bc3c17a2f examples - init k8s example 556836b49 autoconf - init annotations parser for k8s 22612f175 minor edit on Linux tests and init work on k8s API 50c279617 jobs - improved log and reload management ef8969e2c certbot - add USE_LETS_ENCRYPT_STAGING=yes/no env var for using staging or production servers of let's encrypt 0dc2a5ec2 edit visibility of Job members and integration of a generic checker for nginx 9a207dfdc fix missing import in generator, expand networks to ips in jobs and init work on a generic checker with shared dict and redis support a60fbbb5b hotfix - fix CVE-2021-33560 a1b9010d9 pull v1.2.8 fixes when applicable 3178545c2 v1.2.8 release 36b8760d4 resolve bugs on the stable version 8bb6676f5 settings - fix PHP_* again 4234f82c0 settings - edit EMAIL_LETS_ENCRYPT regex b99fb27df fix missing parameter when calling reload in autoconf and edit REMOTE_PHP_PATH regex 876fcd181 conf - add WORKER_PROCESSES 26dc79615 jobs - fix line edit 280d18986 jobs - avoid reload when not necessary 5f845680f jobs - edit referrers and user-agents data and init work on autoconf integration d12369c90 jobs - various bugs fixed and old files removed 366e39f59 jobs - SelfSignedCert, runner and reloader 71741b2d3 jobs - cache management 2fca4cd01 jobs - logging and error management fccf14627 jobs - python stubs b3684efaf jobs - init work on refactoring 82548378a crowdsec - move as external plugin b926b0db6 examples - use example.com instead of website.com 6713f56ec linux - fix centos install 2b923c05c compile and install LUA 5.1.5 to /opt/bunkerized-nginx/deps and introduced REDIRECT_TO feature 71cf3cf5c use local sources when building Docker image, add LOCAL_PHP and LOCAL_PHP_REMOTE to settings.json and fix pip bug related to removed working directory 8e3dbf1c7 fixed some fedora bugs, support LOCAL_PHP and LOCAL_PHP_PATH and sample variables.env 49ada6a8c linux - init work on fedora support 947e86f7c linux - uninstall script a12561a85 remove useless nginx-keys folder and add lua_package_cpath to http conf 6b19bd026 deps - add cjson LUA files to deps folder 6738b28b9 deps - move dependencies to dedicated /opt/bunkerized-nginx/deps folder to avoid messing with the system 010c0fd6d rename gen/requirements.py to requirements.txt, add git/bash to Docker deps and fix typos in README ecf30a71f deps - init work on single install script ffc4fc950 deps - manual compile/install of libmaxmind and upgrade lua-resty-core b9955699b Merge pull request #152 from thelittlefireman/patch-11 860fd1ace Upgrade desps eb5d13fb8 Upgrade lua-nginx module to 0.10.20 ca41987cd Upgrade corerules to 3.3.0 & modsecurity to 3.0.5 3af1b397f UI - digging bugs from services, still some work to do 72a09eac6 UI - add CSRF protection 0d3f7d392 UI - admin authentication and bootstrap update 6be082e0a UI - init work on admin account 4947796c9 UI - fix instances bugs ba197dfa4 UI - bind gunicorn to 127.0.0.1/0.0.0.0:5000 4dd1ff847 UI - copy from helpers, systemd service and instances page update f771ec43f ui - init Instances class to support Linux and API for Docker/Swarm e241b0c93 logs - move everything from /var/log to /var/log/nginx d03a1a6e3 linux - add jobs.log 2c9c9fb62 linux - run master process as root deb28c599 autoconf - fix folders 2ea7331da jobs - disable post-jobs when SWARM_MODE=yes on SIGHUP 92ee40819 whitelist - fix /.well-known/acme-challenge whitelist for let's encrypt 2ccfb26e8 docker - fix CVE-2021-33560 70f9f8417 templates - add missing new line when necessary c4aef1d60 authelia - choose portal or auth basic mode a385183d8 authelia - various fixes cec47f3a7 body injection feature and add authelia to documentation c894c8370 authelia - add variables to settings.json f73b088f7 authelia - initial work 130c6752d Merge pull request #148 from aFresquetIntech/dev f97ea6785 Create .env 850429986 Correction 4a8da40cf reverse-proxy-zammad 0114c7b09 examples - edit basic PHP bebe89afb linux - edit path for default errors, ignore comments in variables.env, install/prepare certbot b2cceb608 linux - fix centos 37f5e4ed7 linux - fixed debian/ubuntu but still some work needed on centos 98568a57c linux - fix /var/log and typo in daemon directive 499192287 linux - fix daemon directive and rights on /etc/nginx bcb8acc36 linux - add RX permissions to /opt a9279053a linux - add executable right to gen/main.py 60057a17e linux - fix tests docker cp and pass single -c argument to su d0366fcc0 linux - started work on bunkerized-nginx command b448d91ca actions - fix centos test and docker image name when pushing e309ce6fd docker - fix permissions on /opt 37090dc66 actions - fix manifest error with buildx and load 6bb6facd8 add load: true when autobuilding images and move from /bin/sh to /bin/bash a1fcbd4b8 fix actions and configure 09a2a4f9e github actions refactoring 1e02368e8 linux/docker - common /opt/bunkerized-nginx folder bbb5134a3 fix configure arguments and CRS include b0f93fb84 fix Dockerfile again c892f037d fix Dockerfile 731c0f61d linux - init work on installer 93543d396 Linux - use the same dependencies script for Docker 5ec9e6ab4 linux - CentOS 7 install cc0d0af8d linux - ubuntu installer 43d2097d1 linux - nginx install on Debian f880e5e2a linux - continued work on install helpers for Debian 9636013f5 linux - started work on installer 15bdb076c hotfix - fix docs get_git_branch d62c4f466 v1.2.7 release ad52ef326 autoconf - prevent race condition by checking health state 3bd3b6fd7 Merge pull request #145 from thelittlefireman/patch-10 e41acc20c Upgrade ModSecurity-nginx to v1.0.2 3c721dc2a add HEALTHCHECK to Dockerfile and append 10.0.0.0/8 to DNSBL whitelist 491d879fe jobs - cleaning the mess when using autoconf without swarm mode 52534510e fix bug when AUTO_LETS_ENCRYPT=yes and certbot can't resolve challenges 2c7337576 jobs - fix syntax error 9e4961ccb docs - rename sitemap to bypass rtd rewrite 01857d8ac gen - display the reason when ignoring a variable ab9f9e0a4 jobs - fix jobs when MULTISITE=yes 29dc64ca3 actions - add Docker cache to speedup auto build on the dev branch b5cd4e037 docker - build and push images from GitHub actions because of future DockerHub restrictions on autobuild 16101144c self-signed cert - fix bugs 95510e6e1 settings - add underscore to CUSTOM_HTTPS_CERT/KEY regex dd5890e76 geoip - fix bug when using GeoIP c3a437fa8 docs - rename the sitemap to avoid conflicts ? 518ddd323 docs - custom robots.txt 177a82ee6 docs - automated sitemap.yml 39db7b368 v1.2.6 release 9442e5914 jobs - fix jobs in Swarm mode fcc6b3b5e various bug fixes related to Swarm 678ad70b0 docs, various fixes and certbot-cloudflare example e8f5db0b2 docs - add plugins system 8295f6aeb plugins - clamav example 388fc1a0e plugins - started basic plugin system 62217a321 add contributing guidelines and license 53e433b1a readme - replace some badges f640157b1 Merge pull request #138 from bunkerity/feature-request-template d646f3e5b Update issue templates 4b31d005e crowdsec and generator fixes d2135c19c docs - road to v1.2.6 8cda1baf7 fix web ui multiple variables and add default error pages 445032406 dnsbl - disable checks when IP is local 74fb01536 web UI - init work on using docker-socket-proxy ee178de6a web ui - mostly finished templating integration (needs some testing) 7323525b6 ui - show only multisite vars for settings 82e47f147 ui - Dockerfile fixes and missing get_config function 2db967ad1 templating - road to web ui 1d96620ae templating - init integration into web ui 99c259bf1 templating - prepare integration into ui c7b81cfc1 various bug fixes related to HTTPS dfce0c06d autoconf - fixing various bug when SWARM_MODE=yes 0f8e56a66 templating - fixing bugs with autoconf f950abdc2 templating - started integration into autoconf 4a73ae819 various bug fixes on templates and nginx update to 1.20.1 e2f02ee91 templating - prepare integration for autoconf a991b262e remove ClamAV because of GPL and started work on read-only filesystem a8bc17e83 templating - started integration into docker image ec19f9308 templating - added missing features in site templates 23aa05300 templating - auth basic support 289ad106c templating - multisite support bbc5bbc9e templating - fix some site templates 633a07686 templating - init work on site templates 996c45df4 templating - init work on global templates 801530baf templating - road to full jinja2 templates c65dda391 templating - init work on templating with jinja2 ea891969c templating - updated settings.json with global settings 698ae17c4 templating - init work on generic settings management 664563284 antibot - basic pow with javascript 16e5ede13 antibot - custom templates 8260746fe logs/lua - add logger tool de560490d fix LUA array variables and add LOG_LEVEL to the troubleshooting section 96db3a450 log - add LOG_LEVEL variable 73543f4b0 hardening - add no-new-privileges d9bb97be5 lua - move global vars from lua to site config (untested) 863283d09 started work on moving variables from .lua to nginx 600484b16 crowdsec - fix bugs and update example 7c6a13c54 examples - improve nextcloud example so it works with webdav clients b3bb4ec40 remove unnecessary dependencies and update doc about certificate bundle 69f465720 examples - fix typo BAD_BEHAVIOR_STATUS_CODES d02985d21 check permissions for missing volumes and add comment about permissions on examples b0ca85ff7 v1.2.5 - performance improvement 2f115c444 Merge pull request #131 from bunkerity/issue-templates 7f15741ea Update issue templates 288b8eb85 docs improvement + road to v1.2.5 61c08fb97 docs - troubleshooting 01ef47a66 docs - security tuning improvement 71515a910 doc - volumes list a33d0658c docs - road to a beautiful documentation 0b3ff6a9f bad behavior - move from fail2ban to pure lua eb2d0d330 performance - rsyslog and fail2ban removing 5bcbb3863 doc - official document started ca660b250 init work on official doc 3a34436cd add AquaeAtrae example for ROOT_SITE_SUBFOLDER b1d03cd11 performance - move bad user-agents and referrers checks from nginx to LUA with caching 42c3fb874 add sandbox allow-downloads to the default value of CONTENT_SECURITY_POLICY f1c043604 add missing backslash in the quickstart guide and update autoconf examples with the depends_on directive fd61df205 performance - move external blacklists checks from nginx to LUA 009d6fb5a choose connection and nofile numbers, increase error_log level to get modsecurity rules, add MODSECURITY_SEC_AUDIT_ENGINE var ba4185a42 jobs - fix automatic reload 70976d0fb fix user-agent not blocking and add documentation on bundle when USE_CUSTOM_HTTPS=yes 062a39c63 integrate AquaeAtrae work - add ROOT_SITE_SUBFOLDER 83841b290 jobs - edit adren work on external blacklists 10dc58cb6 Merge pull request #126 from adren/patch-6 668754686 Merge pull request #125 from adren/patch-5 84b1933f6 Merge pull request #124 from adren/patch-4 15f6d0a32 Merge pull request #123 from adren/patch-3 e628361a8 Merge pull request #122 from adren/patch-1 f8d71e067 improved way to generate user-agent file 02ae3b6bd change IFS before subshell 2fb0e7c47 deduplicate list of user-agents 9adcc2f1a more optimized way to generate map referrer file 7b98db4d1 improve the generation of blocking file (abusers) ddb2b8591 improve generation of block file (Tor exit nodes) da1a460a6 huge improvement to generate blocking file 07be62684 hotfix - fix API in autoconf swarm mode 3bb164395 hotfix - move API_WHITELIST_IP edit to lua.sh bc2568a17 v1.2.4 - nginx 1.20.0 support 5ec74880d update README for v1.2.4 f84fd7c9a fix permissions issues for autoconf and fix volume for ghost example 6521d7a27 fix client cache so it works in combination with reverse proxy and examples update 813607fbc improve crowdsec example and disable modsec logging when not necessary 843644f80 log - replace some WARN tags from LUA logs with NOTICE to avoid confusion 19fa0eb25 log - print modsec_audit.log to make debugging easier b4df28722 log - send logs to remote syslog server 5ce41edc0 api - whitelist IP/network for API a3cfb50b4 example - fix certbot wildcard 25494acac example - wildcard certificate with certbot a98dae1fb fix CVE-2021-20205 and examples update 1a7abab57 nginx 1.20.0 support 42b7a57f0 fix autoconf bug when removing config with multiple server name and increase default LIMIT_CONN_MAX for average website with HTTP2 02f9fbe5f autoconf - fix certbot bug when multiple server_name for one service 69fe06677 autoconf - fix bug when multiple server_name for one service 74417abc9 fixing bugs - run as GID 101 instead of 0, different permissions checks in swarm mode and disable including server confs in swarm mode ba7524a41 fixed LUA bug b55aafb99 finding the LUA bug deeb7a76a Merge pull request #117 from thelittlefireman/patch-9 ee8aaa4e7 fix lua crash 2 605d59a45 Fix lua mistake b85c991b6 bug fixes - /usr/local/lib/lua rights and syntax error in site-config 0d3658adf REVERSE_PROXY_HEADERS - use proxy_set_header instead of more_set_headers 0b22209c9 documentation - userns remap feature e44a1f3e1 added the uri to limit_req_zone key to limit bruteforce attack on a specific resource instead of the whole service aa614f82f print error when permissions are wrong on common volumes c03d410b0 refactored whitelisting of user-agents e190167bf CIDR support with whitelist/blacklist IP 31e72dce1 fix /usr/local/lib/lua rights and multiple server_name support with autoconf b8105fc55 feature - whitelist URI e73c10fd8 crowdsec - fix permissions on /usr/local/lib/lua and on /var/log files a122a259c minor fix on AutoConf logs and auto disable etag with reverse proxy 7c4894d3b autoconf - fix remove event, generate config from nginx vars, more logs 533c2a103 fix sed script when writing site env 5611d544d remove reference to USE_PHP 397182f18 add link to twitter account c5c5fb17b v1.2.3 - swarm support 017a7780f README update, default cron update and new parameters to ui 34d9db7a8 web ui - bug fixes 361c66ca6 fixed bugs with MULTISITE variables and swarm example afc667885 road to v1.2.3 - fixing bugs c40fb3317 road to swarm - automatic reload after jobs 93ad3c0b5 road to swarm - let's encrypt fix ceed90488 road to swarm - still some mess to fix b8027d2ba Merge pull request #102 from thelittlefireman/proxy_custom_headers 8d03a14a6 Merge pull request #103 from thelittlefireman/fix_truncated_3 d16f4517a Enhancement add custom proxy headers #97 89ca91b3f Fix truncated variables (last commit) 6a714e2ec road to swarm - fix race condition on initial configuration 0d3da0353 prepare /www directory, fix log socket path and whitelist acme challenges path 33163f65b init work on disabling root processes a2543384c road to swarm - add openssl to autoconf, fix api_uri in LUA, fix file rights 3591715f2 road to swarm - fixing things 95f7ca5b2 road to swarm support - needs a lot of testing 816fa47cb introducing SWARM_MODE env var 7756c2df3 Merge pull request #98 from mromanelli9/fix/readme 7509ec2f2 basic API to be used in swarm mode 6e93575e1 remove ALLOWALL from X_FRAME_OPTIONS options ba4c97755 remove old anchor 781e4c8cb autoconf little work on swarm support e04c783d1 autoconf - init work on swarm mode e12b656bd Merge branch 'patch-7' of https://github.com/thelittlefireman/bunkerized-nginx into dev cae05447d custom crontab values 4b58e2265 Merge branch 'patch-5' of https://github.com/thelittlefireman/bunkerized-nginx into dev 6b56e21a0 Merge branch 'whitelist_ua' of https://github.com/thelittlefireman/bunkerized-nginx into dev 544a09e8d Update lua-cs-bouncer 8386dd4a2 custom config outside server block f052a2516 Merge branch 'pre_server_confs' of https://github.com/thelittlefireman/bunkerized-nginx into dev 43750f553 Merge pull request #73 from thelittlefireman/patch-4 9142afdb5 Merge pull request #72 from thelittlefireman/patch-3 66c4fed79 Fix env variable with space are truncated 2 f41846e9d Fix env variable with space are truncated 92cc705b9 Reduce memory usage : set cron tasks at different hours. 47fb3a05b Upgrade crowdsecurity/lua-cs-bouncer 5940f402c improve default tls security d9ca275d5 Add before `server {}` config. 8353bd9c8 Allow to add a whitelist by site on user-agent d902e2f29 Add last missing reverse proxy header 1a8b8043c Add LIMIT_CONN var to server.conf 65120a7e9 Add USE_CONN_LIMIT info to Readme.md b093a4755 Add default values for LIMIT_CONN 73dbf03c9 add USE_LIMIT_CONN zone to global config 6ee746236 Add USE_LIMIT_CONN to site-config fa935eb6e edit nginx.conf to add limit_conn cf231e13c Add limit-conn.conf d5d699252 v1.2.2 - web UI (beta) 50f95420b README update - road to v1.2.2 dc382c3e0 various fixes - autoconf process order, multisite config and examples 0026328f2 edit default FAIL2BAN_IGNOREIP subnets 9023ab5ae Merge pull request #67 from thelittlefireman/patch-2 124474ad6 Edit README.md to add FAIL2BAN_IGNOREIP eac9c8f51 Prepare FAIL2BAN_IGNOREIP to avoid self blocking 1ee490de6 Prepare FAIL2BAN_IGNOREIP to avoid self blocking 825e6a747 crowdsec v1 integrated 09a984c86 started crowdsec v1 integration fd7afa17b fix missing ';' in include b9b7fdfcc Merge pull request #63 from thelittlefireman/patch-1 58e1d66bc UI - minor alert css fix 7026643f8 UI - fix missing MULTISITE env var when managing services 06f688fe9 fixed stop and reload operations c65b78b1c UI - instances/services backend update (needs testing) f9b9b9546 UI - introduced multiple config parameters (like reverse proxy) in frontend b5fe6335c UI - instances backend started 951f3957f UI - default service values 0f520b891 UI - services backend started 569ad75c4 UI - config.json refactoring bd7b6af66 UI - load config template from json 459bb8ea1 UI services modals and default CSP update (fix new tab links) 208b5acb3 UI - minor services list improvement 59b2fed41 UI - basic services list a4871a915 Add missing proxy headers 026783f01 Fix missing reverse proxy headers 811585345 Fix missing proxy headers on site-config.sh c5f283b00 UI - minor front update 03ce7a648 fix modsec double inclusion when MULTISITE=yes 3f7e2c54b JOBS - fixed some job script and right temp nginx reload bb0f46d8a JOBS - fix job_log c5b32dfc4 fix CVE-2020-1971 again 9a4f96ad1 fix CVE-2020-1971 f258426f5 JOBS - fallback to old conf in case reload failed 119e96361 JOBS - be more verbose about jobs failure/success 373988670 Merge pull request #54 from thelittlefireman/patch-4 2a956f2cd Fix #52 15a37a868 UI - minor UI improvement 3a3d52790 UI - basic read fixes e6b5f460c UI - basic read from docker API 002e3ed2b security tests for autoconf and ui 7b55acbe8 web UI example and CVE-2020-8231 fix again 559b7835d ui - automated build 4ea01bd93 print some logs when blocking bots a73891a3b fix CVE-2020-8231 26199f52c remove additional / in modsecurity include 5c3f94a84 edit reverse proxy var name in README 043fcdc13 autoconf - automated build b86ded3d1 autoconf - multi arch Dockerfile 92569679b dynamic reload of nginx by sending SIGHUP 15e74e486 more work on standalone autoconf fd0a6412d init work on standalone autoconf 419fdfc86 fix auth basic when MULTISITE=yes 0bc1f652b v1.2.1 - autoconf feature (beta) 6c7461e29 integrate thelittlefireman work d01bc5e01 Merge branch 'patch-1' of https://github.com/thelittlefireman/bunkerized-nginx into dev 75c69c810 last fixes before next release ? e26b8482a Add missing EMAIL_LETS_ENCRYPT parameter f618c73e6 road to v1.2.1 78c1e5c67 examples - same domains for internal tests 481e10d3e reverse proxy - websocket example aae2a7198 autoconf - php example f3bf04e39 dirty fix to disable default server when MULTISITE=yes 36cbb927c autoconf - various fixes 95153dbc5 moved UA, referrer and country check after whitelist and blacklist check 26947179a moved UA and referrer check to LUA 88f27bfeb autoconf - reverse proxy example and pass default vars 3cc1615c4 fix user-agent script 8bacf722a Merge branch 'fix/variable-naming' of https://github.com/mromanelli9/bunkerized-nginx into dev 2bfc4b41f first work on automatic configuration 587d4a92e incorrect variable naming c311d0c82 add crawler-detecter bad UA 0d03f49eb websocket support with reverse proxy 2112c306a custom log format 8f9dcc5ab last fix ? 2fe05d3fd fixing scripts again and again db04c0345 fix referrers again ed8bd902b fix referrers script 3a7aa5d9c block bad referrers 9ec9de6ca multiple lets encrypt certificates when MULTISITE=yes 791342cbe fix LUA DNS code when answers is nil 2f23671c3 fail2ban fix when MULTISITE=yes e350a717f fix default DNS_RESOLVERS e818acb0d prestashop example b92f74ed9 dirty fix for CVE-2020-28928 9688e6650 check all vulnerabilities with trivy 700dfc018 v1.2.0 release 42e4298b5 readme update - v1.2.0 changes 813b42cfa php and nextcloud examples fix 58fcf0a72 added Permissions-Policy header 587918380 custom headers to remove 203259688 automatic trivy scan eaf817d57 php config and examples fixes dd7768c85 whitelist/blacklist country at LUA level to avoid SEO issues fe1d724c9 country whitelist/blacklist 0635eb368 various bug fixes fbf81c94b cached blacklists data ed451877a examples update and multiple REVERSE_PROXY_* on single site 0f18e9c55 reverse proxy support via env vars 8f7cb5318 proxy caching support 60fbbc101 move some http directives to server 0f0593456 various fixes 8cdc155ac multisite examples and certbot renew fix 1abe1da89 brotli support f18c054b4 gzip support 4dea1975e client caching c2b05c463 fix BLOCK_COUNTRY bug and add support for ModSecurity custom confs when multisite=yes 2da51d92a multisite - bug fixes bd7997497 autotest through github actions e89e34a84 auto test fix ff02878dd auto test setup 44b016be9 road to multi server block support 36c4f3e06 v1.1.2 - CrowdSec integration and custom ports 798f6c726 examples - nextcloud fix and tomcat 761c14a0b custom HTTP and HTTPS ports 4a07eca69 crowdsec integration e1274a608 passbolt example 3ec81cd84 Fix broken line in README 95752ff0c v1.1.1 - TLS 1.2 support 8623510f8 https fix 95a76b11f peterkimzz integration and dhparam b0e4740a7 [New Features] - Added "HTTPS_PROTOCOLS" environment value to enable to customize TLS version. default value is "TLSv1.3". (because TLSv1.2 sometimes needed) - READMD.md e84360857 README update - v1.1.0 2f6866789 logrotate copytruncate 1d63838ee examples - fix port number e4bdd4af5 examples - nextcloud fix and moodle 2c33463af renamed logrotate script 9ff210bed wordpress and nextcloud examples 0b7301886 install CRS by tag in compile.sh e1356e3eb logrotate.conf update and some cleanup 34a0da444 logging fix again 022a653eb display fail2ban.log and logging bug fix 4c11a9125 automatic docker tags with VERSION 88b52478c automatic Secure flag on cookies ce82e22db remove integrated PHP 397415211 antibot - check IP with sessions and recaptcha 68d798855 tor hidden service example 16eab0f63 README update 6a22f7711 load balancer example 222426854 Merge pull request #13 from FacundoAcevedo/patch-1 d63c57985 Fix typo in the link in the TOC e19a7c693 run master nginx process as non-root user 7a8795883 dockerfile fix - compile 01095bd72 gpg fix and secure git clone 0e6729c62 check GPG signature of nginx sources 040b6a223 Merge branch 'patch-1' of https://github.com/fabianmoronzirfas/bunkerized-nginx into dev 5f62120e4 fix(typo): add missing »find« e8503b9cc ARM build fix 676571e4a use nginx:stable-alpine as base image 34254a09e examples and DNS_RESOLVERS fix 81cff3648 readme update e166b1fea awesome gif resized f08bba8cc awesome gif ccf439228 session secret fix c1d44387b basic antibot feature through recaptcha v3 135126e3f readme fix ac251b0f6 Merge branch 'master' of https://github.com/ZILosoft/bunkerized-nginx into dev ac242c977 Update README.md 2909b7989 basic antibot feature through captcha 446ee3761 basic antibot using javascript 6e1c43c4c basic antibot feature through cookie 652d8ac97 fixed typo in manifest de1952b5f README - toc update and title fix 16a458db2 README improvement f27d80e0d various fixes and lua logging fc3d911ff improved blacklist/whitelist/dnsbl with lua ef7d842ff arm64v8 auto build and master manifest 0e5704983 manifest for automated builds aaef37007 improved logging with rsyslog 6e3c2ddcc integrated ajarmoszuk work 919b418d5 Added the ability to self generate SSL certificates fb1a0182e Added the ability to see Real IPs if Nginx is running under another proxy (such as Traefik). 2e0a8307d i386 fix again 181003efe i386 fix fca7bb075 automatic builds 764038d40 README update f4c43a214 block proxies and abusers 3a9afa47b Merge pull request #5 from ajarmoszuk/patch-1 2c12df3b9 update default req_limit values 2f967a9f4 Update entrypoint.sh eba5f6280 req limit 44155b5d6 dnsbl ipairs fix 829c1c697 some fixes and README update f3721a50d sitewide auth basic b56e4e765 dnsbl feature 1654e913a lua support 3e5ca583c remote PHP-FPM support bcd17dbea automatic geoip update 14ec9f3e6 logrotate and compile fixes 5b5e6e33a awesome logo 1aa1dcf50 logrotate support f30a06d94 syslog integration and fail2ban improvement cd19841ec readme - details about modsec include order 94b29a6ca fixed some include orders bf605ce59 custom root folder and little fixes b14b09ad5 default CSP update 4f5e5f013 readme improve 76bd069f2 php POST max size and custom HTTPS cert 1d6ab7275 http basic auth fix 472ec31cd readme fix caa415e12 http basic auth 8561d47be create a customized image 4bede275f fix typo efcf93710 inspectFile fix ccaaa8b57 readme fix b83111ad1 realip, minor fixes and README a2be2e8ae improved README : format, modsec, fail2ban and clamav 48a0036d2 updated readme bf0bef289 clamav support 193070b14 fail2ban support 716e54e59 custom http/server confs and better modsec customization 43403f69e disable default server 69ac95b29 block country and various fixes ecf2de8b7 multiple let's encrypt domains 8427564f4 user-agents escape fix c56bde4f0 fix certbot-renew.sh syntax 834afa132 http to https redirect d5f8c7647 custom modules and write access 5bcdb0219 f**k markup ? 3233f3b76 fix readme 62eda8173 improved README 09e6b50e5 custom conf 5d16f6a8f fix README 1b5f6deb2 cookie flags and maxmind update ea1dbc617 updated readme 0b703ea55 content security policy 1e642e2f1 initial readme e90060ce6 initial work 70f849fbb Initial commit REVERT: d07163e8c bumped version to 0.03. REVERT: fbb650cc9 change: the signum method return correct value on different system now, not only for linux (#11) REVERT: 3c3e4f419 travis-ci: bumped the NGINX core to 1.19.3. (#8) REVERT: 6b1bf6065 travis-ci: bumped the NGINX core to 1.17.8. REVERT: 93d23c961 travis-ci: bumped the NGINX core to 1.17.4. REVERT: 2495446a9 travis: bumped the nginx core version to 1.17.1. REVERT: 79bdbb059 tests: updated valgrind.suppress for a known nginx false positive. REVERT: c84491d31 travis: removed unused download-cache directory and nginx tarball download. REVERT: dc62ea67a misc: polished the module for initial release. REVERT: c9143695b travis: added travis-ci support. REVERT: 85b02ca15 first implementation. REVERT: 6f19ae000 first commit. git-subtree-dir: src/deps/src/lua-resty-signal git-subtree-split: a8ed481ef7
2026-05-24 09:28:37 +00:00 · 2024-01-31 15:03:11 +01:00 · 2024-01-31 15:03:11 +01:00 · d9a2f6c2e3
commit d9a2f6c2e3
parent ee5198ba28
6101 changed files with 1623906 additions and 104 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,6 @@
+.git
+.idea/
+.vscode/
+__pycache__
+env
+node_modules
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,21 @@
+* text=auto eol=lf
+
+# Folders
+src/deps/src/** -text -eol linguist-vendored=true
+src/common/core/modsecurity/files/** -text -eol linguist-vendored=true
+src/ui/static/js/editor/** -text -eol linguist-vendored=true
+src/ui/static/js/utils/purify/** -text -eol linguist-vendored=true
+src/ui/static/webfonts/** -text -eol linguist-vendored=true
+src/ui/templates/*.html -text -eol linguist-vendored=true
+src/common/core/antibot/files/*.html -text -eol linguist-vendored=true
+
+# Files
+src/deps/misc/lua-pack.Makefile -linguist-vendored=true
+src/deps/misc/ngx_http_modsecurity_access.c -linguist-vendored=true
+src/ui/static/css/datepicker-foundation.css -linguist-vendored=true
+src/ui/static/css/flatpickr.css -linguist-vendored=true
+src/ui/static/css/flatpickr.dark.css -linguist-vendored=true
+src/ui/static/js/tsparticles.bundle.min.js -linguist-vendored=true
+src/ui/static/js/utils/flatpickr.js -linguist-vendored=true
+src/common/core/errors/files/error.html -linguist-vendored=true
+src/common/core/misc/files/default.html -linguist-vendored=true
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -0,0 +1,91 @@
+name: 🐛 Bug Report
+description: Create a report to help us reproduce and fix the bug
+title: "[BUG] "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        #### Before submitting a bug, please make sure the issue hasn't been already addressed by searching through [the existing and past issues](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+).
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Concise description of what you're trying to do, the expected behavior and the current bug.
+      placeholder: Describe the bug, the expected behavior and the current behavior
+    validations:
+      required: true
+  - type: textarea
+    id: how-to-reproduce
+    attributes:
+      label: How to reproduce?
+      description: Concise description of how to reproduce the issue.
+      placeholder: Describe how to reproduce the issue
+    validations:
+      required: true
+  - type: textarea
+    id: configuration-file
+    attributes:
+      label: Configuration file(s) (yaml or .env)
+      description: |
+        Please copy and paste your configuration file or the relevant part of it.
+        ⚠️ DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES ! ⚠️
+      placeholder: Configuration file
+      render: YAML
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: |
+        Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+        ⚠️ DON'T FORGET TO REMOVE PRIVATE DATA LIKE IP ADDRESSES ! ⚠️
+      placeholder: Log output
+      render: shell
+  - type: input
+    id: version
+    attributes:
+      label: BunkerWeb version
+      description: What version of BunkerWeb are you running?
+      placeholder: Version
+      value: 1.5.6
+    validations:
+      required: true
+  - type: dropdown
+    id: integration
+    attributes:
+      label: What integration are you using?
+      options:
+        - Docker
+        - Autoconf
+        - Swarm
+        - Kubernetes
+        - Linux
+        - Ansible
+        - Vagrant
+      default: 0
+    validations:
+      required: true
+  - type: input
+    id: linux-distribution
+    attributes:
+      label: Linux distribution (if applicable)
+      description: What Linux distribution are you using? (e.g. Ubuntu Server 18.04)
+      placeholder: Linux distribution
+  - type: checkboxes
+    id: removed-private-data
+    attributes:
+      label: Removed private data
+      description: |
+        We would like to emphasize that we are not responsible for any private data that may be inadvertently included in the logs or configuration files.
+        ⚠️ I have removed all private data from the configuration file and the logs ⚠️
+      options:
+        - label: I have removed all private data from the configuration file and the logs
+          required: true
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
--- a/.github/ISSUE_TEMPLATE/documentation.yml
+++ b/.github/ISSUE_TEMPLATE/documentation.yml
@ -0,0 +1,29 @@
+name: 📚 Documentation enhancement
+description: Suggest an idea that will improve BunkerWeb documentation or declare a bug in the documentation
+title: "[DOC] "
+labels: ["documentation"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        #### Before submitting a documentation enhancement request, please make sure the feature hasn't been already addressed by searching through [the existing and past documentation enhancement requests](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+%5BDOC%5D+in%3Atitle).
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Concise description of the error or what is missing.
+    validations:
+      required: true
+  - type: textarea
+    id: proposed-solution
+    attributes:
+      label: Proposed solution (optional)
+      description: How it should be fixed or what should be added ?
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this documentation enhancement request, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -0,0 +1,29 @@
+name: 🚀 Feature Request
+description: Suggest an idea that will improve BunkerWeb
+title: "[FEATURE] "
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: >
+        #### Before submitting a feature request, please make sure the feature hasn't been already addressed by searching through [the existing and past feature requests](https://github.com/bunkerity/bunkerweb/issues?q=is%3Aissue+sort%3Acreated-desc+%5BFEATURE%5D+in%3Atitle).
+  - type: textarea
+    id: whats-needed-and-why
+    attributes:
+      label: What's needed and why?
+      description: Describe the feature you would like to see in the project and why it should be implemented.
+    validations:
+      required: true
+  - type: textarea
+    id: implementations-ideas
+    attributes:
+      label: Implementations ideas (optional)
+      description: How it should be used and integrated into the project ? List some posts, research papers or codes that we can use as implementation.
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this feature request, you agree to follow our [Code of Conduct](https://github.com/bunkerity/bunkerweb/blob/master/CODE_OF_CONDUCT.md)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
--- a/.github/codeql.yml
+++ b/.github/codeql.yml
@ -0,0 +1,13 @@
+name: "CodeQL config"
+
+paths:
+  - src/autoconf
+  - src/scheduler
+  - src/ui
+  - src/common
+paths-ignore:
+  - src/ui/static/js/tsparticles.bundle.min.js
+  - src/ui/static/js/editor
+  - src/ui/static/js/utils/flatpickr.js
+  - src/ui/static/js/utils/purify
+  - src/common/core/modsecurity/files
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,200 @@
+version: 2
+
+updates:
+  # GHA
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/gha"
+    target-branch: "dev"
+
+  # Linux
+  - package-ecosystem: "docker"
+    directory: "/src/linux"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/linux"
+    target-branch: "dev"
+  - package-ecosystem: "docker"
+    directory: "/tests/linux"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/tests/linux"
+    target-branch: "dev"
+
+  # BW
+  - package-ecosystem: "docker"
+    directory: "/src/bw"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/bw"
+    target-branch: "dev"
+
+  # Scheduler
+  - package-ecosystem: "docker"
+    directory: "/src/scheduler"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/scheduler"
+    target-branch: "dev"
+  - package-ecosystem: "pip"
+    directory: "/src/scheduler"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/scheduler"
+    target-branch: "dev"
+
+  # Autoconf
+  - package-ecosystem: "docker"
+    directory: "/src/autoconf"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/autoconf"
+    target-branch: "dev"
+  - package-ecosystem: "pip"
+    directory: "/src/autoconf"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/autoconf"
+    target-branch: "dev"
+
+  # UI
+  - package-ecosystem: "docker"
+    directory: "/src/ui"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/ui"
+    target-branch: "dev"
+  - package-ecosystem: "pip"
+    directory: "/src/ui"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/ui"
+    target-branch: "dev"
+
+  # Misc
+  - package-ecosystem: "pip"
+    directory: "/src/deps"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/deps"
+    target-branch: "dev"
+  - package-ecosystem: "pip"
+    directory: "/src/common/gen"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/common/gen"
+    target-branch: "dev"
+  - package-ecosystem: "pip"
+    directory: "/src/common/db"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "TheophileDiot"
+    reviewers:
+      - "TheophileDiot"
+    commit-message:
+      prefix: "deps/common/db"
+    target-branch: "dev"
+
+  # Terraform
+  - package-ecosystem: "terraform"
+    directory: "/tests/terraform"
+    schedule:
+      interval: "daily"
+      time: "09:00"
+      timezone: "Europe/Paris"
+    assignees:
+      - "fl0ppy-d1sk"
+    reviewers:
+      - "fl0ppy-d1sk"
+    commit-message:
+      prefix: "deps/terraform"
+    target-branch: "dev"
--- a/.github/workflows/beta.yml
+++ b/.github/workflows/beta.yml
@ -0,0 +1,283 @@
+name: Automatic push (BETA)
+
+permissions: read-all
+
+on:
+  push:
+    branches: [beta]
+
+jobs:
+  # Build amd64 + 386 containers images
+  build-containers:
+    strategy:
+      matrix:
+        image: [bunkerweb, scheduler, autoconf, ui]
+        arch: [linux/amd64, linux/386]
+        include:
+          - release: beta
+            cache: false
+            push: false
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+          - arch: linux/amd64
+            cache_suffix: amd64
+          - arch: linux/386
+            cache_suffix: "386"
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: ${{ matrix.release }}
+      ARCH: ${{ matrix.arch }}
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+      CACHE: ${{ matrix.cache }}
+      PUSH: ${{ matrix.push }}
+      CACHE_SUFFIX: ${{ matrix.cache_suffix }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  # Create ARM environment
+  create-arm:
+    uses: ./.github/workflows/create-arm.yml
+    secrets:
+      SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
+      SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
+      SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+      SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Build arm64 + arm/v7 images
+  build-containers-arm:
+    needs: [create-arm]
+    strategy:
+      matrix:
+        image: [bunkerweb, scheduler, autoconf, ui]
+        arch: ["linux/arm64,linux/arm/v7"]
+        include:
+          - release: beta
+            cache: false
+            push: false
+            cache_suffix: arm
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: ${{ matrix.release }}
+      ARCH: ${{ matrix.arch }}
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+      CACHE: ${{ matrix.cache }}
+      PUSH: ${{ matrix.push }}
+      CACHE_SUFFIX: ${{ matrix.cache_suffix }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Build Linux packages
+  build-packages:
+    needs: [create-arm]
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, rhel]
+        platforms: [linux/amd64, linux/arm64]
+        include:
+          - release: beta
+          - linux: ubuntu
+            package: deb
+          - linux: debian
+            package: deb
+          - linux: fedora
+            package: rpm
+          - linux: rhel
+            package: rpm
+    uses: ./.github/workflows/linux-build.yml
+    with:
+      RELEASE: ${{ matrix.release }}
+      LINUX: ${{ matrix.linux }}
+      PACKAGE: ${{ matrix.package }}
+      TEST: false
+      PLATFORMS: ${{ matrix.platforms }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
+      PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Wait for all builds and extract VERSION
+  wait-builds:
+    runs-on: ubuntu-latest
+    needs: [build-containers, build-containers-arm, build-packages]
+    outputs:
+      version: ${{ steps.getversion.outputs.version }}
+      versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Get VERSION
+        id: getversion
+        run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
+      - name: Get VERSION (for RPM based)
+        id: getversionrpm
+        run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
+
+  # Push Docker images
+  push-images:
+    needs: [create-arm, wait-builds]
+    strategy:
+      matrix:
+        image:
+          [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
+        include:
+          - release: beta
+          - image: bunkerweb
+            cache_from: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: bunkerweb-scheduler
+            cache_from: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: bunkerweb-autoconf
+            cache_from: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: bunkerweb-ui
+            cache_from: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/push-docker.yml
+    with:
+      IMAGE: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
+      CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Push Linux packages
+  push-packages:
+    needs: [wait-builds]
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, rhel]
+        arch: [amd64, arm64]
+        include:
+          - release: beta
+            repo: bunkerweb
+          - linux: ubuntu
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
+          - linux: debian
+            separator: _
+            suffix: ""
+            version: bookworm
+            package: deb
+          - linux: fedora
+            separator: "-"
+            suffix: "1."
+            version: 39
+            package: rpm
+          - linux: el
+            separator: "-"
+            suffix: "1."
+            version: 8
+            package: rpm
+          - linux: ubuntu
+            arch: amd64
+            package_arch: amd64
+          - linux: debian
+            arch: amd64
+            package_arch: amd64
+          - linux: fedora
+            arch: amd64
+            package_arch: x86_64
+          - linux: el
+            arch: amd64
+            package_arch: x86_64
+          - linux: ubuntu
+            arch: arm64
+            package_arch: arm64
+          - linux: debian
+            arch: arm64
+            package_arch: arm64
+          - linux: fedora
+            arch: arm64
+            package_arch: aarch64
+          - linux: el
+            arch: arm64
+            package_arch: aarch64
+    uses: ./.github/workflows/push-packagecloud.yml
+    with:
+      SEPARATOR: ${{ matrix.separator }}
+      SUFFIX: ${{ matrix.suffix }}
+      REPO: ${{ matrix.repo }}
+      LINUX: ${{ matrix.linux }}
+      VERSION: ${{ matrix.version }}
+      PACKAGE: ${{ matrix.package }}
+      BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
+      PACKAGE_ARCH: ${{ matrix.package_arch }}
+      ARCH: ${{ matrix.arch }}
+    secrets:
+      PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
+
+  # Create doc PDF
+  doc-pdf:
+    needs: [wait-builds, push-images, push-packages]
+    uses: ./.github/workflows/doc-to-pdf.yml
+    with:
+      VERSION: ${{ needs.wait-builds.outputs.version }}
+
+  # Push on GH
+  push-gh:
+    needs: [wait-builds, doc-pdf]
+    permissions:
+      contents: write
+      discussions: write
+    uses: ./.github/workflows/push-github.yml
+    with:
+      VERSION: ${{ needs.wait-builds.outputs.version }}
+      PRERELEASE: true
+
+  # Push doc
+  push-doc:
+    needs: [wait-builds, push-gh]
+    permissions:
+      contents: write
+    uses: ./.github/workflows/push-doc.yml
+    with:
+      VERSION: ${{ needs.wait-builds.outputs.version }}
+      ALIAS: beta
+    secrets:
+      BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
+
+  # Remove ARM VM
+  rm-arm:
+    if: ${{ always() }}
+    needs: [create-arm, push-images, build-packages]
+    uses: ./.github/workflows/rm-arm.yml
+    secrets:
+      ARM_ID: ${{ needs.create-arm.outputs.id }}
+      SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
+      SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
+      SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+      SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -0,0 +1,46 @@
+name: CodeQL Analysis
+
+on:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  workflow_call:
+
+jobs:
+  code-security:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["python", "javascript"]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python 3.9
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        if: matrix.language == 'python'
+        with:
+          python-version: "3.9"
+      - name: Install python dependencies
+        if: matrix.language == 'python'
+        run: |
+          python -m pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements.txt
+          python -m pip install --no-cache-dir --require-hashes -r src/scheduler/requirements.txt
+          python -m pip install --no-cache-dir --require-hashes -r src/ui/requirements.txt
+          python -m pip install --no-cache-dir --require-hashes -r src/common/gen/requirements.txt
+          python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
+          echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql.yml
+          setup-python-dependencies: false
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
+        with:
+          category: "/language:${{matrix.language}}"
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@ -0,0 +1,136 @@
+name: Build container (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      RELEASE:
+        required: true
+        type: string
+      ARCH:
+        required: true
+        type: string
+      IMAGE:
+        required: true
+        type: string
+      DOCKERFILE:
+        required: true
+        type: string
+      CACHE:
+        required: false
+        type: boolean
+        default: true
+      PUSH:
+        required: false
+        type: boolean
+        default: true
+      CACHE_SUFFIX:
+        required: false
+        type: string
+        default: ""
+    secrets:
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_TOKEN:
+        required: true
+      ARM_SSH_KEY:
+        required: false
+      ARM_SSH_IP:
+        required: false
+      ARM_SSH_CONFIG:
+        required: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Replace VERSION
+        if: inputs.RELEASE == 'testing'
+        run: ./misc/update-version.sh testing
+      - name: Setup SSH for ARM node
+        if: inputs.CACHE_SUFFIX == 'arm'
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
+          chmod 600 ~/.ssh/id_rsa_arm
+          echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
+          echo "ServerAliveInterval 60" >> ~/.ssh/config
+          echo "ServerAliveCountMax 10" >> ~/.ssh/config
+        env:
+          SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+          SSH_IP: ${{ secrets.ARM_SSH_IP }}
+          SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        if: inputs.CACHE_SUFFIX != 'arm'
+      - name: Setup Buildx (ARM)
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        if: inputs.CACHE_SUFFIX == 'arm'
+        with:
+          endpoint: ssh://root@arm
+          platforms: linux/arm64,linux/arm/v7,linux/arm/v6
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Login to ghcr
+        if: inputs.PUSH == true
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # Compute metadata
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        with:
+          images: bunkerity/${{ inputs.IMAGE }}
+      # Build cached image
+      - name: Build image
+        if: inputs.CACHE == true
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          file: ${{ inputs.DOCKERFILE }}
+          platforms: ${{ inputs.ARCH }}
+          load: true
+          tags: local/${{ inputs.IMAGE }}
+          cache-from: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}
+          cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }},mode=min
+          labels: ${{ steps.meta.outputs.labels }}
+      # Build non-cached image
+      - name: Build image
+        if: inputs.CACHE != true
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          file: ${{ inputs.DOCKERFILE }}
+          platforms: ${{ inputs.ARCH }}
+          load: ${{ inputs.CACHE_SUFFIX != 'arm' }}
+          tags: local/${{ inputs.IMAGE }}
+          cache-to: type=gha,scope=${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min
+          labels: ${{ steps.meta.outputs.labels }}
+      # Check OS vulnerabilities
+      - name: Check OS vulnerabilities
+        if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+        with:
+          vuln-type: os
+          skip-dirs: /root/.cargo
+          image-ref: local/${{ inputs.IMAGE }}
+          format: table
+          exit-code: 1
+          ignore-unfixed: false
+          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+          trivyignores: .trivyignore
+      # Push image
+      - name: Push image
+        if: inputs.PUSH == true
+        run: docker tag local/$IMAGE ghcr.io/bunkerity/$IMAGE-tests:$TAG && docker push ghcr.io/bunkerity/$IMAGE-tests:$TAG
+        env:
+          IMAGE: "${{ inputs.IMAGE }}"
+          TAG: "${{ inputs.RELEASE }}"
--- a/.github/workflows/create-arm.yml
+++ b/.github/workflows/create-arm.yml
@ -0,0 +1,86 @@
+name: Create ARM node (REUSABLE)
+
+on:
+  workflow_call:
+    outputs:
+      id:
+        description: "ARM ID"
+        value: ${{ jobs.build.outputs.id }}
+      ip:
+        description: "ARM IP"
+        value: ${{ jobs.build.outputs.ip }}
+
+    secrets:
+      SCW_ACCESS_KEY:
+        required: true
+      SCW_SECRET_KEY:
+        required: true
+      SCW_DEFAULT_PROJECT_ID:
+        required: true
+      SCW_DEFAULT_ORGANIZATION_ID:
+        required: true
+      ARM_SSH_KEY:
+        required: true
+      ARM_SSH_CONFIG:
+        required: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      id: ${{ steps.getinfo.outputs.id }}
+      ip: ${{ steps.getinfo.outputs.ip }}
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Get ARM availabilities
+        id: availabilities
+        uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
+        with:
+          args: instance server-type get zone=fr-par-2
+          export-config: true
+          access-key: ${{ secrets.SCW_ACCESS_KEY }}
+          secret-key: ${{ secrets.SCW_SECRET_KEY }}
+          default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+          default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
+      - name: Extract ARM type
+        run: |
+          TYPE=$(echo "$JSON" | jq '.servers | with_entries(select(.key | contains("COPARM1-"))) | with_entries(select(.value.availability != "shortage")) | keys[] | select(. | test("^COPARM1-[0-9]+C-[0-9]+G$"))' | sed 's/"//g' | cut -d '-' -f 2,3 | sort -g | tail -n 1 | xargs -I {} echo "COPARM1-{}")
+          echo "Type is $TYPE"
+          echo "TYPE=$TYPE" >> "$GITHUB_ENV"
+        env:
+          JSON: ${{ steps.availabilities.outputs.json }}
+      - name: Create ARM VM
+        id: scw
+        uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
+        with:
+          args: instance server create zone=fr-par-2 type=${{ env.TYPE }} root-volume=block:50GB
+      - name: Get info
+        id: getinfo
+        run: |
+          echo "id=${{ fromJson(steps.scw.outputs.json).id }}" >> "$GITHUB_OUTPUT"
+          echo "ip=${{ fromJson(steps.scw.outputs.json).public_ip.address }}" >> "$GITHUB_OUTPUT"
+      - name: Wait for VM
+        uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
+        with:
+          args: instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
+      - name: Wait for SSH
+        uses: iFaxity/wait-on-action@628831cec646e6dacca502f34a6c6b46e131e51d
+        with:
+          resource: tcp:${{ fromJson(steps.scw.outputs.json).public_ip.address }}:22
+          timeout: 300000
+      - name: Setup SSH for ARM node
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
+          chmod 600 ~/.ssh/id_rsa_arm
+          echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
+        env:
+          SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+          SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}
+          SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+      - name: Install Docker
+        run: ssh root@$SSH_IP "curl -fsSL https://test.docker.com -o test-docker.sh ; sh test-docker.sh ; echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config ; echo 'ClientAliveCountMax 0' >> /etc/ssh/sshd_config ; systemctl restart ssh"
+        env:
+          SSH_IP: ${{ fromJson(steps.scw.outputs.json).public_ip.address }}
--- a/.github/workflows/dev-update-mmdb.yml
+++ b/.github/workflows/dev-update-mmdb.yml
@ -0,0 +1,61 @@
+name: Update cached mmdb files
+
+permissions:
+  contents: write
+
+on:
+  schedule:
+    - cron: "0 12 1 * *"
+
+jobs:
+  mmdb-update:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BUNKERBOT_TOKEN }}
+          ref: dev
+      - name: Download mmdb files
+        run: |
+          mkdir -p src/bw/misc/
+          cd src/bw/misc/
+          CURL_RETURN_CODE=0
+          CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o asn.mmdb.gz https://download.db-ip.com/free/dbip-asn-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
+          if [ ${CURL_RETURN_CODE} -ne 0 ]; then
+            echo "Curl connection failed when downloading asn-lite mmdb file with return code - ${CURL_RETURN_CODE}"
+            exit 1
+          else
+              echo "Curl connection success"
+              # Check http code for curl operation/response in  CURL_OUTPUT
+              httpCode=$(echo "${CURL_OUTPUT}" | sed -e 's/.*\httpcode=//')
+              if [ ${httpCode} -ne 200 ]; then
+                  echo "Curl operation/command failed due to server return code - ${httpCode}"
+                  exit 1
+              fi
+          fi
+          CURL_RETURN_CODE=0
+          CURL_OUTPUT=`curl -w httpcode=%{http_code} -s -o country.mmdb.gz https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz 2> /dev/null` || CURL_RETURN_CODE=$?
+          if [ ${CURL_RETURN_CODE} -ne 0 ]; then
+            echo "Curl connection failed when downloading country-lite mmdb file with return code - ${CURL_RETURN_CODE}"
+            exit 1
+          else
+              echo "Curl connection success"
+              # Check http code for curl operation/response in  CURL_OUTPUT
+              httpCode=$(echo "${CURL_OUTPUT}" | sed -e 's/.*\httpcode=//')
+              if [ ${httpCode} -ne 200 ]; then
+                  echo "Curl operation/command failed due to server return code - ${httpCode}"
+                  exit 1
+              fi
+          fi
+          rm -f asn.mmdb country.mmdb
+          gunzip asn.mmdb.gz country.mmdb.gz
+      - name: Commit and push changes
+        uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
+        with:
+          branch: dev
+          commit_message: "Monthly mmdb update"
+          commit_options: "--no-verify"
+          commit_user_name: "BunkerBot"
+          commit_user_email: "bunkerbot@bunkerity.com"
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@ -0,0 +1,214 @@
+name: Automatic tests (DEV)
+
+permissions: read-all
+
+on:
+  push:
+    branches: [dev]
+
+jobs:
+  # Containers
+  build-containers:
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [bunkerweb, scheduler, autoconf, ui]
+        include:
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: dev
+      ARCH: linux/amd64
+      CACHE: true
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  # Build Linux packages
+  build-packages:
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, rhel]
+        include:
+          - linux: ubuntu
+            package: deb
+          - linux: debian
+            package: deb
+          - linux: fedora
+            package: rpm
+          - linux: rhel
+            package: rpm
+    uses: ./.github/workflows/linux-build.yml
+    with:
+      RELEASE: dev
+      LINUX: ${{ matrix.linux }}
+      PACKAGE: ${{ matrix.package }}
+      TEST: true
+      PLATFORMS: linux/amd64
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  codeql:
+    uses: ./.github/workflows/codeql.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+  # UI tests
+  tests-ui:
+    needs: [build-containers]
+    uses: ./.github/workflows/tests-ui.yml
+    with:
+      RELEASE: dev
+  tests-ui-linux:
+    needs: [build-packages]
+    uses: ./.github/workflows/tests-ui-linux.yml
+    with:
+      RELEASE: dev
+
+  # Core tests
+  prepare-tests-core:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - id: set-matrix
+        run: |
+          tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
+          echo "tests=$tests" >> $GITHUB_OUTPUT
+    outputs:
+      tests: ${{ steps.set-matrix.outputs.tests }}
+  tests-core:
+    needs: [build-containers, prepare-tests-core]
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
+    uses: ./.github/workflows/test-core.yml
+    with:
+      TEST: ${{ matrix.test }}
+      RELEASE: dev
+  tests-core-linux:
+    needs: [build-packages, prepare-tests-core]
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
+    uses: ./.github/workflows/test-core-linux.yml
+    with:
+      TEST: ${{ matrix.test }}
+      RELEASE: dev
+    secrets: inherit
+
+  # Push with dev tag
+  push-dev:
+    needs: [tests-ui, tests-core]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push BW image
+        run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
+        env:
+          FROM: "bunkerweb"
+          TO: "bunkerweb"
+      - name: Push scheduler image
+        run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
+        env:
+          FROM: "scheduler"
+          TO: "bunkerweb-scheduler"
+      - name: Push UI image
+        run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
+        env:
+          FROM: "ui"
+          TO: "bunkerweb-ui"
+      - name: Push autoconf image
+        run: docker pull ghcr.io/bunkerity/$FROM-tests:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev bunkerity/$TO:dev && docker tag ghcr.io/bunkerity/$FROM-tests:dev ghcr.io/bunkerity/$TO:dev && docker push bunkerity/$TO:dev && docker push ghcr.io/bunkerity/$TO:dev
+        env:
+          FROM: "autoconf"
+          TO: "bunkerweb-autoconf"
+
+  # Push Linux packages
+  push-packages:
+    needs: [tests-ui-linux, tests-core-linux]
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, el]
+        arch: [amd64]
+        include:
+          - release: dev
+            repo: bunkerweb
+          - linux: ubuntu
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
+          - linux: debian
+            separator: _
+            suffix: ""
+            version: bookworm
+            package: deb
+          - linux: fedora
+            separator: "-"
+            suffix: "1."
+            version: 39
+            package: rpm
+          - linux: el
+            separator: "-"
+            suffix: "1."
+            version: 8
+            package: rpm
+          - linux: ubuntu
+            arch: amd64
+            package_arch: amd64
+          - linux: debian
+            arch: amd64
+            package_arch: amd64
+          - linux: fedora
+            arch: amd64
+            package_arch: x86_64
+          - linux: el
+            arch: amd64
+            package_arch: x86_64
+    uses: ./.github/workflows/push-packagecloud.yml
+    with:
+      SEPARATOR: ${{ matrix.separator }}
+      SUFFIX: ${{ matrix.suffix }}
+      REPO: ${{ matrix.repo }}
+      LINUX: ${{ matrix.linux }}
+      VERSION: ${{ matrix.version }}
+      PACKAGE: ${{ matrix.package }}
+      BW_VERSION: ${{ matrix.release }}
+      PACKAGE_ARCH: ${{ matrix.package_arch }}
+      ARCH: ${{ matrix.arch }}
+    secrets:
+      PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
--- a/.github/workflows/doc-to-pdf.yml
+++ b/.github/workflows/doc-to-pdf.yml
@ -0,0 +1,38 @@
+name: Generate documentation PDF (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      VERSION:
+        required: true
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Install Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.10"
+      - name: Install doc dependencies
+        run: pip install --no-cache-dir --require-hashes -r docs/requirements.txt && sudo apt install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev
+      - name: Install chromium
+        run: sudo apt install chromium-browser
+      - name: Install node
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        with:
+          node-version: 18
+      - name: Install puppeteer
+        run: cd docs && npm install
+      - name: Run mkdocs serve in background
+        run: mkdocs serve & sleep 10
+      - name: Run pdf script
+        run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}'
+      - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        with:
+          name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
+          path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
--- a/.github/workflows/linux-build.yml
+++ b/.github/workflows/linux-build.yml
@ -0,0 +1,154 @@
+name: Build Linux package (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      RELEASE:
+        required: true
+        type: string
+      LINUX:
+        required: true
+        type: string
+      PACKAGE:
+        required: true
+        type: string
+      PLATFORMS:
+        required: true
+        type: string
+      TEST:
+        required: false
+        type: boolean
+        default: false
+    secrets:
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_TOKEN:
+        required: true
+      ARM_SSH_KEY:
+        required: false
+      ARM_SSH_IP:
+        required: false
+      ARM_SSH_CONFIG:
+        required: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Replace VERSION
+        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
+        run: ./misc/update-version.sh ${{ inputs.RELEASE }}
+      - name: Extract arch
+        run: |
+          echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
+        env:
+          PLATFORMS: ${{ inputs.PLATFORMS }}
+      - name: Extract linux arch
+        if: inputs.PACKAGE == 'rpm'
+        run: |
+          echo "LARCH=${{ env.ARCH }}" | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' >> "$GITHUB_ENV"
+        env:
+          ARCH: ${{ env.ARCH }}
+      - name: Extract linux arch
+        if: inputs.PACKAGE == 'deb'
+        run: |
+          echo "LARCH=${{ env.ARCH }}" >> "$GITHUB_ENV"
+        env:
+          ARCH: ${{ env.ARCH }}
+      - name: Setup SSH for ARM node
+        if: startsWith(env.ARCH, 'arm') == true
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
+          chmod 600 ~/.ssh/id_rsa_arm
+          echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
+          echo "ServerAliveInterval 60" >> ~/.ssh/config
+          echo "ServerAliveCountMax 10" >> ~/.ssh/config
+        env:
+          SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+          SSH_IP: ${{ secrets.ARM_SSH_IP }}
+          SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        if: startsWith(env.ARCH, 'arm') == false
+      - name: Setup Buildx (ARM)
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        if: startsWith(env.ARCH, 'arm') == true
+        with:
+          endpoint: ssh://root@arm
+          platforms: linux/arm64,linux/arm/v7,linux/arm/v6
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # Build testing package image
+      - name: Build package image
+        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          load: true
+          file: src/linux/Dockerfile-${{ inputs.LINUX }}
+          platforms: ${{ inputs.PLATFORMS }}
+          tags: local/bunkerweb-${{ inputs.LINUX }}:latest
+          cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}
+          cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }},mode=min
+      # Build non-testing package image
+      - name: Build package image
+        if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          load: true
+          file: src/linux/Dockerfile-${{ inputs.LINUX }}
+          platforms: ${{ inputs.PLATFORMS }}
+          tags: local/bunkerweb-${{ inputs.LINUX }}:latest
+      # Generate package
+      - name: Generate package
+        if: startsWith(env.ARCH, 'arm') == false
+        run: ./src/linux/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }}
+        env:
+          LARCH: ${{ env.LARCH }}
+      - name: Generate package (ARM)
+        if: startsWith(env.ARCH, 'arm') == true
+        run: |
+          docker save local/bunkerweb-${{ inputs.LINUX }}:latest | ssh -C root@arm docker load
+          scp ./src/linux/package.sh root@arm:/opt
+          ssh root@arm chmod +x /opt/package.sh
+          ssh root@arm /opt/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }} "$(cat src/VERSION | tr -d '\n')"
+          scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
+        env:
+          LARCH: ${{ env.LARCH }}
+      - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        with:
+          name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
+          path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
+      # Build test image
+      - name: Extract metadata
+        if: inputs.TEST == true
+        id: meta
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        with:
+          images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
+      - name: Build test image
+        if: inputs.TEST == true
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          file: tests/linux/Dockerfile-${{ inputs.LINUX }}
+          platforms: ${{ inputs.PLATFORMS }}
+          push: true
+          tags: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}-tests
+          cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}-tests,mode=min
--- a/.github/workflows/push-doc.yml
+++ b/.github/workflows/push-doc.yml
@ -0,0 +1,41 @@
+name: Push documentation (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      VERSION:
+        required: true
+        type: string
+      ALIAS:
+        required: true
+        type: string
+    secrets:
+      BUNKERBOT_TOKEN:
+        required: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.BUNKERBOT_TOKEN }}
+      - name: Replace VERSION
+        if: inputs.VERSION == 'testing'
+        run: ./misc/update-version.sh testing
+      - name: Setup git user
+        run: |
+          git config --global user.name "BunkerBot"
+          git config --global user.email "bunkerbot@bunkerity.com"
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.10"
+      - name: Install doc dependencies
+        run: pip install --no-cache-dir --require-hashes -r docs/requirements.txt && sudo apt install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev
+      - name: Push doc
+        run: mike deploy --update-aliases --push --alias-type=copy ${{ inputs.VERSION }} ${{ inputs.ALIAS }}
+      - name: Set default doc
+        if: inputs.ALIAS == 'latest'
+        run: mike set-default --push latest
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@ -0,0 +1,84 @@
+name: Push image (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      IMAGE:
+        required: true
+        type: string
+      TAGS:
+        required: true
+        type: string
+      CACHE_FROM:
+        required: true
+        type: string
+      DOCKERFILE:
+        required: true
+        type: string
+    secrets:
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_TOKEN:
+        required: true
+      ARM_SSH_KEY:
+        required: true
+      ARM_SSH_CONFIG:
+        required: true
+      ARM_SSH_IP:
+        required: true
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Check out repository code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup SSH for ARM node
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
+          chmod 600 ~/.ssh/id_rsa_arm
+          echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
+          echo "ServerAliveInterval 60" >> ~/.ssh/config
+          echo "ServerAliveCountMax 10" >> ~/.ssh/config
+        env:
+          SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+          SSH_IP: ${{ secrets.ARM_SSH_IP }}
+          SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+      - name: Setup Buildx (ARM)
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        with:
+          endpoint: ssh://root@arm
+          platforms: linux/arm64,linux/arm/v7,linux/arm/v6
+      # Compute metadata
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        with:
+          images: bunkerity/${{ inputs.IMAGE }}
+      # Build and push
+      - name: Build and push
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          file: ${{ inputs.DOCKERFILE }}
+          platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7
+          push: true
+          tags: ${{ inputs.TAGS }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: |
+            type=gha,scope=${{ inputs.CACHE_FROM }}-amd64
+            type=gha,scope=${{ inputs.CACHE_FROM }}-386
+            type=gha,scope=${{ inputs.CACHE_FROM }}-arm
--- a/.github/workflows/push-github.yml
+++ b/.github/workflows/push-github.yml
@ -0,0 +1,97 @@
+name: Push on GitHub (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      VERSION:
+        required: true
+        type: string
+      PRERELEASE:
+        required: true
+        type: boolean
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      # Get PDF doc
+      - name: Get documentation
+        if: inputs.VERSION != 'testing'
+        uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
+        with:
+          name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
+      # Create tag
+      - uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
+        name: Create tag
+        if: inputs.VERSION != 'testing'
+        with:
+          tag: "v${{ inputs.VERSION }}"
+          message: "v${{ inputs.VERSION }}"
+          force_push_tag: true
+      # Create tag
+      - uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
+        name: Create tag
+        if: inputs.VERSION == 'testing'
+        with:
+          tag: "${{ inputs.VERSION }}"
+          message: "${{ inputs.VERSION }}"
+          force_push_tag: true
+      # Extract changelog
+      - name: Extract changelog
+        if: inputs.VERSION != 'testing'
+        id: getchangelog
+        run: |
+          content=$(awk -v n=2 '/##/{n--}; n > 0' CHANGELOG.md | grep -v '# Changelog' | grep -v '##' | sed '/^$/d')
+          content="${content//'%'/'%25'}"
+          content="${content//$'\n'/'%0A'}"
+          content="${content//$'\r'/'%0D'}"
+          echo "content=$content" >> $GITHUB_OUTPUT
+      # Create release
+      - name: Create release
+        if: inputs.VERSION != 'testing'
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+        with:
+          body: |
+            Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
+
+            Docker tags :
+            - BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
+            - Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
+            - Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
+            - UI : `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
+
+            Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
+
+            Changelog :
+            ${{ steps.getchangelog.outputs.content }}
+          draft: true
+          prerelease: ${{ inputs.PRERELEASE }}
+          name: v${{ inputs.VERSION }}
+          tag_name: v${{ inputs.VERSION }}
+          discussion_category_name: Announcements
+          files: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
+      # Create release
+      - name: Create release
+        if: inputs.VERSION == 'testing'
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+        with:
+          body: |
+            **The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.**
+
+            Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/
+
+            Docker tags :
+            - BunkerWeb : `bunkerity/bunkerweb:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb:${{ inputs.VERSION }}`
+            - Scheduler : `bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-scheduler:${{ inputs.VERSION }}`
+            - Autoconf : `bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-autoconf:${{ inputs.VERSION }}`
+            - UI : `bunkerity/bunkerweb-ui:${{ inputs.VERSION }}` or `ghcr.io/bunkerity/bunkerweb-ui:${{ inputs.VERSION }}`
+
+            Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=${{ inputs.VERSION }}&filter=all&dist=
+
+            Please note that when using Linux Debian or Ubuntu integration, you will need to add the `force-bad-version` directive to your `/etc/dpkg/dpkg.cfg` file before installing the testing version of BunkerWeb.
+          draft: false
+          prerelease: ${{ inputs.PRERELEASE }}
+          name: Testing
+          tag_name: ${{ inputs.VERSION }}
--- a/.github/workflows/push-packagecloud.yml
+++ b/.github/workflows/push-packagecloud.yml
@ -0,0 +1,79 @@
+name: Push packagecloud (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      SEPARATOR:
+        required: true
+        type: string
+      SUFFIX:
+        required: true
+        type: string
+      REPO:
+        required: true
+        type: string
+      LINUX:
+        required: true
+        type: string
+      VERSION:
+        required: true
+        type: string
+      PACKAGE:
+        required: true
+        type: string
+      BW_VERSION:
+        required: true
+        type: string
+      ARCH:
+        required: true
+        type: string
+      PACKAGE_ARCH:
+        required: true
+        type: string
+    secrets:
+      PACKAGECLOUD_TOKEN:
+        required: true
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Check out repository code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Install ruby
+        uses: ruby/setup-ruby@bd03e04863f52d169e18a2b190e8fa6b84938215 # v1.170.0
+        with:
+          ruby-version: "3.0"
+      - name: Install packagecloud
+        run: gem install package_cloud
+      # Download packages
+      - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
+        if: inputs.LINUX != 'el'
+        with:
+          name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
+          path: /tmp/${{ inputs.LINUX }}
+      - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
+        if: inputs.LINUX == 'el'
+        with:
+          name: package-rhel-${{ inputs.PACKAGE_ARCH }}
+          path: /tmp/${{ inputs.LINUX }}
+      # Remove existing packages
+      - name: Remove existing package
+        run: package_cloud yank bunkerity/${{ inputs.REPO }}/${{ inputs.LINUX }}/${{ inputs.VERSION }} bunkerweb${{ inputs.SEPARATOR }}${{ inputs.BW_VERSION }}${{ inputs.SEPARATOR }}${{ inputs.SUFFIX }}${{ inputs.PACKAGE_ARCH }}.${{ inputs.PACKAGE }}
+        continue-on-error: true
+        env:
+          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
+      # Update name
+      # - name: Rename package
+      #   if: inputs.BW_VERSION == 'testing'
+      #   run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
+      # Push package
+      - name: Push package to packagecloud
+        uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
+        with:
+          PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
+          PACKAGECLOUD-USERNAME: bunkerity
+          PACKAGECLOUD-REPO: ${{ inputs.REPO }}
+          PACKAGECLOUD-DISTRIB: ${{ inputs.LINUX }}/${{ inputs.VERSION }}
+          PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,295 @@
+name: Automatic push (RELEASE)
+
+permissions: read-all
+
+on:
+  push:
+    branches: [master]
+
+jobs:
+  scorecards-analysis:
+    uses: ./.github/workflows/scorecards-analysis.yml
+
+  codeql:
+    uses: ./.github/workflows/codeql.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+  # Build amd64 + 386 containers images
+  build-containers:
+    strategy:
+      matrix:
+        image: [bunkerweb, scheduler, autoconf, ui]
+        arch: [linux/amd64, linux/386]
+        include:
+          - release: latest
+            cache: false
+            push: false
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+          - arch: linux/amd64
+            cache_suffix: amd64
+          - arch: linux/386
+            cache_suffix: "386"
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: ${{ matrix.release }}
+      ARCH: ${{ matrix.arch }}
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+      CACHE: ${{ matrix.cache }}
+      PUSH: ${{ matrix.push }}
+      CACHE_SUFFIX: ${{ matrix.cache_suffix }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  # Create ARM environment
+  create-arm:
+    uses: ./.github/workflows/create-arm.yml
+    secrets:
+      SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
+      SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
+      SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+      SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Build arm64 + arm/v7 images
+  build-containers-arm:
+    needs: [create-arm]
+    strategy:
+      matrix:
+        image: [bunkerweb, scheduler, autoconf, ui]
+        arch: ["linux/arm64,linux/arm/v7"]
+        include:
+          - release: latest
+            cache: false
+            push: false
+            cache_suffix: arm
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: ${{ matrix.release }}
+      ARCH: ${{ matrix.arch }}
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+      CACHE: ${{ matrix.cache }}
+      PUSH: ${{ matrix.push }}
+      CACHE_SUFFIX: ${{ matrix.cache_suffix }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Build Linux packages
+  build-packages:
+    needs: [create-arm]
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, rhel]
+        platforms: [linux/amd64, linux/arm64]
+        include:
+          - release: latest
+          - linux: ubuntu
+            package: deb
+          - linux: debian
+            package: deb
+          - linux: fedora
+            package: rpm
+          - linux: rhel
+            package: rpm
+    uses: ./.github/workflows/linux-build.yml
+    with:
+      RELEASE: ${{ matrix.release }}
+      LINUX: ${{ matrix.linux }}
+      PACKAGE: ${{ matrix.package }}
+      TEST: false
+      PLATFORMS: ${{ matrix.platforms }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Wait for all builds and extract VERSION
+  wait-builds:
+    runs-on: ubuntu-latest
+    needs: [codeql, build-containers, build-containers-arm, build-packages]
+    outputs:
+      version: ${{ steps.getversion.outputs.version }}
+      versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Get VERSION
+        id: getversion
+        run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
+      - name: Get VERSION (for RPM based)
+        id: getversionrpm
+        run: echo "versionrpm=$(cat src/VERSION | tr -d '\n' | sed 's/-/_/g')" >> "$GITHUB_OUTPUT"
+
+  # Push Docker images
+  push-images:
+    permissions:
+      contents: read
+      packages: write
+    needs: [create-arm, wait-builds]
+    strategy:
+      matrix:
+        image:
+          [bunkerweb, bunkerweb-scheduler, bunkerweb-autoconf, bunkerweb-ui]
+        include:
+          - release: latest
+          - image: bunkerweb
+            cache_from: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: bunkerweb-scheduler
+            cache_from: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: bunkerweb-autoconf
+            cache_from: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: bunkerweb-ui
+            cache_from: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/push-docker.yml
+    with:
+      IMAGE: ${{ matrix.image }}
+      TAGS: bunkerity/${{ matrix.image }}:${{ matrix.release }},bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }},ghcr.io/bunkerity/${{ matrix.image }}:${{ matrix.release }},ghcr.io/bunkerity/${{ matrix.image }}:${{ needs.wait-builds.outputs.version }}
+      CACHE_FROM: ${{ matrix.cache_from }}-${{ matrix.release }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+      ARM_SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
+      ARM_SSH_IP: ${{ needs.create-arm.outputs.ip }}
+      ARM_SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
+
+  # Push Linux packages
+  push-packages:
+    needs: [wait-builds]
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, el]
+        arch: [amd64, arm64]
+        include:
+          - release: latest
+            repo: bunkerweb
+          - linux: ubuntu
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
+          - linux: debian
+            separator: _
+            suffix: ""
+            version: bookworm
+            package: deb
+          - linux: fedora
+            separator: "-"
+            suffix: "1."
+            version: 39
+            package: rpm
+          - linux: el
+            separator: "-"
+            suffix: "1."
+            version: 8
+            package: rpm
+          - linux: ubuntu
+            arch: amd64
+            package_arch: amd64
+          - linux: debian
+            arch: amd64
+            package_arch: amd64
+          - linux: fedora
+            arch: amd64
+            package_arch: x86_64
+          - linux: el
+            arch: amd64
+            package_arch: x86_64
+          - linux: ubuntu
+            arch: arm64
+            package_arch: arm64
+          - linux: debian
+            arch: arm64
+            package_arch: arm64
+          - linux: fedora
+            arch: arm64
+            package_arch: aarch64
+          - linux: el
+            arch: arm64
+            package_arch: aarch64
+    uses: ./.github/workflows/push-packagecloud.yml
+    with:
+      SEPARATOR: ${{ matrix.separator }}
+      SUFFIX: ${{ matrix.suffix }}
+      REPO: ${{ matrix.repo }}
+      LINUX: ${{ matrix.linux }}
+      VERSION: ${{ matrix.version }}
+      PACKAGE: ${{ matrix.package }}
+      BW_VERSION: ${{ matrix.package == 'rpm' && needs.wait-builds.outputs.versionrpm || needs.wait-builds.outputs.version }}
+      PACKAGE_ARCH: ${{ matrix.package_arch }}
+      ARCH: ${{ matrix.arch }}
+    secrets:
+      PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
+
+  # Create doc PDF
+  doc-pdf:
+    needs: [wait-builds, push-images, push-packages]
+    uses: ./.github/workflows/doc-to-pdf.yml
+    with:
+      VERSION: ${{ needs.wait-builds.outputs.version }}
+
+  # Push on GH
+  push-gh:
+    needs: [wait-builds, doc-pdf]
+    permissions:
+      contents: write
+      discussions: write
+    uses: ./.github/workflows/push-github.yml
+    with:
+      VERSION: ${{ needs.wait-builds.outputs.version }}
+      PRERELEASE: false
+
+  # Push doc
+  push-doc:
+    needs: [wait-builds, push-gh]
+    permissions:
+      contents: write
+    uses: ./.github/workflows/push-doc.yml
+    with:
+      VERSION: ${{ needs.wait-builds.outputs.version }}
+      ALIAS: latest
+    secrets:
+      BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
+
+  # Remove ARM VM
+  rm-arm:
+    if: ${{ always() }}
+    needs: [create-arm, push-images, build-packages]
+    uses: ./.github/workflows/rm-arm.yml
+    secrets:
+      ARM_ID: ${{ needs.create-arm.outputs.id }}
+      SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
+      SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
+      SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+      SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
--- a/.github/workflows/rm-arm.yml
+++ b/.github/workflows/rm-arm.yml
@ -0,0 +1,32 @@
+name: Create ARM node (REUSABLE)
+
+on:
+  workflow_call:
+    secrets:
+      SCW_ACCESS_KEY:
+        required: true
+      SCW_SECRET_KEY:
+        required: true
+      SCW_DEFAULT_PROJECT_ID:
+        required: true
+      SCW_DEFAULT_ORGANIZATION_ID:
+        required: true
+      ARM_ID:
+        required: true
+
+jobs:
+  rm:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Delete ARM VM
+        uses: scaleway/action-scw@c718eca1fcb9fec1fb1433752d61599c6a0ad2e9
+        with:
+          args: instance server delete ${{ secrets.ARM_ID }} zone=fr-par-2 with-ip=true with-volumes=all force-shutdown=true
+          access-key: ${{ secrets.SCW_ACCESS_KEY }}
+          secret-key: ${{ secrets.SCW_SECRET_KEY }}
+          default-project-id: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+          default-organization-id: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@ -0,0 +1,30 @@
+name: Scorecard analysis workflow
+
+on:
+  branch_protection_rule:
+  schedule:
+    # Weekly on Saturdays.
+    - cron: "30 1 * * 6"
+  workflow_call:
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+      - name: "Upload SARIF results to code scanning"
+        uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
+        with:
+          sarif_file: results.sarif
--- a/.github/workflows/staging-create-infra.yml
+++ b/.github/workflows/staging-create-infra.yml
@ -0,0 +1,62 @@
+name: Create staging infra (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      TYPE:
+        required: true
+        type: string
+    secrets:
+      CICD_SECRETS:
+        required: true
+      SECRET_KEY:
+        required: true
+      K8S_IP:
+        required: true
+
+jobs:
+  create:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Generate SSH keypair
+        run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n  StrictHostKeyChecking no" > ~/.ssh/ssh_config
+        if: inputs.TYPE != 'k8s'
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
+      - name: Install kubectl
+        uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
+        if: inputs.TYPE == 'k8s'
+        with:
+          version: "v1.28.2"
+      - name: Set up Python 3.12
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        if: inputs.TYPE != 'k8s'
+        with:
+          python-version: "3.12"
+      - name: Install ansible
+        run: pip install --no-cache-dir --require-hashes -r misc/requirements-ansible.txt
+        if: inputs.TYPE != 'k8s'
+      - name: Install ansible libs
+        run: ansible-galaxy install --timeout 120 monolithprojects.github_actions_runner,1.18.1 && ansible-galaxy collection install --timeout 120 community.general && ansible-galaxy collection install --timeout 120 community.docker
+        if: inputs.TYPE != 'k8s'
+      # Create infra
+      - run: ./tests/create.sh ${{ inputs.TYPE }}
+        env:
+          CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+          K8S_IP: ${{ secrets.K8S_IP }}
+      - run: |
+          tar -cf terraform.tar /tmp/${{ inputs.TYPE }}
+          echo "$SECRET_KEY" > /tmp/.secret_key
+          openssl enc -in terraform.tar -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out terraform.tar.enc
+          rm -f /tmp/.secret_key
+        if: always()
+        env:
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        if: always()
+        with:
+          name: tf-${{ inputs.TYPE }}
+          path: terraform.tar.enc
--- a/.github/workflows/staging-delete-infra.yml
+++ b/.github/workflows/staging-delete-infra.yml
@ -0,0 +1,49 @@
+name: Delete staging infra (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      TYPE:
+        required: true
+        type: string
+    secrets:
+      CICD_SECRETS:
+        required: true
+      SECRET_KEY:
+        required: true
+
+jobs:
+  delete:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
+      - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
+        with:
+          name: tf-${{ inputs.TYPE }}
+          path: /tmp
+      - run: |
+          echo "$SECRET_KEY" > /tmp/.secret_key
+          openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
+          rm -f /tmp/.secret_key
+          tar xf /tmp/terraform.tar -C / && mkdir ~/.ssh && touch ~/.ssh/id_rsa.pub
+        env:
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
+        if: inputs.TYPE == 'k8s'
+        with:
+          version: "v1.28.2"
+      # Remove infra
+      - run: kubectl delete daemonsets,replicasets,services,deployments,pods,rc,ingress,statefulsets --all --all-namespaces --timeout=60s ; kubectl delete pvc --all --timeout=60s ; kubectl delete pv --all --timeout=60s
+        if: inputs.TYPE == 'k8s'
+        continue-on-error: true
+        env:
+          KUBECONFIG: /tmp/k8s/kubeconfig
+      - run: ./tests/rm.sh ${{ inputs.TYPE }}
+        env:
+          CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
--- a/.github/workflows/staging-tests.yml
+++ b/.github/workflows/staging-tests.yml
@ -0,0 +1,138 @@
+name: Perform staging tests (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      TYPE:
+        required: true
+        type: string
+      RUNS_ON:
+        required: true
+        type: string
+    # secrets:
+    #   PRIVATE_REGISTRY:
+    #     required: true
+    #   PRIVATE_REGISTRY_TOKEN:
+    #     required: true
+    #   TEST_DOMAINS:
+    #     required: true
+    #   ROOT_DOMAIN:
+    #     required: true
+
+jobs:
+  tests:
+    runs-on: ${{ fromJSON(inputs.RUNS_ON) }}
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing local/bunkerweb-tests:latest
+        if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
+      - run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing local/scheduler-tests:latest
+        if: contains(fromJSON('["linux", "k8s"]'), inputs.TYPE) != true
+      - run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing local/autoconf-tests:latest
+        if: contains(fromJSON('["autoconf", "swarm"]'), inputs.TYPE)
+      - name: Push images to local repo
+        run: docker tag local/bunkerweb-tests:latest 192.168.42.100:5000/bunkerweb-tests:latest && docker push 192.168.42.100:5000/bunkerweb-tests:latest && docker tag local/scheduler-tests:latest 192.168.42.100:5000/scheduler-tests:latest && docker push 192.168.42.100:5000/scheduler-tests:latest && docker tag local/autoconf-tests:latest 192.168.42.100:5000/autoconf-tests:latest && docker push 192.168.42.100:5000/autoconf-tests:latest
+        if: inputs.TYPE == 'swarm'
+      - name: Install test dependencies
+        run: pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
+      - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
+        with:
+          name: tf-k8s
+          path: /tmp
+        if: inputs.TYPE == 'k8s'
+      - run: |
+          echo "$SECRET_KEY" > /tmp/.secret_key
+          openssl enc -d -in /tmp/terraform.tar.enc -aes-256-cbc -pbkdf2 -iter 100000 -md sha256 -pass file:/tmp/.secret_key -out /tmp/terraform.tar
+          rm -f /tmp/.secret_key
+          tar xf /tmp/terraform.tar -C /
+          mkdir /tmp/reg
+          cp tests/terraform/k8s-reg.tf /tmp/reg
+          cp tests/terraform/providers.tf /tmp/reg
+          cd /tmp/reg
+          export TF_VAR_k8s_reg_user=${REG_USER}
+          export TF_VAR_k8s_reg_token=${REG_TOKEN}
+          terraform init
+          terraform apply -auto-approve
+        env:
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          REG_USER: ${{ github.actor }}
+          REG_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: inputs.TYPE == 'k8s'
+      - uses: azure/setup-kubectl@901a10e89ea615cf61f57ac05cecdf23e7de06d8 # v3.2
+        if: inputs.TYPE == 'k8s'
+        with:
+          version: "v1.28.2"
+      - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
+        if: inputs.TYPE == 'k8s'
+      - name: Pull BW linux ubuntu test image
+        if: inputs.TYPE == 'linux'
+        run: docker pull ghcr.io/bunkerity/ubuntu-tests:testing && docker tag ghcr.io/bunkerity/ubuntu-tests:testing local/ubuntu:latest
+      - name: Pull BW linux debian test image
+        if: inputs.TYPE == 'linux'
+        run: docker pull ghcr.io/bunkerity/debian-tests:testing && docker tag ghcr.io/bunkerity/debian-tests:testing local/debian:latest
+      - name: Pull BW linux fedora test image
+        if: inputs.TYPE == 'linux'
+        run: docker pull ghcr.io/bunkerity/fedora-tests:testing && docker tag ghcr.io/bunkerity/fedora-tests:testing local/fedora:latest
+      - name: Pull BW linux rhel test image
+        if: inputs.TYPE == 'linux'
+        run: docker pull ghcr.io/bunkerity/rhel-tests:testing && docker tag ghcr.io/bunkerity/rhel-tests:testing local/rhel:latest
+      # Do tests
+      - name: Run tests
+        if: inputs.TYPE == 'docker'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_DOCKER }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run tests
+        if: inputs.TYPE == 'autoconf'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_AUTOCONF }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run tests
+        if: inputs.TYPE == 'swarm'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_SWARM }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run tests
+        if: inputs.TYPE == 'k8s'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "kubernetes"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_KUBERNETES }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+          KUBECONFIG: "/tmp/k8s/kubeconfig"
+          PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
+          IMAGE_TAG: "testing"
+      - name: Run Linux ubuntu tests
+        if: inputs.TYPE == 'linux'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run Linux debian tests
+        if: inputs.TYPE == 'linux'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run Linux fedora tests
+        if: inputs.TYPE == 'linux'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
+      - name: Run Linux rhel tests
+        if: inputs.TYPE == 'linux'
+        run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "rhel"
+        env:
+          TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
+          ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@ -0,0 +1,272 @@
+name: Automatic tests (STAGING)
+
+permissions: read-all
+
+on:
+  push:
+    branches: [staging]
+
+jobs:
+  # Build Docker images
+  build-containers:
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        image: [bunkerweb, scheduler, autoconf, ui]
+        include:
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: autoconf
+            dockerfile: src/autoconf/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: testing
+      ARCH: linux/amd64
+      CACHE: true
+      PUSH: true
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  # Build Linux packages
+  build-packages:
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, rhel]
+        include:
+          - linux: ubuntu
+            package: deb
+          - linux: debian
+            package: deb
+          - linux: fedora
+            package: rpm
+          - linux: rhel
+            package: rpm
+    uses: ./.github/workflows/linux-build.yml
+    with:
+      RELEASE: testing
+      LINUX: ${{ matrix.linux }}
+      PACKAGE: ${{ matrix.package }}
+      TEST: true
+      PLATFORMS: linux/amd64
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  codeql:
+    uses: ./.github/workflows/codeql.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+  # Create infrastructures and prepare tests
+  create-infras:
+    needs: [codeql, build-containers, build-packages]
+    strategy:
+      matrix:
+        type: [docker, autoconf, swarm, k8s, linux]
+    uses: ./.github/workflows/staging-create-infra.yml
+    with:
+      TYPE: ${{ matrix.type }}
+    secrets:
+      CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      K8S_IP: ${{ secrets.K8S_IP }}
+  prepare-tests-core:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - id: set-matrix
+        run: |
+          tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
+          echo "tests=$tests" >> $GITHUB_OUTPUT
+    outputs:
+      tests: ${{ steps.set-matrix.outputs.tests }}
+
+  # Perform tests
+  tests-ui:
+    needs: [codeql, build-containers]
+    uses: ./.github/workflows/tests-ui.yml
+    with:
+      RELEASE: testing
+  tests-ui-linux:
+    needs: [codeql, build-packages]
+    uses: ./.github/workflows/tests-ui-linux.yml
+    with:
+      RELEASE: testing
+  staging-tests:
+    needs: [create-infras]
+    strategy:
+      matrix:
+        type: [docker, autoconf, swarm, k8s, linux]
+        include:
+          - type: docker
+            runs_on: "['self-hosted', 'bw-docker']"
+          - type: autoconf
+            runs_on: "['self-hosted', 'bw-autoconf']"
+          - type: swarm
+            runs_on: "['self-hosted', 'bw-swarm']"
+          - type: k8s
+            runs_on: "['ubuntu-latest']"
+          - type: linux
+            runs_on: "['self-hosted', 'bw-linux']"
+    uses: ./.github/workflows/staging-tests.yml
+    with:
+      TYPE: ${{ matrix.type }}
+      RUNS_ON: ${{ matrix.runs_on }}
+    secrets: inherit
+  tests-core:
+    needs: [build-containers, prepare-tests-core]
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
+    uses: ./.github/workflows/test-core.yml
+    with:
+      TEST: ${{ matrix.test }}
+      RELEASE: testing
+  tests-core-linux:
+    needs: [build-packages, prepare-tests-core]
+    strategy:
+      fail-fast: false
+      matrix:
+        test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
+    uses: ./.github/workflows/test-core-linux.yml
+    with:
+      TEST: ${{ matrix.test }}
+      RELEASE: testing
+    secrets: inherit
+
+  # Delete infrastructures
+  delete-infras:
+    if: ${{ always() }}
+    needs: [staging-tests]
+    strategy:
+      matrix:
+        type: [docker, autoconf, swarm, k8s, linux]
+    uses: ./.github/workflows/staging-delete-infra.yml
+    with:
+      TYPE: ${{ matrix.type }}
+    secrets:
+      CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+
+  # Push Docker images
+  push-images:
+    needs: [staging-tests, tests-ui, tests-core]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push BW image
+        run: docker pull ghcr.io/bunkerity/bunkerweb-tests:testing && docker tag ghcr.io/bunkerity/bunkerweb-tests:testing bunkerity/bunkerweb:testing && docker push bunkerity/bunkerweb:testing && docker tag bunkerity/bunkerweb:testing ghcr.io/bunkerity/bunkerweb:testing && docker push ghcr.io/bunkerity/bunkerweb:testing
+      - name: Push scheduler image
+        run: docker pull ghcr.io/bunkerity/scheduler-tests:testing && docker tag ghcr.io/bunkerity/scheduler-tests:testing bunkerity/bunkerweb-scheduler:testing && docker push bunkerity/bunkerweb-scheduler:testing && docker tag bunkerity/bunkerweb-scheduler:testing ghcr.io/bunkerity/bunkerweb-scheduler:testing && docker push ghcr.io/bunkerity/bunkerweb-scheduler:testing
+      - name: Push UI image
+        run: docker pull ghcr.io/bunkerity/ui-tests:testing && docker tag ghcr.io/bunkerity/ui-tests:testing bunkerity/bunkerweb-ui:testing && docker push bunkerity/bunkerweb-ui:testing && docker tag bunkerity/bunkerweb-ui:testing ghcr.io/bunkerity/bunkerweb-ui:testing && docker push ghcr.io/bunkerity/bunkerweb-ui:testing
+      - name: Push autoconf image
+        run: docker pull ghcr.io/bunkerity/autoconf-tests:testing && docker tag ghcr.io/bunkerity/autoconf-tests:testing bunkerity/bunkerweb-autoconf:testing && docker push bunkerity/bunkerweb-autoconf:testing && docker tag bunkerity/bunkerweb-autoconf:testing ghcr.io/bunkerity/bunkerweb-autoconf:testing && docker push ghcr.io/bunkerity/bunkerweb-autoconf:testing
+
+  # Push Linux packages
+  push-packages:
+    needs: [staging-tests, tests-ui-linux, tests-core-linux]
+    strategy:
+      matrix:
+        linux: [ubuntu, debian, fedora, el]
+        arch: [amd64]
+        include:
+          - release: testing
+            repo: bunkerweb
+          - linux: ubuntu
+            separator: _
+            suffix: ""
+            version: jammy
+            package: deb
+          - linux: debian
+            separator: _
+            suffix: ""
+            version: bookworm
+            package: deb
+          - linux: fedora
+            separator: "-"
+            suffix: "1."
+            version: 39
+            package: rpm
+          - linux: el
+            separator: "-"
+            suffix: "1."
+            version: 8
+            package: rpm
+          - linux: ubuntu
+            arch: amd64
+            package_arch: amd64
+          - linux: debian
+            arch: amd64
+            package_arch: amd64
+          - linux: fedora
+            arch: amd64
+            package_arch: x86_64
+          - linux: el
+            arch: amd64
+            package_arch: x86_64
+    uses: ./.github/workflows/push-packagecloud.yml
+    with:
+      SEPARATOR: ${{ matrix.separator }}
+      SUFFIX: ${{ matrix.suffix }}
+      REPO: ${{ matrix.repo }}
+      LINUX: ${{ matrix.linux }}
+      VERSION: ${{ matrix.version }}
+      PACKAGE: ${{ matrix.package }}
+      BW_VERSION: ${{ matrix.release }}
+      PACKAGE_ARCH: ${{ matrix.package_arch }}
+      ARCH: ${{ matrix.arch }}
+    secrets:
+      PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
+
+  # Push doc
+  push-doc:
+    needs: [push-images, push-packages]
+    permissions:
+      contents: write
+    uses: ./.github/workflows/push-doc.yml
+    with:
+      VERSION: testing
+      ALIAS: unstable
+    secrets:
+      BUNKERBOT_TOKEN: ${{ secrets.BUNKERBOT_TOKEN }}
+
+  # Push on GH
+  push-gh:
+    needs: [push-doc]
+    permissions:
+      contents: write
+      discussions: write
+    uses: ./.github/workflows/push-github.yml
+    with:
+      VERSION: testing
+      PRERELEASE: true
--- a/.github/workflows/test-core-linux.yml
+++ b/.github/workflows/test-core-linux.yml
@ -0,0 +1,103 @@
+name: Core test Linux (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      TEST:
+        required: true
+        type: string
+      RELEASE:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python 3.12
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.12"
+      - name: Install Firefox manually and dependencies
+        run: |
+          sudo add-apt-repository ppa:mozillateam/ppa -y
+          sudo apt purge -y firefox
+          echo '
+          Package: *
+          Pin: release o=LP-PPA-mozillateam
+          Pin-Priority: 1001
+
+          Package: firefox
+          Pin: version 1:1snap1-0ubuntu2
+          Pin-Priority: -1
+          ' | sudo tee /etc/apt/preferences.d/mozilla-firefox
+          sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
+      - name: Download geckodriver
+        uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
+        with:
+          max_attempts: 3
+          timeout_minutes: 20
+          command: |
+            GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
+            wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
+            sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
+            sudo chmod +x /usr/local/bin/geckodriver
+            rm -f geckodriver.tar.gz
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Pull BW linux ubuntu test image
+        run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
+      - name: Copy deb file to host
+        run: |
+          container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
+          docker cp "$container_id:/opt/bunkerweb_${{ inputs.RELEASE }}-1_amd64.deb" "/tmp/bunkerweb.deb"
+          docker rm "$container_id"
+      - name: Install NGINX
+        run: |
+          sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
+          curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+          echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
+          sudo apt update
+          sudo apt install -y nginx=1.24.0-1~jammy
+      - name: Fix version without a starting number
+        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
+        run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
+      - name: Edit configuration files
+        run: |
+          # Misc
+          echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
+          echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
+          echo "127.0.0.1 bwadm.example.com" | sudo tee -a /etc/hosts
+          sudo cp ./tests/www-deb.conf /etc/php/8.1/fpm/pool.d/www.conf
+          sudo systemctl stop php8.1-fpm
+          sudo systemctl start php8.1-fpm
+          # BunkerWeb
+          sudo mkdir -p /etc/bunkerweb
+          echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
+          echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
+          echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
+          echo 'API_LISTEN_IP=127.0.0.1' | sudo tee -a /etc/bunkerweb/variables.env
+          echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "SEND_ANONYMOUS_REPORT=no" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
+          sudo chown nginx:nginx /etc/bunkerweb/variables.env
+          sudo chmod 777 /etc/bunkerweb/variables.env
+      - name: Install BunkerWeb
+        run: sudo apt install -fy /tmp/bunkerweb.deb
+      - name: Run tests
+        run: |
+          export MAKEFLAGS="-j $(nproc)"
+          pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
+          cd tests/core/${{ inputs.TEST }}
+          find . -name "requirements.txt" -exec pip install --no-cache-dir --require-hashes --no-deps -r {} \;
+          sudo truncate -s 0 /var/log/bunkerweb/error.log
+          ./test.sh "linux"
--- a/.github/workflows/test-core.yml
+++ b/.github/workflows/test-core.yml
@ -0,0 +1,36 @@
+name: Core test (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      TEST:
+        required: true
+        type: string
+      RELEASE:
+        required: true
+        type: string
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Pull BW image
+        run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
+      - name: Pull Scheduler image
+        run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
+      # Run test
+      - name: Run test
+        run: |
+          cd ./tests/core/${{ inputs.TEST }}
+          find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb:.*@bunkerweb-tests@" {} \;
+          find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb-scheduler:.*@scheduler-tests@" {} \;
+          ./test.sh "docker" "${{ inputs.TEST }}"
--- a/.github/workflows/tests-ui-linux.yml
+++ b/.github/workflows/tests-ui-linux.yml
@ -0,0 +1,118 @@
+name: Core test Linux (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      RELEASE:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Set up Python 3.12
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.12"
+      - name: Install Firefox manually and dependencies
+        run: |
+          sudo add-apt-repository ppa:mozillateam/ppa -y
+          sudo apt purge -y firefox
+          echo '
+          Package: *
+          Pin: release o=LP-PPA-mozillateam
+          Pin-Priority: 1001
+
+          Package: firefox
+          Pin: version 1:1snap1-0ubuntu2
+          Pin-Priority: -1
+          ' | sudo tee /etc/apt/preferences.d/mozilla-firefox
+          sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip firefox
+      - name: Download geckodriver
+        uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
+        with:
+          max_attempts: 3
+          timeout_minutes: 20
+          command: |
+            GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
+            wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
+            sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
+            sudo chmod +x /usr/local/bin/geckodriver
+            rm -f geckodriver.tar.gz
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Pull BW linux ubuntu test image
+        run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
+      - name: Copy deb file to host
+        run: |
+          container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
+          docker cp "$container_id:/opt/bunkerweb_${{ inputs.RELEASE }}-1_amd64.deb" "/tmp/bunkerweb.deb"
+          docker rm "$container_id"
+      - name: Install NGINX
+        run: |
+          sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
+          curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+          echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
+          sudo apt update
+          sudo apt install -y nginx=1.24.0-1~jammy
+      - name: Fix version without a starting number
+        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
+        run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
+      - name: Edit configuration files
+        run: |
+          # Misc
+          echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
+          echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
+          echo "127.0.0.1 app2.example.com" | sudo tee -a /etc/hosts
+          # BunkerWeb
+          sudo mkdir -p /etc/bunkerweb
+          echo "SERVER_NAME=" | sudo tee /etc/bunkerweb/variables.env
+          echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
+          echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
+          echo 'API_LISTEN_IP=127.0.0.1' | sudo tee -a /etc/bunkerweb/variables.env
+          echo "MULTISITE=yes" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "SEND_ANONYMOUS_REPORT=no" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "DISABLE_DEFAULT_SERVER=yes" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "USE_CLIENT_CACHE=yes" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "USE_GZIP=yes" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "DATASTORE_MEMORY_SIZE=384m" | sudo tee -a /etc/bunkerweb/variables.env
+          echo "UI_HOST=http://127.0.0.1:7000" | sudo tee -a /etc/bunkerweb/variables.env
+          sudo touch /etc/bunkerweb/ui.env
+
+          sudo chown nginx:nginx /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
+          sudo chmod 777 /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
+      - name: Install BunkerWeb
+        run: sudo apt install -fy /tmp/bunkerweb.deb
+      - name: Run tests
+        run: |
+          export MAKEFLAGS="-j $(nproc)"
+          pip install --no-cache-dir --ignore-installed --require-hashes -r src/deps/requirements-deps.txt
+          pip install --no-cache-dir --require-hashes -r tests/ui/requirements.txt
+          cd ./tests/ui
+          touch test.txt
+          zip test.zip test.txt
+          rm test.txt
+          echo '{
+            "id": "discord",
+            "name": "Discord",
+            "description": "Send alerts to a Discord channel (using webhooks).",
+            "version": "0.1",
+            "stream": "no",
+            "settings": {}
+            }' | tee plugin.json
+          zip discord.zip plugin.json
+          rm plugin.json
+          ./tests.sh "linux"
+        env:
+          MODE: ${{ inputs.RELEASE }}
--- a/.github/workflows/tests-ui.yml
+++ b/.github/workflows/tests-ui.yml
@ -0,0 +1,34 @@
+name: Perform tests for UI (REUSABLE)
+
+on:
+  workflow_call:
+    inputs:
+      RELEASE:
+        required: true
+        type: string
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      # Prepare
+      - name: Checkout source code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Login to ghcr
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Pull BW image
+        run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
+      - name: Pull Scheduler image
+        run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
+      - name: Pull UI image
+        run: docker pull ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} ui-tests
+      # Do tests
+      - name: Run tests
+        run: |
+          cd ./tests/ui
+          ./tests.sh "docker"
+        env:
+          MODE: ${{ inputs.RELEASE }}
--- a/.github/workflows/ui.yml
+++ b/.github/workflows/ui.yml
@ -0,0 +1,75 @@
+name: Automatic tests (UI)
+
+permissions: read-all
+
+on:
+  push:
+    branches: [ui]
+
+jobs:
+  # Containers
+  build-containers:
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        image: [bunkerweb, scheduler, ui]
+        include:
+          - image: bunkerweb
+            dockerfile: src/bw/Dockerfile
+          - image: scheduler
+            dockerfile: src/scheduler/Dockerfile
+          - image: ui
+            dockerfile: src/ui/Dockerfile
+    uses: ./.github/workflows/container-build.yml
+    with:
+      RELEASE: ui
+      CACHE: true
+      ARCH: linux/amd64
+      IMAGE: ${{ matrix.image }}
+      DOCKERFILE: ${{ matrix.dockerfile }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  # Build Linux packages
+  build-packages:
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        linux: [ubuntu]
+        include:
+          - linux: ubuntu
+            package: deb
+    uses: ./.github/workflows/linux-build.yml
+    with:
+      RELEASE: ui
+      LINUX: ${{ matrix.linux }}
+      PACKAGE: ${{ matrix.package }}
+      TEST: true
+      PLATFORMS: linux/amd64
+    secrets:
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+  codeql:
+    uses: ./.github/workflows/codeql.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+  # UI tests
+  tests-ui:
+    needs: [codeql, build-containers]
+    uses: ./.github/workflows/tests-ui.yml
+    with:
+      RELEASE: ui
+  tests-ui-linux:
+    needs: [codeql, build-packages]
+    uses: ./.github/workflows/tests-ui-linux.yml
+    with:
+      RELEASE: ui
--- a/.gitignore
+++ b/.gitignore
@ -1,9 +1,9 @@
-*~
-*.swp
-*.swo
-t/servroot*
-/go
-/reindex
-/a.lua
-*.o
-*.so
+site/
+.idea/
+.vscode/
+__pycache__
+env
+node_modules
+/src/ui/*.txt
+.mypy_cache
+.cache/
--- a/.gitleaksignore
+++ b/.gitleaksignore
@ -0,0 +1 @@
+src/ui/templates/profile.html:hashicorp-tf-password:343
--- a/.luacheckrc
+++ b/.luacheckrc
@ -0,0 +1,2 @@
+globals = {"ngx", "delay", "unpack"}
+ignore = {"411"}
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,77 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+exclude: (^LICENSE.md$|^src/VERSION$|^env/|^src/(bw/misc/root-ca.pem$|deps/src/|common/core/modsecurity/files|ui/static/(js/(editor/|utils/purify/|tsparticles\.bundle\.min\.js)|css/dashboard\.css))|\.(svg|drawio|patch\d?|ascii|tf|tftpl|key)$)
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: c4a0b883114b00d8d76b479c820ce7950211c99b # frozen: v4.5.0
+    hooks:
+      - id: requirements-txt-fixer
+        name: Fix requirements.txt and requirements.in files
+        description: Sorts entries in requirements.txt and requirements.in files.
+        files: (requirements|constraints).*\.(txt|in)$
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+        exclude: ^(mkdocs.yml|examples/bigbluebutton/docker-compose.yml)$
+        args: ["--allow-multiple-documents"]
+      - id: check-case-conflict
+
+  - repo: https://github.com/psf/black
+    rev: ec91a2be3c44d88e1a3960a4937ad6ed3b63464e # frozen: 23.12.1
+    hooks:
+      - id: black
+        name: Black Python Formatter
+        language_version: python3.9
+
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: ffb6a759a979008c0e6dff86e39f4745a2d9eac4 # frozen: v3.1.0
+    hooks:
+      - id: prettier
+        name: Prettier Code Formatter
+
+  - repo: https://github.com/JohnnyMorganz/StyLua
+    rev: 84c370104d6a8d1eef00c80a3ebd42f7033aaaad # frozen: v0.20.0
+    hooks:
+      - id: stylua-github
+        exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
+
+  - repo: https://github.com/lunarmodules/luacheck
+    rev: 418f48976c73be697fe64b0eba9ea9821ac9bca8 # frozen: v1.1.2
+    hooks:
+      - id: luacheck
+        exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
+        args: ["--std", "min", "--codes", "--ranges", "--no-cache"]
+
+  - repo: https://github.com/pycqa/flake8
+    rev: 7d37d9032d0d161634be4554273c30efd4dea0b3 # frozen: 7.0.0
+    hooks:
+      - id: flake8
+        name: Flake8 Python Linter
+        args: ["--max-line-length=250", "--ignore=E266,E402,E722,W503"]
+
+  - repo: https://github.com/dosisod/refurb
+    rev: a295cee6d188f5797aefe5d7cf77a353ed48ea93 # frozen: v1.27.0
+    hooks:
+      - id: refurb
+        name: Refurb Python Refactoring Tool
+        exclude: ^tests/
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: 6e41aba91fb32e9feb741a6258eefeb9c6e4a482 # frozen: v2.2.6
+    hooks:
+      - id: codespell
+        name: Codespell Spell Checker
+        exclude: (^src/(ui/templates|common/core/.+/files|bw/loading)/.+.html|modsecurity-rules.conf.*)$
+        entry: codespell --ignore-regex="(tabEl|Widgits)" --skip src/ui/static/js/utils/flatpickr.js,src/ui/static/css/style.css,CHANGELOG.md
+        language: python
+        types: [text]
+
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: e815c559e3ac76227e8e7463cf3a6598b715687b # frozen: v8.18.1
+    hooks:
+      - id: gitleaks
+
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: 3f77b826548d8dc2d26675f077361c92773b50a7 # frozen: v0.9.0
+    hooks:
+      - id: shellcheck
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,20 @@
+docs/
+env/
+*/env/
+*.min*
+src/common/core/modsecurity/
+src/deps/src/
+mkdocs.yml
+CHANGELOG.md
+CONTRIBUTING.md
+CODE_OF_CONDUCT.md
+LICENSE.md
+README.md
+SECURITY.md
+tsparticles.bundle.min.js
+flatpickr.*
+src/ui/static/js/editor/*
+src/ui/static/js/utils/purify/*
+src/ui/templates/*
+datepicker-foundation.css
+examples/*
--- a/.trivyignore
+++ b/.trivyignore
@ -0,0 +1 @@
+CVE-2023-6129
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,367 @@
+# Changelog
+
+## v1.5.6 - YYYY/MM/DD
+
+- [MISC] Updated Linux base images in Dockerfiles
+- [DEPS] Updated stream-lua-nginx-module to v0.0.14
+- [DEPS] Updated lua-nginx-module version to v0.10.26
+- [DEPS] Updated libmaxminddb version to v1.9.1
+- [DEPS] Updated lua-resty-core to v0.1.28
+- [DEPS] Updated zlib version to v1.3.1
+
+## v1.5.5 - 2024/01/12
+
+- [BUGFIX] Fix issues with the database when upgrading from one version to a newer one
+- [BUGFIX] Fix ModSecurity-nginx to make it work with brotli
+- [BUGFIX] Remove certbot renew delay causing errors on k8s
+- [BUGFIX] Fix missing custom modsec files when BW instances change
+- [BUGFIX] Fix inconsistency on config changes when using Redis
+- [BUGFIX] Fix web UI not working when using / URL
+- [FEATURE] Add Anonymous reporting feature
+- [FEATURE] Add support for fallback Referrer-Policies
+- [FEATURE] Add 2FA support to web UI
+- [FEATURE] Add username and password management to web UI
+- [FEATURE] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies
+- [FEATURE] Add support for Redis Sentinel
+- [FEATURE] Add support for tls in Ingress definition
+- [MISC] Fallback to default HTTPS certificate to prevent errors
+- [MISC] Various internal improvements in LUA code
+- [MISC] Check nginx configuration before reload
+- [MISC] Updated Python Docker image to 3.12.1-alpine3.18 in Dockerfiles
+- [DEPS] Updated ModSecurity to v3.0.11
+
+## v1.5.4 - 2023/12/04
+
+- [UI] Add an optional setup wizard for the web UI
+- [BUGFIX] Fix issues with the Linux integration and external databases
+- [BUGFIX] Fix scheduler trying to connect to Docker socket in k8s and swarm
+- [LINUX] Support Debian 12, Fedora 39 and RHEL 8.9
+- [DOCKER] Handle start and stop event of BunkerWeb with the scheduler
+- [MISC] Refactor database session handling to make it more stable with SQLite
+- [MISC] Add conditional block for open file cache in nginx config
+- [MISC] Updated core dependencies
+- [MISC] Updated python dependencies
+- [MISC] Updated Python Docker image to 3.12.0-alpine3.18 in Dockerfiles
+
+## v1.5.3 - 2023/10/31
+
+- [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
+- [BUGFIX] Fix Custom configs not following the service name after an update on the UI
+- [BUGFIX] Fix UI clearing configs folder at startup
+- [BUGFIX] Fix Database not clearing old services when not using multisite
+- [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
+- [BUGFIX] Small fixes on linux paths creating unnecessary folders
+- [BUGFIX] Fix ACME renewal fails on redirection enabled Service
+- [BUGFIX] Fix errors when using a server name with multiple values in web UI
+- [BUGFIX] Fix error when deleting a service that have custom configs on web UI
+- [BUGFIX] Fix rare bug where database is locked
+- [MISC] Updated core dependencies
+- [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
+- [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
+- [MISC] Replaced gevent with gthread in UI for security reasons
+- [MISC] Add HTML sanitization when injecting code in pages in the UI
+- [MISC] Optimize the way the UI handles services creation and edition
+- [MISC] Optimize certbot renew script to renew all domains in one command
+- [MISC] Use capability instead of sudo in Linux
+- [SECURITY] Init work on OpenSSF best practices
+
+## v1.5.2 - 2023/09/10
+
+- [BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
+- [BUGFIX] Fix infinite loop when using autoconf
+- [BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
+- [BUGFIX] Fix logs page not working in UI on Linux integrations
+- [BUGFIX] Fix settings regex that had issues in general and with the UI
+- [BUGFIX] Fix scheduler error with external plugins when reloading
+- [BUGFIX] Fix permissions with folders in linux integrations
+- [MISC] Push Docker images to GitHub packages (ghcr.io repository)
+- [MISC] Improved CI/CD
+- [MISC] Updated python dependencies
+- [MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
+- [MISC] Add support for ModSecurity JSON LogFormat
+- [MISC] Updated OWASP coreruleset to 3.3.5
+
+## v1.5.1 - 2023/08/08
+
+- [BUGFIX] New version checker in logs displays "404 not found"
+- [BUGFIX] New version checker in UI
+- [BUGFIX] Only get the right keys from plugin.json files when importing plugins
+- [BUGFIX] Remove external resources for Google fonts in UI
+- [BUGFIX] Support multiple plugin uploads in one zip when using the UI
+- [BUGFIX] Variable being ignored instead of saved in the database when value is empty
+- [BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
+- [BUGFIX] Custom certificate bug after the refactoring
+- [BUGFIX] Wrong variables in header phase (fix CORS feature too)
+- [BUGFIX] UI not working in Ubuntu (python zope module)
+- [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
+- [BUGFIX] Custom configurations from env were not being deleted properly
+- [BUGFIX] Missing concepts image not displayed in the documentation
+- [BUGFIX] Scheduler not picking up new instances IPs in autoconf modes
+- [BUGFIX] Autoconf deadlock in k8s
+- [BUGFIX] Missing HTTP and HTTPS ports for temp nginx
+- [BUGFIX] Infinite loop when sessions is not valid
+- [BUGFIX] Missing valid LE certificates in edge cases
+- [BUGFIX] Wrong service namespace in k8s
+- [BUGFIX] DNS_RESOLVERS regex not accepting hostnames
+- [PERFORMANCE] Reduce CPU and RAM usage of scheduler
+- [PERFORMANCE] Cache ngx.ctx instead of loading it each time
+- [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
+- [FEATURE] Add Turnstile antibot mode
+- [FEATURE] Add more CORS headers
+- [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
+- [FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
+- [FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
+- [FEATURE] Add X-Forwarded-Prefix header when using reverse proxy
+- [FEATURE] Add REDIRECT_TO_STATUS_CODE to choose status code 301 or 302 when redirecting
+- [DOCUMENTATION] Add timezone information
+- [DOCUMENTATION] Add timezone informat
+- [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
+- [MISC] Temp remove VMWare provider for Vagrant integration
+- [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
+- [MISC] Move logs to /var/log/bunkerweb folder
+- [MISC] Reduce "Got an error reading communication packets" warnings in mariadb/mysql
+
+## v1.5.0 - 2023/05/23
+
+- Refactoring of almost all the components of the project
+- Dedicated scheduler service to manage jobs and configuration
+- Store configuration in a database backend
+- Improved web UI and make it working with all integrations
+- Improved internal LUA code
+- Improved internal cache of BW
+- Add Redis support when using clustered integrations
+- Add RHEL integration
+- Add Vagrant integration
+- Init support of generic TCP/UDP (stream)
+- Init support of IPv6
+- Improved CI/CD : UI tests, core tests and release automation
+- Reduce Docker images size
+- Fix and improved core plugins : antibot, cors, dnsbl, ...
+- Use PCRE regex instead of LUA patterns
+- Connectivity tests at startup/reload with logging
+
+## v1.5.0-beta - 2023/05/02
+
+- Refactoring of almost all the components of the project
+- Dedicated scheduler service to manage jobs and configuration
+- Store configuration in a database backend
+- Improved web UI and make it working with all integrations
+- Improved internal LUA code
+- Improved internal cache of BW
+- Add Redis support when using clustered integrations
+- Add RHEL integration
+- Add Vagrant integration
+- Init support of generic TCP/UDP (stream)
+- Init support of IPv6
+- Improved CI/CD : UI tests, core tests and release automation
+- Reduce Docker images size
+- Fix and improved core plugins : antibot, cors, dnsbl, ...
+- Use PCRE regex instead of LUA patterns
+- Connectivity tests at startup/reload with logging
+
+## v1.4.8 - 2023/04/05
+
+- Fix UI bug related to multiple settings
+- Increase check reload interval in UI to avoid rate limit
+- Fix Let's Encrypt error when using auth basic
+- Fix wrong setting name in realip job (again)
+- Fix blog posts retrieval in the UI
+- Fix missing logs for UI
+- Fix error log if BunkerNet ip list is empty
+- Updated python dependencies
+- Gunicorn will now show the logs in the console for the UI
+- BunkerNet job will now create the ip list file at the beginning of the job to avoid errors
+
+## v1.4.7 - 2023/02/27
+
+- Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS (again)
+- Fix wrong setting name in realip job
+- Fix whitelisting not working with modsecurity
+
+## v1.4.6 - 2023/02/14
+
+- Fix error in the UI when a service have multiple domains
+- Fix bwcli bans command
+- Fix documentation about Linux Fedora install
+- Fix DISABLE_DEFAULT_SERVER=yes not working with HTTPS
+- Add INTERCEPTED_ERROR_CODES setting
+
+## v1.4.5 - 2022/11/26
+
+- Fix bwcli syntax error
+- Fix UI not working using Linux integration
+- Fix missing openssl dep in autoconf
+- Fix typo in selfsigned job
+
+## v1.4.4 - 2022/11/10
+
+- Fix k8s controller not watching the events when there is an exception
+- Fix python dependencies bug in CentOS and Fedora
+- Fix incorrect log when reloading nginx using Linux integration
+- Fix UI dev mode, production mode is now the default
+- Fix wrong exposed port in the UI container
+- Fix endless loading in the UI
+- Fix \*_CUSTOM_CONF_\* dissapear when jobs are executed
+- Fix various typos in documentation
+- Fix warning about StartLimitIntervalSec directive when using Linux
+- Fix incorrect log when issuing certbot renew
+- Fix certbot renew error when using Linux or Docker integration
+- Add greylist core feature
+- Add BLACKLIST_IGNORE_\* settings
+- Add automatic change of SecRequestBodyLimit modsec directive based on MAX_CLIENT_SIZE setting
+- Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS settings
+- Add manual ban and get bans to the API/CLI
+- Add Brawdunoir community example
+- Improve core plugins order and add documentation about it
+- Improve overall documentation
+- Improve CI/CD
+
+## v1.4.3 - 2022/08/26
+
+- Fix various documentation errors/typos and add various enhancements
+- Fix ui.env not read when using Linux integration
+- Fix wrong variables.env path when using Linux integration
+- Fix missing default server when TEMP_NGINX=yes
+- Fix check if BunkerNet is activated on default server
+- Fix request crash when mmdb lookup fails
+- Fix bad behavior trigger when request is whitelisted
+- Fix bad behavior not triggered when request is on default server
+- Fix BW overriding config when config is already present
+- Add Ansible integration in beta
+- Add \*_CUSTOM_CONF_\* setting to automatically add custom config files from setting value
+- Add DENY_HTTP_STATUS setting to choose standard 403 error page (default) or 444 to close connection when access is denied
+- Add CORS (Cross-Origin Resource Sharing) core plugin
+- Add documentation about Docker in rootless mode and podman
+- Improve automatic tests setup
+- Migrate CI/CD infrastructure to another provider
+
+## v1.4.2 - 2022/06/28
+
+- Fix "too old resource version" exceptions when using k8s integration
+- Fix missing bwcli command with Linux integration
+- Fix various bugs with jobs scheduler when using autoconf/swarm/k8s
+- Fix bwcli unban command when using Linux integration
+- Fix permissions check when filename has a space
+- Fix static config (SERVER_NAME not empty) support when using autoconf/swarm/k8s
+- Fix config files overwrite when using Docker autoconf
+- Add EXTERNAL_PLUGIN_URLS setting to automatically download and install external plugins
+- Add log_default() plugin hook
+- Add various certbot-dns examples
+- Add mattermost example
+- Add radarr example
+- Add Discord and Slack to list of official plugins
+- Force NGINX version dependencies in Linux packages DEB/RPM
+
+## v1.4.1 - 2022/06/16
+
+- Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
+- Fix certbot bug when AUTOCONF_MODE=yes
+- Fix certbot bug when MULTISITE=no
+- Add reverse proxy timeouts settings
+- Add auth_request settings
+- Add authentik and authelia examples
+- Prebuilt Docker images for arm64 and armv7
+- Improve documentation for Linux integration
+- Various fixes in the documentation
+
+## v1.4.0 - 2022/06/06
+
+- Project renamed to BunkerWeb
+- Internal architecture fully revised with a modular approach
+- Improved CI/CD with automatic tests for multiple integrations
+- Plugin improvement
+- Volume improvement for container-based integrations
+- Web UI improvement with various new features
+- Web tool to generate settings from a user-friendly UI
+- Linux packages
+- Various bug fixes
+
+## v1.3.2 - 2021/10/24
+
+- Use API instead of a shared folder for Swarm and Kubernetes integrations
+- Beta integration of distributed bad IPs database through a remote API
+- Improvement of the request limiting feature : hour/day rate and multiple URL support
+- Various bug fixes related to antibot feature
+- Init support of Arch Linux
+- Fix Moodle example
+- Fix ROOT_FOLDER bug in serve-files.conf when using the UI
+- Update default values for PERMISSIONS_POLICY and FEATURE_POLICY
+- Disable COUNTRY ban if IP is local
+
+## v1.3.1 - 2021/09/02
+
+- Use ModSecurity v3.0.4 instead of v3.0.5 to fix memory leak
+- Fix ignored variables to control jobs
+- Fix bug when LISTEN_HTTP=no and MULTISITE=yes
+- Add CUSTOM_HEADER variable
+- Add REVERSE_PROXY_BUFFERING variable
+- Add REVERSE_PROXY_KEEPALIVE variable
+- Fix documentation for modsec and modsec-crs special folders
+
+## v1.3.0 - 2021/08/23
+
+- Kubernetes integration in beta
+- Linux integration in beta
+- autoconf refactoring
+- jobs refactoring
+- UI refactoring
+- UI security : login/password authentication and CRSF protection
+- various dependencies updates
+- move CrowdSec as an external plugin
+- Authelia support
+- improve various regexes
+- add INJECT_BODY variable
+- add WORKER_PROCESSES variable
+- add USE_LETS_ENCRYPT_STAGING variable
+- add LOCAL_PHP and LOCAL_PHP_PATH variables
+- add REDIRECT_TO variable
+
+## v1.2.8 - 2021/07/22
+
+- Fix broken links in README
+- Fix regex for EMAIL_LETS_ENCRYPT
+- Fix regex for REMOTE_PHP and REMOTE_PHP_PATH
+- Fix regex for SELF_SIGNED_*
+- Fix various bugs related to web UI
+- Fix bug in autoconf (missing instances parameter to reload function)
+- Remove old .env files when generating a new configuration
+
+## v1.2.7 - 2021/06/14
+
+- Add custom robots.txt and sitemap to RTD
+- Fix missing GeoIP DB bug when using BLACKLIST/WHITELIST_COUNTRY
+- Add underscore "_" to allowed chars for CUSTOM_HTTPS_CERT/KEY
+- Fix bug when using automatic self-signed certificate
+- Build and push images from GitHub actions instead of Docker Hub autobuild
+- Display the reason when generator is ignoring a variable
+- Various bug fixes related to certbot and jobs
+- Split jobs into pre and post jobs
+- Add HEALTHCHECK to image
+- Fix race condition when using autoconf without Swarm by checking healthy state
+- Bump modsecurity-nginx to v1.0.2
+- Community chat with bridged platforms
+
+## v1.2.6 - 2021/06/06
+
+- Move from "ghetto-style" shell scripts to generic jinja2 templating
+- Init work on a basic plugins system
+- Move ClamAV to external plugin
+- Reduce image size by removing unnecessary dependencies
+- Fix CrowdSec example
+- Change some global variables to multisite
+- Add LOG_LEVEL environment variable
+- Read-only container support
+- Improved antibot javascript with a basic proof of work
+- Update nginx to 1.20.1
+- Support of docker-socket-proxy with web UI
+- Add certbot-cloudflare example
+- Disable DNSBL checks when IP is local
+
+## v1.2.5 - 2021/05/14
+
+- Performance improvement : move some nginx security checks to LUA and external blacklist parsing enhancement
+- Init work on official documentation on readthedocs
+- Fix default value for CONTENT_SECURITY_POLICY to allow file downloads
+- Add ROOT_SITE_SUBFOLDER environment variable
+
+## TODO - retrospective changelog
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+contact@bunkerity.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -0,0 +1,21 @@
+# Contributing to bunkerweb
+
+First off all, thanks for being here and showing your support to the project !
+
+We accept many types of contributions whether they are technical or not. Every community feedback, work or help is, and will always be, appreciated.
+
+## Talk about the project
+
+The first thing you can do is to talk about the project. You can share it on social media (by the way, you can can also follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)), make a blog post about it or simply tell your friends/colleagues that's an awesome project..
+
+## Join the community
+
+You can join the [Discord server](https://discord.com/invite/fTf46FmtyD), the [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions) and the [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit to talk about the project and help others.
+
+## Reporting bugs / ask for features
+
+The preferred way to report bugs and asking for features is using [issues](https://github.com/bunkerity/bunkerweb/issues). Before opening a new one, please check if a related issue is already opened using the "filters" bar. When creating a new issue please select and fill the "Bug report" or "Feature request" template.
+
+## Code contribution
+
+The preferred way to contribute code is using [pull requests](https://github.com/bunkerity/bunkerweb/pulls). Before creating a pull request, please check if your code is related to an opened issue. If that's not the case, you should first create an issue so we can discuss about it. This procedure is here to avoid wasting your time in case the PR will be rejected. For minor changes (e.g. : typo, quick fix, ...), opening an issue might be facultative. **Don't forget to edit the documentations when needed !**
--- a/LICENSE.md
+++ b/LICENSE.md
@ -0,0 +1,660 @@
+### GNU AFFERO GENERAL PUBLIC LICENSE
+
+Version 3, 19 November 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+<https://fsf.org/>
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+### Preamble
+
+The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains
+free software for all its users.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing
+under this license.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+### TERMS AND CONDITIONS
+
+#### 0. Definitions.
+
+"This License" refers to version 3 of the GNU Affero General Public
+License.
+
+"Copyright" also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+
+"The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy. The resulting work is called a "modified version" of
+the earlier work or a work "based on" the earlier work.
+
+A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+
+An interactive user interface displays "Appropriate Legal Notices" to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+#### 1. Source Code.
+
+The "source code" for a work means the preferred form of the work for
+making modifications to it. "Object code" means any non-source form of
+a work.
+
+A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+
+The Corresponding Source for a work in source code form is that same
+work.
+
+#### 2. Basic Permissions.
+
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright. Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the
+conditions stated below. Sublicensing is not allowed; section 10 makes
+it unnecessary.
+
+#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+
+#### 4. Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+#### 5. Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+
+-   a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+-   b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under
+    section 7. This requirement modifies the requirement in section 4
+    to "keep intact all notices".
+-   c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy. This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged. This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+-   d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+#### 6. Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+
+-   a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+-   b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the Corresponding
+    Source from a network server at no charge.
+-   c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source. This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+-   d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge. You need not require recipients to copy the
+    Corresponding Source along with the object code. If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source. Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+-   e) Convey the object code using peer-to-peer transmission,
+    provided you inform other peers where the object code and
+    Corresponding Source of the work are being offered to the general
+    public at no charge under subsection 6d.
+
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling. In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage. For a particular product received by a particular user,
+"normally used" refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product. A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+
+"Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source. The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed. Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+#### 7. Additional Terms.
+
+"Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+
+-   a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+-   b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+-   c) Prohibiting misrepresentation of the origin of that material,
+    or requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+-   d) Limiting the use for publicity purposes of names of licensors
+    or authors of the material; or
+-   e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+-   f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions
+    of it) with contractual assumptions of liability to the recipient,
+    for any liability that these contractual assumptions directly
+    impose on those licensors and authors.
+
+All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+
+#### 8. Termination.
+
+You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+#### 9. Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run
+a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+#### 10. Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+#### 11. Patents.
+
+A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+A contributor's "essential patent claims" are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+A patent license is "discriminatory" if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License. You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+#### 12. No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all. For example, if you agree to
+terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+
+#### 13. Remote Network Interaction; Use with the GNU General Public License.
+
+Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your
+version supports such interaction) an opportunity to receive the
+Corresponding Source of your version by providing access to the
+Corresponding Source from a network server at no charge, through some
+standard or customary means of facilitating copying of software. This
+Corresponding Source shall include the Corresponding Source for any
+work covered by version 3 of the GNU General Public License that is
+incorporated pursuant to the following paragraph.
+
+Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+#### 14. Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU Affero General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever
+published by the Free Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions
+of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+#### 15. Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+#### 16. Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+#### 17. Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+END OF TERMS AND CONDITIONS
+
+### How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+To do so, attach the following notices to the program. It is safest to
+attach them to the start of each source file to most effectively state
+the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+        <one line to give the program's name and a brief idea of what it does.>
+        Copyright (C) <year>  <name of author>
+
+        This program is free software: you can redistribute it and/or modify
+        it under the terms of the GNU Affero General Public License as
+        published by the Free Software Foundation, either version 3 of the
+        License, or (at your option) any later version.
+
+        This program is distributed in the hope that it will be useful,
+        but WITHOUT ANY WARRANTY; without even the implied warranty of
+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+        GNU Affero General Public License for more details.
+
+        You should have received a copy of the GNU Affero General Public License
+        along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper
+mail.
+
+If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for
+the specific requirements.
+
+You should also get your employer (if you work as a programmer) or
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. For more information on this, and how to apply and follow
+the GNU AGPL, see <https://www.gnu.org/licenses/>.
--- a/README.md
+++ b/README.md
@ -1,132 +1,393 @@
-Name
-====
+<p align="center">
+	<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/misc/logo.png" height=100 width=350 />
+</p>

-lua-resty-signal - Lua library for killing or sending signals to Linux processes
+<p align="center">
+	<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?label=stable" />
+	<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?include_prereleases&label=latest" />
+	<br />
+	<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
+	<img src="https://img.shields.io/github/issues/bunkerity/bunkerweb">
+	<img src="https://img.shields.io/github/issues-pr/bunkerity/bunkerweb">
+	<br />
+	<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/dev.yml?branch=dev&label=CI%2FCD%20dev" />
+	<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/staging.yml?branch=staging&label=CI%2FCD%20staging" />
+	<a href="https://www.bestpractices.dev/projects/8001">
+		<img src="https://www.bestpractices.dev/projects/8001/badge">
+	</a>
+</p>

-Table of Contents
-=================
+<p align="center">
+	🌐 <a href="https://www.bunkerweb.io/?utm_campaign=self&utm_source=github">Website</a>
+	 &#124;
+	🤝 <a href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github">Panel</a>
+	 &#124;
+	📓 <a href="https://docs.bunkerweb.io/?utm_campaign=self&utm_source=github">Documentation</a>
+	 &#124;
+	👨‍💻 <a href="https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo</a>
+	 &#124;
+	🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/examples">Examples</a>
+	 &#124;
+	💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
+	 &#124;
+	📝 <a href="https://github.com/bunkerity/bunkerweb/discussions">Forum</a>
+	<br/>
+	⚙️ <a href="https://config.bunkerweb.io/?utm_campaign=self&utm_source=github">Configurator</a>
+	 &#124;
+	🗺️ <a href="https://threatmap.bunkerweb.io/?utm_campaign=self&utm_source=github">Threatmap</a>
+</p>

-* [Name](#name)
-* [Synopsis](#synopsis)
-* [Functions](#functions)
-    * [kill](#kill)
-    * [signum](#signum)
-* [Author](#author)
-* [Copyright & Licenses](#copyright--licenses)
+> 🛡️ Make security by default great again !

-Synopsis
-========
+# BunkerWeb

-```lua
-local resty_signal = require "resty.signal"
-local pid = 12345
+<p align="center">
+	<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/intro-overview.svg" />
+</p>

-local ok, err = resty_signal.kill(pid, "TERM")
-if not ok then
-    ngx.log(ngx.ERR, "failed to kill process of pid ", pid, ": ", err)
-    return
-end
+BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).

-- send the signal 0 to check the existence of a process
-local ok, err = resty_signal.kill(pid, "NONE")
+Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.

-local ok, err = resty_signal.kill(pid, "HUP")
+BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github).

-local ok, err = resty_signal.kill(pid, "KILL")
+## Why BunkerWeb ?
+
+- **Easy integration into existing environments** : Seamlessly integrate BunkerWeb into various environments such as Linux, Docker, Swarm, Kubernetes and more. Enjoy a smooth transition and hassle-free implementation.
+- **Highly customizable** : Tailor BunkerWeb to your specific requirements with ease. Enable, disable, and configure features effortlessly, allowing you to customize the security settings according to your unique use case.
+- **Secure by default** : BunkerWeb provides out-of-the-box, hassle-free minimal security for your web services. Experience peace of mind and enhanced protection right from the start.
+- **Awesome web UI** : Take control of BunkerWeb more efficiently with the exceptional web user interface (UI). Navigate settings and configurations effortlessly through a user-friendly graphical interface, eliminating the need for the command-line interface (CLI).
+- **Plugin system** : Extend the capabilities of BunkerWeb to meet your own use cases. Seamlessly integrate additional security measures and customize the functionality of BunkerWeb according to your specific requirements.
+- **Free as in "freedom"** : BunkerWeb is licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html), embracing the principles of freedom and openness. Enjoy the freedom to use, modify, and distribute the software, backed by a supportive community.
+- **Professional services** : Get technical support, tailored consulting and custom development directly from the maintainers of BunkerWeb. Visit the [Bunker Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github) for more information.
+
+## Security features
+
+A non-exhaustive list of security features :
+
+- **HTTPS** support with transparent **Let's Encrypt** automation
+- **State-of-the-art web security** : HTTP security headers, prevent leaks, TLS hardening, ...
+- Integrated **ModSecurity WAF** with the **OWASP Core Rule Set**
+- **Automatic ban** of strange behaviors based on HTTP status code
+- Apply **connections and requests limit** for clients
+- **Block bots** by asking them to solve a **challenge** (e.g. : cookie, javascript, captcha, hCaptcha or reCAPTCHA)
+- **Block known bad IPs** with external blacklists and DNSBL
+- And much more ...
+
+Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation.
+
+## Demo
+
+<p align="center">
+	<a href="https://www.youtube.com/watch?v=ZhYV-QELzA4" target="_blank"><img alt="BunkerWeb demo" src="https://img.youtube.com/vi/ZhYV-QELzA4/0.jpg" /></a>
+</p>
+
+A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github). Feel free to visit it and perform some security tests.
+
+## Professional services
+
+Maximize your BunkerWeb experience by getting professional services directly from the maintainers of the project. Whether you require technical support, personalized consulting, or development services, we stand ready to assist you in fortifying the security of your web services.
+
+You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github), our dedicated platform for professional services.
+
+Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=github) if you have any question, we will be more than happy to respond to your needs.
+
+## Ecosystem, community and resources
+
+Official websites, tools and resources about BunkerWeb :
+
+- [**Website**](https://www.bunkerweb.io/?utm_campaign=self&utm_source=github) : get more information, news and articles about BunkerWeb
+- [**Panel**](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github) : dedicated platform to order and manage professional services (e.g. technical support) around BunkerWeb
+- [**Documentation**](https://docs.bunkerweb.io/?utm_campaign=self&utm_source=github) : technical documentation of the BunkerWeb solution
+- [**Demo**](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github) : demonstration website of BunkerWeb, don't hesitate to attempt attacks to test the robustness of the solution
+- [**Configurator**](https://config.bunkerweb.io/?utm_campaign=self&utm_source=github) : user-friendly tool to help you configure BunkerWeb
+- [**Threatmap**](https://threatmap.bunkerweb.io/?utm_campaign=self&utm_source=github) : live cyber attack blocked by BunkerWeb instances all around the world
+
+Community and social networks :
+
+- [**Discord**](https://discord.com/invite/fTf46FmtyD)
+- [**LinkedIn**](https://www.linkedin.com/company/bunkerity/)
+- [**Twitter**](https://twitter.com/bunkerity)
+- [**Reddit**](https://www.reddit.com/r/BunkerWeb/)
+
+# Concepts
+
+<p align="center">
+	<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/concepts.svg" />
+</p>
+
+You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.5/concepts/?utm_campaign=self&utm_source=github).
+
+## Integrations
+
+The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
+
+The following integrations are officially supported :
+
+- [Docker](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker)
+- [Docker autoconf](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf)
+- [Swarm](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm)
+- [Kubernetes](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes)
+- [Linux](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux)
+- [Ansible](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible)
+- [Vagrant](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant)
+
+## Settings
+
+Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
+
+The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
+
+Here is a dummy example of a BunkerWeb configuration :
+
+```conf
+SERVER_NAME=www.example.com
+AUTO_LETS_ENCRYPT=yes
+USE_ANTIBOT=captcha
+REFERRER_POLICY=no-referrer
+USE_MODSECURITY=no
+USE_GZIP=yes
+USE_BROTLI=no
 ```

-Functions
-=========
+You will find an easy to use settings generator at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=github).

-kill
----
+## Multisite mode

-**syntax:** `ok, err = resty_signal.kill(pid, signal_name_or_num)`
+The multisite mode is a crucial concept to understand when using BunkerWeb. Because the goal is to protect web applications, we intrinsically inherit the concept of "virtual host" or "vhost" (more info [here](https://en.wikipedia.org/wiki/Virtual_hosting)) which makes it possible to serve multiple web applications from a single (or a cluster of) instance.

-Sends a signal with its name string or number value to the process of the
-specified pid.
+By default, the multisite mode of BunkerWeb is disabled which means that only one web application will be served and all the settings will be applied to it. The typical use case is when you have a single application to protect : you don't have to worry about the multisite and the default behavior should be the right one for you.

-All signal names accepted by [signum](#signum) are supported, like `HUP`,
-`KILL`, and `TERM`.
+When multisite mode is enabled, BunkerWeb will serve and protect multiple web applications. Each web application is identified by a unique server name and have its own set of settings. The typical use case is when you have multiple applications to protect and you want to use a single (or a cluster depending of the integration) instance of BunkerWeb.

-Signal numbers are also supported when specifying nonportable system-specific
-signals is desired.
+## Custom configurations

-[Back to TOC](#table-of-contents)
+Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges.

-signum
------
+Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block).

-**syntax:** `num = resty_signal.signum(sig_name)`
+Another core component of BunkerWeb is the ModSecurity Web Application Firewall : you can also use custom configurations to fix some false positives or add custom rules for example.

-Maps the signal name specified to the system-specific signal number. Returns
-`nil` if the signal name is not known.
+## Database

-All the POSIX and BSD signal names are supported:
+<p align="center">
+	<img alt="Database model" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/bunkerweb_db.svg" />
+</p>

-```
-HUP
-INT
-QUIT
-ILL
-TRAP
-ABRT
-BUS
-FPE
-KILL
-USR1
-SEGV
-USR2
-PIPE
-ALRM
-TERM
-CHLD
-CONT
-STOP
-TSTP
-TTIN
-TTOU
-URG
-XCPU
-XFSZ
-VTALRM
-PROF
-WINCH
-IO
-PWR
-EMT
-SYS
-INFO
-```
+State of the current configuration of BunkerWeb is stored in a backend database which contains the following data :

-The special signal name `NONE` is also supported, which is mapped to zero (0).
+- Settings defined for all the services
+- Custom configurations
+- BunkerWeb instances
+- Metadata about jobs execution
+- Cached files

-[Back to TOC](#table-of-contents)
+The following backend database are supported : SQLite, MariaDB, MySQL and PostgreSQL

-Author
-======
+## Scheduler

-Yichun Zhang (agentzh) <yichun@openresty.com>
+To make things automagically work together, a dedicated service called the scheduler is in charge of :

-[Back to TOC](#table-of-contents)
+- Storing the settings and custom configurations inside the database
+- Executing various tasks (called jobs)
+- Generating a configuration which is understood by BunkerWeb
+- Being the intermediary for other services (like web UI or autoconf)

-Copyright & Licenses
-====================
+In other words, the scheduler is the brain of BunkerWeb.

-This module is licensed under the BSD license.
+# Setup

-Copyright (C) 2018-2019, [OpenResty Inc.](https://openresty.com)
+## Docker

-All rights reserved.
+<p align="center">
+	<img alt="Docker banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-docker.svg" />
+</p>

-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity).

-* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+Docker integration key concepts are :

-* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+- **Environment variables** to configure BunkerWeb
+- **Scheduler** container to store configuration and execute jobs
+- **Networks** to expose ports for clients and connect to upstream web services

-* Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation.

-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+## Docker autoconf

-[Back to TOC](#table-of-contents)
+<p align="center">
+	<img alt="Docker autoconf banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-autoconf.svg" />
+</p>
+
+The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container.
+
+Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest.
+
+You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation.
+
+## Swarm
+
+<p align="center">
+	<img alt="Swarm banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-swarm.svg" />
+</p>
+
+To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime.
+
+Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix.
+
+You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation.
+
+## Kubernetes
+
+<p align="center">
+	<img alt="Kubernetes banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-kubernetes.svg" />
+</p>
+
+The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations.
+
+You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation.
+
+## Linux
+
+<p align="center">
+	<img alt="Linux banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-linux.svg" />
+</p>
+
+List of supported Linux distros :
+
+- Debian 12 "Bookworm"
+- Ubuntu 22.04 "Jammy"
+- Fedora 39
+- RHEL 8.9
+
+Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer).
+
+You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
+
+## Ansible
+
+<p align="center">
+	<img alt="Ansible banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/integration-ansible.svg" />
+</p>
+
+List of supported Linux distros :
+
+- Debian 12 "Bookworm"
+- Ubuntu 22.04 "Jammy"
+- Fedora 39
+- RHEL 8.9
+
+[Ansible](https://www.ansible.com/) is an IT automation tool. It can configure systems, deploy software, and orchestrate more advanced IT tasks such as continuous deployments or zero downtime rolling updates.
+
+A specific BunkerWeb Ansible role is available on [Ansible Galaxy](https://galaxy.ansible.com/bunkerity/bunkerweb) (source code is available [here](https://github.com/bunkerity/bunkerweb-ansible)).
+
+You will find more information in the [Ansible section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#ansible) of the documentation.
+
+## Vagrant
+
+We maintain ready to use Vagrant boxes hosted on Vagrant cloud for the following providers :
+
+- virtualbox
+- libvirt
+
+You will find more information in the [Vagrant section](https://docs.bunkerweb.io/1.5.5/integrations/?utm_campaign=self&utm_source=github#vagrant) of the documentation.
+
+# Quickstart guide
+
+Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.5/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases :
+
+- Protecting a single HTTP application
+- Protecting multiple HTTP application
+- Retrieving the real IP of clients when operating behind a load balancer
+- Adding custom configurations
+- Protecting generic TCP/UDP applications
+- In combination with PHP
+
+# Security tuning
+
+BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives.
+
+You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.5/security-tuning/?utm_campaign=self&utm_source=github) of the documentation.
+
+# Settings
+
+To help you tuning BunkerWeb we have made an easy to use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=github).
+
+As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server you will need to add the primary (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.
+
+When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
+
+Check the [settings section](https://docs.bunkerweb.io/1.5.5/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list.
+
+# Web UI
+
+<p align="center">
+	<a href="https://www.youtube.com/watch?v=Ao20SfvQyr4">
+		<img src="https://github.com/bunkerity/bunkerweb/raw/v1.5.5/docs/assets/img/user_interface_demo.png" height="300" />
+	</a>
+</p>
+
+The "Web UI" is a web application that helps you manage your BunkerWeb instance using a user-friendly interface instead of the command-line one.
+
+- Start, stop, restart and reload your BunkerWeb instance
+- Add, edit and delete settings for your web applications
+- Add, edit and delete custom configurations for NGINX and ModSecurity
+- Install and uninstall external plugins
+- Explore the cached files
+- Monitor jobs execution
+- View the logs and search pattern
+
+You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.5/web-ui/?utm_campaign=self&utm_source=github) of the documentation.
+
+# Plugins
+
+BunkerWeb comes with a plugin system to make it possible to easily add new features. Once a plugin is installed, you can manage it using additional settings defined by the plugin.
+
+Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins/?utm_campaign=self&utm_source=github) repository for more information) :
+
+|      Name      | Version | Description                                                                                                                      |                                                Link                                                 |
+| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------: |
+|   **ClamAV**   |   1.3   | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. |     [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav)     |
+|   **Coraza**   |   1.3   | Inspect requests using a the Coraza WAF (alternative of ModSecurity).                                                            |     [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza)     |
+|  **CrowdSec**  |   1.3   | CrowdSec bouncer for BunkerWeb.                                                                                                  |   [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec)   |
+|  **Discord**   |   1.3   | Send security notifications to a Discord channel using a Webhook.                                                                |    [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord)    |
+|   **Slack**    |   1.3   | Send security notifications to a Slack channel using a Webhook.                                                                  |      [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack)      |
+| **VirusTotal** |   1.3   | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious.          | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
+|  **WebHook**   |   1.3   | Send security notifications to a custom HTTP endpoint using a Webhook.                                                           |     [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook)     |
+
+You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.5/plugins/?utm_campaign=self&utm_source=github) of the documentation.
+
+# Support
+
+## Professional
+
+Get technical support directly from the BunkerWeb maintainers. You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github), our dedicated platform for professional services.
+
+Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=github) if you have any question, we will be more than happy to respond to your needs.
+
+## Community
+
+To get free community support you can use the following media :
+
+- The #help channel of BunkerWeb in the [Discord server](https://discord.com/invite/fTf46FmtyD)
+- The help category of [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions)
+- The [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit
+- The [Server Fault](https://serverfault.com/) and [Super User](https://superuser.com/) forums
+
+Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) to ask for help, use it only for bug reports and feature requests.
+
+# License
+
+This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/LICENSE.md).
+
+# Contribute
+
+If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/CONTRIBUTING.md) to get started.
+
+# Security policy
+
+We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.5/SECURITY.md) for more information.
+
+# Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/bunkerity/bunkerweb.svg)](https://starchart.cc/bunkerity/bunkerweb)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,17 @@
+# Security policy
+
+Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.
+
+## Responsible disclosure
+
+If you have found a security bug, please send us an email at security \[@\] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.
+
+Here is a non-exhaustive list of issues we consider as high risk :
+- Vulnerability in the code
+- Bypass of a security feature
+- Vulnerability in a third-party dependency
+- Risk in the supply chain
+
+## Bounty
+
+To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+- Ansible
+- Vagrant
+- Plugins
+- Find a way to do rdns in background
+- fix db warnings (Got an error reading communication packets)
--- a/docs/Dockerfile
+++ b/docs/Dockerfile
@ -0,0 +1,4 @@
+FROM squidfunk/mkdocs-material@sha256:e5f28aa0c3ac8206f93e44a0c52ea85616b0d6c674319cd1d87a241594788355
+
+COPY mkdocs.yml /docs
+COPY docs /docs/docs
--- a/docs/about.md
+++ b/docs/about.md
@ -0,0 +1,99 @@
+# About
+
+## Who maintains BunkerWeb ?
+
+BunkerWeb is maintained by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), a French 🇫🇷 company specialized in Cybersecurity 🛡️.
+
+## Do you offer professional services ?
+
+Yes, we offer professional services related to BunkerWeb such as :
+
+- Consulting
+- Support
+- Custom development
+- Partnership
+
+**We have a [dedicated panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) to centralize all professional requests.**
+
+You can also contact use at [contact@bunkerity.com](mailto:contact@bunkerity.com) if you are interested.
+
+## Where to get community support ?
+
+To get free community support, you can use the following media :
+
+- The #help channel of BunkerWeb in the [Discord server](https://discord.com/invite/fTf46FmtyD)
+- The help category of [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions)
+- The [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit
+- The [Server Fault](https://serverfault.com/) and [Super User](https://superuser.com/) forums
+
+Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) to ask for help, use it only for bug reports and feature requests.
+
+## How can I contribute ?
+
+Here is a non-exhaustive list of what you can do :
+
+- Join the [Discord server](https://discord.com/invite/fTf46FmtyD), [/r/BunkerWeb](https://www.reddit.com/r/BunkerWeb) subreddit and [GitHub discussions](https://github.com/bunkerity/bunkerweb/discussions) to talk about the project and help others
+- Follow us on [LinkedIn](https://www.linkedin.com/company/bunkerity/), [Twitter](https://twitter.com/bunkerity) and [GitHub](https://github.com/bunkerity)
+- Report bugs and propose new features using [issues](https://github.com/bunkerity/bunkerweb/issues)
+- Contribute to the code using [pull requests](https://github.com/bunkerity/bunkerweb/pulls)
+- Write an awesome [plugin](plugins.md)
+- Talk about BunkerWeb to your friends/colleagues, on social media, on your blog, ...
+
+## How to report security issue ?
+
+Please contact us at [security@bunkerity.com](mailto:security@bunkerity.com) using the following PGP key :
+
+```conf
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGCEMiMBEACtXJBDbF86qjC/Q1cfmJfYcYrbk6eE5czknG294XObC97wAgDf
+/MbX6bnti4kDRpflGDqQtwOXudcEzledTD4bdDUKvZwqPoYQGa24uCuUxSINTLXr
+RuoMaKfpvs7trsFXp5iYUqf4Org2aaJE7Tk/9sOvxgdqsT22jEgCZXTRU1qG494U
+u6XRQN8hKlw6aa6njjX9vUk6Jpl46/kwwO9mpXBZX6iFKYnBlUWs2k8d6D6cO5aZ
+KLoYyz5v3Gw2hHSqj4qbVQPTIT7qrrcfd8nblYK7Dh3IM+vQq7a7lB0AudIyBNPd
+rsypi9ZYgwI3lv/rmQnDc32Ua5cLvTvgg/XoaNK9ogc3kei1+hXODEgRA/zvSKqq
+20i/1Y0OnIGv89LOI6urWpOgDAhQUV5xvANll2lm3Bkmy29UOzNadUc/yImxrM06
+HwX82ju6PFAqOaxMW6SEE71ylGOSlikAGNcmmc5Ihd1J/VRZA4PBiQ31gQxFRpUC
+3NTw2QNAD1kjni5PuQD10Q1Ognvb6uJh/MtqsoX6r1t+Oly9MblFSuyqFkqNO3F0
+QAJqprhJlQ3YOcJdJ1EZR7qs0xJm5h+lw0Z/UINqkwiZUW3PCO8BKxfq6sfdwM8L
+5hPhyUzy2gIJ0J/4NGYEBH1ojoYODGU8OCSmyjSTY9SoVMeWDfqYP4ZTvQARAQAB
+tCVidW5rZXJpdHktcGdwIDxjb250YWN0QGJ1bmtlcml0eS5jb20+iQJUBBMBCAA+
+FiEEw78SjkcVxXCq7hStPYCAbxJgKnwFAmCEMiMCGwMFCQPCIP0FCwkIBwIGFQoJ
+CAsCBBYCAwECHgECF4AACgkQPYCAbxJgKnzvYhAAnNqGB6ce2eZzwk1EiNlNaXaA
+hFWLq/s/J1IOAP+0V5jKJxA6zTX01HyIfIIHQy6nrxxEXzYsIUHdJ+HBPCNswCqn
+2d/aDkkfoEUc1bUD0c2bXfoSCsAeIoK+eOf6iSr4IENVoIUYFQTUKFNu+Y7eDL0I
+J8Xadg53G+fkK9LE6TeYpBs3hDT4w7vlDfIwWa1NC9HoLzSmZ2fqZ7SnihLGsLmp
+98VqDrDjhRPzrz5/tVYgvPCQQU5ED/TayCCYvrGpw9gP8qmEOabIUz0ppGwEfQVs
+Wycilm1/Js/qjdbxUFMipBIzDu7bI3kMLmENhI+16Xtub9dUrvkW2SdDngYhtWj8
+IzVOe6N/XDuiRGpaYFpEuXbrnDFexe1ygZwnVHt3fukPfa7W8mhMs2kY1ishIA0O
+WElKO1Q6N0ZWEad0PwM8NCDjaDUNWQC36ZF/MS+ipHWx9joPUjImY2AXDjN+L+Si
+ABQIe4Fo6Jx6S6Bi8YvPq8idYZvaWFJjBvmaPjxdUMPbIsMRiEjvlrhvqhLuVBpE
+lGA+M4UJGw5yBl+yiiLDuws/Fppv9HwNqw6Uq1m1XaW859Om1GGBKYfphyn+fHjR
+7ftOuT7Ss4zioXT4mscOZgkfzDAqgpZiHjYhe7tLUu7iD6UEsZmey/gRV0hCxng3
+N7yaRrBu0+3sIQV4jYC5Ag0EYIQyIwEQALSurJGOx7At5mRFjvhXd4/JHuBZZOSI
+M45LSJ+mKYnAGmwsL0AneZMIf6Yc0Vcn32oqlIXN5aB8jIt91pChLre8tl/lFZZP
+xY3WIEBJhZF0FIUqSQLjg4HD0S70REii7Om1kgtZueid8V6T5F1JDcO2mDoh8oc9
+h9nRQ1Ld6dblEuwBzbFkI1K6OUk1+ec7+mQc7orHdBVgelmqwG7fGZnPiN3XfklF
+dnwSkFIX/qkAsKQmmx1VSzaGFoPLajf4wrkzZdA3iEafsHyvdEFlezZCZ7TsoHBh
+tNg1Psg6MbBVgiMfHyRHSEBJZ7r5Awj2MpFUFMOd1IPcor1I254mx0VYfCvof4Km
+Ri1F/86kHc23A77pd4HFYZWiZjaWhh12L+wz5fDL5/sSFXVGSCtSWIKx6FjysZ+v
+szk3lItHoomZhA7M+FjU/cOjq9hae9uwZeU39DQk0/npln2RcHitoqgUIzII5woO
+S3SlMSc910tHf40D2cBr1iFKC0jQICjkDexB9CtNx/N25SJmLfiimYtk6/NHlPq4
+HXdq6ZfLZ7xQmuGcyWv4f0pwA2CK3twISpsIxIKe456WYTDtQu9d1s987dvmw6F/
+qURC6m2WPGroHb8COQTKzbshjpGUmLpyR3FXki4wNXeI1KaQLL7NpZmK6yJlWviO
+1sCjh4m7VS+zABEBAAGJAjwEGAEIACYWIQTDvxKORxXFcKruFK09gIBvEmAqfAUC
+YIQyIwIbDAUJA8Ig/QAKCRA9gIBvEmAqfP2WEACqmXEhu4ARl2yT9bay0+W3F1q1
+MrLQkcVOau2ihXx3PhYsXRUoEFj72VDAar41WIlHsPJfB14WtSlYcX2XdjHLHMpC
+dL2eGhqIcHzFChR0vGjtvm2wae/rJTChWf8WXiHrRnRcfFFfhpCvkNi43fQeH4yp
+cel2a35WV+IRbnkCkaly2NG3XO0t83Siok8Ku+OJGPatUMxJmaEVQeeXVPDzVRva
+rtvyd9Sclkd9QDPBLZyWHC1vsPKGRJpi5uDZjGxhaFRkimw/SYtFHj7AUrMKAIHB
+GfEcwC3Eq4rF0FeCOPfBd2vwGGrRflx76jK9rj288ta9Oq6u6ev8PCVzt0E7jrSf
+AX88vfVRcxihNfj/9i5xmY596jpgbvNA2aJX2hAO3Q8pD6AunVXPUyc3RlFHt7jC
+tL+9Xv7Qwjz7OToWqj+9cM6T+6oZLxYNVPT72Z/KOFW+mzGb87qjcsDMb/hu2fNq
+tSWyZk2AAgHQyG1y8vCQQzsDnUDM6NIPwYG5XMP+11WAsPk5fP1ksixpUqIWgjhY
+M22YUsjLeaRtgSmhAGIkbBgecs1EHSZZ6sf2lB8gSom1wW0UCBPSifP0DwYFizS5
+SOk62kZ0lqEctwgKDe3MNQnPxt9+tU9L1pIkyXgXihcOLiCMl434K0djJXxIbiX0
+JvbFAfI3qteepvnjBQ==
+=g1tf
+-----END PGP PUBLIC KEY BLOCK-----
+```
--- a/docs/assets/extra.css
+++ b/docs/assets/extra.css
@ -0,0 +1,55 @@
+/* avoid font to pop on family change */
+* {
+  font-display: swap;
+}
+
+:root {
+  --md-primary-fg-color: #125678;
+  --md-text-font: "Roboto";
+}
+
+.md-footer {
+  background-color: #125678;
+}
+
+/* better link contrast */
+article a {
+  color: #2388bb;
+}
+
+/* highlight content links */
+article a,
+article p > a {
+  text-decoration: underline;
+}
+
+/* header list links and config tabs stay default  */
+article li > a,
+article label > a {
+  text-decoration: none;
+}
+
+/* lighter base tab color */
+nav.md-tabs ul li a {
+  opacity: 0.9;
+}
+
+/* active desktop tabs nav */
+nav.md-tabs ul li.md-tabs__item--active a {
+  color: #36ce7a;
+  font-weight: bold;
+}
+
+nav.md-tabs ul li.md-tabs__item--active a:hover {
+  filter: brightness(0.9);
+}
+/*
+@font-face {
+	font-family: Consolas, monaco, monospace;
+}
+
+@font-face {
+	font-family: "TitleFont";
+	src: "assets/font-title.woff";
+}
+*/
--- a/docs/assets/favicon.png
+++ b/docs/assets/favicon.png
--- a/docs/assets/img/bunkerweb_db.svg
+++ b/docs/assets/img/bunkerweb_db.svg
--- a/docs/assets/img/concepts.svg
+++ b/docs/assets/img/concepts.svg
--- a/docs/assets/img/core-order.svg
+++ b/docs/assets/img/core-order.svg
--- a/docs/assets/img/demo.gif
+++ b/docs/assets/img/demo.gif
--- a/docs/assets/img/integration-ansible.svg
+++ b/docs/assets/img/integration-ansible.svg
--- a/docs/assets/img/integration-autoconf.svg
+++ b/docs/assets/img/integration-autoconf.svg
--- a/docs/assets/img/integration-docker.svg
+++ b/docs/assets/img/integration-docker.svg
--- a/docs/assets/img/integration-kubernetes.svg
+++ b/docs/assets/img/integration-kubernetes.svg
--- a/docs/assets/img/integration-linux.svg
+++ b/docs/assets/img/integration-linux.svg
--- a/docs/assets/img/integration-swarm.svg
+++ b/docs/assets/img/integration-swarm.svg
--- a/docs/assets/img/intro-overview.svg
+++ b/docs/assets/img/intro-overview.svg
--- a/docs/assets/img/manage-account.webp
+++ b/docs/assets/img/manage-account.webp
--- a/docs/assets/img/profile-2fa.webp
+++ b/docs/assets/img/profile-2fa.webp
--- a/docs/assets/img/profile-totp.webp
+++ b/docs/assets/img/profile-totp.webp
--- a/docs/assets/img/profile-username-password.webp
+++ b/docs/assets/img/profile-username-password.webp
--- a/docs/assets/img/todo.jpg
+++ b/docs/assets/img/todo.jpg
--- a/docs/assets/img/ui-wizard-account.webp
+++ b/docs/assets/img/ui-wizard-account.webp
--- a/docs/assets/img/ui-wizard-settings.webp
+++ b/docs/assets/img/ui-wizard-settings.webp
--- a/docs/assets/img/user_interface_demo.webp
+++ b/docs/assets/img/user_interface_demo.webp
--- a/docs/assets/logo.png
+++ b/docs/assets/logo.png
--- a/docs/concepts.md
+++ b/docs/concepts.md
@ -0,0 +1,146 @@
+# Concepts
+
+<figure markdown>
+  ![Overview](assets/img/concepts.svg){ align=center, width="600" }
+</figure>
+
+## Integrations
+
+The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
+
+The following integrations are officially supported :
+
+- [Docker](integrations.md#docker)
+- [Docker autoconf](integrations.md#docker-autoconf)
+- [Swarm](integrations.md#swarm)
+- [Kubernetes](integrations.md#kubernetes)
+- [Linux](integrations.md#linux)
+- [Ansible](integrations.md#ansible)
+- [Vagrant](integrations.md#vagrant)
+
+If you think that a new integration should be supported, do not hesitate to open a [new issue](https://github.com/bunkerity/bunkerweb/issues) on the GitHub repository.
+
+!!! info "Going further"
+
+    The technical details of all BunkerWeb integrations are available in the [integrations section](integrations.md) of the documentation.
+
+## Settings
+
+Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
+
+The configuration of BunkerWeb is done by using what we call the "settings" or "variables". Each setting is identified by a name such as `AUTO_LETS_ENCRYPT` or `USE_ANTIBOT`. You can assign values to the settings to configure BunkerWeb.
+
+Here is a dummy example of a BunkerWeb configuration :
+
+```conf
+SERVER_NAME=www.example.com
+AUTO_LETS_ENCRYPT=yes
+USE_ANTIBOT=captcha
+REFERRER_POLICY=no-referrer
+USE_MODSECURITY=no
+USE_GZIP=yes
+USE_BROTLI=no
+```
+
+!!! info "Going further"
+
+    The complete list of available settings with descriptions and possible values is available in the [settings section](settings.md) of the documentation.
+
+!!! info "Settings generator tool"
+
+    To help you tune BunkerWeb, we offer an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc).
+
+## Multisite mode
+
+Understanding the multisite mode is essential when utilizing BunkerWeb. As our primary focus is safeguarding web applications, our solution is intricately linked to the concept of "virtual hosts" or "vhosts" (more info [here](https://en.wikipedia.org/wiki/Virtual_hosting)). These virtual hosts enable the serving of multiple web applications from a single instance or cluster.
+
+By default, BunkerWeb has the multisite mode disabled. This means that only one web application will be served, and all settings will be applied to it. This setup is ideal when you have a single application to protect, as you don't need to concern yourself with multisite configurations.
+
+However, when the multisite mode is enabled, BunkerWeb becomes capable of serving and protecting multiple web applications. Each web application is identified by a unique server name and has its own set of settings. This mode proves beneficial when you have multiple applications to secure, and you prefer to utilize a single instance (or a cluster) of BunkerWeb.
+
+The activation of the multisite mode is controlled by the `MULTISITE` setting, which can be set to `yes` to enable it or `no` to keep it disabled (which is the default value).
+
+Each setting within BunkerWeb has a specific context that determines where it can be applied. If the context is set to "global," the setting can't be applied per server or site but is instead applied to the entire configuration as a whole. On the other hand, if the context is "multisite," the setting can be applied globally and per server. To define a multisite setting for a specific server, simply add the server name as a prefix to the setting name. For example, `app1.example.com_AUTO_LETS_ENCRYPT` or `app2.example.com_USE_ANTIBOT` are examples of setting names with server name prefixes. When a multisite setting is defined globally without a server prefix, all servers inherit that setting. However, individual servers can still override the setting if the same setting is defined with a server name prefix.
+
+Understanding the intricacies of multisite mode and its associated settings allows you to tailor BunkerWeb's behavior to suit your specific requirements, ensuring optimal protection for your web applications.
+
+Here's a dummy example of a multisite BunkerWeb configuration :
+
+```conf
+MULTISITE=yes
+SERVER_NAME=app1.example.com app2.example.com app3.example.com
+AUTO_LETS_ENCRYPT=yes
+USE_GZIP=yes
+USE_BROTLI=yes
+app1.example.com_USE_ANTIBOT=javascript
+app1.example.com_USE_MODSECURITY=no
+app2.example.com_USE_ANTIBOT=cookie
+app2.example.com_WHITELIST_COUNTRY=FR
+app3.example.com_USE_BAD_BEHAVIOR=no
+```
+
+!!! info "Going further"
+
+    You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.6/examples) directory of the repository.
+
+## Custom configurations
+
+To address unique challenges and cater to specific use cases, BunkerWeb offers the flexibility of custom configurations. While the provided settings and [external plugins](plugins.md) cover a wide range of scenarios, there may be situations that require additional customization.
+
+BunkerWeb is built on the renowned NGINX web server, which provides a powerful configuration system. This means you can leverage NGINX's configuration capabilities to meet your specific needs. Custom NGINX configurations can be included in various [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) such as HTTP or server, allowing you to fine-tune the behavior of BunkerWeb according to your requirements. Whether you need to customize global settings or apply configurations to specific server blocks, BunkerWeb empowers you to optimize its behavior to align perfectly with your use case.
+
+Another integral component of BunkerWeb is the ModSecurity Web Application Firewall. With custom configurations, you have the flexibility to address false positives or add custom rules to further enhance the protection provided by ModSecurity. These custom configurations allow you to fine-tune the behavior of the firewall and ensure that it aligns with the specific requirements of your web applications.
+
+By leveraging custom configurations, you unlock a world of possibilities to tailor BunkerWeb's behavior and security measures precisely to your needs. Whether it's adjusting NGINX configurations or fine-tuning ModSecurity, BunkerWeb provides the flexibility to meet your unique challenges effectively.
+
+!!! info "Going further"
+
+    You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.6/examples) directory of the repository.
+
+## Database
+
+BunkerWeb securely stores its current configuration in a backend database, which contains essential data for smooth operation. The following information is stored in the database:
+
+- **Settings for all services**: The database holds the defined settings for all the services provided by BunkerWeb. This ensures that your configurations and preferences are preserved and readily accessible.
+
+- **Custom configurations**: Any custom configurations you create are also stored in the backend database. This includes personalized settings and modifications tailored to your specific requirements.
+
+- **BunkerWeb instances**: Information about BunkerWeb instances, including their setup and relevant details, is stored in the database. This allows for easy management and monitoring of multiple instances if applicable.
+
+- **Metadata about job execution**: The database stores metadata related to the execution of various jobs within BunkerWeb. This includes information about scheduled tasks, maintenance processes, and other automated activities.
+
+- **Cached files**: BunkerWeb utilizes caching mechanisms for improved performance. The database holds cached files, ensuring efficient retrieval and delivery of frequently accessed resources.
+
+Under the hood, whenever you edit a setting or add a new configuration, BunkerWeb automatically stores the changes in the database, ensuring data persistence and consistency. BunkerWeb supports multiple backend database options, including SQLite, MariaDB, MySQL, and PostgreSQL.
+
+Configuring the database is straightforward using the `DATABASE_URI` setting, which follows the specified formats for each supported database:
+
+- **SQLite**: `sqlite:///var/lib/bunkerweb/db.sqlite3`
+- **MariaDB**: `mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db`
+- **MySQL**: `mysql+pymysql://bunkerweb:changeme@bw-db:3306/db`
+- **PostgreSQL**: `postgresql://bunkerweb:changeme@bw-db:5432/db`
+
+By specifying the appropriate database URI in the configuration, you can seamlessly integrate BunkerWeb with your preferred database backend, ensuring efficient and reliable storage of your configuration data.
+
+<figure markdown>
+  ![Overview](assets/img/bunkerweb_db.svg){ align=center, width="800" }
+  <figcaption>Database Schema</figcaption>
+</figure>
+
+## Scheduler
+
+For seamless coordination and automation, BunkerWeb employs a specialized service known as the scheduler. The scheduler plays a vital role in ensuring smooth operation by performing the following tasks:
+
+- **Storing settings and custom configurations**: The scheduler is responsible for storing all the settings and custom configurations within the backend database. This centralizes the configuration data, making it easily accessible and manageable.
+
+- **Executing various tasks (jobs)**: The scheduler handles the execution of various tasks, referred to as jobs. These jobs encompass a range of activities, such as periodic maintenance, scheduled updates, or any other automated tasks required by BunkerWeb.
+
+- **Generating BunkerWeb configuration**: The scheduler generates a configuration that is readily understood by BunkerWeb. This configuration is derived from the stored settings and custom configurations, ensuring that the entire system operates cohesively.
+
+- **Acting as an intermediary for other services**: The scheduler acts as an intermediary, facilitating communication and coordination between different components of BunkerWeb. It interfaces with services such as the web UI or autoconf, ensuring a seamless flow of information and data exchange.
+
+In essence, the scheduler serves as the brain of BunkerWeb, orchestrating various operations and ensuring the smooth functioning of the system.
+
+Depending on the integration approach, the execution environment of the scheduler may differ. In container-based integrations, the scheduler is executed within its dedicated container, providing isolation and flexibility. On the other hand, for Linux-based integrations, the scheduler is self-contained within the bunkerweb service, simplifying the deployment and management process.
+
+By employing the scheduler, BunkerWeb streamlines the automation and coordination of essential tasks, enabling efficient and reliable operation of the entire system.
--- a/docs/diagrams/concepts.drawio
+++ b/docs/diagrams/concepts.drawio
--- a/docs/diagrams/core-order.drawio
+++ b/docs/diagrams/core-order.drawio
@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2022-10-13T12:11:36.746Z" agent="5.0 (Windows)" etag="qIM9S_K3KBWfpHSqmD4a" version="20.4.0"><diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">7Z1df6I4FIc/jZfdHxDevFSkrVuHzqjdrntHlVF20HQR2zqffkMhAglqtEJoYW4Gjrz/z3OScxJoCxjLtxvffl58gzPHa0nC7K0Fei1JkkRdR/+Flm1sAWo7ssx9dxbZxMQwcn87sVGIrRt35qwzGwYQeoH7nDVO4WrlTIOMzfZ9+Jrd7Cf0smd9tucOZRhNbY+2PrqzYBFZdUlL7LeOO1/gM4v4/pY23ji+k/XCnsHXlAmYLWD4EAbR0vLNcLzw6eHn8tjfPnqDX+rNnz/W/9kP3bux9ddVdLDrU3bZ3YLvrIKzD73a2Lf9lfFyfbUdXc2DjvjPuH8lg+jYL7a3iR9YfLPBFj9BZ4YeaLwK/WAB53Ble2Zi7fpws5o54XkEtJZsM4DwGRlFZPzXCYJt7B32JoDItAiWXvxrdM7wRIRoR+443m4NN/7UOXCbsYKB7c+d4NDjkHa6IiIcuHQCf4t29B3PDtyX7NXZsWfOd9slTx8txAKcIIaQo4XqoevtztwXtDgPFzuGYY5G+Ad0ntRvOZt3zZu+he1PPrkluT8pvechTkOJXxdu4Iye7ffH/IpiRZ6AL44fOG9nSEg/cRyA2nJ0nDj8KNHaa0KyiPFcpCjWhYIkwnh8cV5kRl6kPeqVw4tMafF42x+bg/5obKI19GyvKXH8BVw+bdbHPfqn63kG9KD/vh8QRUXVtNAOV0HKfv3+r0ACVFXIEHCF/T3NgJLDgAgKg4B+8F8Rgl135SgFgCcF+MBHmo3B0Oz0JiEVzI0B3Zh0LCsh68w2hZ3APaTtI7MoAvV29QhU60EgYCVQ4Uog3YnuDjrG3YUaoopgIO56WhXiQK8HBworBxpXDhRKjZuhOfliGAClehhoLF0A4/7BGg8nTWt/WF9Fr5y+oB5Zp9RmDHOAa9qJL/Mwbbuol5RfjhLXs0bdQe2BE9v8gatHhgtYM1zANcMFTBnuOcB1H6w7c2iZ49pBR/ZiqgBdXi+mfOjQY/W3f6dXJuHB/lDwau8tPni0to3XCoeVNRkG+gdhjXf9Dl104YnLCHLWZSRFyR4jurJ4N8IZdtfxAf/IG6uikB52xiYz/4P+t/64hn1cMpWvAv108niQfsd7gq9p8N8N6IfwcblT23sHdNYJh5CRderZ67U7zeqRjRXngu+8ucFuN7Sc2gutJTuFK2UFC5wRHq8YtPM9JeUIeX6AbR+NKaqWdUSF9K/oTqmYQh9JI1xaJscA90Qn5CD2NrXZc7jB+sAla8SAjKhmxt3RQnTIi8Y+WWmaQrKFYxnP55oogrzqJD0yY4373fuwB2rcmsYdc9tlmWavfk2X1q5cy4W7RRedt2Fava8zawMpQotU6rwNWW3iJxkWWeKnkK9zSfM7mPL+UQqVo1gZt53BwLRu9qYIZHzcuYDIECOzsRB1BAxVPxA7i8JPJgpqzNOm1MLwk7niJ1QMP4kVP670SSz0fR/en9SuDc0fD+ZofH6H5SsAydocFscj04Bhz7TYRwsbYdMq8lP2xBkRBZZRUoF2komzh8soeLkKZRSZtYyyr6NUThll97JF7IaA7EezVlEkorYByKTpQkUUmaw/KmXUUPLGbT9VhTHBYdJK6o2cKozMOcSeOUnloLErKOKyIBl5WdEgR6llsRg0qAJHGWgoeSWMBo2ip63yRUMjau9y+0w0dLL0LheDRlvggUZeEaJBo+iZrJxbDeFSrYZSTqshCjx6VEpeiaBho+gxW85skEO2pEuzsqGSzQYJ2aXYEAEPNk58s7rqbAh82WCdGsyZDfVIT4iZDTKjJ/tmn5uNE6fXNmwcYoN5Fi/ndIPwtLOn+mhkJl7UTB8+fapPPw+uUmx8jlScDPfntxtkAbegdqMt8kCDbT7VYHD/2Axb5XrznmErgN2N27CV0tTmecyPVPa8KlBSb5kojijnDlupwpGuxYWiHjlbGWglRD3MXAXQIEZ0RVY00t0BziO6CvPUYa4juoB412ZXkDwVDUAMJ8lKMWjIZMJaBhpasXnkCq6cg1yc0eFFh792w7ssZ/4CTx/WyfB+bqFQJI+EneviGR8gP7ZVxrsdGkvGV0pf5oPuWPHuxnE3Yq5AENGZtXJ9MY+hEyHrnvIZlDQEWS9ZBz785eBMIw5v6aQkNtmeO1+FroZkd5C9i+NjJ/5h6c5m7wE0L+HJ+mKroByGHHSmp1SqOa5U2EsgGp3A1E4SUSAjPl9NdLrnXD9NJL1amtDTKSbmqG6iKGK1RJEaUChN8mbpl6sKPYJcP1U08jslgLcqdM5ZP1XIRoU/K3QOVT9VBKFqqtCfqa1fY08WjfmrQr/8VTtWdLJcib+ozE0UOqWvISrkpzfxRCFeqrTpDLJ+qlBj/XidmypNDhmqIFdNliaLROmJVjVV6CyyhrAoxBdp+MtCp5GNLLtvqfGThc4jaygLFcS4y9IkknktfnGyoNXkDxtGw5bJ34cE5v8=</diagram></mxfile>
--- a/docs/diagrams/integration-ansible.drawio
+++ b/docs/diagrams/integration-ansible.drawio
--- a/docs/diagrams/integration-autoconf.drawio
+++ b/docs/diagrams/integration-autoconf.drawio
--- a/docs/diagrams/integration-docker.drawio
+++ b/docs/diagrams/integration-docker.drawio
--- a/docs/diagrams/integration-kubernetes.drawio
+++ b/docs/diagrams/integration-kubernetes.drawio
@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2022-04-18T18:09:08.815Z" agent="5.0 (Windows)" etag="uCmxwbMvDXNNCQliGYIF" version="17.4.5"><diagram id="To2Da4PRRWEcok_Ws3eM" name="Page-1">7Vxtd6I4FP41fqyHFwP40aLOetrRbtvZmf2IEJEtEhdia/fXb4IBIYnjS8XiDJ6eCjchyM3zPCT3Blq6vVh/iZ3l/CvyYNjSFG/d0vstTVMV3SJf1PK+sQDT2Bj8OPBYpa3hKfgPZkcy6yrwYFKqiBEKcbAsG10URdDFJZsTx+itXG2GwvJZl44PBcOT64Si9Xvg4TmzqoqyLfgDBv6cndoCrGDhZJWZIZk7HnormPRBS7djhPBma7G2YUidl/llc9xwR2n+w2IY4UMOGGkTy5v/dzddjpcunPQj95+7G9YZr064Yhfc0oyQtHc7JRs+3bAn4+fHyT2p9XDfGw+ycnKivAq7QPyeeS1Gq8iD9MQqKX6bBxg+LR2Xlr4RnBDbHC9CVjwLwtBGIYrJfoQiUuk2wTF6gZmxpemqBgzTopVRhIfOIggpnmwUJSh0EmZ/Qqs4PcccYwIPDeg98o84hP6jFZK2j5AfQmcZJG0XLdICN0mrDmebVskm367sd7zCGAcEJr0w8CNShtEyd0SxT1g30epwXTCxPvoC0QLimJxWYaUdk+Hlndt/28IvZ8e8gDzVYEaHQd7P296igmwwYBwBEnU/SMaTPkGGQj3UAKRagKigDJBcYPYCpFMVQDrHAERrAHJZBakBQMAxABk3AKkWIGa3dgAxJQDhOpyMn5Z0cxbCdY+O7IgzYOSxzb5LnJkEbrnftyBROBQQRw+HBvkIUGD4uDQK5L0dOlMYPqAkwAGiVpf0OowL1e+5ClOEMTmffuuwdvIjyHf8/oO6og2y3b+ZZ9Kd/rq09872dgIOO7EP8f5xA/RKQ2wRlgXYAQnqMlsMQwcHr+WBuQyJ7AwPKCC/OEe9BkAJ9cJ4KUl7lR1VHEjzDell+phcOxu/CO2kvMiv+nSqWAJVRmN78nU0/kKsz4+94XBkC+QhyoDL1JCDXtRJAUc8UBeB59HTSDWYI+AOpbs0186goUAFbbVbwkFXVFFV7bYNTYS0DirS0e6HdZR1eyOiO0TUGwa0S34ujbWRvLJSqcA4TfK6yp6GKta8bDDSjA9+pfFBp1ZkASY3PtBPHB8A0GmrWrmtC48RVFnIpuHLlfMF1IovVvdM42lL3zEdvRRZtE8giweg5XV+G7IkpA9x5q1piNwX6sB1gH8wZ9HtlD1tDbDdLX/oTkafLe1KpGOHncK7JHPoToBc5f1MN8r81Exu0nEoPzvmnoaq5qcu8HM0fh48jnv3zYz3cjNe3VDaSvFjlFGR7X/m9FeVZSIaKW+knJPoKxtqGRY3QrK67RPFXIj9i01VLediMqiR88vLOcFUSc7VGqq5LCu0SQ1Sv21Tg0Wb4jnYuaHbN0nspkcZ/67QBjy0A6j7ifN3uD51fO72gtPzVrLT3n4b3w0evw9uC+lK2c8SzByyT05kFgH482xmaZJOP9cJWY2LQubyWgKpRIYrS1uqYjLm4mhUZg675WW23ZhN0ao8DR7/GtmDmgO0AsDo6qcDRpagqYGkHQOiKxe+M+AKaHUTIk1MkOTddNP79jyxJ+NhXXrgCm89fI9/vpJoshB/oyRXpiRWp3ZKIouG1xhDv9mQhgdMDYRIDM8K/t4Tc8uiSIdG3HZ0wa8acTs107grWlGK4DGnlRe2pDUOWeiyN5DGwgg1CaQBs9PmlgHqp6YtJW11ANdWxaE0bfdswgteM/W7W01hHEEMCYiV3sMoX3odS+6zheMEFjcxuOoXEQLTkuj5hQNvujibeISOR3n8Sq6WeMWmTUR+DKmLFCeiZS6KZoG/IF12fuCEcIYb2GSw4WL4epaQLWJGpqLneEJsqdg3nRvjTw9ptjdA7y8+nEufEDtuCHDkstPfbARwRM7NPC3nZu7LuclWvnJ39Qusrvi8xRQc5bSTM3D841mSps43bJCyVZzh9d8jAmwCSYptxYcRjB0Mc01fkT0K0WZAsF/ZBRmXsOLUNRZ6RzbZq25wIEXPx6d7jdafrPWZnh+n9WpdtB5chdbzAs1T6WClt/Y0VLHOi4uhGp2vh84bplY/YZc9pM0L+wvE7pz1RwEOnpPM835KezIp9yQn6ZplgoEmi6HO0g8pWVJWpJcIbskfvS+SH2grbUOnXy3Qp7NQWqCmZo2zdqXWtAm+ZndHw2Z6NCmXNKJyNs3i6pI/cnnsRrhY+/T1OO2XPBTTDlx6H7hdxqN0o08AeJ1YBlxEGkgi0qZsMmpVhOPd77RhCQw3h9s2mZDJiZBfGGVRjsMyCw1DKmNIEPm/4njvDBS0uOc8gXIYBa2q4kHisig7HWB8lQQHG8ZUxhh38QmEOe51JvUikqYCjkhiZNWSEIl/vPNsRPr48/xNbvWnoNkVD903RT53bvWQ6fVhydZPmzZziy0Bnww9OLFqcVlV/jZV8bT5DC8baEh3GOnUhnQffAibn3ydSjo+VgX4XGHVpBNTiH04CyIanIpXYbp2YUY6njgWTikXYfwauNTcxKqqnd+bahkZnQu/50gOF0kOK4OLu0qo7jRBzUsnrzSlnb3u+TJYIbvb9ydvlGj7Fmp98D8=</diagram></mxfile>
--- a/docs/diagrams/integration-linux.drawio
+++ b/docs/diagrams/integration-linux.drawio
--- a/docs/diagrams/integration-swarm.drawio
+++ b/docs/diagrams/integration-swarm.drawio
--- a/docs/diagrams/intro-overview.drawio
+++ b/docs/diagrams/intro-overview.drawio
--- a/docs/index.md
+++ b/docs/index.md
@ -0,0 +1,86 @@
+# Introduction
+
+## Overview
+
+<figure markdown>
+  ![Overview](assets/img/intro-overview.svg){ align=center, width="800" }
+  <figcaption>Make your web services secure by default !</figcaption>
+</figure>
+
+BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
+
+Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](integrations.md#linux), [Docker](integrations.md#docker), [Swarm](integrations.md#swarm), [Kubernetes](integrations.md#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](web-ui.md) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
+
+BunkerWeb contains primary [security features](security-tuning.md) as part of the core but can be easily extended with additional ones thanks to a [plugin system](plugins.md).
+
+## Why BunkerWeb ?
+
+- **Easy integration into existing environments** : Seamlessly integrate BunkerWeb into various environments such as Linux, Docker, Swarm, Kubernetes and more. Enjoy a smooth transition and hassle-free implementation.
+
+- **Highly customizable** : Tailor BunkerWeb to your specific requirements with ease. Enable, disable, and configure features effortlessly, allowing you to customize the security settings according to your unique use case.
+
+- **Secure by default** : BunkerWeb provides out-of-the-box, hassle-free minimal security for your web services. Experience peace of mind and enhanced protection right from the start.
+
+- **Awesome web UI** : Take control of BunkerWeb more efficiently with the exceptional web user interface (UI). Navigate settings and configurations effortlessly through a user-friendly graphical interface, eliminating the need for the command-line interface (CLI).
+
+- **Plugin system** : Extend the capabilities of BunkerWeb to meet your own use cases. Seamlessly integrate additional security measures and customize the functionality of BunkerWeb according to your specific requirements.
+
+- **Free as in "freedom"** : BunkerWeb is licensed under the free [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html), embracing the principles of freedom and openness. Enjoy the freedom to use, modify, and distribute the software, backed by a supportive community.
+
+- **Professional services** : Get technical support, tailored consulting and custom development directly from the maintainers of BunkerWeb. Visit the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) for more information.
+
+## Security features
+
+Explore the impressive array of security features offered by BunkerWeb. While not exhaustive, here are some notable highlights:
+
+- **HTTPS** support with transparent **Let's Encrypt** automation : Easily secure your web services with automated Let's Encrypt integration, ensuring encrypted communication between clients and your server.
+
+- **State-of-the-art web security** : Benefit from cutting-edge web security measures, including comprehensive HTTP security headers, prevention of data leaks, and TLS hardening techniques.
+
+- Integrated **ModSecurity WAF** with the **OWASP Core Rule Set** : Enjoy enhanced protection against web application attacks with the integration of ModSecurity, fortified by the renowned OWASP Core Rule Set.
+
+- **Automatic ban** of strange behaviors based on HTTP status code : BunkerWeb intelligently identifies and blocks suspicious activities by automatically banning behaviors that trigger abnormal HTTP status codes.
+
+- Apply **connections and requests limit** for clients : Set limits on the number of connections and requests from clients, preventing resource exhaustion and ensuring fair usage of server resources.
+
+- **Block bots** with **challenge-based verification** : Keep malicious bots at bay by challenging them to solve puzzles such as cookies, JavaScript tests, captcha, hCaptcha, reCAPTCHA or Turnstile, effectively blocking unauthorized access.
+
+- **Block known bad IPs** with external blacklists and DNSBL : Utilize external blacklists and DNS-based blackhole lists (DNSBL) to proactively block known malicious IP addresses, bolstering your defense against potential threats.
+
+- **And much more...** : BunkerWeb is packed with a plethora of additional security features that go beyond this list, providing you with comprehensive protection and peace of mind.
+
+To delve deeper into the core security features, we invite you to explore the [security tuning](security-tuning.md) section of the documentation. Discover how BunkerWeb empowers you to fine-tune and optimize security measures according to your specific needs.
+
+## Demo
+
+<p align="center">
+    <iframe style="display: block;" width="560" height="315" data-src="https://www.youtube-nocookie.com/embed/ZhYV-QELzA4" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+</p>
+
+A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc). Feel free to visit it and perform some security tests.
+
+## Professional services
+
+Get the most of BunkerWeb by getting professional services directly from the maintainers of the project. From technical support to tailored consulting and development, we are here to assist you in the security of your web services.
+
+You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc), our dedicated platform for professional services.
+
+Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question, we will be more than happy to respond to your needs.
+
+## Ecosystem, community and resources
+
+Official websites, tools and resources about BunkerWeb :
+
+- [**Website**](https://www.bunkerweb.io/?utm_campaign=self&utm_source=doc) : get more information, news and articles about BunkerWeb
+- [**Panel**](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) : dedicated platform to order and manage professional services (e.g. technical support) around BunkerWeb
+- [**Documentation**](https://docs.bunkerweb.io) : technical documentation of the BunkerWeb solution
+- [**Demo**](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc) : demonstration website of BunkerWeb, don't hesitate to attempt attacks to test the robustness of the solution
+- [**Configurator**](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc) : user-friendly tool to help you configure BunkerWeb
+- [**Threatmap**](https://threatmap.bunkerweb.io/?utm_campaign=self&utm_source=doc) : live cyber attack blocked by BunkerWeb instances all around the world
+
+Community and social networks :
+
+- [**Discord**](https://discord.com/invite/fTf46FmtyD)
+- [**LinkedIn**](https://www.linkedin.com/company/bunkerity/)
+- [**Twitter**](https://twitter.com/bunkerity)
+- [**Reddit**](https://www.reddit.com/r/BunkerWeb/)
--- a/docs/integrations.md
+++ b/docs/integrations.md
--- a/docs/json2md.py
+++ b/docs/json2md.py
@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+
+from io import StringIO
+from json import loads
+from glob import glob
+from pathlib import Path
+from pytablewriter import MarkdownTableWriter
+
+
+def print_md_table(settings) -> MarkdownTableWriter:
+    writer = MarkdownTableWriter(
+        headers=["Setting", "Default", "Context", "Multiple", "Description"],
+        value_matrix=[
+            [
+                f"`{setting}`",
+                "" if data["default"] == "" else f"`{data['default']}`",
+                data["context"],
+                "no" if "multiple" not in data else "yes",
+                data["help"],
+            ]
+            for setting, data in settings.items()
+        ],
+    )
+    return writer
+
+
+def stream_support(support) -> str:
+    md = "STREAM support "
+    if support == "no":
+        md += ":x:"
+    elif support == "yes":
+        md += ":white_check_mark:"
+    else:
+        md += ":warning:"
+    return md
+
+
+doc = StringIO()
+
+print("# Settings\n", file=doc)
+print(
+    '!!! info "Settings generator tool"\n\n    To help you tune BunkerWeb, we have made an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc).\n',
+    file=doc,
+)
+print(
+    "This section contains the full list of settings supported by BunkerWeb."
+    + " If you are not yet familiar with BunkerWeb, you should first read the [concepts](concepts.md) section of the documentation."
+    + " Please follow the instructions for your own [integration](integrations.md) on how to apply the settings.\n",
+    file=doc,
+)
+print(
+    "As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server, you will need to add the primary"
+    + " (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.\n",
+    file=doc,
+)
+print(
+    'When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`,'
+    + " `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.\n",
+    file=doc,
+)
+
+# Print global settings
+print("## Global settings\n", file=doc)
+print(f"\n{stream_support('partial')}\n", file=doc)
+with open("src/common/settings.json", "r") as f:
+    print(print_md_table(loads(f.read())), file=doc)
+    print(file=doc)
+
+# Print core settings
+print("## Core settings\n", file=doc)
+core_settings = {}
+for core in glob("src/common/core/*/plugin.json"):
+    with open(core, "r") as f:
+        core_plugin = loads(f.read())
+        if len(core_plugin["settings"]) > 0:
+            core_settings[core_plugin["name"]] = core_plugin
+
+for name, data in dict(sorted(core_settings.items())).items():
+    print(f"### {data['name']}\n", file=doc)
+    print(f"{stream_support(data['stream'])}\n", file=doc)
+    print(f"{data['description']}\n", file=doc)
+    print(print_md_table(data["settings"]), file=doc)
+
+doc.seek(0)
+content = doc.read()
+doc = StringIO(content.replace("\\|", "|"))
+doc.seek(0)
+
+Path("docs", "settings.md").write_text(doc.read(), encoding="utf-8")
--- a/docs/migrating.md
+++ b/docs/migrating.md
@ -0,0 +1,41 @@
+# Migrating from 1.4.X
+
+!!! warning "Read this if you were a 1.4.X user"
+
+    A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.6/misc/integrations) folder of the repository.
+
+## Scheduler
+
+Back to the 1.4.X releases, jobs (like Let's Encrypt certificate generation/renewal or blacklists download) **were executed in the same container as BunkerWeb**. For the purpose of [separation of concerns](https://en.wikipedia.org/wiki/Separation_of_concerns), we decided to create a **separate service** which is now responsible for managing jobs.
+
+Called **Scheduler**, this service also generates the final configuration used by BunkerWeb and acts as an intermediary between autoconf and BunkerWeb. In other words, the scheduler is the **brain of the BunkerWeb 1.5.X stack**.
+
+You will find more information about the scheduler [here](concepts.md#scheduler).
+
+## Database
+
+BunkerWeb configuration is **no more stored in a plain file** (located at `/etc/nginx/variables.env` if you didn't know it). That's it, we now support a **fully-featured database as a backend** to store settings, cache, custom configs, ... 🥳
+
+Using a real database offers many advantages :
+
+- Backup of the current configuration
+- Usage with multiple services (scheduler, web UI, ...)
+- Upgrade to a new BunkerWeb version
+
+Please note that we actually support, **SQLite**, **MySQL**, **MariaDB** and **PostgreSQL** as backends.
+
+You will find more information about the database [here](concepts.md#database).
+
+## Redis
+
+When BunkerWeb 1.4.X was used in cluster mode (Swarm or Kubernetes integrations), **data were not shared among the nodes**. For example, if an attacker was banned via the "bad behavior" feature on a specific node, **he could still connect to the other nodes**.
+
+Security is not the only reason to have a shared data store for clustered integrations, **caching** is also another one. We can now **store results** of time-consuming operations like (reverse) dns lookups so they are **available for other nodes**.
+
+We actually support **Redis** as a backend for the shared data store.
+
+See the list of [redis settings](settings.md#redis) and the corresponding documentation of your integration for more information.
+
+## Default values and new settings
+
+The default value of some settings have changed and we have added many other settings, we recommend you read the [security tuning](security-tuning.md) and [settings](settings.md) sections of the documentation.
--- a/docs/misc/pdf.js
+++ b/docs/misc/pdf.js
@ -0,0 +1,49 @@
+const puppeteer = require('puppeteer');
+var args = process.argv.slice(2);
+var url = args[0];
+var pdfPath = args[1];
+var title = args[2];
+
+console.log('Saving', url, 'to', pdfPath);
+
+// date –  formatted print date
+// title – document title
+// url  – document location
+// pageNumber – current page number
+// totalPages – total pages in the document
+headerHtml = `
+<div style="font-size: 10px; text-align: center; width: 100%;">
+    <span>${title}</span>
+</div>`;
+
+footerHtml = `<div style="font-size: 10px; text-align: center; width: 100%;"><span class="pageNumber"></span> / <span class="totalPages"></span></div>`;
+
+
+(async() => {
+    const browser = await puppeteer.launch({
+        headless: true,
+        executablePath: process.env.CHROME_BIN || null,
+        args: ['--no-sandbox', '--headless', '--disable-gpu', '--disable-dev-shm-usage']
+    });
+
+    const page = await browser.newPage();
+    await page.goto(url, { waitUntil: 'networkidle2' });
+    await page.pdf({
+        path: pdfPath, // path to save pdf file
+        format: 'A4', // page format
+        displayHeaderFooter: true, // display header and footer (in this example, required!)
+        printBackground: true, // print background
+        landscape: false, // use horizontal page layout
+        headerTemplate: headerHtml, // indicate html template for header
+        footerTemplate: footerHtml,
+        scale: 1, //Scale amount must be between 0.1 and 2
+        margin: { // increase margins (in this example, required!)
+            top: 80,
+            bottom: 80,
+            left: 30,
+            right: 30
+        }
+    });
+
+    await browser.close();
+})();
--- a/docs/overrides/main.html
+++ b/docs/overrides/main.html
@ -0,0 +1,34 @@
+{% extends "base.html" %} {% block outdated %} You're not viewing the
+documentation of the latest version.
+<a href="{{ '../' ~ base_url }}">
+  <strong>Click here to view latest.</strong>
+</a>
+{% endblock %} {% block announce %} 📢 Looking for technical support, tailored
+consulting or custom development for BunkerWeb ? Visit the
+<a
+  href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc"
+  style="color: #3f6ec6; text-decoration: underline"
+  >BunkerWeb Panel</a
+>
+for more information on our enterprise offers. {% endblock %} {% block libs %}
+<script
+  async
+  defer
+  data-domain="docs.bunkerweb.io"
+  src="https://data.bunkerity.com/js/script.js"
+></script>
+<script defer>
+  // Lazy load images and embed youtube videos
+  window.addEventListener("load", () => {
+    document.querySelectorAll("[data-src]").forEach((el) => {
+      el.setAttribute("src", el.getAttribute("data-src"));
+    });
+  });
+  // Add missing label
+  try {
+    document
+      .querySelector('div.md-search[data-md-component="search"][role="dialog"]')
+      .setAttribute("aria-label", "Search in documentation");
+  } catch (err) {}
+</script>
+{% endblock %}
--- a/docs/package.json
+++ b/docs/package.json
@ -0,0 +1,5 @@
+{
+    "dependencies": {
+      "puppeteer": "^21.3.6"
+    }
+}
--- a/docs/plugins.md
+++ b/docs/plugins.md
@ -0,0 +1,557 @@
+# Plugins
+
+BunkerWeb comes with a plugin system making it possible to easily add new features. Once a plugin is installed, you can manage it using additional settings defined by the plugin.
+
+## Official plugins
+
+Here is the list of "official" plugins that we maintain (see the [bunkerweb-plugins](https://github.com/bunkerity/bunkerweb-plugins) repository for more information) :
+
+|      Name      | Version | Description                                                                                                                      |                                                 Link                                                  |
+| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
+|   **ClamAV**   |   1.3   | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. |     [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav)     |
+| **Coraza** |   1.3   | Inspect requests using a the Coraza WAF (alternative of ModSecurity).           | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
+|  **CrowdSec**  |   1.3   | CrowdSec bouncer for BunkerWeb.                                                                                                  |   [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec)   |
+| **Discord** | 1.3 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
+| **Slack** | 1.3 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
+| **VirusTotal** |   1.3   | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious.          | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
+| **WebHook** | 1.3 | Send security notifications to a custom HTTP endpoint using a	Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
+
+## How to use a plugin
+
+### Automatic
+
+If you want to quickly install external plugins, you can use the `EXTERNAL_PLUGIN_URLS` setting. It takes a list of URLs, separated with space, pointing to compressed (zip format) archive containing one or more plugin(s).
+
+You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.3.zip`
+
+### Manual
+
+The first step is to install the plugin by putting the plugin files inside the corresponding `plugins` data folder, the procedure depends on your integration :
+
+=== "Docker"
+
+    When using the [Docker integration](integrations.md#docker), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
+
+    The first thing to do is to create the plugins folder :
+
+    ```shell
+    mkdir -p ./bw-data/plugins
+    ```
+
+    Then, you can drop the plugins of your choice into that folder :
+
+    ```shell
+    git clone https://github.com/bunkerity/bunkerweb-plugins && \
+    cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
+    ```
+
+    Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
+
+    ```shell
+    chown -R 101:101 ./bw-data
+    ```
+
+    Then you can mount the volume when starting your Docker stack :
+
+    ```yaml
+    version: '3.5'
+    services:
+    ...
+      bw-scheduler:
+        image: bunkerity/bunkerweb-scheduler:1.5.6
+        volumes:
+          - ./bw-data:/data
+    ...
+    ```
+
+=== "Docker autoconf"
+
+    When using the [Docker autoconf integration](integrations.md#docker-autoconf), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
+
+
+    The first thing to do is to create the plugins folder :
+
+    ```shell
+    mkdir -p ./bw-data/plugins
+    ```
+
+    Then, you can drop the plugins of your choice into that folder :
+
+    ```shell
+    git clone https://github.com/bunkerity/bunkerweb-plugins && \
+    cp -rp ./bunkerweb-plugins/* ./bw-data/plugins
+    ```
+
+    Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
+
+    ```shell
+    chown -R 101:101 ./bw-data
+    ```
+
+    Then you can mount the volume when starting your Docker stack :
+
+    ```yaml
+    version: '3.5'
+    services:
+    ...
+      bw-scheduler:
+        image: bunkerity/bunkerweb-scheduler:1.5.6
+        volumes:
+          - ./bw-data:/data
+    ...
+    ```
+
+=== "Swarm"
+
+    When using the [Swarm integration](integrations.md#swarm), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
+
+    !!! info "Swarm volume"
+        Configuring a Swarm volume that will persist when the scheduler service is running on different nodes is not covered is in this documentation. We will assume that you have a shared folder mounted on `/shared` across all nodes.
+
+    The first thing to do is to create the plugins folder :
+
+    ```shell
+    mkdir -p /shared/bw-plugins
+    ```
+
+    Then, you can drop the plugins of your choice into that folder :
+
+    ```shell
+    git clone https://github.com/bunkerity/bunkerweb-plugins && \
+    cp -rp ./bunkerweb-plugins/* /shared/bw-plugins
+    ```
+
+    Because the scheduler runs as an unprivileged user with UID and GID 101, you will need to edit the permissions :
+
+    ```shell
+    chown -R 101:101 /shared/bw-plugins
+    ```
+
+    Then you can mount the volume when starting your Swarm stack :
+
+    ```yaml
+    version: '3.5'
+    services:
+    ...
+      bw-scheduler:
+        image: bunkerity/bunkerweb-scheduler:1.5.6
+        volumes:
+          - /shared/bw-plugins:/data/plugins
+    ...
+    ```
+
+=== "Kubernetes"
+
+    When using the [Kubernetes integration](integrations.md#kubernetes), plugins must be written to the volume mounted on `/data/plugins` into the scheduler container.
+
+    The fist thing to do is to declare a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) that will contain our plugins data :
+
+    ```yaml
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: pvc-bunkerweb-plugins
+    spec:
+      accessModes:
+        - ReadWriteOnce
+    resources:
+      requests:
+        storage: 5Gi
+    ```
+
+    You can now add the volume mount and an init containers to automatically provision the volume :
+
+    ```yaml
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: bunkerweb-scheduler
+    spec:
+      replicas: 1
+      strategy:
+        type: Recreate
+      selector:
+        matchLabels:
+          app: bunkerweb-scheduler
+      template:
+        metadata:
+          labels:
+            app: bunkerweb-scheduler
+        spec:
+          serviceAccountName: sa-bunkerweb
+          containers:
+            - name: bunkerweb-scheduler
+              image: bunkerity/bunkerweb-scheduler:1.5.6
+              imagePullPolicy: Always
+              env:
+                - name: KUBERNETES_MODE
+                  value: "yes"
+                - name: "DATABASE_URI"
+                  value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
+              volumeMounts:
+                - mountPath: "/data/plugins"
+                  name: vol-plugins
+          initContainers:
+            - name: bunkerweb-scheduler-init
+              image: alpine/git
+              command: ["/bin/sh", "-c"]
+              args: ["git clone https://github.com/bunkerity/bunkerweb-plugins /data/plugins && chown -R 101:101 /data/plugins"]
+              volumeMounts:
+                - mountPath: "/data/plugins"
+                  name: vol-plugins
+          volumes:
+            - name: vol-plugins
+              persistentVolumeClaim:
+                claimName: pvc-bunkerweb-plugins
+    ```
+
+=== "Linux"
+
+    When using the [Linux integration](integrations.md#linux), plugins must be written to the `/etc/bunkerweb/plugins` folder :
+
+    ```shell
+    git clone https://github.com/bunkerity/bunkerweb-plugins && \
+    cp -rp ./bunkerweb-plugins/* /etc/bunkerweb/plugins && \
+    chown -R nginx:nginx /etc/bunkerweb/plugins
+    ```
+
+=== "Ansible"
+
+    When using the [Ansible integration](integrations.md#ansible), you can use the `plugins` variable to set a local folder containing your plugins that will be copied to your BunkerWeb instances.
+
+    Let's assume that you have plugins inside the `bunkerweb-plugins` folder :
+
+    ```shell
+    git clone https://github.com/bunkerity/bunkerweb-plugins
+    ```
+
+    In your Ansible inventory, you can use the `plugins` variable to set the path of plugins folder :
+
+    ```ini
+    [mybunkers]
+    192.168.0.42 ... custom_plugins="{{ playbook_dir }}/bunkerweb-plugins"
+    ```
+
+    Or alternatively, in your playbook file :
+
+    ```yaml
+    - hosts: all
+      become: true
+      vars:
+      - custom_plugins: "{{ playbook_dir }}/bunkerweb-plugins"
+      roles:
+      - bunkerity.bunkerweb
+    ```
+
+    Run the playbook :
+
+    ```shell
+    ansible-playbook -i inventory.yml playbook.yml
+    ```
+
+=== "Vagrant"
+
+    When using the [Vagrant integration](integrations.md#vagrant), plugins must be written to the `/etc/bunkerweb/plugins` folder (you will need to do a `vagrant ssh` first) :
+
+    ```shell
+    git clone https://github.com/bunkerity/bunkerweb-plugins && \
+    cp -rp ./bunkerweb-plugins/* /etc/bunkerweb/plugins
+    ```
+
+## Writing a plugin
+
+!!! tip "Existing plugins"
+
+    If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.6/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking).
+
+The first step is to create a folder that will contain the plugin :
+
+```shell
+mkdir myplugin && \
+cd myplugin
+```
+
+### Metadata
+
+A file named **plugin.json** and written at the root of the plugin folder must contain metadata about the plugin. Here is an example :
+
+```json
+{
+  "id": "myplugin",
+  "name": "My Plugin",
+  "description": "Just an example plugin.",
+  "version": "1.0",
+  "stream": "partial",
+  "settings": {
+    "DUMMY_SETTING": {
+      "context": "multisite",
+      "default": "1234",
+      "help": "Here is the help of the setting.",
+      "id": "dummy-id",
+      "label": "Dummy setting",
+      "regex": "^.*$",
+      "type": "text"
+    }
+  },
+  "jobs": [
+    {
+      "name": "my-job",
+      "file": "my-job.py",
+      "every": "hour"
+    }
+  ]
+}
+```
+
+Here are the details of the fields :
+
+|     Field     | Mandatory |  Type  | Description                                                                                                                                                                                        |
+| :-----------: | :-------: | :----: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|     `id`      |    yes    | string | Internal ID for the plugin : must be unique among other plugins (including "core" ones) and contain only lowercase chars.                                                                          |
+|    `name`     |    yes    | string | Name of your plugin.                                                                                                                                                                               |
+| `description` |    yes    | string | Description of your plugin.                                                                                                                                                                        |
+|   `version`   |    yes    | string | Version of your plugin.                                                                                                                                                                            |
+|   `stream`    |    yes    | string | Information about stream support : `no`, `yes` or `partial`.
+|  `settings`   |    yes    |  dict  | List of the settings of your plugin.                                                                                                                                                               |
+|    `jobs`     |    no     |  list  | List of the jobs of your plugin.                                                                                                                                                                   |
+
+Each setting has the following fields (the key is the ID of the settings used in a configuration) :
+
+|   Field    | Mandatory |  Type  | Description                                                  |
+| :--------: | :-------: | :----: | :----------------------------------------------------------- |
+| `context`  |    yes    | string | Context of the setting : `multisite` or `global`.            |
+| `default`  |    yes    | string | The default value of the setting.                            |
+|   `help`   |    yes    | string | Help text about the plugin (shown in web UI).                |
+|    `id`    |    yes    | string | Internal ID used by the web UI for HTML elements.            |
+|  `label`   |    yes    | string | Label shown by the web UI.                                   |
+|  `regex`   |    yes    | string | The regex used to validate the value provided by the user.   |
+|   `type`   |    yes    | string | The type of the field : `text`, `check`, `select` or `password`.         |
+| `multiple` |    no     | string | Unique ID to group multiple settings with numbers as suffix. |
+|  `select`  |    no     |  list  | List of possible string values when `type` is `select`.      |
+
+Each job has the following fields :
+
+|  Field  | Mandatory |  Type  | Description                                                                                                                             |
+| :-----: | :-------: | :----: | :-------------------------------------------------------------------------------------------------------------------------------------- |
+| `name`  |    yes    | string | Name of the job.                                                                                                                        |
+| `file`  |    yes    | string | Name of the file inside the jobs folder.                                                                                                |
+| `every` |    yes    | string | Job scheduling frequency : `minute`, `hour`, `day`, `week` or `once` (no frequency, only once before (re)generating the configuration). |
+
+### Configurations
+
+You can add custom NGINX configurations by adding a folder named **confs** with content similar to the [custom configurations](quickstart-guide.md#custom-configurations). Each subfolder inside the **confs** will contain [jinja2](https://jinja.palletsprojects.com) templates that will be generated and loaded at the corresponding context (`http`, `server-http`, `default-server-http`, `stream` and `server-stream`).
+
+Here is an example for a configuration template file inside the **confs/server-http** folder named **example.conf** :
+
+```conf
+location /setting {
+	default_type 'text/plain';
+    content_by_lua_block {
+        ngx.say('{{ DUMMY_SETTING }}')
+    }
+}
+```
+
+`{{ DUMMY_SETTING }}` will be replaced by the value of the `DUMMY_SETTING` chosen by the user of the plugin.
+
+### LUA
+
+#### Main script
+
+Under the hood, BunkerWeb is using the [NGINX LUA module](https://github.com/openresty/lua-nginx-module) to execute code within NGINX. Plugins that need to execute code must provide a lua file at the root directory of the plugin folder using the `id` value of **plugin.json** as its name. Here is an example named **myplugin.lua** :
+
+```lua
+local class     = require "middleclass"
+local plugin    = require "bunkerweb.plugin"
+local utils     = require "bunkerweb.utils"
+
+
+local myplugin = class("myplugin", plugin)
+
+
+function myplugin:initialize()
+    plugin.initialize(self, "myplugin")
+    self.dummy = "dummy"
+end
+
+function myplugin:init()
+    self.logger:log(ngx.NOTICE, "init called")
+    return self:ret(true, "success")
+end
+
+function myplugin:set()
+    self.logger:log(ngx.NOTICE, "set called")
+    return self:ret(true, "success")
+end
+
+function myplugin:access()
+    self.logger:log(ngx.NOTICE, "access called")
+    return self:ret(true, "success")
+end
+
+function myplugin:log()
+    self.logger:log(ngx.NOTICE, "log called")
+    return self:ret(true, "success")
+end
+
+function myplugin:log_default()
+    self.logger:log(ngx.NOTICE, "log_default called")
+    return self:ret(true, "success")
+end
+
+function myplugin:preread()
+    self.logger:log(ngx.NOTICE, "preread called")
+    return self:ret(true, "success")
+end
+
+function myplugin:log_stream()
+    self.logger:log(ngx.NOTICE, "log_stream called")
+    return self:ret(true, "success")
+end
+
+return myplugin
+```
+
+The declared functions are automatically called during specific contexts. Here are the details of each function :
+
+| Function |                                   Context                                    | Description                                                                                                                                               | Return value                                                                                                                                                                                                                                                                                                                            |
+| :------: | :--------------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|  `init`  |   [init_by_lua](https://github.com/openresty/lua-nginx-module#init_by_lua)   | Called when NGINX just started or received a reload order. the typical use case is to prepare any data that will be used by your plugin.                  | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>|
+|  `set`  |   [set_by_lua](https://github.com/openresty/lua-nginx-module#set_by_lua)   | Called before each request received by the server.The typical use case is for computing before access phase.                 | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>|
+| `access` | [access_by_lua](https://github.com/openresty/lua-nginx-module#access_by_lua) | Called on each request received by the server. The typical use case is to do the security checks here and deny the request if needed.                     | `ret`, `msg`,`status`,`redirect`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li><li>`status` (number) : interrupt current process and return [HTTP status](https://github.com/openresty/lua-nginx-module#http-status-constants)</li><li>`redirect` (URL) : if set will redirect to given URL</li></ul> |
+|  `log`   |    [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua)    | Called when a request has finished (and before it gets logged to the access logs). The typical use case is to make stats or compute counters for example. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>                                                                                                                                                                                                           |
+|  `log_default`   |    [log_by_lua](https://github.com/openresty/lua-nginx-module#log_by_lua)    | Same as `log` but only called on the default server. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul>                                                                                                                                                                                                           |
+| `preread` | [preread_by_lua](https://github.com/openresty/stream-lua-nginx-module#preread_by_lua_block) | Similar to the `access` function but for stream mode. | `ret`, `msg`,`status`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li><li>`status` (number) : interrupt current process and return [status](https://github.com/openresty/lua-nginx-module#http-status-constants)</li></ul> |
+| `log_stream` | [log_by_lua](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Similar to the `log` function but for stream mode. | `ret`, `msg`<ul><li>`ret` (boolean) : true if no error or else false</li><li>`msg` (string) : success or error message</li></ul> |
+
+#### Libraries
+
+All directives from [NGINX LUA module](https://github.com/openresty/lua-nginx-module) and are available and [NGINX stream LUA module](https://github.com/openresty/stream-lua-nginx-module). On top of that, you can use the LUA libraries included within BunkerWeb : see [this script](https://github.com/bunkerity/bunkerweb/blobsrc/deps/clone.sh) for the complete list.
+
+If you need additional libraries, you can put them in the root folder of the plugin and access them by prefixing them with your plugin ID. Here is an example file named **mylibrary.lua** :
+
+```lua
+local _M = {}
+
+_M.dummy = function ()
+	return "dummy"
+end
+
+return _M
+```
+
+And here is how you can use it from the **myplugin.lua** file :
+
+```lua
+local mylibrary = require "myplugin.mylibrary"
+
+...
+
+mylibrary.dummy()
+
+...
+```
+
+#### Helpers
+
+Some helpers modules provide common helpful helpers :
+
+- `self.variables` : allows to access and store plugins' attributes
+- `self.logger` : print logs
+- `bunkerweb.utils` : various useful functions
+- `bunkerweb.datastore` : access the global shared data on one instance (key/value store)
+- `bunkerweb.clusterstore` : access a Redis data store shared between BunkerWeb instances (key/value store)
+
+To access the functions, you first need to **require** the modules :
+
+```lua
+local utils       = require "bunkerweb.utils"
+local datastore   = require "bunkerweb.datastore"
+local clustestore = require "bunkerweb.clustertore"
+```
+
+Retrieve a setting value :
+
+```lua
+local myvar = self.variables["DUMMY_SETTING"]
+if not myvar then
+    self.logger:log(ngx.ERR, "can't retrieve setting DUMMY_SETTING")
+else
+    self.logger:log(ngx.NOTICE, "DUMMY_SETTING = " .. value)
+end
+```
+
+Store something in the local cache :
+
+```lua
+local ok, err = self.datastore:set("plugin_myplugin_something", "somevalue")
+if not ok then
+    self.logger:log(ngx.ERR, "can't save plugin_myplugin_something into datastore : " .. err)
+else
+    self.logger:log(ngx.NOTICE, "successfully saved plugin_myplugin_something into datastore")
+end
+```
+
+Check if an IP address is global :
+
+```lua
+local ret, err = utils.ip_is_global(ngx.ctx.bw.remote_addr)
+if ret == nil then
+    self.logger:log(ngx.ERR, "error while checking if IP " .. ngx.ctx.bw.remote_addr .. " is global or not : " .. err)
+elseif not ret then
+    self.logger:log(ngx.NOTICE, "IP " .. ngx.ctx.bw.remote_addr .. " is not global")
+else
+    self.logger:log(ngx.NOTICE, "IP " .. ngx.ctx.bw.remote_addr .. " is global")
+end
+```
+
+!!! tip "More examples"
+
+    If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.6/src/bw/lua/bunkerweb) of the repository.
+
+### Jobs
+
+BunkerWeb uses an internal job scheduler for periodic tasks like renewing certificates with certbot, downloading blacklists, downloading MMDB files, ... You can add tasks of your choice by putting them inside a subfolder named **jobs** and listing them in the **plugin.json** metadata file. Don't forget to add the execution permissions for everyone to avoid any problems when a user is cloning and installing your plugin.
+
+### Plugin page
+
+Plugin pages are used to display information about your plugin and interact with the user inside the plugins section of the [web UI](web-ui.md).
+
+Everything related to the web UI is located inside a subfolder named **ui** at the root directory of your plugin. A template file named **template.html** and located inside the **ui** subfolder contains the client code and logic to display your page. Another file named **actions.py** and also located inside the **ui** subfolder contains code that will be executed when the user is interacting with your page (filling a form for example).
+
+!!! info "Jinja 2 template"
+    The **template.html** file is a Jinja2 template, please refer to the [Jinja2 documentation](https://jinja.palletsprojects.com) if needed.
+
+A plugin page can have a form that is used to submit data to the plugin. To get the values of the form, you need to put a **actions.py** file in the **ui** folder. Inside the file, **you must define a function that has the same name as the plugin**. This function will be called when the form is submitted. You can then use the **request** object (from the [Flask library](https://flask.palletsprojects.com)) to get the values of the form. The form's action must finish with **/plugins/<*plugin_id*>**. The helper function `url_for` will generate for you the prefix of the URL : `{{ url_for('plugins') }}/plugin_id`.
+
+If you want to display variables generated from your **actions.py** in your template file, you can return a dictionary with variables name as keys and variables value as values. Here is dummy example where we return a single variable :
+
+```python
+def myplugin() :
+	return {"foo": "bar"}
+```
+
+And we display it in the **template.html** file :
+```html
+{% if foo %}
+Content of foo is : {{ foo }}.
+{% endif %}
+```
+
+Please note that every form submission is protected via a CSRF token, you will need to include the following snippet into your forms :
+```html
+<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+```
+
+Retrieving user submitted data is pretty simple, thanks to the request module provided by Flask :
+
+```python
+from flask import request
+
+def myplugin() :
+	my_form_value = request.form["my_form_input"]
+```
+
+!!! info "Python libraries"
+    You can use Python libraries that are already available like :
+    `Flask`, `Flask-Login`, `Flask-WTF`, `beautifulsoup4`, `docker`, `Jinja2`, `python-magic` and `requests`. To see the full list, you can have a look at the Web UI [requirements.txt](https://github.com/bunkerity/bunkerweb/blobsrc/ui/requirements.txt). If you need external libraries, you can install them inside the **ui** folder of your plugin and then use the classical **import** directive.
--- a/docs/professional-services.md
+++ b/docs/professional-services.md
@ -0,0 +1,30 @@
+# Professional services
+
+## Why should I get professional services ?
+
+Since BunkerWeb is a free (as in freedom) software, you've the right to use it freely as long as you respect the [AGPLv3 license](https://www.gnu.org/licenses/agpl-3.0.en.html).
+
+But dedicating time to a specific technology may not be easy depending on your business priorities. Not mentioning that cybersecurity is complex domain where being both judge and jury is not recommended.
+
+Getting professional services in addition to the open-source solution is the ideal solution to cover your business needs. You can focus on your top priorities and rely on a trusted partner when it comes to web security.
+
+Please note that professionnal services are directly offered by [Bunkerity](https://www.bunkerity.com/?utm_campaign=self&utm_source=doc), the company maintaining the BunkerWeb project, through our [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) online platform.
+
+## Which professional services do you offer ?
+
+We offer technical support around the BunkerWeb solution. By using this service, we will assist you on the technical issues (installation, configuration, false positive, ...).
+
+According to your needs you have the choice between "one time" and subscriptions offers.
+
+One important thing to note is that the support service is based on "credit" system where you pay for a number of support hours dedicated for you. Time passed on your requests will be deducted to your credit. In other words, you only pay for real time dedicated to your needs.
+
+In addition to the support service, we also offer custom services around the BunkerWeb solution to meet your specific needs :
+
+- Consulting : a dedicated expert will give you advices on your project
+- Development : if you need specific features in BunkerWeb, we can do it for you
+
+## How can I get more information ?
+
+You will find more information by visiting the [BunkerWeb Panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc), our dedicated platform for professional services.
+
+Don't hesitate to [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question, we will be more than happy to respond to your needs.
--- a/docs/quickstart-guide.md
+++ b/docs/quickstart-guide.md
--- a/docs/requirements.in
+++ b/docs/requirements.in
@ -0,0 +1,5 @@
+mike==2.0.0
+mkdocs==1.5.3
+mkdocs-material[imaging]==9.5.5
+mkdocs-print-site-plugin==2.3.6
+pytablewriter==1.2.0
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@ -0,0 +1,692 @@
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+#    pip-compile --allow-unsafe --generate-hashes --strip-extras requirements.in
+#
+babel==2.14.0 \
+    --hash=sha256:6919867db036398ba21eb5c7a0f6b28ab8cbc3ae7a73a44ebe34ae74a4e7d363 \
+    --hash=sha256:efb1a25b7118e67ce3a259bed20545c29cb68be8ad2c784c83689981b7a57287
+    # via mkdocs-material
+cairocffi==1.6.1 \
+    --hash=sha256:78e6bbe47357640c453d0be929fa49cd05cce2e1286f3d2a1ca9cbda7efdb8b7 \
+    --hash=sha256:aa78ee52b9069d7475eeac457389b6275aa92111895d78fbaa2202a52dac112e
+    # via cairosvg
+cairosvg==2.7.1 \
+    --hash=sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0 \
+    --hash=sha256:8a5222d4e6c3f86f1f7046b63246877a63b49923a1cd202184c3a634ef546b3b
+    # via mkdocs-material
+certifi==2023.11.17 \
+    --hash=sha256:9b469f3a900bf28dc19b8cfbf8019bf47f7fdd1a65a1d4ffb98fc14166beb4d1 \
+    --hash=sha256:e036ab49d5b79556f99cfc2d9320b34cfbe5be05c5871b51de9329f0603b0474
+    # via requests
+cffi==1.16.0 \
+    --hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \
+    --hash=sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a \
+    --hash=sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417 \
+    --hash=sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab \
+    --hash=sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520 \
+    --hash=sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36 \
+    --hash=sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743 \
+    --hash=sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8 \
+    --hash=sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed \
+    --hash=sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684 \
+    --hash=sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56 \
+    --hash=sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324 \
+    --hash=sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d \
+    --hash=sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235 \
+    --hash=sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e \
+    --hash=sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088 \
+    --hash=sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000 \
+    --hash=sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7 \
+    --hash=sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e \
+    --hash=sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673 \
+    --hash=sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c \
+    --hash=sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe \
+    --hash=sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2 \
+    --hash=sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098 \
+    --hash=sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8 \
+    --hash=sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a \
+    --hash=sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0 \
+    --hash=sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b \
+    --hash=sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896 \
+    --hash=sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e \
+    --hash=sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9 \
+    --hash=sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2 \
+    --hash=sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b \
+    --hash=sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6 \
+    --hash=sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404 \
+    --hash=sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f \
+    --hash=sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0 \
+    --hash=sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4 \
+    --hash=sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc \
+    --hash=sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936 \
+    --hash=sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba \
+    --hash=sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872 \
+    --hash=sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb \
+    --hash=sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614 \
+    --hash=sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1 \
+    --hash=sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d \
+    --hash=sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969 \
+    --hash=sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b \
+    --hash=sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4 \
+    --hash=sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627 \
+    --hash=sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956 \
+    --hash=sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357
+    # via cairocffi
+chardet==5.2.0 \
+    --hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \
+    --hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970
+    # via mbstrdecoder
+charset-normalizer==3.3.2 \
+    --hash=sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027 \
+    --hash=sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087 \
+    --hash=sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786 \
+    --hash=sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8 \
+    --hash=sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09 \
+    --hash=sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185 \
+    --hash=sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574 \
+    --hash=sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e \
+    --hash=sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519 \
+    --hash=sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898 \
+    --hash=sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269 \
+    --hash=sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3 \
+    --hash=sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f \
+    --hash=sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6 \
+    --hash=sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8 \
+    --hash=sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a \
+    --hash=sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73 \
+    --hash=sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc \
+    --hash=sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714 \
+    --hash=sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2 \
+    --hash=sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc \
+    --hash=sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce \
+    --hash=sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d \
+    --hash=sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e \
+    --hash=sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6 \
+    --hash=sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269 \
+    --hash=sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96 \
+    --hash=sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d \
+    --hash=sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a \
+    --hash=sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4 \
+    --hash=sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77 \
+    --hash=sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d \
+    --hash=sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0 \
+    --hash=sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed \
+    --hash=sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068 \
+    --hash=sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac \
+    --hash=sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25 \
+    --hash=sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8 \
+    --hash=sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab \
+    --hash=sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26 \
+    --hash=sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2 \
+    --hash=sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db \
+    --hash=sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f \
+    --hash=sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5 \
+    --hash=sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99 \
+    --hash=sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c \
+    --hash=sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d \
+    --hash=sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811 \
+    --hash=sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa \
+    --hash=sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a \
+    --hash=sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03 \
+    --hash=sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b \
+    --hash=sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04 \
+    --hash=sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c \
+    --hash=sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001 \
+    --hash=sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458 \
+    --hash=sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389 \
+    --hash=sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99 \
+    --hash=sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985 \
+    --hash=sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537 \
+    --hash=sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238 \
+    --hash=sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f \
+    --hash=sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d \
+    --hash=sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796 \
+    --hash=sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a \
+    --hash=sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143 \
+    --hash=sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8 \
+    --hash=sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c \
+    --hash=sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5 \
+    --hash=sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5 \
+    --hash=sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711 \
+    --hash=sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4 \
+    --hash=sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6 \
+    --hash=sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c \
+    --hash=sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7 \
+    --hash=sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4 \
+    --hash=sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b \
+    --hash=sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae \
+    --hash=sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12 \
+    --hash=sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c \
+    --hash=sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae \
+    --hash=sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8 \
+    --hash=sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887 \
+    --hash=sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b \
+    --hash=sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4 \
+    --hash=sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f \
+    --hash=sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5 \
+    --hash=sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33 \
+    --hash=sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519 \
+    --hash=sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561
+    # via requests
+click==8.1.7 \
+    --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
+    --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
+    # via mkdocs
+colorama==0.4.6 \
+    --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
+    --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
+    # via mkdocs-material
+cssselect2==0.7.0 \
+    --hash=sha256:1ccd984dab89fc68955043aca4e1b03e0cf29cad9880f6e28e3ba7a74b14aa5a \
+    --hash=sha256:fd23a65bfd444595913f02fc71f6b286c29261e354c41d722ca7a261a49b5969
+    # via cairosvg
+dataproperty==1.0.1 \
+    --hash=sha256:0b8b07d4fb6453fcf975b53d35dea41f3cfd69c9d79b5010c3cf224ff0407a7a \
+    --hash=sha256:723e5729fa6e885e127a771a983ee1e0e34bb141aca4ffe1f0bfa7cde34650a4
+    # via
+    #   pytablewriter
+    #   tabledata
+defusedxml==0.7.1 \
+    --hash=sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69 \
+    --hash=sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
+    # via cairosvg
+ghp-import==2.1.0 \
+    --hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \
+    --hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343
+    # via mkdocs
+idna==3.6 \
+    --hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \
+    --hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f
+    # via requests
+importlib-metadata==7.0.1 \
+    --hash=sha256:4805911c3a4ec7c3966410053e9ec6a1fecd629117df5adee56dfc9432a1081e \
+    --hash=sha256:f238736bb06590ae52ac1fab06a3a9ef1d8dce2b7a35b5ab329371d6c8f5d2cc
+    # via
+    #   markdown
+    #   mike
+    #   mkdocs
+importlib-resources==6.1.1 \
+    --hash=sha256:3893a00122eafde6894c59914446a512f728a0c1a45f9bb9b63721b6bacf0b4a \
+    --hash=sha256:e8bf90d8213b486f428c9c39714b920041cb02c184686a3dee24905aaa8105d6
+    # via mike
+jinja2==3.1.3 \
+    --hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \
+    --hash=sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90
+    # via
+    #   mike
+    #   mkdocs
+    #   mkdocs-material
+markdown==3.5.2 \
+    --hash=sha256:d43323865d89fc0cb9b20c75fc8ad313af307cc087e84b657d9eec768eddeadd \
+    --hash=sha256:e1ac7b3dc550ee80e602e71c1d168002f062e49f1b11e26a36264dafd4df2ef8
+    # via
+    #   mkdocs
+    #   mkdocs-material
+    #   pymdown-extensions
+markupsafe==2.1.4 \
+    --hash=sha256:0042d6a9880b38e1dd9ff83146cc3c9c18a059b9360ceae207805567aacccc69 \
+    --hash=sha256:0c26f67b3fe27302d3a412b85ef696792c4a2386293c53ba683a89562f9399b0 \
+    --hash=sha256:0fbad3d346df8f9d72622ac71b69565e621ada2ce6572f37c2eae8dacd60385d \
+    --hash=sha256:15866d7f2dc60cfdde12ebb4e75e41be862348b4728300c36cdf405e258415ec \
+    --hash=sha256:1c98c33ffe20e9a489145d97070a435ea0679fddaabcafe19982fe9c971987d5 \
+    --hash=sha256:21e7af8091007bf4bebf4521184f4880a6acab8df0df52ef9e513d8e5db23411 \
+    --hash=sha256:23984d1bdae01bee794267424af55eef4dfc038dc5d1272860669b2aa025c9e3 \
+    --hash=sha256:31f57d64c336b8ccb1966d156932f3daa4fee74176b0fdc48ef580be774aae74 \
+    --hash=sha256:3583a3a3ab7958e354dc1d25be74aee6228938312ee875a22330c4dc2e41beb0 \
+    --hash=sha256:36d7626a8cca4d34216875aee5a1d3d654bb3dac201c1c003d182283e3205949 \
+    --hash=sha256:396549cea79e8ca4ba65525470d534e8a41070e6b3500ce2414921099cb73e8d \
+    --hash=sha256:3a66c36a3864df95e4f62f9167c734b3b1192cb0851b43d7cc08040c074c6279 \
+    --hash=sha256:3aae9af4cac263007fd6309c64c6ab4506dd2b79382d9d19a1994f9240b8db4f \
+    --hash=sha256:3ab3a886a237f6e9c9f4f7d272067e712cdb4efa774bef494dccad08f39d8ae6 \
+    --hash=sha256:47bb5f0142b8b64ed1399b6b60f700a580335c8e1c57f2f15587bd072012decc \
+    --hash=sha256:49a3b78a5af63ec10d8604180380c13dcd870aba7928c1fe04e881d5c792dc4e \
+    --hash=sha256:4df98d4a9cd6a88d6a585852f56f2155c9cdb6aec78361a19f938810aa020954 \
+    --hash=sha256:5045e892cfdaecc5b4c01822f353cf2c8feb88a6ec1c0adef2a2e705eef0f656 \
+    --hash=sha256:5244324676254697fe5c181fc762284e2c5fceeb1c4e3e7f6aca2b6f107e60dc \
+    --hash=sha256:54635102ba3cf5da26eb6f96c4b8c53af8a9c0d97b64bdcb592596a6255d8518 \
+    --hash=sha256:54a7e1380dfece8847c71bf7e33da5d084e9b889c75eca19100ef98027bd9f56 \
+    --hash=sha256:55d03fea4c4e9fd0ad75dc2e7e2b6757b80c152c032ea1d1de487461d8140efc \
+    --hash=sha256:698e84142f3f884114ea8cf83e7a67ca8f4ace8454e78fe960646c6c91c63bfa \
+    --hash=sha256:6aa5e2e7fc9bc042ae82d8b79d795b9a62bd8f15ba1e7594e3db243f158b5565 \
+    --hash=sha256:7653fa39578957bc42e5ebc15cf4361d9e0ee4b702d7d5ec96cdac860953c5b4 \
+    --hash=sha256:765f036a3d00395a326df2835d8f86b637dbaf9832f90f5d196c3b8a7a5080cb \
+    --hash=sha256:78bc995e004681246e85e28e068111a4c3f35f34e6c62da1471e844ee1446250 \
+    --hash=sha256:7a07f40ef8f0fbc5ef1000d0c78771f4d5ca03b4953fc162749772916b298fc4 \
+    --hash=sha256:8b570a1537367b52396e53325769608f2a687ec9a4363647af1cded8928af959 \
+    --hash=sha256:987d13fe1d23e12a66ca2073b8d2e2a75cec2ecb8eab43ff5624ba0ad42764bc \
+    --hash=sha256:9896fca4a8eb246defc8b2a7ac77ef7553b638e04fbf170bff78a40fa8a91474 \
+    --hash=sha256:9e9e3c4020aa2dc62d5dd6743a69e399ce3de58320522948af6140ac959ab863 \
+    --hash=sha256:a0b838c37ba596fcbfca71651a104a611543077156cb0a26fe0c475e1f152ee8 \
+    --hash=sha256:a4d176cfdfde84f732c4a53109b293d05883e952bbba68b857ae446fa3119b4f \
+    --hash=sha256:a76055d5cb1c23485d7ddae533229039b850db711c554a12ea64a0fd8a0129e2 \
+    --hash=sha256:a76cd37d229fc385738bd1ce4cba2a121cf26b53864c1772694ad0ad348e509e \
+    --hash=sha256:a7cc49ef48a3c7a0005a949f3c04f8baa5409d3f663a1b36f0eba9bfe2a0396e \
+    --hash=sha256:abf5ebbec056817057bfafc0445916bb688a255a5146f900445d081db08cbabb \
+    --hash=sha256:b0fe73bac2fed83839dbdbe6da84ae2a31c11cfc1c777a40dbd8ac8a6ed1560f \
+    --hash=sha256:b6f14a9cd50c3cb100eb94b3273131c80d102e19bb20253ac7bd7336118a673a \
+    --hash=sha256:b83041cda633871572f0d3c41dddd5582ad7d22f65a72eacd8d3d6d00291df26 \
+    --hash=sha256:b835aba863195269ea358cecc21b400276747cc977492319fd7682b8cd2c253d \
+    --hash=sha256:bf1196dcc239e608605b716e7b166eb5faf4bc192f8a44b81e85251e62584bd2 \
+    --hash=sha256:c669391319973e49a7c6230c218a1e3044710bc1ce4c8e6eb71f7e6d43a2c131 \
+    --hash=sha256:c7556bafeaa0a50e2fe7dc86e0382dea349ebcad8f010d5a7dc6ba568eaaa789 \
+    --hash=sha256:c8f253a84dbd2c63c19590fa86a032ef3d8cc18923b8049d91bcdeeb2581fbf6 \
+    --hash=sha256:d18b66fe626ac412d96c2ab536306c736c66cf2a31c243a45025156cc190dc8a \
+    --hash=sha256:d5291d98cd3ad9a562883468c690a2a238c4a6388ab3bd155b0c75dd55ece858 \
+    --hash=sha256:d5c31fe855c77cad679b302aabc42d724ed87c043b1432d457f4976add1c2c3e \
+    --hash=sha256:d6e427c7378c7f1b2bef6a344c925b8b63623d3321c09a237b7cc0e77dd98ceb \
+    --hash=sha256:dac1ebf6983148b45b5fa48593950f90ed6d1d26300604f321c74a9ca1609f8e \
+    --hash=sha256:de8153a7aae3835484ac168a9a9bdaa0c5eee4e0bc595503c95d53b942879c84 \
+    --hash=sha256:e1a0d1924a5013d4f294087e00024ad25668234569289650929ab871231668e7 \
+    --hash=sha256:e7902211afd0af05fbadcc9a312e4cf10f27b779cf1323e78d52377ae4b72bea \
+    --hash=sha256:e888ff76ceb39601c59e219f281466c6d7e66bd375b4ec1ce83bcdc68306796b \
+    --hash=sha256:f06e5a9e99b7df44640767842f414ed5d7bedaaa78cd817ce04bbd6fd86e2dd6 \
+    --hash=sha256:f6be2d708a9d0e9b0054856f07ac7070fbe1754be40ca8525d5adccdbda8f475 \
+    --hash=sha256:f9917691f410a2e0897d1ef99619fd3f7dd503647c8ff2475bf90c3cf222ad74 \
+    --hash=sha256:fc1a75aa8f11b87910ffd98de62b29d6520b6d6e8a3de69a70ca34dea85d2a8a \
+    --hash=sha256:fe8512ed897d5daf089e5bd010c3dc03bb1bdae00b35588c49b98268d4a01e00
+    # via
+    #   jinja2
+    #   mkdocs
+mbstrdecoder==1.1.3 \
+    --hash=sha256:d66c1ed3f2dc4e7c5d87cd44a75be10bc5af4250f95b38bbaedd7851308ce938 \
+    --hash=sha256:dcfd2c759322eb44fe193a9e0b1b86c5b87f3ec5ea8e1bb43b3e9ae423f1e8fe
+    # via
+    #   dataproperty
+    #   pytablewriter
+    #   typepy
+mergedeep==1.3.4 \
+    --hash=sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8 \
+    --hash=sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307
+    # via mkdocs
+mike==2.0.0 \
+    --hash=sha256:566f1cab1a58cc50b106fb79ea2f1f56e7bfc8b25a051e95e6eaee9fba0922de \
+    --hash=sha256:87f496a65900f93ba92d72940242b65c86f3f2f82871bc60ebdcffc91fad1d9e
+    # via -r requirements.in
+mkdocs==1.5.3 \
+    --hash=sha256:3b3a78e736b31158d64dbb2f8ba29bd46a379d0c6e324c2246c3bc3d2189cfc1 \
+    --hash=sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2
+    # via
+    #   -r requirements.in
+    #   mike
+    #   mkdocs-material
+mkdocs-material==9.5.5 \
+    --hash=sha256:4480d9580faf42fed0123d0465502bfc1c0c239ecc9c4d66159cf0459ea1b4ae \
+    --hash=sha256:ac50b2431a79a3b160fdefbba37c9132485f1a69166aba115ad49fafdbbbc5df
+    # via
+    #   -r requirements.in
+    #   mkdocs-material
+    #   mkdocs-print-site-plugin
+mkdocs-material-extensions==1.3.1 \
+    --hash=sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443 \
+    --hash=sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31
+    # via mkdocs-material
+mkdocs-print-site-plugin==2.3.6 \
+    --hash=sha256:01ccb1ceccc87f29e1612bebb77c3bf9980809fbce750fc2113f9d6acea589d4 \
+    --hash=sha256:82e5cabcfb7fe3074daecea018f28ccb4bff086f965e3103fe91019a76752f22
+    # via -r requirements.in
+packaging==23.2 \
+    --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
+    --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
+    # via
+    #   mkdocs
+    #   typepy
+paginate==0.5.6 \
+    --hash=sha256:5e6007b6a9398177a7e1648d04fdd9f8c9766a1a945bceac82f1929e8c78af2d
+    # via mkdocs-material
+pathspec==0.12.1 \
+    --hash=sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08 \
+    --hash=sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712
+    # via mkdocs
+pathvalidate==3.2.0 \
+    --hash=sha256:5e8378cf6712bff67fbe7a8307d99fa8c1a0cb28aa477056f8fc374f0dff24ad \
+    --hash=sha256:cc593caa6299b22b37f228148257997e2fa850eea2daf7e4cc9205cef6908dee
+    # via pytablewriter
+pillow==10.2.0 \
+    --hash=sha256:0304004f8067386b477d20a518b50f3fa658a28d44e4116970abfcd94fac34a8 \
+    --hash=sha256:0689b5a8c5288bc0504d9fcee48f61a6a586b9b98514d7d29b840143d6734f39 \
+    --hash=sha256:0eae2073305f451d8ecacb5474997c08569fb4eb4ac231ffa4ad7d342fdc25ac \
+    --hash=sha256:0fb3e7fc88a14eacd303e90481ad983fd5b69c761e9e6ef94c983f91025da869 \
+    --hash=sha256:11fa2e5984b949b0dd6d7a94d967743d87c577ff0b83392f17cb3990d0d2fd6e \
+    --hash=sha256:127cee571038f252a552760076407f9cff79761c3d436a12af6000cd182a9d04 \
+    --hash=sha256:154e939c5f0053a383de4fd3d3da48d9427a7e985f58af8e94d0b3c9fcfcf4f9 \
+    --hash=sha256:15587643b9e5eb26c48e49a7b33659790d28f190fc514a322d55da2fb5c2950e \
+    --hash=sha256:170aeb00224ab3dc54230c797f8404507240dd868cf52066f66a41b33169bdbe \
+    --hash=sha256:1b5e1b74d1bd1b78bc3477528919414874748dd363e6272efd5abf7654e68bef \
+    --hash=sha256:1da3b2703afd040cf65ec97efea81cfba59cdbed9c11d8efc5ab09df9509fc56 \
+    --hash=sha256:1e23412b5c41e58cec602f1135c57dfcf15482013ce6e5f093a86db69646a5aa \
+    --hash=sha256:2247178effb34a77c11c0e8ac355c7a741ceca0a732b27bf11e747bbc950722f \
+    --hash=sha256:257d8788df5ca62c980314053197f4d46eefedf4e6175bc9412f14412ec4ea2f \
+    --hash=sha256:3031709084b6e7852d00479fd1d310b07d0ba82765f973b543c8af5061cf990e \
+    --hash=sha256:322209c642aabdd6207517e9739c704dc9f9db943015535783239022002f054a \
+    --hash=sha256:322bdf3c9b556e9ffb18f93462e5f749d3444ce081290352c6070d014c93feb2 \
+    --hash=sha256:33870dc4653c5017bf4c8873e5488d8f8d5f8935e2f1fb9a2208c47cdd66efd2 \
+    --hash=sha256:35bb52c37f256f662abdfa49d2dfa6ce5d93281d323a9af377a120e89a9eafb5 \
+    --hash=sha256:3c31822339516fb3c82d03f30e22b1d038da87ef27b6a78c9549888f8ceda39a \
+    --hash=sha256:3eedd52442c0a5ff4f887fab0c1c0bb164d8635b32c894bc1faf4c618dd89df2 \
+    --hash=sha256:3ff074fc97dd4e80543a3e91f69d58889baf2002b6be64347ea8cf5533188213 \
+    --hash=sha256:47c0995fc4e7f79b5cfcab1fc437ff2890b770440f7696a3ba065ee0fd496563 \
+    --hash=sha256:49d9ba1ed0ef3e061088cd1e7538a0759aab559e2e0a80a36f9fd9d8c0c21591 \
+    --hash=sha256:51f1a1bffc50e2e9492e87d8e09a17c5eea8409cda8d3f277eb6edc82813c17c \
+    --hash=sha256:52a50aa3fb3acb9cf7213573ef55d31d6eca37f5709c69e6858fe3bc04a5c2a2 \
+    --hash=sha256:54f1852cd531aa981bc0965b7d609f5f6cc8ce8c41b1139f6ed6b3c54ab82bfb \
+    --hash=sha256:609448742444d9290fd687940ac0b57fb35e6fd92bdb65386e08e99af60bf757 \
+    --hash=sha256:69ffdd6120a4737710a9eee73e1d2e37db89b620f702754b8f6e62594471dee0 \
+    --hash=sha256:6fad5ff2f13d69b7e74ce5b4ecd12cc0ec530fcee76356cac6742785ff71c452 \
+    --hash=sha256:7049e301399273a0136ff39b84c3678e314f2158f50f517bc50285fb5ec847ad \
+    --hash=sha256:70c61d4c475835a19b3a5aa42492409878bbca7438554a1f89d20d58a7c75c01 \
+    --hash=sha256:716d30ed977be8b37d3ef185fecb9e5a1d62d110dfbdcd1e2a122ab46fddb03f \
+    --hash=sha256:753cd8f2086b2b80180d9b3010dd4ed147efc167c90d3bf593fe2af21265e5a5 \
+    --hash=sha256:773efe0603db30c281521a7c0214cad7836c03b8ccff897beae9b47c0b657d61 \
+    --hash=sha256:7823bdd049099efa16e4246bdf15e5a13dbb18a51b68fa06d6c1d4d8b99a796e \
+    --hash=sha256:7c8f97e8e7a9009bcacbe3766a36175056c12f9a44e6e6f2d5caad06dcfbf03b \
+    --hash=sha256:823ef7a27cf86df6597fa0671066c1b596f69eba53efa3d1e1cb8b30f3533068 \
+    --hash=sha256:8373c6c251f7ef8bda6675dd6d2b3a0fcc31edf1201266b5cf608b62a37407f9 \
+    --hash=sha256:83b2021f2ade7d1ed556bc50a399127d7fb245e725aa0113ebd05cfe88aaf588 \
+    --hash=sha256:870ea1ada0899fd0b79643990809323b389d4d1d46c192f97342eeb6ee0b8483 \
+    --hash=sha256:8d12251f02d69d8310b046e82572ed486685c38f02176bd08baf216746eb947f \
+    --hash=sha256:9c23f307202661071d94b5e384e1e1dc7dfb972a28a2310e4ee16103e66ddb67 \
+    --hash=sha256:9d189550615b4948f45252d7f005e53c2040cea1af5b60d6f79491a6e147eef7 \
+    --hash=sha256:a086c2af425c5f62a65e12fbf385f7c9fcb8f107d0849dba5839461a129cf311 \
+    --hash=sha256:a2b56ba36e05f973d450582fb015594aaa78834fefe8dfb8fcd79b93e64ba4c6 \
+    --hash=sha256:aebb6044806f2e16ecc07b2a2637ee1ef67a11840a66752751714a0d924adf72 \
+    --hash=sha256:b1b3020d90c2d8e1dae29cf3ce54f8094f7938460fb5ce8bc5c01450b01fbaf6 \
+    --hash=sha256:b4b6b1e20608493548b1f32bce8cca185bf0480983890403d3b8753e44077129 \
+    --hash=sha256:b6f491cdf80ae540738859d9766783e3b3c8e5bd37f5dfa0b76abdecc5081f13 \
+    --hash=sha256:b792a349405fbc0163190fde0dc7b3fef3c9268292586cf5645598b48e63dc67 \
+    --hash=sha256:b7c2286c23cd350b80d2fc9d424fc797575fb16f854b831d16fd47ceec078f2c \
+    --hash=sha256:babf5acfede515f176833ed6028754cbcd0d206f7f614ea3447d67c33be12516 \
+    --hash=sha256:c365fd1703040de1ec284b176d6af5abe21b427cb3a5ff68e0759e1e313a5e7e \
+    --hash=sha256:c4225f5220f46b2fde568c74fca27ae9771536c2e29d7c04f4fb62c83275ac4e \
+    --hash=sha256:c570f24be1e468e3f0ce7ef56a89a60f0e05b30a3669a459e419c6eac2c35364 \
+    --hash=sha256:c6dafac9e0f2b3c78df97e79af707cdc5ef8e88208d686a4847bab8266870023 \
+    --hash=sha256:c8de2789052ed501dd829e9cae8d3dcce7acb4777ea4a479c14521c942d395b1 \
+    --hash=sha256:cb28c753fd5eb3dd859b4ee95de66cc62af91bcff5db5f2571d32a520baf1f04 \
+    --hash=sha256:cb4c38abeef13c61d6916f264d4845fab99d7b711be96c326b84df9e3e0ff62d \
+    --hash=sha256:d1b35bcd6c5543b9cb547dee3150c93008f8dd0f1fef78fc0cd2b141c5baf58a \
+    --hash=sha256:d8e6aeb9201e655354b3ad049cb77d19813ad4ece0df1249d3c793de3774f8c7 \
+    --hash=sha256:d8ecd059fdaf60c1963c58ceb8997b32e9dc1b911f5da5307aab614f1ce5c2fb \
+    --hash=sha256:da2b52b37dad6d9ec64e653637a096905b258d2fc2b984c41ae7d08b938a67e4 \
+    --hash=sha256:e87f0b2c78157e12d7686b27d63c070fd65d994e8ddae6f328e0dcf4a0cd007e \
+    --hash=sha256:edca80cbfb2b68d7b56930b84a0e45ae1694aeba0541f798e908a49d66b837f1 \
+    --hash=sha256:f379abd2f1e3dddb2b61bc67977a6b5a0a3f7485538bcc6f39ec76163891ee48 \
+    --hash=sha256:fe4c15f6c9285dc54ce6553a3ce908ed37c8f3825b5a51a15c91442bb955b868
+    # via
+    #   cairosvg
+    #   mkdocs-material
+platformdirs==4.1.0 \
+    --hash=sha256:11c8f37bcca40db96d8144522d925583bdb7a31f7b0e37e3ed4318400a8e2380 \
+    --hash=sha256:906d548203468492d432bcb294d4bc2fff751bf84971fbb2c10918cc206ee420
+    # via mkdocs
+pycparser==2.21 \
+    --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
+    --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
+    # via cffi
+pygments==2.17.2 \
+    --hash=sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c \
+    --hash=sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367
+    # via mkdocs-material
+pymdown-extensions==10.7 \
+    --hash=sha256:6ca215bc57bc12bf32b414887a68b810637d039124ed9b2e5bd3325cbb2c050c \
+    --hash=sha256:c0d64d5cf62566f59e6b2b690a4095c931107c250a8c8e1351c1de5f6b036deb
+    # via mkdocs-material
+pyparsing==3.1.1 \
+    --hash=sha256:32c7c0b711493c72ff18a981d24f28aaf9c1fb7ed5e9667c9e84e3db623bdbfb \
+    --hash=sha256:ede28a1a32462f5a9705e07aea48001a08f7cf81a021585011deba701581a0db
+    # via mike
+pytablewriter==1.2.0 \
+    --hash=sha256:0204a4bb684a22140d640f2599f09e137bcdc18b3dd49426f4a555016e246b46 \
+    --hash=sha256:4a30e2bb4bf5bc1069b1d2b2bc41947577c4517ab0875b23a5b194d296f543d8
+    # via -r requirements.in
+python-dateutil==2.8.2 \
+    --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
+    --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
+    # via
+    #   ghp-import
+    #   typepy
+pytz==2023.3.post1 \
+    --hash=sha256:7b4fddbeb94a1eba4b557da24f19fdf9db575192544270a9101d8509f9f43d7b \
+    --hash=sha256:ce42d816b81b68506614c11e8937d3aa9e41007ceb50bfdcb0749b921bf646c7
+    # via typepy
+pyyaml==6.0.1 \
+    --hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
+    --hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
+    --hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
+    --hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
+    --hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
+    --hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
+    --hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
+    --hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
+    --hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
+    --hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
+    --hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
+    --hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
+    --hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
+    --hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
+    --hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
+    --hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
+    --hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
+    --hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
+    --hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
+    --hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
+    --hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
+    --hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
+    --hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
+    --hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
+    --hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
+    --hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
+    --hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
+    --hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
+    --hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
+    --hash=sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef \
+    --hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
+    --hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
+    --hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
+    --hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
+    --hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
+    --hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
+    --hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
+    --hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
+    --hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
+    --hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
+    --hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
+    --hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
+    --hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
+    --hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
+    --hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
+    --hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
+    --hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
+    --hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
+    --hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
+    --hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
+    --hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
+    # via
+    #   mike
+    #   mkdocs
+    #   pymdown-extensions
+    #   pyyaml-env-tag
+pyyaml-env-tag==0.1 \
+    --hash=sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb \
+    --hash=sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069
+    # via mkdocs
+regex==2023.12.25 \
+    --hash=sha256:0694219a1d54336fd0445ea382d49d36882415c0134ee1e8332afd1529f0baa5 \
+    --hash=sha256:086dd15e9435b393ae06f96ab69ab2d333f5d65cbe65ca5a3ef0ec9564dfe770 \
+    --hash=sha256:094ba386bb5c01e54e14434d4caabf6583334090865b23ef58e0424a6286d3dc \
+    --hash=sha256:09da66917262d9481c719599116c7dc0c321ffcec4b1f510c4f8a066f8768105 \
+    --hash=sha256:0ecf44ddf9171cd7566ef1768047f6e66975788258b1c6c6ca78098b95cf9a3d \
+    --hash=sha256:0fda75704357805eb953a3ee15a2b240694a9a514548cd49b3c5124b4e2ad01b \
+    --hash=sha256:11a963f8e25ab5c61348d090bf1b07f1953929c13bd2309a0662e9ff680763c9 \
+    --hash=sha256:150c39f5b964e4d7dba46a7962a088fbc91f06e606f023ce57bb347a3b2d4630 \
+    --hash=sha256:1b9d811f72210fa9306aeb88385b8f8bcef0dfbf3873410413c00aa94c56c2b6 \
+    --hash=sha256:1e0eabac536b4cc7f57a5f3d095bfa557860ab912f25965e08fe1545e2ed8b4c \
+    --hash=sha256:22a86d9fff2009302c440b9d799ef2fe322416d2d58fc124b926aa89365ec482 \
+    --hash=sha256:22f3470f7524b6da61e2020672df2f3063676aff444db1daa283c2ea4ed259d6 \
+    --hash=sha256:263ef5cc10979837f243950637fffb06e8daed7f1ac1e39d5910fd29929e489a \
+    --hash=sha256:283fc8eed679758de38fe493b7d7d84a198b558942b03f017b1f94dda8efae80 \
+    --hash=sha256:29171aa128da69afdf4bde412d5bedc335f2ca8fcfe4489038577d05f16181e5 \
+    --hash=sha256:298dc6354d414bc921581be85695d18912bea163a8b23cac9a2562bbcd5088b1 \
+    --hash=sha256:2aae8101919e8aa05ecfe6322b278f41ce2994c4a430303c4cd163fef746e04f \
+    --hash=sha256:2f4e475a80ecbd15896a976aa0b386c5525d0ed34d5c600b6d3ebac0a67c7ddf \
+    --hash=sha256:34e4af5b27232f68042aa40a91c3b9bb4da0eeb31b7632e0091afc4310afe6cb \
+    --hash=sha256:37f8e93a81fc5e5bd8db7e10e62dc64261bcd88f8d7e6640aaebe9bc180d9ce2 \
+    --hash=sha256:3a17d3ede18f9cedcbe23d2daa8a2cd6f59fe2bf082c567e43083bba3fb00347 \
+    --hash=sha256:3b1de218d5375cd6ac4b5493e0b9f3df2be331e86520f23382f216c137913d20 \
+    --hash=sha256:43f7cd5754d02a56ae4ebb91b33461dc67be8e3e0153f593c509e21d219c5060 \
+    --hash=sha256:4558410b7a5607a645e9804a3e9dd509af12fb72b9825b13791a37cd417d73a5 \
+    --hash=sha256:4719bb05094d7d8563a450cf8738d2e1061420f79cfcc1fa7f0a44744c4d8f73 \
+    --hash=sha256:4bfc2b16e3ba8850e0e262467275dd4d62f0d045e0e9eda2bc65078c0110a11f \
+    --hash=sha256:518440c991f514331f4850a63560321f833979d145d7d81186dbe2f19e27ae3d \
+    --hash=sha256:51f4b32f793812714fd5307222a7f77e739b9bc566dc94a18126aba3b92b98a3 \
+    --hash=sha256:531ac6cf22b53e0696f8e1d56ce2396311254eb806111ddd3922c9d937151dae \
+    --hash=sha256:5cd05d0f57846d8ba4b71d9c00f6f37d6b97d5e5ef8b3c3840426a475c8f70f4 \
+    --hash=sha256:5dd58946bce44b53b06d94aa95560d0b243eb2fe64227cba50017a8d8b3cd3e2 \
+    --hash=sha256:60080bb3d8617d96f0fb7e19796384cc2467447ef1c491694850ebd3670bc457 \
+    --hash=sha256:636ba0a77de609d6510235b7f0e77ec494d2657108f777e8765efc060094c98c \
+    --hash=sha256:67d3ccfc590e5e7197750fcb3a2915b416a53e2de847a728cfa60141054123d4 \
+    --hash=sha256:68191f80a9bad283432385961d9efe09d783bcd36ed35a60fb1ff3f1ec2efe87 \
+    --hash=sha256:7502534e55c7c36c0978c91ba6f61703faf7ce733715ca48f499d3dbbd7657e0 \
+    --hash=sha256:7aa47c2e9ea33a4a2a05f40fcd3ea36d73853a2aae7b4feab6fc85f8bf2c9704 \
+    --hash=sha256:7d2af3f6b8419661a0c421584cfe8aaec1c0e435ce7e47ee2a97e344b98f794f \
+    --hash=sha256:7e316026cc1095f2a3e8cc012822c99f413b702eaa2ca5408a513609488cb62f \
+    --hash=sha256:88ad44e220e22b63b0f8f81f007e8abbb92874d8ced66f32571ef8beb0643b2b \
+    --hash=sha256:88d1f7bef20c721359d8675f7d9f8e414ec5003d8f642fdfd8087777ff7f94b5 \
+    --hash=sha256:89723d2112697feaa320c9d351e5f5e7b841e83f8b143dba8e2d2b5f04e10923 \
+    --hash=sha256:8a0ccf52bb37d1a700375a6b395bff5dd15c50acb745f7db30415bae3c2b0715 \
+    --hash=sha256:8c2c19dae8a3eb0ea45a8448356ed561be843b13cbc34b840922ddf565498c1c \
+    --hash=sha256:905466ad1702ed4acfd67a902af50b8db1feeb9781436372261808df7a2a7bca \
+    --hash=sha256:9852b76ab558e45b20bf1893b59af64a28bd3820b0c2efc80e0a70a4a3ea51c1 \
+    --hash=sha256:98a2636994f943b871786c9e82bfe7883ecdaba2ef5df54e1450fa9869d1f756 \
+    --hash=sha256:9aa1a67bbf0f957bbe096375887b2505f5d8ae16bf04488e8b0f334c36e31360 \
+    --hash=sha256:9eda5f7a50141291beda3edd00abc2d4a5b16c29c92daf8d5bd76934150f3edc \
+    --hash=sha256:a6d1047952c0b8104a1d371f88f4ab62e6275567d4458c1e26e9627ad489b445 \
+    --hash=sha256:a9b6d73353f777630626f403b0652055ebfe8ff142a44ec2cf18ae470395766e \
+    --hash=sha256:a9cc99d6946d750eb75827cb53c4371b8b0fe89c733a94b1573c9dd16ea6c9e4 \
+    --hash=sha256:ad83e7545b4ab69216cef4cc47e344d19622e28aabec61574b20257c65466d6a \
+    --hash=sha256:b014333bd0217ad3d54c143de9d4b9a3ca1c5a29a6d0d554952ea071cff0f1f8 \
+    --hash=sha256:b43523d7bc2abd757119dbfb38af91b5735eea45537ec6ec3a5ec3f9562a1c53 \
+    --hash=sha256:b521dcecebc5b978b447f0f69b5b7f3840eac454862270406a39837ffae4e697 \
+    --hash=sha256:b77e27b79448e34c2c51c09836033056a0547aa360c45eeeb67803da7b0eedaf \
+    --hash=sha256:b7a635871143661feccce3979e1727c4e094f2bdfd3ec4b90dfd4f16f571a87a \
+    --hash=sha256:b7fca9205b59c1a3d5031f7e64ed627a1074730a51c2a80e97653e3e9fa0d415 \
+    --hash=sha256:ba1b30765a55acf15dce3f364e4928b80858fa8f979ad41f862358939bdd1f2f \
+    --hash=sha256:ba99d8077424501b9616b43a2d208095746fb1284fc5ba490139651f971d39d9 \
+    --hash=sha256:c25a8ad70e716f96e13a637802813f65d8a6760ef48672aa3502f4c24ea8b400 \
+    --hash=sha256:c3c4a78615b7762740531c27cf46e2f388d8d727d0c0c739e72048beb26c8a9d \
+    --hash=sha256:c40281f7d70baf6e0db0c2f7472b31609f5bc2748fe7275ea65a0b4601d9b392 \
+    --hash=sha256:c7ad32824b7f02bb3c9f80306d405a1d9b7bb89362d68b3c5a9be53836caebdb \
+    --hash=sha256:cb3fe77aec8f1995611f966d0c656fdce398317f850d0e6e7aebdfe61f40e1cd \
+    --hash=sha256:cc038b2d8b1470364b1888a98fd22d616fba2b6309c5b5f181ad4483e0017861 \
+    --hash=sha256:cc37b9aeebab425f11f27e5e9e6cf580be7206c6582a64467a14dda211abc232 \
+    --hash=sha256:cc6bb9aa69aacf0f6032c307da718f61a40cf970849e471254e0e91c56ffca95 \
+    --hash=sha256:d126361607b33c4eb7b36debc173bf25d7805847346dd4d99b5499e1fef52bc7 \
+    --hash=sha256:d15b274f9e15b1a0b7a45d2ac86d1f634d983ca40d6b886721626c47a400bf39 \
+    --hash=sha256:d166eafc19f4718df38887b2bbe1467a4f74a9830e8605089ea7a30dd4da8887 \
+    --hash=sha256:d498eea3f581fbe1b34b59c697512a8baef88212f92e4c7830fcc1499f5b45a5 \
+    --hash=sha256:d6f7e255e5fa94642a0724e35406e6cb7001c09d476ab5fce002f652b36d0c39 \
+    --hash=sha256:d78bd484930c1da2b9679290a41cdb25cc127d783768a0369d6b449e72f88beb \
+    --hash=sha256:d865984b3f71f6d0af64d0d88f5733521698f6c16f445bb09ce746c92c97c586 \
+    --hash=sha256:d902a43085a308cef32c0d3aea962524b725403fd9373dea18110904003bac97 \
+    --hash=sha256:d94a1db462d5690ebf6ae86d11c5e420042b9898af5dcf278bd97d6bda065423 \
+    --hash=sha256:da695d75ac97cb1cd725adac136d25ca687da4536154cdc2815f576e4da11c69 \
+    --hash=sha256:db2a0b1857f18b11e3b0e54ddfefc96af46b0896fb678c85f63fb8c37518b3e7 \
+    --hash=sha256:df26481f0c7a3f8739fecb3e81bc9da3fcfae34d6c094563b9d4670b047312e1 \
+    --hash=sha256:e14b73607d6231f3cc4622809c196b540a6a44e903bcfad940779c80dffa7be7 \
+    --hash=sha256:e2610e9406d3b0073636a3a2e80db05a02f0c3169b5632022b4e81c0364bcda5 \
+    --hash=sha256:e692296c4cc2873967771345a876bcfc1c547e8dd695c6b89342488b0ea55cd8 \
+    --hash=sha256:e693e233ac92ba83a87024e1d32b5f9ab15ca55ddd916d878146f4e3406b5c91 \
+    --hash=sha256:e81469f7d01efed9b53740aedd26085f20d49da65f9c1f41e822a33992cb1590 \
+    --hash=sha256:e8c7e08bb566de4faaf11984af13f6bcf6a08f327b13631d41d62592681d24fe \
+    --hash=sha256:ed19b3a05ae0c97dd8f75a5d8f21f7723a8c33bbc555da6bbe1f96c470139d3c \
+    --hash=sha256:efb2d82f33b2212898f1659fb1c2e9ac30493ac41e4d53123da374c3b5541e64 \
+    --hash=sha256:f44dd4d68697559d007462b0a3a1d9acd61d97072b71f6d1968daef26bc744bd \
+    --hash=sha256:f72cbae7f6b01591f90814250e636065850c5926751af02bb48da94dfced7baa \
+    --hash=sha256:f7bc09bc9c29ebead055bcba136a67378f03d66bf359e87d0f7c759d6d4ffa31 \
+    --hash=sha256:ff100b203092af77d1a5a7abe085b3506b7eaaf9abf65b73b7d6905b6cb76988
+    # via mkdocs-material
+requests==2.31.0 \
+    --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
+    --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
+    # via
+    #   importlib-metadata
+    #   importlib-resources
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==69.0.3 \
+    --hash=sha256:385eb4edd9c9d5c17540511303e39a147ce2fc04bc55289c322b9e5904fe2c05 \
+    --hash=sha256:be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78
+    # via mkdocs-material
+six==1.16.0 \
+    --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
+    --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
+    # via python-dateutil
+tabledata==1.3.3 \
+    --hash=sha256:4abad1c996d8607e23b045b44dc0c5f061668f3c37585302c5f6c84c93a89962 \
+    --hash=sha256:c90daaba9a408e4397934b3ff2f6c06797d5289676420bf520c741ad43e6ff91
+    # via pytablewriter
+tcolorpy==0.1.4 \
+    --hash=sha256:d0926480aa5012f34877d69fc3b670f207dc165674e68ad07458fa6ee5b12724 \
+    --hash=sha256:f0dceb1cb95e554cee63024b3cd2fd8d4628c568773de2d1e6b4f0478461901c
+    # via pytablewriter
+tinycss2==1.2.1 \
+    --hash=sha256:2b80a96d41e7c3914b8cda8bc7f705a4d9c49275616e886103dd839dfc847847 \
+    --hash=sha256:8cff3a8f066c2ec677c06dbc7b45619804a6938478d9d73c284b29d14ecb0627
+    # via
+    #   cairosvg
+    #   cssselect2
+typepy==1.3.2 \
+    --hash=sha256:b69fd48b9f50cdb3809906eef36b855b3134ff66c8893a4f8580abddb0b39517 \
+    --hash=sha256:d5d1022a424132622993800f1d2cd16cfdb691ac4e3b9c325f0fcb37799db1ae
+    # via
+    #   dataproperty
+    #   pytablewriter
+    #   tabledata
+    #   typepy
+urllib3==2.1.0 \
+    --hash=sha256:55901e917a5896a349ff771be919f8bd99aff50b79fe58fec595eb37bbc56bb3 \
+    --hash=sha256:df7aa8afb0148fa78488e7899b2c59b5f4ffcfa82e6c54ccb9dd37c1d7b52d54
+    # via requests
+verspec==0.1.0 \
+    --hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d481cda100f11c31 \
+    --hash=sha256:c4504ca697b2056cdb4bfa7121461f5a0e81809255b41c03dda4ba823637c01e
+    # via mike
+watchdog==3.0.0 \
+    --hash=sha256:0e06ab8858a76e1219e68c7573dfeba9dd1c0219476c5a44d5333b01d7e1743a \
+    --hash=sha256:13bbbb462ee42ec3c5723e1205be8ced776f05b100e4737518c67c8325cf6100 \
+    --hash=sha256:233b5817932685d39a7896b1090353fc8efc1ef99c9c054e46c8002561252fb8 \
+    --hash=sha256:25f70b4aa53bd743729c7475d7ec41093a580528b100e9a8c5b5efe8899592fc \
+    --hash=sha256:2b57a1e730af3156d13b7fdddfc23dea6487fceca29fc75c5a868beed29177ae \
+    --hash=sha256:336adfc6f5cc4e037d52db31194f7581ff744b67382eb6021c868322e32eef41 \
+    --hash=sha256:3aa7f6a12e831ddfe78cdd4f8996af9cf334fd6346531b16cec61c3b3c0d8da0 \
+    --hash=sha256:3ed7c71a9dccfe838c2f0b6314ed0d9b22e77d268c67e015450a29036a81f60f \
+    --hash=sha256:4c9956d27be0bb08fc5f30d9d0179a855436e655f046d288e2bcc11adfae893c \
+    --hash=sha256:4d98a320595da7a7c5a18fc48cb633c2e73cda78f93cac2ef42d42bf609a33f9 \
+    --hash=sha256:4f94069eb16657d2c6faada4624c39464f65c05606af50bb7902e036e3219be3 \
+    --hash=sha256:5113334cf8cf0ac8cd45e1f8309a603291b614191c9add34d33075727a967709 \
+    --hash=sha256:51f90f73b4697bac9c9a78394c3acbbd331ccd3655c11be1a15ae6fe289a8c83 \
+    --hash=sha256:5d9f3a10e02d7371cd929b5d8f11e87d4bad890212ed3901f9b4d68767bee759 \
+    --hash=sha256:7ade88d0d778b1b222adebcc0927428f883db07017618a5e684fd03b83342bd9 \
+    --hash=sha256:7c5f84b5194c24dd573fa6472685b2a27cc5a17fe5f7b6fd40345378ca6812e3 \
+    --hash=sha256:7e447d172af52ad204d19982739aa2346245cc5ba6f579d16dac4bfec226d2e7 \
+    --hash=sha256:8ae9cda41fa114e28faf86cb137d751a17ffd0316d1c34ccf2235e8a84365c7f \
+    --hash=sha256:8f3ceecd20d71067c7fd4c9e832d4e22584318983cabc013dbf3f70ea95de346 \
+    --hash=sha256:9fac43a7466eb73e64a9940ac9ed6369baa39b3bf221ae23493a9ec4d0022674 \
+    --hash=sha256:a70a8dcde91be523c35b2bf96196edc5730edb347e374c7de7cd20c43ed95397 \
+    --hash=sha256:adfdeab2da79ea2f76f87eb42a3ab1966a5313e5a69a0213a3cc06ef692b0e96 \
+    --hash=sha256:ba07e92756c97e3aca0912b5cbc4e5ad802f4557212788e72a72a47ff376950d \
+    --hash=sha256:c07253088265c363d1ddf4b3cdb808d59a0468ecd017770ed716991620b8f77a \
+    --hash=sha256:c9d8c8ec7efb887333cf71e328e39cffbf771d8f8f95d308ea4125bf5f90ba64 \
+    --hash=sha256:d00e6be486affb5781468457b21a6cbe848c33ef43f9ea4a73b4882e5f188a44 \
+    --hash=sha256:d429c2430c93b7903914e4db9a966c7f2b068dd2ebdd2fa9b9ce094c7d459f33
+    # via mkdocs
+webencodings==0.5.1 \
+    --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
+    --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923
+    # via
+    #   cssselect2
+    #   tinycss2
+zipp==3.17.0 \
+    --hash=sha256:0e923e726174922dce09c53c59ad483ff7bbb8e572e00c7f7c46b88556409f31 \
+    --hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0
+    # via pytablewriter
--- a/docs/robots.txt
+++ b/docs/robots.txt
@ -0,0 +1,4 @@
+User-agent: *
+Allow: /latest/
+
+Sitemap: https://docs.bunkerweb.io/latest/sitemap.xml
--- a/docs/security-tuning.md
+++ b/docs/security-tuning.md
@ -0,0 +1,495 @@
+# Security tuning
+
+BunkerWeb offers many security features that you can configure with [settings](settings.md). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you tune them. By doing so you will be able to ensure the security level of your choice but also manage false positives.
+
+!!! tip "Other settings"
+    This section only focuses on security tuning, see the [settings section](settings.md) of the documentation for other settings.
+
+<figure markdown>
+  ![Overview](assets/img/core-order.svg){ align=center }
+  <figcaption>Overview and order of the core security plugins</figcaption>
+</figure>
+
+## HTTP protocol
+
+### Deny status code
+
+STREAM support :warning:
+
+The first thing to define is the kind of action to do when a client access is denied. You can control the action with the `DENY_HTTP_STATUS` setting which allows the following values :
+
+- `403` : send a "classical" Forbidden HTTP status code (a web page or custom content will be displayed)
+- `444` : close the connection (no web page or custom content will be displayed)
+
+The default value is `403` and we suggest you set it to `444` only if you already fixed a lot of false positive, you are familiar with BunkerWeb and want a higher level of security.
+
+When using stream mode, value is ignored and always set to `444` with effect of closing the connection.
+
+### Default server
+
+STREAM support :x:
+
+In the HTTP protocol, the Host header is used to determine which server the client wants to send the request to. That header is facultative and may be missing from the request or can be set as an unknown value. This is a common case, a lot of bots are scanning the Internet and are trying to exploit services or simply doing some fingerprinting.
+
+You can disable any request containing undefined or unknown Host value by setting `DISABLE_DEFAULT_SERVER` to `yes` (default : `no`). Please note that clients won't even receive a response, the TCP connection will be closed (using the special 444 status code of NGINX).
+
+### Allowed methods
+
+STREAM support :x:
+
+You can control the allowed HTTP methods by listing them (separated with "|") in the `ALLOWED_METHODS` setting (default : `GET|POST|HEAD`). Clients sending a method which is not listed will get a "405 - Method Not Allowed".
+
+### Max sizes
+
+STREAM support :x:
+
+You can control the maximum body size with the `MAX_CLIENT_SIZE` setting (default : `10m`). See [here](https://nginx.org/en/docs/syntax.html) for accepted values. You can use the special value `0` to allow a body of infinite size (not recommended).
+
+### Serve files
+
+STREAM support :x:
+
+To disable serving files from the www folder, you can set `SERVE_FILES` to `no` (default : `yes`). The value `no` is recommended if you use BunkerWeb as a reverse proxy.
+
+### Headers
+
+STREAM support :x:
+
+Headers are very important when it comes to HTTP security. While some of them might be too verbose, others' verbosity will need to be increased, especially on the client-side.
+
+#### Remove headers
+
+STREAM support :x:
+
+You can automatically remove verbose headers in the HTTP responses by using the `REMOVE_HEADERS` setting (default : `Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version`).
+
+#### Keep upstream headers
+
+STREAM support :x:
+
+You can automatically keep headers from upstream servers and prevent BunkerWeb from overriding them in the HTTP responses by using the `KEEP_UPSTREAM_HEADERS` setting (default : `Content-Security-Policy Permissions-Policy Feature-Policy X-Frame-Options`). A special value `*` is available to keep all headers. List of headers to keep must be separated with a space. Note that if the header is not present in the upstream response, it will be added by BunkerWeb.
+
+#### Cookies
+
+STREAM support :x:
+
+When it comes to cookies security, we can use the following flags :
+
+- HttpOnly : disable any access to the cookie from Javascript using document.cookie
+- SameSite : policy when requests come from third-party websites
+- Secure : only send cookies on HTTPS request
+
+Cookie flags can be overridden with values of your choice by using the `COOKIE_FLAGS` setting (default : `* HttpOnly SameSite=Lax`). See [here](https://github.com/AirisX/nginx_cookie_flag_module) for accepted values.
+
+The Secure flag can be automatically added if HTTPS is used by using the `COOKIE_AUTO_SECURE_FLAG` setting (default : `yes`). The value `no` is not recommended unless you know what you're doing.
+
+#### Security headers
+
+STREAM support :x:
+
+Various security headers are available and most of them can be set using BunkerWeb settings. Here is the list of headers, the corresponding setting and default value :
+
+|           Header            | Setting                     |                                                                                                                                                                                                                                                                                                                                                            Default                                                                                                                                                                                                                                                                                                                                                            |
+| :-------------------------: | :-------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
+|  `Content-Security-Policy`  | `CONTENT_SECURITY_POLICY`   |                                                                                                                                                                                                                                                                                                             `object-src 'none'; frame-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self';`                                                                                                                                                                                                                                                                                                              |
+| `Strict-Transport-Security` | `STRICT_TRANSPORT_SECURITY` |                                                                                                                                                                                                                                                                                                                                                      `max-age=31536000`                                                                                                                                                                                                                                                                                                                                                       |
+|      `Referrer-Policy`      | `REFERRER_POLICY`           |                                                                                                                                                                                                                                                                                                                                               `strict-origin-when-cross-origin`                                                                                                                                                                                                                                                                                                                                               |
+|    `Permissions-Policy`     | `PERMISSIONS_POLICY`        |                                                                                              `accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()`                                                                                               |
+|      `Feature-Policy`       | `FEATURE_POLICY`            | `accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';` |
+|      `X-Frame-Options`      | `X_FRAME_OPTIONS`           |                                                                                                                                                                                                                                                                                                                                                         `SAMEORIGIN`                                                                                                                                                                                                                                                                                                                                                          |
+|  `X-Content-Type-Options`   | `X_CONTENT_TYPE_OPTIONS`    |                                                                                                                                                                                                                                                                                                                                                           `nosniff`                                                                                                                                                                                                                                                                                                                                                           |
+|     `X-XSS-Protection`      | `X_XSS_PROTECTION`          |                                                                                                                                                                                                                                                                                                                                                        `1; mode=block`                                                                                                                                                                                                                                                                                                                                                        |
+
+#### CORS
+
+STREAM support :x:
+
+[Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) lets you manage how your service can be contacted from different origins. Please note that you will have to allow the `OPTIONS` HTTP method using the `ALLOWED_METHODS` if you want to enable it (more info [here](#allowed-methods)). Here is the list of settings related to CORS :
+
+|        Setting         |                                      Default                                       | Context |Multiple|                            Description                            |
+|------------------------|------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------------------|
+|`USE_CORS`              |`no`                                                                                |multisite|no      |Use CORS                                                           |
+|`CORS_ALLOW_ORIGIN`     |`*`                                                                                 |multisite|no      |Allowed origins to make CORS requests : PCRE regex or *.           |
+|`CORS_EXPOSE_HEADERS`   |`Content-Length,Content-Range`                                                      |multisite|no      |Value of the Access-Control-Expose-Headers header.                 |
+|`CORS_MAX_AGE`          |`86400`                                                                             |multisite|no      |Value of the Access-Control-Max-Age header.                        |
+|`CORS_ALLOW_CREDENTIALS`|`no`                                                                                |multisite|no      |Send the Access-Control-Allow-Credentials header.                  |
+|`CORS_ALLOW_METHODS`    |`GET, POST, OPTIONS`                                                                |multisite|no      |Value of the Access-Control-Allow-Methods header.                  |
+|`CORS_ALLOW_HEADERS`    |`DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range`|multisite|no      |Value of the Access-Control-Allow-Headers header.                  |
+|`CORS_DENY_REQUEST`     |`yes`                                                                               |multisite|no      |Deny request and don't send it to backend if Origin is not allowed.|
+
+Here is some examples of possible values for `CORS_ALLOW_ORIGIN` setting :
+
+- `*` will allow all origin
+- `^https://www\.example\.com$` will allow `https://www.example.com`
+- `^https://.+\.example.com$` will allow any origins when domain ends with `.example.com`
+- `^https://(www\.example1\.com|www\.example2\.com)$` will allow both `https://www.example1.com` and `https://www.example2.com`
+- `^https?://www\.example\.com$` will allow both `https://www.example.com` and `http://www.example.com`
+
+## HTTPS / SSL/TLS
+
+Besides the HTTPS / SSL/TLS configuration, the following settings related to HTTPS / SSL/TLS can be set :
+
+|            Setting            |      Default      | Description                                                                                                  |
+| :---------------------------: | :---------------: | :----------------------------------------------------------------------------------------------------------- |
+|   `REDIRECT_HTTP_TO_HTTPS`    |       `no`        | When set to `yes`, will redirect every HTTP request to HTTPS even if BunkerWeb is not configured with HTTPS. |
+| `AUTO_REDIRECT_HTTP_TO_HTTPS` |       `yes`       | When set to `yes`, will redirect every HTTP request to HTTPS only if BunkerWeb is configured with HTTPS.     |
+|       `SSL_PROTOCOLS`       | `TLSv1.2 TLSv1.3` | List of supported SSL/TLS protocols when SSL is enabled.                                                   |
+|            `HTTP2`            |       `yes`       | When set to `yes`, will enable HTTP2 protocol support when using HTTPS.                                      |
+|         `LISTEN_HTTP`         |       `yes`       | When set to `no`, BunkerWeb will not listen for HTTP requests. Useful if you want HTTPS only for example.    |
+
+### Let's Encrypt
+
+STREAM support :white_check_mark:
+
+BunkerWeb comes with automatic Let's Encrypt certificate generation and renewal. This is the easiest way of getting HTTPS / SSL/TLS working out of the box for public-facing web applications. Please note that you will need to set up proper DNS A record(s) for each of your domains pointing to your public IP(s) where BunkerWeb is accessible.
+
+Here is the list of related settings :
+
+|          Setting           |         Default          | Description                                                                                                                                                        |
+| :------------------------: | :----------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+|    `AUTO_LETS_ENCRYPT`     |           `no`           | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic certificate generation and renewal from Let's Encrypt.                                                     |
+|    `EMAIL_LETS_ENCRYPT`    | `contact@{FIRST_SERVER}` | Email to use when generating certificates. Let's Encrypt will send notifications to that email like certificate expiration.                                        |
+| `USE_LETS_ENCRYPT_STAGING` |           `no`           | When set to `yes`, the staging server of Let's Encrypt will be used instead of the production one. Useful when doing tests to avoid being "blocked" due to limits. |
+
+Full Let's Encrypt automation is fully working with stream mode as long as you open the `80/tcp` port from the outside. Please note that you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
+
+### Custom certificate
+
+STREAM support :white_check_mark:
+
+If you want to use your own certificates, here is the list of related settings :
+
+|     Setting     |Default| Context |Multiple|                                  Description                                   |
+|-----------------|-------|---------|--------|--------------------------------------------------------------------------------|
+|`USE_CUSTOM_SSL` |`no`   |multisite|no      |Use custom HTTPS / SSL/TLS certificate.                                                   |
+|`CUSTOM_SSL_CERT`|       |multisite|no      |Full path of the certificate or bundle file (must be readable by the scheduler).|
+|`CUSTOM_SSL_KEY` |       |multisite|no      |Full path of the key file (must be readable by the scheduler).                  |
+
+
+When `USE_CUSTOM_SSL` is set to `yes`, BunkerWeb will check every day if the custom certificate specified in `CUSTOM_SSL_CERT` is modified and will reload NGINX if that's the case.
+
+When using stream mode, you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
+
+### Self-signed
+
+STREAM support :white_check_mark:
+
+If you want to quickly test HTTPS / SSL/TLS for staging/dev environment you can configure BunkerWeb to generate self-signed certificates, here is the list of related settings :
+
+|          Setting           |        Default         | Description                                                                                                                |
+| :------------------------: | :--------------------: | :------------------------------------------------------------------------------------------------------------------------- |
+| `GENERATE_SELF_SIGNED_SSL` |          `no`          | When set to `yes`, HTTPS / SSL/TLS will be enabled with automatic self-signed certificate generation and renewal from Let's Encrypt. |
+|  `SELF_SIGNED_SSL_EXPIRY`  |         `365`          | Number of days for the certificate expiration (**-days** value used with **openssl**).                                     |
+|   `SELF_SIGNED_SSL_SUBJ`   | `/CN=www.example.com/` | Certificate subject to use (**-subj** value used with **openssl**).                                                        |
+
+When using stream mode, you will need to use the `LISTEN_STREAM_PORT_SSL` setting in order to choose your listening SSL/TLS port.
+
+## ModSecurity
+
+STREAM support :x:
+
+ModSecurity is integrated and enabled by default alongside the OWASP Core Rule Set within BunkerWeb. Here is the list of related settings :
+
+|        Setting        | Default | Description                                                                                           |
+| :-------------------: | :-----: | :---------------------------------------------------------------------------------------------------- |
+|   `USE_MODSECURITY`   |  `yes`  | When set to `yes`, ModSecurity will be enabled.                                                       |
+| `USE_MODSECURITY_CRS` |  `yes`  | When set to `yes` and `USE_MODSECURITY` is also set to `yes`, the OWASP Core Rule Set will be loaded. |
+
+We strongly recommend keeping both ModSecurity and the OWASP Core Rule Set enabled. The only downsides are the false positives that may occur. But they can be fixed with some efforts and the CRS team maintains a list of exclusions for common applications (e.g., WordPress, Nextcloud, Drupal, Cpanel, ...).
+
+Tuning ModSecurity and the CRS can be done using [custom configurations](quickstart-guide.md#custom-configurations) :
+
+- modsec-crs : before the OWASP Core Rule Set is loaded
+- modsec : after the OWASP Core Rule Set is loaded (also used if CRS is not loaded)
+
+For example, you can add a custom configuration with type `modsec-crs` to add CRS exclusions :
+
+```conf
+SecAction \
+ "id:900130,\
+  phase:1,\
+  nolog,\
+  pass,\
+  t:none,\
+  setvar:tx.crs_exclusions_wordpress=1"
+```
+
+You can also add a custom configuration with type `modsec` to update loaded CRS rules :
+
+```conf
+SecRule REQUEST_FILENAME "/wp-admin/admin-ajax.php" "id:1,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-rce"
+SecRule REQUEST_FILENAME "/wp-admin/options.php" "id:2,ctl:ruleRemoveByTag=attack-xss"
+SecRule REQUEST_FILENAME "^/wp-json/yoast" "id:3,ctl:ruleRemoveById=930120"
+```
+
+## Bad behavior
+
+STREAM support :white_check_mark:
+
+When attackers search for and/or exploit vulnerabilities they might generate some "suspicious" HTTP status codes that a "regular" user won’t generate within a period of time. If we detect that kind of behavior we can ban the offending IP address and force the attacker to come up with a new one.
+
+That kind of security measure is implemented and enabled by default in BunkerWeb and is called "Bad behavior". Here is the list of the related settings :
+
+|           Setting           |            Default            | Description                                                                  |
+| :-------------------------: | :---------------------------: | :--------------------------------------------------------------------------- |
+|     `USE_BAD_BEHAVIOR`      |             `yes`             | When set to `yes`, the Bad behavior feature will be enabled.                 |
+| `BAD_BEHAVIOR_STATUS_CODES` | `400 401 403 404 405 429 444` | List of HTTP status codes considered as "suspicious".                        |
+|   `BAD_BEHAVIOR_BAN_TIME`   |            `86400`            | The duration time (in seconds) of a ban when a client reached the threshold. |
+|  `BAD_BEHAVIOR_THRESHOLD`   |             `10`              | Maximum number of "suspicious" HTTP status codes within the time period.     |
+|  `BAD_BEHAVIOR_COUNT_TIME`  |             `60`              | Period of time during which we count "suspicious" HTTP status codes.                |
+
+In other words, with the default values, if a client generates more than `10` status codes from the list `400 401 403 404 405 429 444` within `60` seconds their IP address will be banned for `86400` seconds.
+
+When using stream mode, only the `444` status code will count as "bad".
+
+## Antibot
+
+STREAM support :x:
+
+Attackers will certainly use automated tools to exploit/find some vulnerabilities in your web applications. One countermeasure is to challenge the users to detect if they look like a bot. If the challenge is solved, we consider the client as "legitimate" and they can access the web application.
+
+That kind of security is implemented but not enabled by default in BunkerWeb and is called "Antibot". Here is the list of supported challenges :
+
+- **Cookie** : send a cookie to the client, we expect to get the cookie back on other requests
+- **Javascript** : force a client to solve a computation challenge using Javascript
+- **Captcha** : force the client to solve a classical captcha (no external dependencies)
+- **hCaptcha** : force the client to solve a captcha from hCaptcha
+- **reCAPTCHA** : force the client to get a minimum score with Google reCAPTCHA
+- **Turnstile** : enforce rate limiting and access control for APIs and web applications using various mechanisms with Coudflare Turnstile
+
+Here is the list of related settings :
+
+|          Setting          |  Default   | Context |Multiple|                                                         Description                                                          |
+|---------------------------|------------|---------|--------|------------------------------------------------------------------------------------------------------------------------------|
+|`USE_ANTIBOT`              |`no`        |multisite|no      |Activate antibot feature.                                                                                                     |
+|`ANTIBOT_URI`              |`/challenge`|multisite|no      |Unused URI that clients will be redirected to to solve the challenge.                                                         |
+|`ANTIBOT_RECAPTCHA_SCORE`  |`0.7`       |multisite|no      |Minimum score required for reCAPTCHA challenge.                                                                               |
+|`ANTIBOT_RECAPTCHA_SITEKEY`|            |multisite|no      |Sitekey for reCAPTCHA challenge.                                                                                              |
+|`ANTIBOT_RECAPTCHA_SECRET` |            |multisite|no      |Secret for reCAPTCHA challenge.                                                                                               |
+|`ANTIBOT_HCAPTCHA_SITEKEY` |            |multisite|no      |Sitekey for hCaptcha challenge.                                                                                               |
+|`ANTIBOT_HCAPTCHA_SECRET`  |            |multisite|no      |Secret for hCaptcha challenge.                                                                                                |
+|`ANTIBOT_TURNSTILE_SITEKEY`|            |multisite|no      |Sitekey for Turnstile challenge.                                                                                              |
+|`ANTIBOT_TURNSTILE_SECRET` |            |multisite|no      |Secret for Turnstile challenge.                                                                                               |
+|`ANTIBOT_TIME_RESOLVE`     |`60`        |multisite|no      |Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.|
+|`ANTIBOT_TIME_VALID`       |`86400`     |multisite|no      |Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one.                |
+
+Please note that antibot feature is using a cookie to maintain a session with clients. If you are using BunkerWeb in a clustered environment, you will need to set the `SESSIONS_SECRET` and `SESSIONS_NAME` settings to another value than the default one (which is `random`). You will find more info about sessions [here](settings.md#sessions).
+
+## Blacklisting, whitelisting and greylisting
+
+The blacklisting security feature is very easy to understand : if a specific criteria is met, the client will be banned. As for the whitelisting, it's the exact opposite : if a specific criteria is met, the client will be allowed and no additional security check will be done. Whereas for the greylisting :  if a specific criteria is met, the client will be allowed but additional security checks will be done.
+
+You can configure blacklisting, whitelisting and greylisting at the same time. If that's the case, note that whitelisting is executed before blacklisting and greylisting : even if a criteria is true for all of them, the client will be whitelisted.
+
+### Blacklisting
+
+STREAM support :warning:
+
+You can use the following settings to set up blacklisting :
+
+|             Setting              |                                                           Default                                                            | Context |Multiple|                                          Description                                           |
+|----------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------|
+|`USE_BLACKLIST`                   |`yes`                                                                                                                         |multisite|no      |Activate blacklist feature.                                                                     |
+|`BLACKLIST_IP`                    |                                                                                                                              |multisite|no      |List of IP/network, separated with spaces, to block.                                            |
+|`BLACKLIST_IP_URLS`               |`https://www.dan.me.uk/torlist/?exit`                                                                                         |global   |no      |List of URLs, separated with spaces, containing bad IP/network to block.                        |
+|`BLACKLIST_RDNS_GLOBAL`           |`yes`                                                                                                                         |multisite|no      |Only perform RDNS blacklist checks on global IP addresses.                                      |
+|`BLACKLIST_RDNS`                  |`.shodan.io .censys.io`                                                                                                       |multisite|no      |List of reverse DNS suffixes, separated with spaces, to block.                                  |
+|`BLACKLIST_RDNS_URLS`             |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to block.                  |
+|`BLACKLIST_ASN`                   |                                                                                                                              |multisite|no      |List of ASN numbers, separated with spaces, to block.                                           |
+|`BLACKLIST_ASN_URLS`              |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing ASN to block.                                   |
+|`BLACKLIST_USER_AGENT`            |                                                                                                                              |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to block.                               |
+|`BLACKLIST_USER_AGENT_URLS`       |`https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list`|global   |no      |List of URLs, separated with spaces, containing bad User-Agent to block.                        |
+|`BLACKLIST_URI`                   |                                                                                                                              |multisite|no      |List of URI (PCRE regex), separated with spaces, to block.                                      |
+|`BLACKLIST_URI_URLS`              |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing bad URI to block.                               |
+|`BLACKLIST_IGNORE_IP`             |                                                                                                                              |multisite|no      |List of IP/network, separated with spaces, to ignore in the blacklist.                          |
+|`BLACKLIST_IGNORE_IP_URLS`        |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing IP/network to ignore in the blacklist.          |
+|`BLACKLIST_IGNORE_RDNS`           |                                                                                                                              |multisite|no      |List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist.                |
+|`BLACKLIST_IGNORE_RDNS_URLS`      |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.|
+|`BLACKLIST_IGNORE_ASN`            |                                                                                                                              |multisite|no      |List of ASN numbers, separated with spaces, to ignore in the blacklist.                         |
+|`BLACKLIST_IGNORE_ASN_URLS`       |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing ASN to ignore in the blacklist.                 |
+|`BLACKLIST_IGNORE_USER_AGENT`     |                                                                                                                              |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist.             |
+|`BLACKLIST_IGNORE_USER_AGENT_URLS`|                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist.          |
+|`BLACKLIST_IGNORE_URI`            |                                                                                                                              |multisite|no      |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist.                    |
+|`BLACKLIST_IGNORE_URI_URLS`       |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing URI to ignore in the blacklist.                 |
+
+When using stream mode, only IP, RDNS and ASN checks will be done.
+
+### Greylisting
+
+STREAM support :warning:
+
+You can use the following settings to set up greylisting :
+
+|         Setting          |Default| Context |Multiple|                                         Description                                          |
+|--------------------------|-------|---------|--------|----------------------------------------------------------------------------------------------|
+|`USE_GREYLIST`            |`no`   |multisite|no      |Activate greylist feature.                                                                    |
+|`GREYLIST_IP`             |       |multisite|no      |List of IP/network, separated with spaces, to put into the greylist.                          |
+|`GREYLIST_IP_URLS`        |       |global   |no      |List of URLs, separated with spaces, containing good IP/network to put into the greylist.     |
+|`GREYLIST_RDNS_GLOBAL`    |`yes`  |multisite|no      |Only perform RDNS greylist checks on global IP addresses.                                     |
+|`GREYLIST_RDNS`           |       |multisite|no      |List of reverse DNS suffixes, separated with spaces, to put into the greylist.                |
+|`GREYLIST_RDNS_URLS`      |       |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.|
+|`GREYLIST_ASN`            |       |multisite|no      |List of ASN numbers, separated with spaces, to put into the greylist.                         |
+|`GREYLIST_ASN_URLS`       |       |global   |no      |List of URLs, separated with spaces, containing ASN to put into the greylist.                 |
+|`GREYLIST_USER_AGENT`     |       |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to put into the greylist.             |
+|`GREYLIST_USER_AGENT_URLS`|       |global   |no      |List of URLs, separated with spaces, containing good User-Agent to put into the greylist.     |
+|`GREYLIST_URI`            |       |multisite|no      |List of URI (PCRE regex), separated with spaces, to put into the greylist.                    |
+|`GREYLIST_URI_URLS`       |       |global   |no      |List of URLs, separated with spaces, containing bad URI to put into the greylist.             |
+
+When using stream mode, only IP, RDNS and ASN checks will be done.
+
+### Whitelisting
+
+STREAM support :warning:
+
+You can use the following settings to set up whitelisting :
+
+|          Setting          |                                                                                          Default                                                                                           | Context |Multiple|                                   Description                                    |
+|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------|
+|`USE_WHITELIST`            |`yes`                                                                                                                                                                                       |multisite|no      |Activate whitelist feature.                                                       |
+|`WHITELIST_IP`             |`20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8`|multisite|no      |List of IP/network, separated with spaces, to put into the whitelist.             |
+|`WHITELIST_IP_URLS`        |                                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing good IP/network to whitelist.     |
+|`WHITELIST_RDNS_GLOBAL`    |`yes`                                                                                                                                                                                       |multisite|no      |Only perform RDNS whitelist checks on global IP addresses.                        |
+|`WHITELIST_RDNS`           |`.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com`                |multisite|no      |List of reverse DNS suffixes, separated with spaces, to whitelist.                |
+|`WHITELIST_RDNS_URLS`      |                                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.|
+|`WHITELIST_ASN`            |`32934`                                                                                                                                                                                     |multisite|no      |List of ASN numbers, separated with spaces, to whitelist.                         |
+|`WHITELIST_ASN_URLS`       |                                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing ASN to whitelist.                 |
+|`WHITELIST_USER_AGENT`     |                                                                                                                                                                                            |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to whitelist.             |
+|`WHITELIST_USER_AGENT_URLS`|                                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing good User-Agent to whitelist.     |
+|`WHITELIST_URI`            |                                                                                                                                                                                            |multisite|no      |List of URI (PCRE regex), separated with spaces, to whitelist.                    |
+|`WHITELIST_URI_URLS`       |                                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing bad URI to whitelist.             |
+
+When using stream mode, only IP, RDNS and ASN checks will be done.
+
+## Reverse scan
+
+STREAM support :white_check_mark:
+
+Reverse scan is a feature designed to detect open ports by establishing TCP connections with clients' IP addresses.
+Consider adding this feature if you want to detect possible open proxies or connections from servers.
+
+We provide a list of suspicious ports by default but it can be modified to fit your needs. Be mindful, adding too many ports to the list can significantly slow down clients' connections due to the network checks. If a listed port is open, the client's access will be denied.
+
+Please be aware, this feature is new and further improvements will be added soon.
+
+Here is the list of settings related to reverse scan :
+
+|   Setting    |                                   Default                                    | Description                                    |
+| :----------: | :--------------------------------------------------------------------------: | :--------------------------------------------- |
+| `USE_REVERSE_SCAN`  |                                    `no`                                     | When set to `yes`, will enable ReverseScan. |
+| `REVERSE_SCAN_PORTS` | `22 80 443 3128 8000 8080`                                                 | List of suspicious ports to scan.                  |
+| `REVERSE_SCAN_TIMEOUT` | `500`                                                                    | Specify the maximum timeout (in ms) when scanning a port.                |
+
+## BunkerNet
+
+STREAM support :white_check_mark:
+
+BunkerNet is a crowdsourced database of malicious requests shared between all BunkerWeb instances over the world.
+
+If you enable BunkerNet, malicious requests will be sent to a remote server and will be analyzed by our systems. By doing so, we can extract malicious data from everyone's reports and give back the results to each BunkerWeb instances participating into BunkerNet.
+
+At the moment, that feature should be considered in "beta". We only extract malicious IP and we are very strict about how we do it to avoid any "poisoning". We strongly recommend activating it (which is the default) because the more instances participate, the more data we have to improve the algorithm.
+
+The setting used to enable or disable BunkerNet is `USE_BUNKERNET` (default : `yes`).
+
+## DNSBL
+
+STREAM support :white_check_mark:
+
+DNSBL or "DNS BlackList" is an external list of malicious IPs that you query using the DNS protocol. Automatic querying of that kind of blacklist is supported by BunkerWeb. If a remote DNSBL server of your choice says that the IP address of the client is in the blacklist, it will be banned.
+
+Here is the list of settings related to DNSBL :
+
+|   Setting    |                                   Default                                    | Description                                    |
+| :----------: | :--------------------------------------------------------------------------: | :--------------------------------------------- |
+| `USE_DNSBL`  |                                    `yes`                                     | When set to `yes`, will enable DNSBL checking. |
+| `DNSBL_LIST` | `bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org` | List of DNSBL servers to ask.                  |
+
+## Limiting
+
+BunkerWeb supports applying a limit policy to :
+
+- Number of connections per IP
+- Number of requests per IP and URL within a time period
+
+Please note that it should not be considered as an effective solution against DoS or DDoS but rather as an anti-bruteforce measure or rate limit policy for API.
+
+In both cases (connections or requests) if the limit is reached, the client will receive the HTTP status "429 - Too Many Requests".
+
+### Connections
+
+STREAM support :white_check_mark:
+
+The following settings are related to the Limiting connections feature :
+
+|        Setting         | Default | Description                                                                                |
+| :--------------------: | :-----: | :----------------------------------------------------------------------------------------- |
+|    `USE_LIMIT_CONN`    |  `yes`  | When set to `yes`, will limit the maximum number of concurrent connections for a given IP. |
+| `LIMIT_CONN_MAX_HTTP1` |  `10`   | Maximum number of concurrent connections when using HTTP1 protocol.                        |
+| `LIMIT_CONN_MAX_HTTP2` |  `100`  | Maximum number of concurrent streams when using HTTP2 protocol.                            |
+| `LIMIT_CONN_MAX_STREAM`|  `10`  | Maximum number of connections per IP when using stream.                                     |
+
+### Requests
+
+STREAM support :x:
+
+The following settings are related to the Limiting requests feature :
+
+|        Setting        |Default| Context |Multiple|                                         Description                                         |
+|-----------------------|-------|---------|--------|---------------------------------------------------------------------------------------------|
+|`USE_LIMIT_REQ`        |`yes`  |multisite|no      |Activate limit requests feature.                                                             |
+|`LIMIT_REQ_URL`        |`/`    |multisite|yes     |URL (PCRE regex) where the limit request will be applied or special value / for all requests.|
+|`LIMIT_REQ_RATE`       |`2r/s` |multisite|yes     |Rate to apply to the URL (s for second, m for minute, h for hour and d for day).             |
+|`USE_LIMIT_CONN`       |`yes`  |multisite|no      |Activate limit connections feature.                                                          |
+|`LIMIT_CONN_MAX_HTTP1` |`10`   |multisite|no      |Maximum number of connections per IP when using HTTP/1.X protocol.                           |
+|`LIMIT_CONN_MAX_HTTP2` |`100`  |multisite|no      |Maximum number of streams per IP when using HTTP/2 protocol.                                 |
+|`LIMIT_CONN_MAX_STREAM`|`10`   |multisite|no      |Maximum number of connections per IP when using stream.                                      |
+
+Please note that you can add different rates for different URLs by adding a number as a suffix to the settings for example : `LIMIT_REQ_URL_1=^/url1$`, `LIMIT_REQ_RATE_1=5r/d`, `LIMIT_REQ_URL_2=^/url2/subdir/.*$`, `LIMIT_REQ_RATE_2=1r/m`, ...
+
+Another important thing to note is that `LIMIT_REQ_URL` values are PCRE regex.
+
+## Country
+
+STREAM support :white_check_mark:
+
+The country security feature allows you to apply policy based on the country of the IP address of clients :
+
+- Deny any access if the country is in a blacklist
+- Only allow access if the country is in a whitelist (other security checks will still be executed)
+
+Here is the list of related settings :
+
+|      Setting      |Default| Context |Multiple|                                                 Description                                                  |
+|-------------------|-------|---------|--------|--------------------------------------------------------------------------------------------------------------|
+|`BLACKLIST_COUNTRY`|       |multisite|no      |Deny access if the country of the client is in the list (ISO 3166-1 alpha-2 format separated with spaces).    |
+|`WHITELIST_COUNTRY`|       |multisite|no      |Deny access if the country of the client is not in the list (ISO 3166-1 alpha-2 format separated with spaces).|
+
+Using both country blacklist and whitelist at the same time makes no sense. If you do, please note that only the whitelist will be executed.
+
+## Authentication
+
+### Auth basic
+
+STREAM support :x:
+
+You can quickly protect sensitive resources like the admin area for example, by requiring HTTP basic authentication. Here is the list of related settings :
+
+|          Setting          |      Default      | Description                                                                                  |
+| :-----------------------: | :---------------: | :------------------------------------------------------------------------------------------- |
+|     `USE_AUTH_BASIC`      |       `no`        | When set to `yes` HTTP auth basic will be enabled.                                           |
+|   `AUTH_BASIC_LOCATION`   |    `sitewide`     | Location (URL) of the sensitive resource. Use special value `sitewide` to enable everywhere. |
+|   `AUTH_BASIC_USER`   |    `changeme`     | The username required.                                                                       |
+| `AUTH_BASIC_PASSWORD` |    `changeme`     | The password required.                                                                       |
+|   `AUTH_BASIC_TEXT`   | `Restricted area` | Text to display in the auth prompt.                                                          |
+
+### Auth request
+
+You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.6/examples).
+
+**Auth request settings are related to reverse proxy rules.**
+
+|                Setting                |             Default              | Context |Multiple|                                                    Description                                                     |
+|---------------------------------------|----------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------------------|
+|`REVERSE_PROXY_AUTH_REQUEST`           |                                  |multisite|yes     |Enable authentication using an external provider (value of auth_request directive).                                 |
+|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`|                                  |multisite|yes     |Redirect clients to sign-in URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401).    |
+|`REVERSE_PROXY_AUTH_REQUEST_SET`       |                                  |multisite|yes     |List of variables to set from the authentication provider, separated with ; (values of auth_request_set directives).|
--- a/docs/settings.md
+++ b/docs/settings.md
@ -0,0 +1,552 @@
+# Settings
+
+!!! info "Settings generator tool"
+
+    To help you tune BunkerWeb, we have made an easy-to-use settings generator tool available at [config.bunkerweb.io](https://config.bunkerweb.io/?utm_campaign=self&utm_source=doc).
+
+This section contains the full list of settings supported by BunkerWeb. If you are not yet familiar with BunkerWeb, you should first read the [concepts](concepts.md) section of the documentation. Please follow the instructions for your own [integration](integrations.md) on how to apply the settings.
+
+As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server, you will need to add the primary (first) server name as a prefix like `www.example.com_USE_ANTIBOT=captcha` or `myapp.example.com_USE_GZIP=yes` for example.
+
+When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example.
+
+## Global settings
+
+
+STREAM support :warning:
+
+|           Setting            |                                                        Default                                                         | Context |Multiple|                   Description                    |
+|------------------------------|------------------------------------------------------------------------------------------------------------------------|---------|--------|--------------------------------------------------|
+|`IS_LOADING`                  |`no`                                                                                                                    |global   |no      |Internal use : set to yes when BW is loading.     |
+|`NGINX_PREFIX`                |`/etc/nginx/`                                                                                                           |global   |no      |Where nginx will search for configurations.       |
+|`HTTP_PORT`                   |`8080`                                                                                                                  |global   |no      |HTTP port number which bunkerweb binds to.        |
+|`HTTPS_PORT`                  |`8443`                                                                                                                  |global   |no      |HTTPS port number which bunkerweb binds to.       |
+|`MULTISITE`                   |`no`                                                                                                                    |global   |no      |Multi site activation.                            |
+|`SERVER_NAME`                 |`www.example.com`                                                                                                       |multisite|no      |List of the virtual hosts served by bunkerweb.    |
+|`WORKER_PROCESSES`            |`auto`                                                                                                                  |global   |no      |Number of worker processes.                       |
+|`WORKER_RLIMIT_NOFILE`        |`2048`                                                                                                                  |global   |no      |Maximum number of open files for worker processes.|
+|`WORKER_CONNECTIONS`          |`1024`                                                                                                                  |global   |no      |Maximum number of connections per worker.         |
+|`LOG_FORMAT`                  |`$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"`|global   |no      |The format to use for access logs.                |
+|`LOG_LEVEL`                   |`notice`                                                                                                                |global   |no      |The level to use for error logs.                  |
+|`DNS_RESOLVERS`               |`127.0.0.11`                                                                                                            |global   |no      |DNS addresses of resolvers to use.                |
+|`DATASTORE_MEMORY_SIZE`       |`64m`                                                                                                                   |global   |no      |Size of the internal datastore.                   |
+|`CACHESTORE_MEMORY_SIZE`      |`64m`                                                                                                                   |global   |no      |Size of the internal cachestore.                  |
+|`CACHESTORE_IPC_MEMORY_SIZE`  |`16m`                                                                                                                   |global   |no      |Size of the internal cachestore (ipc).            |
+|`CACHESTORE_MISS_MEMORY_SIZE` |`16m`                                                                                                                   |global   |no      |Size of the internal cachestore (miss).           |
+|`CACHESTORE_LOCKS_MEMORY_SIZE`|`16m`                                                                                                                   |global   |no      |Size of the internal cachestore (locks).          |
+|`USE_API`                     |`yes`                                                                                                                   |global   |no      |Activate the API to control BunkerWeb.            |
+|`API_HTTP_PORT`               |`5000`                                                                                                                  |global   |no      |Listen port number for the API.                   |
+|`API_LISTEN_IP`               |`0.0.0.0`                                                                                                               |global   |no      |Listen IP address for the API.                    |
+|`API_SERVER_NAME`             |`bwapi`                                                                                                                 |global   |no      |Server name (virtual host) for the API.           |
+|`API_WHITELIST_IP`            |`127.0.0.0/8`                                                                                                           |global   |no      |List of IP/network allowed to contact the API.    |
+|`AUTOCONF_MODE`               |`no`                                                                                                                    |global   |no      |Enable Autoconf Docker integration.               |
+|`SWARM_MODE`                  |`no`                                                                                                                    |global   |no      |Enable Docker Swarm integration.                  |
+|`KUBERNETES_MODE`             |`no`                                                                                                                    |global   |no      |Enable Kubernetes integration.                    |
+|`SERVER_TYPE`                 |`http`                                                                                                                  |multisite|no      |Server type : http or stream.                     |
+|`LISTEN_STREAM`               |`yes`                                                                                                                   |multisite|no      |Enable listening for non-ssl (passthrough).       |
+|`LISTEN_STREAM_PORT`          |`1337`                                                                                                                  |multisite|no      |Listening port for non-ssl (passthrough).         |
+|`LISTEN_STREAM_PORT_SSL`      |`4242`                                                                                                                  |multisite|no      |Listening port for ssl (passthrough).             |
+|`USE_UDP`                     |`no`                                                                                                                    |multisite|no      |UDP listen instead of TCP (stream).               |
+|`USE_IPV6`                    |`no`                                                                                                                    |global   |no      |Enable IPv6 connectivity.                         |
+
+
+## Core settings
+
+### Antibot
+
+STREAM support :x:
+
+Bot detection by using a challenge.
+
+|          Setting          |  Default   | Context |Multiple|                                                         Description                                                          |
+|---------------------------|------------|---------|--------|------------------------------------------------------------------------------------------------------------------------------|
+|`USE_ANTIBOT`              |`no`        |multisite|no      |Activate antibot feature.                                                                                                     |
+|`ANTIBOT_URI`              |`/challenge`|multisite|no      |Unused URI that clients will be redirected to to solve the challenge.                                                         |
+|`ANTIBOT_RECAPTCHA_SCORE`  |`0.7`       |multisite|no      |Minimum score required for reCAPTCHA challenge.                                                                               |
+|`ANTIBOT_RECAPTCHA_SITEKEY`|            |multisite|no      |Sitekey for reCAPTCHA challenge.                                                                                              |
+|`ANTIBOT_RECAPTCHA_SECRET` |            |multisite|no      |Secret for reCAPTCHA challenge.                                                                                               |
+|`ANTIBOT_HCAPTCHA_SITEKEY` |            |multisite|no      |Sitekey for hCaptcha challenge.                                                                                               |
+|`ANTIBOT_HCAPTCHA_SECRET`  |            |multisite|no      |Secret for hCaptcha challenge.                                                                                                |
+|`ANTIBOT_TURNSTILE_SITEKEY`|            |multisite|no      |Sitekey for Turnstile challenge.                                                                                              |
+|`ANTIBOT_TURNSTILE_SECRET` |            |multisite|no      |Secret for Turnstile challenge.                                                                                               |
+|`ANTIBOT_TIME_RESOLVE`     |`60`        |multisite|no      |Maximum time (in seconds) clients have to resolve the challenge. Once this time has passed, a new challenge will be generated.|
+|`ANTIBOT_TIME_VALID`       |`86400`     |multisite|no      |Maximum validity time of solved challenges. Once this time has passed, clients will need to resolve a new one.                |
+
+### Auth basic
+
+STREAM support :x:
+
+Enforce login before accessing a resource or the whole site using HTTP basic auth method.
+
+|       Setting       |     Default     | Context |Multiple|                  Description                   |
+|---------------------|-----------------|---------|--------|------------------------------------------------|
+|`USE_AUTH_BASIC`     |`no`             |multisite|no      |Use HTTP basic auth                             |
+|`AUTH_BASIC_LOCATION`|`sitewide`       |multisite|no      |URL of the protected resource or sitewide value.|
+|`AUTH_BASIC_USER`    |`changeme`       |multisite|no      |Username                                        |
+|`AUTH_BASIC_PASSWORD`|`changeme`       |multisite|no      |Password                                        |
+|`AUTH_BASIC_TEXT`    |`Restricted area`|multisite|no      |Text to display                                 |
+
+### Bad behavior
+
+STREAM support :white_check_mark:
+
+Ban IP generating too much 'bad' HTTP status code in a period of time.
+
+|          Setting          |           Default           | Context |Multiple|                                        Description                                         |
+|---------------------------|-----------------------------|---------|--------|--------------------------------------------------------------------------------------------|
+|`USE_BAD_BEHAVIOR`         |`yes`                        |multisite|no      |Activate Bad behavior feature.                                                              |
+|`BAD_BEHAVIOR_STATUS_CODES`|`400 401 403 404 405 429 444`|multisite|no      |List of HTTP status codes considered as 'bad'.                                              |
+|`BAD_BEHAVIOR_BAN_TIME`    |`86400`                      |multisite|no      |The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.|
+|`BAD_BEHAVIOR_THRESHOLD`   |`10`                         |multisite|no      |Maximum number of 'bad' HTTP status codes within the period of time before IP is banned.    |
+|`BAD_BEHAVIOR_COUNT_TIME`  |`60`                         |multisite|no      |Period of time (in seconds) during which we count 'bad' HTTP status codes.                  |
+
+### Blacklist
+
+STREAM support :warning:
+
+Deny access based on internal and external IP/network/rDNS/ASN blacklists.
+
+|             Setting              |                                                           Default                                                            | Context |Multiple|                                          Description                                           |
+|----------------------------------|------------------------------------------------------------------------------------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------|
+|`USE_BLACKLIST`                   |`yes`                                                                                                                         |multisite|no      |Activate blacklist feature.                                                                     |
+|`BLACKLIST_IP`                    |                                                                                                                              |multisite|no      |List of IP/network, separated with spaces, to block.                                            |
+|`BLACKLIST_IP_URLS`               |`https://www.dan.me.uk/torlist/?exit`                                                                                         |global   |no      |List of URLs, separated with spaces, containing bad IP/network to block.                        |
+|`BLACKLIST_RDNS_GLOBAL`           |`yes`                                                                                                                         |multisite|no      |Only perform RDNS blacklist checks on global IP addresses.                                      |
+|`BLACKLIST_RDNS`                  |`.shodan.io .censys.io`                                                                                                       |multisite|no      |List of reverse DNS suffixes, separated with spaces, to block.                                  |
+|`BLACKLIST_RDNS_URLS`             |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to block.                  |
+|`BLACKLIST_ASN`                   |                                                                                                                              |multisite|no      |List of ASN numbers, separated with spaces, to block.                                           |
+|`BLACKLIST_ASN_URLS`              |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing ASN to block.                                   |
+|`BLACKLIST_USER_AGENT`            |                                                                                                                              |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to block.                               |
+|`BLACKLIST_USER_AGENT_URLS`       |`https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list`|global   |no      |List of URLs, separated with spaces, containing bad User-Agent to block.                        |
+|`BLACKLIST_URI`                   |                                                                                                                              |multisite|no      |List of URI (PCRE regex), separated with spaces, to block.                                      |
+|`BLACKLIST_URI_URLS`              |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing bad URI to block.                               |
+|`BLACKLIST_IGNORE_IP`             |                                                                                                                              |multisite|no      |List of IP/network, separated with spaces, to ignore in the blacklist.                          |
+|`BLACKLIST_IGNORE_IP_URLS`        |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing IP/network to ignore in the blacklist.          |
+|`BLACKLIST_IGNORE_RDNS`           |                                                                                                                              |multisite|no      |List of reverse DNS suffixes, separated with spaces, to ignore in the blacklist.                |
+|`BLACKLIST_IGNORE_RDNS_URLS`      |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to ignore in the blacklist.|
+|`BLACKLIST_IGNORE_ASN`            |                                                                                                                              |multisite|no      |List of ASN numbers, separated with spaces, to ignore in the blacklist.                         |
+|`BLACKLIST_IGNORE_ASN_URLS`       |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing ASN to ignore in the blacklist.                 |
+|`BLACKLIST_IGNORE_USER_AGENT`     |                                                                                                                              |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to ignore in the blacklist.             |
+|`BLACKLIST_IGNORE_USER_AGENT_URLS`|                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing User-Agent to ignore in the blacklist.          |
+|`BLACKLIST_IGNORE_URI`            |                                                                                                                              |multisite|no      |List of URI (PCRE regex), separated with spaces, to ignore in the blacklist.                    |
+|`BLACKLIST_IGNORE_URI_URLS`       |                                                                                                                              |global   |no      |List of URLs, separated with spaces, containing URI to ignore in the blacklist.                 |
+
+### Brotli
+
+STREAM support :x:
+
+Compress HTTP requests with the brotli algorithm.
+
+|      Setting      |                                                                                                                                                                                                            Default                                                                                                                                                                                                             | Context |Multiple|                      Description                      |
+|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------|
+|`USE_BROTLI`       |`no`                                                                                                                                                                                                                                                                                                                                                                                                                            |multisite|no      |Use brotli                                             |
+|`BROTLI_TYPES`     |`application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml`|multisite|no      |List of MIME types that will be compressed with brotli.|
+|`BROTLI_MIN_LENGTH`|`1000`                                                                                                                                                                                                                                                                                                                                                                                                                          |multisite|no      |Minimum length for brotli compression.                 |
+|`BROTLI_COMP_LEVEL`|`6`                                                                                                                                                                                                                                                                                                                                                                                                                             |multisite|no      |The compression level of the brotli algorithm.         |
+
+### BunkerNet
+
+STREAM support :white_check_mark:
+
+Share threat data with other BunkerWeb instances via BunkerNet.
+
+|     Setting      |         Default          | Context |Multiple|         Description         |
+|------------------|--------------------------|---------|--------|-----------------------------|
+|`USE_BUNKERNET`   |`yes`                     |multisite|no      |Activate BunkerNet feature.  |
+|`BUNKERNET_SERVER`|`https://api.bunkerweb.io`|global   |no      |Address of the BunkerNet API.|
+
+### CORS
+
+STREAM support :x:
+
+Cross-Origin Resource Sharing.
+
+|           Setting            |                                      Default                                       | Context |Multiple|                            Description                            |
+|------------------------------|------------------------------------------------------------------------------------|---------|--------|-------------------------------------------------------------------|
+|`USE_CORS`                    |`no`                                                                                |multisite|no      |Use CORS                                                           |
+|`CORS_ALLOW_ORIGIN`           |`*`                                                                                 |multisite|no      |Allowed origins to make CORS requests : PCRE regex or *.           |
+|`CORS_EXPOSE_HEADERS`         |`Content-Length,Content-Range`                                                      |multisite|no      |Value of the Access-Control-Expose-Headers header.                 |
+|`CROSS_ORIGIN_OPENER_POLICY`  |                                                                                    |multisite|no      |Value for the Cross-Origin-Opener-Policy header.                   |
+|`CROSS_ORIGIN_EMBEDDER_POLICY`|                                                                                    |multisite|no      |Value for the Cross-Origin-Embedder-Policy header.                 |
+|`CROSS_ORIGIN_RESOURCE_POLICY`|                                                                                    |multisite|no      |Value for the Cross-Origin-Resource-Policy header.                 |
+|`CORS_MAX_AGE`                |`86400`                                                                             |multisite|no      |Value of the Access-Control-Max-Age header.                        |
+|`CORS_ALLOW_CREDENTIALS`      |`no`                                                                                |multisite|no      |Send the Access-Control-Allow-Credentials header.                  |
+|`CORS_ALLOW_METHODS`          |`GET, POST, OPTIONS`                                                                |multisite|no      |Value of the Access-Control-Allow-Methods header.                  |
+|`CORS_ALLOW_HEADERS`          |`DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range`|multisite|no      |Value of the Access-Control-Allow-Headers header.                  |
+|`CORS_DENY_REQUEST`           |`yes`                                                                               |multisite|no      |Deny request and don't send it to backend if Origin is not allowed.|
+
+### Client cache
+
+STREAM support :x:
+
+Manage caching for clients.
+
+|         Setting         |                          Default                           | Context |Multiple|                            Description                             |
+|-------------------------|------------------------------------------------------------|---------|--------|--------------------------------------------------------------------|
+|`USE_CLIENT_CACHE`       |`no`                                                        |multisite|no      |Tell client to store locally static files.                          |
+|`CLIENT_CACHE_EXTENSIONS`|`jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2`|global   |no      |List of file extensions, separated with pipes that should be cached.|
+|`CLIENT_CACHE_ETAG`      |`yes`                                                       |multisite|no      |Send the HTTP ETag header for static resources.                     |
+|`CLIENT_CACHE_CONTROL`   |`public, max-age=15552000`                                  |multisite|no      |Value of the Cache-Control HTTP header.                             |
+
+### Country
+
+STREAM support :white_check_mark:
+
+Deny access based on the country of the client IP.
+
+|      Setting      |Default| Context |Multiple|                                                 Description                                                  |
+|-------------------|-------|---------|--------|--------------------------------------------------------------------------------------------------------------|
+|`BLACKLIST_COUNTRY`|       |multisite|no      |Deny access if the country of the client is in the list (ISO 3166-1 alpha-2 format separated with spaces).    |
+|`WHITELIST_COUNTRY`|       |multisite|no      |Deny access if the country of the client is not in the list (ISO 3166-1 alpha-2 format separated with spaces).|
+
+### Custom HTTPS certificate
+
+STREAM support :white_check_mark:
+
+Choose custom certificate for HTTPS.
+
+|       Setting        |Default| Context |Multiple|                                  Description                                   |
+|----------------------|-------|---------|--------|--------------------------------------------------------------------------------|
+|`USE_CUSTOM_SSL`      |`no`   |multisite|no      |Use custom HTTPS certificate.                                                   |
+|`CUSTOM_SSL_CERT`     |       |multisite|no      |Full path of the certificate or bundle file (must be readable by the scheduler).|
+|`CUSTOM_SSL_KEY`      |       |multisite|no      |Full path of the key file (must be readable by the scheduler).                  |
+|`CUSTOM_SSL_CERT_DATA`|       |multisite|no      |Certificate data encoded in base64.                                             |
+|`CUSTOM_SSL_KEY_DATA` |       |multisite|no      |Key data encoded in base64.                                                     |
+
+### DB
+
+STREAM support :white_check_mark:
+
+Integrate easily the Database.
+
+|   Setting    |                 Default                 |Context|Multiple|                   Description                    |
+|--------------|-----------------------------------------|-------|--------|--------------------------------------------------|
+|`DATABASE_URI`|`sqlite:////var/lib/bunkerweb/db.sqlite3`|global |no      |The database URI, following the sqlalchemy format.|
+
+### DNSBL
+
+STREAM support :white_check_mark:
+
+Deny access based on external DNSBL servers.
+
+|  Setting   |                                  Default                                   | Context |Multiple|      Description      |
+|------------|----------------------------------------------------------------------------|---------|--------|-----------------------|
+|`USE_DNSBL` |`yes`                                                                       |multisite|no      |Activate DNSBL feature.|
+|`DNSBL_LIST`|`bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org`|global   |no      |List of DNSBL servers. |
+
+### Errors
+
+STREAM support :x:
+
+Manage default error pages
+
+|         Setting         |                     Default                     | Context |Multiple|                                                      Description                                                       |
+|-------------------------|-------------------------------------------------|---------|--------|------------------------------------------------------------------------------------------------------------------------|
+|`ERRORS`                 |                                                 |multisite|no      |List of HTTP error code and corresponding error pages, separated with spaces (404=/my404.html 403=/errors/403.html ...).|
+|`INTERCEPTED_ERROR_CODES`|`400 401 403 404 405 413 429 500 501 502 503 504`|multisite|no      |List of HTTP error code intercepted by BunkerWeb                                                                        |
+
+### Greylist
+
+STREAM support :warning:
+
+Allow access while keeping security features based on internal and external IP/network/rDNS/ASN greylists.
+
+|         Setting          |Default| Context |Multiple|                                         Description                                          |
+|--------------------------|-------|---------|--------|----------------------------------------------------------------------------------------------|
+|`USE_GREYLIST`            |`no`   |multisite|no      |Activate greylist feature.                                                                    |
+|`GREYLIST_IP`             |       |multisite|no      |List of IP/network, separated with spaces, to put into the greylist.                          |
+|`GREYLIST_IP_URLS`        |       |global   |no      |List of URLs, separated with spaces, containing good IP/network to put into the greylist.     |
+|`GREYLIST_RDNS_GLOBAL`    |`yes`  |multisite|no      |Only perform RDNS greylist checks on global IP addresses.                                     |
+|`GREYLIST_RDNS`           |       |multisite|no      |List of reverse DNS suffixes, separated with spaces, to put into the greylist.                |
+|`GREYLIST_RDNS_URLS`      |       |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to put into the greylist.|
+|`GREYLIST_ASN`            |       |multisite|no      |List of ASN numbers, separated with spaces, to put into the greylist.                         |
+|`GREYLIST_ASN_URLS`       |       |global   |no      |List of URLs, separated with spaces, containing ASN to put into the greylist.                 |
+|`GREYLIST_USER_AGENT`     |       |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to put into the greylist.             |
+|`GREYLIST_USER_AGENT_URLS`|       |global   |no      |List of URLs, separated with spaces, containing good User-Agent to put into the greylist.     |
+|`GREYLIST_URI`            |       |multisite|no      |List of URI (PCRE regex), separated with spaces, to put into the greylist.                    |
+|`GREYLIST_URI_URLS`       |       |global   |no      |List of URLs, separated with spaces, containing bad URI to put into the greylist.             |
+
+### Gzip
+
+STREAM support :x:
+
+Compress HTTP requests with the gzip algorithm.
+
+|     Setting     |                                                                                                                                                                                                            Default                                                                                                                                                                                                             | Context |Multiple|                     Description                     |
+|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|-----------------------------------------------------|
+|`USE_GZIP`       |`no`                                                                                                                                                                                                                                                                                                                                                                                                                            |multisite|no      |Use gzip                                             |
+|`GZIP_TYPES`     |`application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml`|multisite|no      |List of MIME types that will be compressed with gzip.|
+|`GZIP_MIN_LENGTH`|`1000`                                                                                                                                                                                                                                                                                                                                                                                                                          |multisite|no      |Minimum length for gzip compression.                 |
+|`GZIP_COMP_LEVEL`|`5`                                                                                                                                                                                                                                                                                                                                                                                                                             |multisite|no      |The compression level of the gzip algorithm.         |
+
+### HTML injection
+
+STREAM support :x:
+
+Inject custom HTML code before the </body> tag.
+
+|   Setting   |Default| Context |Multiple|      Description       |
+|-------------|-------|---------|--------|------------------------|
+|`INJECT_BODY`|       |multisite|no      |The HTML code to inject.|
+
+### Headers
+
+STREAM support :x:
+
+Manage HTTP headers sent to clients.
+
+|               Setting               |                                                                                                                                                                                                                                                                                                                                                       Default                                                                                                                                                                                                                                                                                                                                                       | Context |Multiple|                                         Description                                          |
+|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------------------|
+|`CUSTOM_HEADER`                      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |multisite|yes     |Custom header to add (HeaderName: HeaderValue).                                               |
+|`REMOVE_HEADERS`                     |`Server Expect-CT X-Powered-By X-AspNet-Version X-AspNetMvc-Version`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |multisite|no      |Headers to remove (Header1 Header2 Header3 ...)                                               |
+|`KEEP_UPSTREAM_HEADERS`              |`Content-Security-Policy Permissions-Policy Feature-Policy X-Frame-Options`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |multisite|no      |Headers to keep from upstream (Header1 Header2 Header3 ... or * for all).                     |
+|`STRICT_TRANSPORT_SECURITY`          |`max-age=31536000`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |multisite|no      |Value for the Strict-Transport-Security header.                                               |
+|`COOKIE_FLAGS`                       |`* HttpOnly SameSite=Lax`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |multisite|yes     |Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).|
+|`COOKIE_AUTO_SECURE_FLAG`            |`yes`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |multisite|no      |Automatically add the Secure flag to all cookies.                                             |
+|`CONTENT_SECURITY_POLICY`            |`object-src 'none'; form-action 'self'; frame-ancestors 'self';`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |multisite|no      |Value for the Content-Security-Policy header.                                                 |
+|`CONTENT_SECURITY_POLICY_REPORT_ONLY`|`no`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |multisite|no      |Send reports for violations of the Content-Security-Policy header instead of blocking them.   |
+|`REFERRER_POLICY`                    |`strict-origin-when-cross-origin`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |multisite|no      |Value for the Referrer-Policy header.                                                         |
+|`PERMISSIONS_POLICY`                 |`accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()`                                                                                                                                                                                   |multisite|no      |Value for the Permissions-Policy header.                                                      |
+|`FEATURE_POLICY`                     |`accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';`|multisite|no      |Value for the Feature-Policy header.                                                          |
+|`X_FRAME_OPTIONS`                    |`SAMEORIGIN`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |multisite|no      |Value for the X-Frame-Options header.                                                         |
+|`X_CONTENT_TYPE_OPTIONS`             |`nosniff`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |multisite|no      |Value for the X-Content-Type-Options header.                                                  |
+|`X_XSS_PROTECTION`                   |`1; mode=block`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |multisite|no      |Value for the X-XSS-Protection header.                                                        |
+
+### Let's Encrypt
+
+STREAM support :white_check_mark:
+
+Automatic creation, renewal and configuration of Let's Encrypt certificates.
+
+|         Setting          |Default| Context |Multiple|                                                                                 Description                                                                                 |
+|--------------------------|-------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|`AUTO_LETS_ENCRYPT`       |`no`   |multisite|no      |Activate automatic Let's Encrypt mode.                                                                                                                                       |
+|`EMAIL_LETS_ENCRYPT`      |       |multisite|no      |Email used for Let's Encrypt notification and in certificate.                                                                                                                |
+|`USE_LETS_ENCRYPT_STAGING`|`no`   |multisite|no      |Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.|
+
+### Limit
+
+STREAM support :warning:
+
+Limit maximum number of requests and connections.
+
+|        Setting        |Default| Context |Multiple|                                         Description                                         |
+|-----------------------|-------|---------|--------|---------------------------------------------------------------------------------------------|
+|`USE_LIMIT_REQ`        |`yes`  |multisite|no      |Activate limit requests feature.                                                             |
+|`LIMIT_REQ_URL`        |`/`    |multisite|yes     |URL (PCRE regex) where the limit request will be applied or special value / for all requests.|
+|`LIMIT_REQ_RATE`       |`2r/s` |multisite|yes     |Rate to apply to the URL (s for second, m for minute, h for hour and d for day).             |
+|`USE_LIMIT_CONN`       |`yes`  |multisite|no      |Activate limit connections feature.                                                          |
+|`LIMIT_CONN_MAX_HTTP1` |`10`   |multisite|no      |Maximum number of connections per IP when using HTTP/1.X protocol.                           |
+|`LIMIT_CONN_MAX_HTTP2` |`100`  |multisite|no      |Maximum number of streams per IP when using HTTP/2 protocol.                                 |
+|`LIMIT_CONN_MAX_STREAM`|`10`   |multisite|no      |Maximum number of connections per IP when using stream.                                      |
+
+### Miscellaneous
+
+STREAM support :warning:
+
+Miscellaneous settings.
+
+|           Setting           |        Default        | Context |Multiple|                                                         Description                                                         |
+|-----------------------------|-----------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------|
+|`DISABLE_DEFAULT_SERVER`     |`no`                   |global   |no      |Close connection if the request vhost is unknown.                                                                            |
+|`REDIRECT_HTTP_TO_HTTPS`     |`no`                   |multisite|no      |Redirect all HTTP request to HTTPS.                                                                                          |
+|`AUTO_REDIRECT_HTTP_TO_HTTPS`|`yes`                  |multisite|no      |Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.                                    |
+|`ALLOWED_METHODS`            |`GET|POST|HEAD`        |multisite|no      |Allowed HTTP and WebDAV methods, separated with pipes to be sent by clients.                                                 |
+|`MAX_CLIENT_SIZE`            |`10m`                  |multisite|no      |Maximum body size (0 for infinite).                                                                                          |
+|`SERVE_FILES`                |`yes`                  |multisite|no      |Serve files from the local folder.                                                                                           |
+|`ROOT_FOLDER`                |                       |multisite|no      |Root folder containing files to serve (/var/www/html/{server_name} if unset).                                                |
+|`SSL_PROTOCOLS`              |`TLSv1.2 TLSv1.3`      |multisite|no      |The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.                      |
+|`HTTP2`                      |`yes`                  |multisite|no      |Support HTTP2 protocol when HTTPS is enabled.                                                                                |
+|`LISTEN_HTTP`                |`yes`                  |multisite|no      |Respond to (insecure) HTTP requests.                                                                                         |
+|`USE_OPEN_FILE_CACHE`        |`no`                   |multisite|no      |Enable open file cache feature                                                                                               |
+|`OPEN_FILE_CACHE`            |`max=1000 inactive=20s`|multisite|no      |Open file cache directive                                                                                                    |
+|`OPEN_FILE_CACHE_ERRORS`     |`yes`                  |multisite|no      |Enable open file cache for errors                                                                                            |
+|`OPEN_FILE_CACHE_MIN_USES`   |`2`                    |multisite|no      |Enable open file cache minimum uses                                                                                          |
+|`OPEN_FILE_CACHE_VALID`      |`30s`                  |multisite|no      |Open file cache valid time                                                                                                   |
+|`EXTERNAL_PLUGIN_URLS`       |                       |global   |no      |List of external plugins URLs (direct download to .zip or .tar file) to download and install (URLs are separated with space).|
+|`DENY_HTTP_STATUS`           |`403`                  |global   |no      |HTTP status code to send when the request is denied (403 or 444). When using 444, BunkerWeb will close the connection.       |
+|`SEND_ANONYMOUS_REPORT`      |`yes`                  |global   |no      |Send anonymous report to BunkerWeb maintainers.                                                                              |
+
+### ModSecurity
+
+STREAM support :x:
+
+Management of the ModSecurity WAF.
+
+|             Setting             |   Default    | Context |Multiple|               Description                |
+|---------------------------------|--------------|---------|--------|------------------------------------------|
+|`USE_MODSECURITY`                |`yes`         |multisite|no      |Enable ModSecurity WAF.                   |
+|`USE_MODSECURITY_CRS`            |`yes`         |multisite|no      |Enable OWASP Core Rule Set.               |
+|`MODSECURITY_SEC_AUDIT_ENGINE`   |`RelevantOnly`|multisite|no      |SecAuditEngine directive of ModSecurity.  |
+|`MODSECURITY_SEC_RULE_ENGINE`    |`On`          |multisite|no      |SecRuleEngine directive of ModSecurity.   |
+|`MODSECURITY_SEC_AUDIT_LOG_PARTS`|`ABCFHZ`      |multisite|no      |SecAuditLogParts directive of ModSecurity.|
+
+### PHP
+
+STREAM support :x:
+
+Manage local or remote PHP-FPM.
+
+|     Setting     |Default| Context |Multiple|                        Description                         |
+|-----------------|-------|---------|--------|------------------------------------------------------------|
+|`REMOTE_PHP`     |       |multisite|no      |Hostname of the remote PHP-FPM instance.                    |
+|`REMOTE_PHP_PATH`|       |multisite|no      |Root folder containing files in the remote PHP-FPM instance.|
+|`LOCAL_PHP`      |       |multisite|no      |Path to the PHP-FPM socket file.                            |
+|`LOCAL_PHP_PATH` |       |multisite|no      |Root folder containing files in the local PHP-FPM instance. |
+
+### Real IP
+
+STREAM support :warning:
+
+Get real IP of clients when BunkerWeb is behind a reverse proxy / load balancer.
+
+|      Setting       |                 Default                 | Context |Multiple|                                              Description                                               |
+|--------------------|-----------------------------------------|---------|--------|--------------------------------------------------------------------------------------------------------|
+|`USE_REAL_IP`       |`no`                                     |multisite|no      |Retrieve the real IP of client.                                                                         |
+|`USE_PROXY_PROTOCOL`|`no`                                     |multisite|no      |Enable PROXY protocol communication.                                                                    |
+|`REAL_IP_FROM`      |`192.168.0.0/16 172.16.0.0/12 10.0.0.0/8`|multisite|no      |List of trusted IPs / networks, separated with spaces, where proxied requests come from.                |
+|`REAL_IP_FROM_URLS` |                                         |global   |no      |List of URLs containing trusted IPs / networks, separated with spaces, where proxied requests come from.|
+|`REAL_IP_HEADER`    |`X-Forwarded-For`                        |multisite|no      |HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.                  |
+|`REAL_IP_RECURSIVE` |`yes`                                    |multisite|no      |Perform a recursive search in the header container IP address.                                          |
+
+### Redirect
+
+STREAM support :x:
+
+Manage HTTP redirects.
+
+|         Setting         |Default| Context |Multiple|                   Description                   |
+|-------------------------|-------|---------|--------|-------------------------------------------------|
+|`REDIRECT_TO`            |       |multisite|no      |Redirect a whole site to another one.            |
+|`REDIRECT_TO_REQUEST_URI`|`no`   |multisite|no      |Append the requested URI to the redirect address.|
+|`REDIRECT_TO_STATUS_CODE`|`301`  |multisite|no      |Status code to send to client when redirecting.  |
+
+### Redis
+
+STREAM support :white_check_mark:
+
+Redis server configuration when using BunkerWeb in cluster mode.
+
+|         Setting         |Default|Context|Multiple|                            Description                            |
+|-------------------------|-------|-------|--------|-------------------------------------------------------------------|
+|`USE_REDIS`              |`no`   |global |no      |Activate Redis.                                                    |
+|`REDIS_HOST`             |       |global |no      |Redis server IP or hostname.                                       |
+|`REDIS_PORT`             |`6379` |global |no      |Redis server port.                                                 |
+|`REDIS_DATABASE`         |`0`    |global |no      |Redis database number.                                             |
+|`REDIS_SSL`              |`no`   |global |no      |Use SSL/TLS connection with Redis server.                          |
+|`REDIS_TIMEOUT`          |`1000` |global |no      |Redis server timeout (in ms) for connect, read and write.          |
+|`REDIS_KEEPALIVE_IDLE`   |`30000`|global |no      |Max idle time (in ms) before closing redis connection in the pool. |
+|`REDIS_KEEPALIVE_POOL`   |`10`   |global |no      |Max number of redis connection(s) kept in the pool.                |
+|`REDIS_USERNAME`         |       |global |no      |Redis username used in AUTH command.                               |
+|`REDIS_PASSWORD`         |       |global |no      |Redis password used in AUTH command.                               |
+|`REDIS_SENTINEL_HOSTS`   |       |global |no      |Redis sentinel hosts with format host:[port] separated with spaces.|
+|`REDIS_SENTINEL_USERNAME`|       |global |no      |Redis sentinel username.                                           |
+|`REDIS_SENTINEL_PASSWORD`|       |global |no      |Redis sentinel password.                                           |
+|`REDIS_SENTINEL_MASTER`  |       |global |no      |Redis sentinel master name.                                        |
+
+### Reverse proxy
+
+STREAM support :warning:
+
+Manage reverse proxy configurations.
+
+|                Setting                |             Default              | Context |Multiple|                                                         Description                                                         |
+|---------------------------------------|----------------------------------|---------|--------|-----------------------------------------------------------------------------------------------------------------------------|
+|`USE_REVERSE_PROXY`                    |`no`                              |multisite|no      |Activate reverse proxy mode.                                                                                                 |
+|`REVERSE_PROXY_INTERCEPT_ERRORS`       |`yes`                             |multisite|no      |Intercept and rewrite errors.                                                                                                |
+|`REVERSE_PROXY_HOST`                   |                                  |multisite|yes     |Full URL of the proxied resource (proxy_pass).                                                                               |
+|`REVERSE_PROXY_URL`                    |                                  |multisite|yes     |Location URL that will be proxied.                                                                                           |
+|`REVERSE_PROXY_WS`                     |`no`                              |multisite|yes     |Enable websocket on the proxied resource.                                                                                    |
+|`REVERSE_PROXY_HEADERS`                |                                  |multisite|yes     |List of HTTP headers to send to proxied resource separated with semicolons (values for proxy_set_header directive).          |
+|`REVERSE_PROXY_HEADERS_CLIENT`         |                                  |multisite|yes     |List of HTTP headers to send to client separated with semicolons (values for add_header directive).                          |
+|`REVERSE_PROXY_BUFFERING`              |`yes`                             |multisite|yes     |Enable or disable buffering of responses from proxied resource.                                                              |
+|`REVERSE_PROXY_KEEPALIVE`              |`no`                              |multisite|yes     |Enable or disable keepalive connections with the proxied resource.                                                           |
+|`REVERSE_PROXY_AUTH_REQUEST`           |                                  |multisite|yes     |Enable authentication using an external provider (value of auth_request directive).                                          |
+|`REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL`|                                  |multisite|yes     |Redirect clients to sign-in URL when using REVERSE_PROXY_AUTH_REQUEST (used when auth_request call returned 401).            |
+|`REVERSE_PROXY_AUTH_REQUEST_SET`       |                                  |multisite|yes     |List of variables to set from the authentication provider, separated with semicolons (values of auth_request_set directives).|
+|`USE_PROXY_CACHE`                      |`no`                              |multisite|no      |Enable or disable caching of the proxied resources.                                                                          |
+|`PROXY_CACHE_PATH_LEVELS`              |`1:2`                             |global   |no      |Hierarchy levels of the cache.                                                                                               |
+|`PROXY_CACHE_PATH_ZONE_SIZE`           |`10m`                             |global   |no      |Maximum size of cached metadata when caching proxied resources.                                                              |
+|`PROXY_CACHE_PATH_PARAMS`              |`max_size=100m`                   |global   |no      |Additional parameters to add to the proxy_cache directive.                                                                   |
+|`PROXY_CACHE_METHODS`                  |`GET HEAD`                        |multisite|no      |HTTP methods that should trigger a cache operation.                                                                          |
+|`PROXY_CACHE_MIN_USES`                 |`2`                               |multisite|no      |The minimum number of requests before a response is cached.                                                                  |
+|`PROXY_CACHE_KEY`                      |`$scheme$host$request_uri`        |multisite|no      |The key used to uniquely identify a cached response.                                                                         |
+|`PROXY_CACHE_VALID`                    |`200=24h 301=1h 302=24h`          |multisite|no      |Define the caching time depending on the HTTP status code (list of status=time), separated with spaces.                      |
+|`PROXY_NO_CACHE`                       |`$http_pragma $http_authorization`|multisite|no      |Conditions to disable caching of responses.                                                                                  |
+|`PROXY_CACHE_BYPASS`                   |`0`                               |multisite|no      |Conditions to bypass caching of responses.                                                                                   |
+|`REVERSE_PROXY_CONNECT_TIMEOUT`        |`60s`                             |multisite|yes     |Timeout when connecting to the proxied resource.                                                                             |
+|`REVERSE_PROXY_READ_TIMEOUT`           |`60s`                             |multisite|yes     |Timeout when reading from the proxied resource.                                                                              |
+|`REVERSE_PROXY_SEND_TIMEOUT`           |`60s`                             |multisite|yes     |Timeout when sending to the proxied resource.                                                                                |
+|`REVERSE_PROXY_INCLUDES`               |                                  |multisite|yes     |Additional configuration to include in the location block, separated with spaces.                                            |
+
+### Reverse scan
+
+STREAM support :white_check_mark:
+
+Scan clients ports to detect proxies or servers.
+
+|       Setting        |         Default          | Context |Multiple|                           Description                            |
+|----------------------|--------------------------|---------|--------|------------------------------------------------------------------|
+|`USE_REVERSE_SCAN`    |`no`                      |multisite|no      |Enable scanning of clients ports and deny access if one is opened.|
+|`REVERSE_SCAN_PORTS`  |`22 80 443 3128 8000 8080`|multisite|no      |List of port to scan when using reverse scan feature.             |
+|`REVERSE_SCAN_TIMEOUT`|`500`                     |multisite|no      |Specify the maximum timeout (in ms) when scanning a port.         |
+
+### Self-signed certificate
+
+STREAM support :white_check_mark:
+
+Generate self-signed certificate.
+
+|         Setting          |       Default        | Context |Multiple|               Description               |
+|--------------------------|----------------------|---------|--------|-----------------------------------------|
+|`GENERATE_SELF_SIGNED_SSL`|`no`                  |multisite|no      |Generate and use self-signed certificate.|
+|`SELF_SIGNED_SSL_EXPIRY`  |`365`                 |multisite|no      |Self-signed certificate expiry in days.  |
+|`SELF_SIGNED_SSL_SUBJ`    |`/CN=www.example.com/`|multisite|no      |Self-signed certificate subject.         |
+
+### Sessions
+
+STREAM support :white_check_mark:
+
+Management of session used by other plugins.
+
+|          Setting          |Default |Context|Multiple|                                   Description                                   |
+|---------------------------|--------|-------|--------|---------------------------------------------------------------------------------|
+|`SESSIONS_SECRET`          |`random`|global |no      |Secret used to encrypt sessions variables for storing data related to challenges.|
+|`SESSIONS_NAME`            |`random`|global |no      |Name of the cookie given to clients.                                             |
+|`SESSIONS_IDLING_TIMEOUT`  |`1800`  |global |no      |Maximum time (in seconds) of inactivity before the session is invalidated.       |
+|`SESSIONS_ROLLING_TIMEOUT` |`3600`  |global |no      |Maximum time (in seconds) before a session must be renewed.                      |
+|`SESSIONS_ABSOLUTE_TIMEOUT`|`86400` |global |no      |Maximum time (in seconds) before a session is destroyed.                         |
+|`SESSIONS_CHECK_IP`        |`yes`   |global |no      |Destroy session if IP address is different than original one.                    |
+|`SESSIONS_CHECK_USER_AGENT`|`yes`   |global |no      |Destroy session if User-Agent is different than original one.                    |
+
+### UI
+
+STREAM support :x:
+
+Integrate easily the BunkerWeb UI.
+
+| Setting |Default| Context |Multiple|                Description                 |
+|---------|-------|---------|--------|--------------------------------------------|
+|`USE_UI` |`no`   |multisite|no      |Use UI                                      |
+|`UI_HOST`|       |global   |no      |Address of the web UI used for initial setup|
+
+### Whitelist
+
+STREAM support :warning:
+
+Allow access based on internal and external IP/network/rDNS/ASN whitelists.
+
+|          Setting          |                                                                                  Default                                                                                   | Context |Multiple|                                   Description                                    |
+|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|--------|----------------------------------------------------------------------------------|
+|`USE_WHITELIST`            |`yes`                                                                                                                                                                       |multisite|no      |Activate whitelist feature.                                                       |
+|`WHITELIST_IP`             |`20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247`         |multisite|no      |List of IP/network, separated with spaces, to put into the whitelist.             |
+|`WHITELIST_IP_URLS`        |                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing good IP/network to whitelist.     |
+|`WHITELIST_RDNS_GLOBAL`    |`yes`                                                                                                                                                                       |multisite|no      |Only perform RDNS whitelist checks on global IP addresses.                        |
+|`WHITELIST_RDNS`           |`.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com`|multisite|no      |List of reverse DNS suffixes, separated with spaces, to whitelist.                |
+|`WHITELIST_RDNS_URLS`      |                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.|
+|`WHITELIST_ASN`            |`32934`                                                                                                                                                                     |multisite|no      |List of ASN numbers, separated with spaces, to whitelist.                         |
+|`WHITELIST_ASN_URLS`       |                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing ASN to whitelist.                 |
+|`WHITELIST_USER_AGENT`     |                                                                                                                                                                            |multisite|no      |List of User-Agent (PCRE regex), separated with spaces, to whitelist.             |
+|`WHITELIST_USER_AGENT_URLS`|                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing good User-Agent to whitelist.     |
+|`WHITELIST_URI`            |                                                                                                                                                                            |multisite|no      |List of URI (PCRE regex), separated with spaces, to whitelist.                    |
+|`WHITELIST_URI_URLS`       |                                                                                                                                                                            |global   |no      |List of URLs, separated with spaces, containing bad URI to whitelist.             |
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@ -0,0 +1,468 @@
+# Troubleshooting
+
+!!! info "BunkerWeb Panel"
+	If you are unable to resolve your problems, you can [contact us directly via our panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc). This centralises all requests relating to the BunkerWeb solution.
+
+## Logs
+
+When troubleshooting, logs are your best friends. We try our best to provide user-friendly logs to help you understand what's happening.
+
+Please note that you can set `LOG_LEVEL` setting to `info` (default : `notice`) to increase the verbosity of BunkerWeb.
+
+Here is how you can access the logs, depending on your integration :
+
+=== "Docker"
+
+    !!! tip "List containers"
+    	To list the running containers, you can use the following command :
+    	```shell
+    	docker ps
+    	```
+
+    You can use the `docker logs` command (replace `mybunker` with the name of your container) :
+    ```shell
+    docker logs mybunker
+    ```
+
+    Here is the docker-compose equivalent (replace `mybunker` with the name of the services declared in the docker-compose.yml file) :
+    ```shell
+    docker-compose logs mybunker
+    ```
+
+=== "Docker autoconf"
+
+    !!! tip "List containers"
+    	To list the running containers, you can use the following command :
+    	```shell
+    	docker ps
+    	```
+
+    You can use the `docker logs` command (replace `mybunker` and `myautoconf` with the name of your containers) :
+    ```shell
+    docker logs mybunker
+    docker logs myautoconf
+    ```
+
+    Here is the docker-compose equivalent (replace `mybunker` and `myautoconf` with the name of the services declared in the docker-compose.yml file) :
+    ```shell
+    docker-compose logs mybunker
+    docker-compose logs myautoconf
+    ```
+
+=== "Swarm"
+
+    !!! tip "List services"
+    	To list the services, you can use the following command :
+    	```shell
+    	docker service ls
+    	```
+
+    You can use the `docker service logs` command (replace `mybunker` and `myautoconf` with the name of your services) :
+    ```shell
+    docker service logs mybunker
+    docker service logs myautoconf
+    ```
+
+=== "Kubernetes"
+
+    !!! tip "List pods"
+    	To list the pods, you can use the following command :
+    	```shell
+    	kubectl get pods
+    	```
+    You can use the `kubectl logs` command (replace `mybunker` and `myautoconf` with the name of your pods) :
+    ```shell
+    kubectl logs mybunker
+    kubectl logs myautoconf
+    ```
+
+=== "Linux"
+
+    For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
+    ```shell
+    journalctl -u bunkerweb --no-pager
+    ```
+
+    Common logs are located inside the `/var/log/bunkerweb` directory :
+    ```shell
+    cat /var/log/bunkerweb/error.log
+    cat /var/log/bunkerweb/access.log
+    ```
+
+=== "Ansible"
+
+    For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
+    ```shell
+    ansible -i inventory.yml all -a "journalctl -u bunkerweb --no-pager" --become
+    ```
+
+    Common logs are located inside the `/var/log/bunkerweb` directory :
+    ```shell
+    ansible -i inventory.yml all -a "cat /var/log/bunkerweb/error.log" --become
+    ansible -i inventory.yml all -a "cat /var/log/bunkerweb/access.log" --become
+    ```
+
+=== "Vagrant"
+
+    For errors related to BunkerWeb services (e.g. not starting), you can use `journalctl` :
+    ```shell
+    journalctl -u bunkerweb --no-pager
+    ```
+
+    Common logs are located inside the `/var/log/bunkerweb` directory :
+    ```shell
+    cat /var/log/bunkerweb/error.log
+    cat /var/log/bunkerweb/access.log
+    ```
+
+## Permissions
+
+Don't forget that BunkerWeb runs as an unprivileged user for obvious security reasons. Double-check the permissions of files and folders used by BunkerWeb, especially if you use custom configurations (more info [here](quickstart-guide.md#custom-configurations)). You will need to set at least **RW** rights on files and **_RWX_** on folders.
+
+## ModSecurity
+
+The default BunkerWeb configuration of ModSecurity is to load the Core Rule Set in anomaly scoring mode with a paranoia level (PL) of 1 :
+
+- Each matched rule will increase an anomaly score (so many rules can match a single request)
+- PL1 includes rules with fewer chances of false positives (but less security than PL4)
+- the default threshold for anomaly score is 5 for requests and 4 for responses
+
+Let's take the following logs as an example of ModSecurity detection using default configuration (formatted for better readability) :
+
+```log
+2022/04/26 12:01:10 [warn] 85#85: *11 ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `lfi-os-files.data' against variable `ARGS:id' (Value: `/etc/passwd' )
+	[file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"]
+	[line "78"]
+	[id "930120"]
+	[rev ""]
+	[msg "OS File Access Attempt"]
+	[data "Matched Data: etc/passwd found within ARGS:id: /etc/passwd"]
+	[severity "2"]
+	[ver "OWASP_CRS/3.3.2"]
+	[maturity "0"]
+	[accuracy "0"]
+	[tag "application-multi"]
+	[tag "language-multi"]
+	[tag "platform-multi"]
+	[tag "attack-lfi"]
+	[tag "paranoia-level/1"]
+	[tag "OWASP_CRS"]
+	[tag "capec/1000/255/153/126"]
+	[tag "PCI/6.5.4"]
+	[hostname "172.17.0.2"]
+	[uri "/"]
+	[unique_id "165097447014.179282"]
+	[ref "o1,10v9,11t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase"],
+	client: 172.17.0.1, server: localhost, request: "GET /?id=/etc/passwd HTTP/1.1", host: "localhost"
+2022/04/26 12:01:10 [warn] 85#85: *11 ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `unix-shell.data' against variable `ARGS:id' (Value: `/etc/passwd' )
+	[file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"]
+	[line "480"]
+	[id "932160"]
+	[rev ""]
+	[msg "Remote Command Execution: Unix Shell Code Found"]
+	[data "Matched Data: etc/passwd found within ARGS:id: /etc/passwd"]
+	[severity "2"]
+	[ver "OWASP_CRS/3.3.2"]
+	[maturity "0"]
+	[accuracy "0"]
+	[tag "application-multi"]
+	[tag "language-shell"]
+	[tag "platform-unix"]
+	[tag "attack-rce"]
+	[tag "paranoia-level/1"]
+	[tag "OWASP_CRS"]
+	[tag "capec/1000/152/248/88"]
+	[tag "PCI/6.5.2"]
+	[hostname "172.17.0.2"]
+	[uri "/"]
+	[unique_id "165097447014.179282"]
+	[ref "o1,10v9,11t:urlDecodeUni,t:cmdLine,t:normalizePath,t:lowercase"],
+	client: 172.17.0.1, server: localhost, request: "GET /?id=/etc/passwd HTTP/1.1", host: "localhost"
+2022/04/26 12:01:10 [error] 85#85: *11 [client 172.17.0.1] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `10' )
+	[file "/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"]
+	[line "80"]
+	[id "949110"]
+	[rev ""]
+	[msg "Inbound Anomaly Score Exceeded (Total Score: 10)"]
+	[data ""]
+	[severity "2"]
+	[ver "OWASP_CRS/3.3.2"]
+	[maturity "0"]
+	[accuracy "0"]
+	[tag "application-multi"]
+	[tag "language-multi"]
+	[tag "platform-multi"]
+	[tag "attack-generic"]
+	[hostname "172.17.0.2"]
+	[uri "/"]
+	[unique_id "165097447014.179282"]
+	[ref ""],
+	client: 172.17.0.1, server: localhost, request: "GET /?id=/etc/passwd HTTP/1.1", host: "localhost"
+```
+
+As we can see, there are 3 different logs :
+
+1. Rule **930120** matched
+2. Rule **932160** matched
+3. Access denied (rule **949110**)
+
+One important thing to understand is that rule **949110** is not a "real" one : it's the one that will deny the request because the anomaly threshold is reached (which is **10** in this example). You should never remove the **949110** rule !
+
+If it's a false-positive, you should then focus on both **930120** and **932160** rules. ModSecurity and/or CRS tuning is out of the scope of this documentation but don't forget that you can apply custom configurations before and after the CRS is loaded (more info [here](quickstart-guide.md#custom-configurations)).
+
+## Bad Behavior
+
+A common false-positive case is when the client is banned because of the "bad behavior" feature which means that too many suspicious HTTP status codes were generated within a time period (more info [here](security-tuning.md#bad-behavior)). You should start by reviewing the settings and then edit them according to your web application(s) like removing a suspicious HTTP code, decreasing the count time, increasing the threshold, ...
+
+## IP unban
+
+You can manually unban an IP which can be useful when doing some tests but it needs the setting `USE_API` set to `yes` (which is not the default) so you can contact the internal API of BunkerWeb (replace `1.2.3.4` with the IP address to unban) :
+
+=== "Docker"
+
+    You can use the `docker exec` command (replace `mybunker` with the name of your container) :
+    ```shell
+    docker exec mybunker bwcli unban 1.2.3.4
+    ```
+
+    Here is the docker-compose equivalent (replace `mybunker` with the name of the services declared in the docker-compose.yml file) :
+    ```shell
+    docker-compose exec mybunker bwcli unban 1.2.3.4
+    ```
+
+=== "Docker autoconf"
+
+    You can use the `docker exec` command (replace `myautoconf` with the name of your container) :
+    ```shell
+    docker exec myautoconf bwcli unban 1.2.3.4
+    ```
+
+    Here is the docker-compose equivalent (replace `myautoconf` with the name of the services declared in the docker-compose.yml file) :
+    ```shell
+    docker-compose exec myautoconf bwcli unban 1.2.3.4
+    ```
+
+=== "Swarm"
+
+    You can use the `docker exec` command (replace `myautoconf` with the name of your service) :
+    ```shell
+    docker exec $(docker ps -q -f name=myautoconf) bwcli unban 1.2.3.4
+    ```
+
+=== "Kubernetes"
+
+    You can use the `kubectl exec` command (replace `myautoconf` with the name of your pod) :
+    ```shell
+    kubectl exec myautoconf bwcli unban 1.2.3.4
+    ```
+
+=== "Linux"
+
+    You can use the `bwcli` command (as root) :
+    ```shell
+    sudo bwcli unban 1.2.3.4
+    ```
+
+=== "Ansible"
+
+    You can use the `bwcli` command :
+    ```shell
+	ansible -i inventory.yml all -a "bwcli unban 1.2.3.4" --become
+    ```
+
+=== "Vagrant"
+
+    You can use the `bwcli` command (as root) :
+    ```shell
+    sudo bwcli unban 1.2.3.4
+    ```
+
+## Whitelisting
+
+If you have bots that need to access your website, the recommended way to avoid any false positive is to whitelist them using the [whitelisting feature](security-tuning.md#blacklisting-and-whitelisting). We don't recommend using the `WHITELIST_URI*` or `WHITELIST_USER_AGENT*` settings unless they are set to secret and unpredictable values. Common use cases are :
+
+- Healthcheck / status bot
+- Callback like IPN or webhook
+- Social media crawler
+
+## Timezone
+
+When using container-based integrations, the timezone of the container may not match the one of the host machine. To resolve that, you can set the `TZ` environment variable to the timezone of your choice on your containers (e.g. `TZ=Europe/Paris`). You will find the list of timezone identifiers [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).
+
+## Web UI
+
+In case you lost your UI credentials or have 2FA issues, you can connect to the database to retrieve access.
+
+**Access database**
+
+=== "SQLite"
+
+    === "Linux"
+
+        Install SQLite (Debian/Ubuntu) :
+
+        ```shell
+        sudo apt install sqlite3
+        ```
+
+        Install SQLite (Fedora/RedHat) :
+
+        ```shell
+        sudo dnf install sqlite
+        ```
+
+    === "Docker"
+
+        Get a shell into your scheduler container :
+
+        !!! note "Docker arguments"
+            - the `-u 0` option is to run the command as root (mandatory)
+            - the `-it` options are to run the command interactively (mandatory)
+            - `<bunkerweb_scheduler_container>` : the name or ID of your scheduler container
+
+        ```shell
+        docker exec -u 0 -it <bunkerweb_scheduler_container> bash
+        ```
+
+        Install SQLite :
+
+        ```bash
+        apk add sqlite
+        ```
+
+    Access your database :
+
+    !!! note "Database path"
+        We assume that you are using the default database path. If you are using a custom path, you will need to adapt the command.
+
+    ```bash
+    sqlite3 /var/lib/bunkerweb/db.sqlite3
+    ```
+
+    You should see something like this :
+
+    ```text
+    SQLite version <VER> <DATE>
+    Enter ".help" for usage hints.
+    sqlite>
+    ```
+
+=== "MariaDB / MySQL"
+
+    !!! note "MariaDB / MySQL only"
+        The following steps are only valid for MariaDB / MySQL databases. If you are using another database, please refer to the documentation of your database.
+
+    !!! note "Credentials and database name"
+        You will need to use the same credentials and database named used in the `DATABASE_URI` setting.
+
+    === "Linux"
+
+        Access your local database :
+
+        ```bash
+        mysql -u <user> -p <database>
+        ```
+
+        Then enter your password of the database user and you should be able to access your database.
+
+    === "Docker"
+
+        Access your database container :
+
+        !!! note "Docker arguments"
+            - the `-u 0` option is to run the command as root (mandatory)
+            - the `-it` options are to run the command interactively (mandatory)
+            - `<bunkerweb_db_container>` : the name or ID of your database container
+            - `<user>` : the database user
+            - `<database>` : the database name
+
+        ```shell
+        docker exec -u 0 -it <bunkerweb_db_container> mysql -u <user> -p <database>
+        ```
+
+        Then enter your password of the database user and you should be able to access your database.
+
+**Troubleshooting actions**
+
+!!! info "Table schema"
+    The schema of the `bw_ui_users` table is the following :
+
+    ```sql
+    id INTEGER PRIMARY KEY AUTOINCREMENT
+    username VARCHAR(256) NOT NULL UNIQUE
+    password VARCHAR(60) NOT NULL
+    is_two_factor_enabled BOOLEAN NOT NULL DEFAULT 0
+    secret_token VARCHAR(32) DEFAULT NULL
+    method ("manual" or "ui") NOT NULL DEFAULT 'manual'
+    ```
+
+=== "Retrieve username"
+
+    Execute the following command to extract data from the `bw_ui_users` table :
+
+    ```sql
+    SELECT * FROM bw_ui_users;
+    ```
+
+    You should see something like this :
+    ```text
+    1|<username>|<password_hash>|1|<secret_totp_token>|(manual or ui)
+    ```
+
+=== "Update password"
+
+    You first need to hash the new password using the bcrypt algorithm.
+
+    Install the Python bcrypt library :
+
+    ```shell
+    pip install bcrypt
+    ```
+
+    Generate your hash (replace `mypassword` with your own password) :
+
+    ```shell
+    python -c 'from bcrypt import hashpw, gensalt ; print(hashpw("mypassword".encode("utf-8"), gensalt(rounds=13)).decode())'
+    ```
+
+    You can update your username / password executing this command :
+
+    ```sql
+    UPDATE bw_ui_users SET username = <username>, password = <password_hash> WHERE id = 1;
+    ```
+
+    If you check again your `bw_ui_users` table following this command :
+
+    ```sql
+    SELECT * FROM bw_ui_users;
+    ```
+
+    You should see something like this :
+
+    ```text
+    1|<username>|<password_hash>|0||(manual or ui)
+    ```
+
+    You should now be able to use the new credentials to log into the web UI.
+
+=== "Disable 2FA authentication"
+
+    You can deactivate 2FA by executing this command :
+
+    ```sql
+    UPDATE bw_ui_users SET is_two_factor_enabled = 0, secret_token = NULL WHERE id = 1;
+    ```
+
+    If you check again your `bw_ui_users` table by following this command :
+
+    ```sql
+    SELECT * FROM bw_ui_users;
+    ```
+
+    You should see something like this :
+
+    ```text
+    1|<username>|<password_hash>|0||(manual or ui)
+    ```
+
+    You should now be able to log into the web UI only using your username and password.
--- a/docs/web-ui.md
+++ b/docs/web-ui.md
--- a/examples/authelia/authelia/configuration.yml
+++ b/examples/authelia/authelia/configuration.yml
@ -0,0 +1,78 @@
+---
+###############################################################
+#                   Authelia configuration                    #
+###############################################################
+
+jwt_secret: a_very_important_secret
+default_redirection_url: https://auth.example.com
+
+ntp:
+  disable_failure: true
+
+server:
+  host: 0.0.0.0
+  port: 9091
+
+log:
+  level: debug
+# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+
+totp:
+  issuer: authelia.com
+
+# duo_api:
+#  hostname: api-123456789.example.com
+#  integration_key: ABCDEF
+#  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
+#  secret_key: 1234567890abcdefghifjkl
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+access_control:
+  default_policy: deny
+  rules:
+    # Rules applied to everyone
+    - domain: auth.example.com
+      policy: bypass
+    - domain: app1.example.com
+      policy: one_factor
+    - domain: app2.example.com
+      policy: two_factor
+
+session:
+  name: authelia_session
+  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+  secret: unsecure_session_secret
+  expiration: 3600 # 1 hour
+  inactivity: 300 # 5 minutes
+  domain: example.com # Should match whatever your root protected domain is
+
+  redis:
+    host: redis
+    port: 6379
+    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+    # password: authelia
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  filesystem:
+    filename: /config/notification.txt
+#notifier:
+#  smtp:
+#    username: test
+# This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+#    password: password
+#    host: mail.example.com
+#    port: 25
+#    sender: admin@example.com
--- a/examples/authelia/authelia/users_database.yml
+++ b/examples/authelia/authelia/users_database.yml
@ -0,0 +1,17 @@
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  authelia:
+    displayname: "Authelia User"
+    # Password is authelia
+    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
+    email: authelia@authelia.com
+    groups:
+      - admins
+      - dev
--- a/examples/authelia/autoconf.yml
+++ b/examples/authelia/autoconf.yml
@ -0,0 +1,81 @@
+version: "3"
+
+services:
+  # APPLICATIONS
+  app1:
+    image: tutum/hello-world
+    networks:
+      bw-services:
+        aliases:
+          - app1
+    labels:
+      - bunkerweb.SERVER_NAME=app1.example.com
+      - bunkerweb.USE_REVERSE_PROXY=yes
+      - bunkerweb.REVERSE_PROXY_URL=/
+      - bunkerweb.REVERSE_PROXY_HOST=http://app1
+      - bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
+      - bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
+      - bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
+      - bunkerweb.REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
+      - bunkerweb.REVERSE_PROXY_URL_999=/authelia
+      - bunkerweb.REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
+      - bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
+
+  app2:
+    image: tutum/hello-world
+    networks:
+      bw-services:
+        aliases:
+          - app2
+    labels:
+      - bunkerweb.SERVER_NAME=app2.example.com
+      - bunkerweb.USE_REVERSE_PROXY=yes
+      - bunkerweb.REVERSE_PROXY_URL=/
+      - bunkerweb.REVERSE_PROXY_HOST=http://app2
+      - bunkerweb.REVERSE_PROXY_AUTH_REQUEST=/authelia
+      - bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
+      - bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
+      - bunkerweb.REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
+      - bunkerweb.REVERSE_PROXY_URL_999=/authelia
+      - bunkerweb.REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
+      - bunkerweb.REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
+
+  # AUTHELIA
+  authelia:
+    image: authelia/authelia:4
+    networks:
+      bw-services:
+        aliases:
+          - authelia
+    volumes:
+      - ./authelia:/config
+    restart: unless-stopped
+    healthcheck:
+      disable: true
+    environment:
+      - TZ=Europe/Paris
+    labels:
+      - bunkerweb.SERVER_NAME=auth.example.com
+      - bunkerweb.USE_REVERSE_PROXY=yes
+      - bunkerweb.REVERSE_PROXY_URL=/
+      - bunkerweb.REVERSE_PROXY_HOST=http://authelia:9091
+      - bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no
+
+  redis:
+    image: redis:7-alpine
+    networks:
+      bw-services:
+        aliases:
+          - redis
+    volumes:
+      - ./redis:/data
+    expose:
+      - 6379
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Paris
+
+networks:
+  bw-services:
+    external: true
+    name: bw-services
--- a/examples/authelia/docker-compose.yml
+++ b/examples/authelia/docker-compose.yml
@ -0,0 +1,116 @@
+version: "3.4"
+
+services:
+  mybunker:
+    image: bunkerity/bunkerweb:1.5.6
+    ports:
+      - 80:8080
+      - 443:8443
+    labels:
+      - "bunkerweb.INSTANCE=yes"
+    networks:
+      - bw-universe
+      - bw-services
+    environment:
+      - MULTISITE=yes
+      - SERVER_NAME=auth.example.com app1.example.com app2.example.com # replace with your domains
+      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
+      - SERVE_FILES=no
+      - DISABLE_DEFAULT_SERVER=yes
+      - AUTO_LETS_ENCRYPT=yes
+      - USE_CLIENT_CACHE=yes
+      - USE_GZIP=yes
+      - USE_REVERSE_PROXY=yes
+      # Proxy to auth_request URI
+      - REVERSE_PROXY_URL_999=/authelia
+      - REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
+      - REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
+      # Authelia
+      - auth.example.com_REVERSE_PROXY_URL=/
+      - auth.example.com_REVERSE_PROXY_HOST=http://authelia:9091
+      - auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
+      # Applications
+      - app1.example.com_REVERSE_PROXY_URL=/
+      - app1.example.com_REVERSE_PROXY_HOST=http://app1
+      - app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
+      - app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
+      - app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
+      - app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
+      - app2.example.com_REVERSE_PROXY_URL=/
+      - app2.example.com_REVERSE_PROXY_HOST=http://app2
+      - app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
+      - app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
+      - app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
+      - app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.6
+    depends_on:
+      - mybunker
+    environment:
+      - DOCKER_HOST=tcp://bw-docker-proxy:2375
+    networks:
+      - bw-universe
+      - bw-docker
+    volumes:
+      - bw-data:/data
+
+  bw-docker-proxy:
+    image: tecnativa/docker-socket-proxy:nightly
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+      - LOG_LEVEL=warning
+    networks:
+      - bw-docker
+
+  # APPLICATIONS
+  app1:
+    image: tutum/hello-world
+    networks:
+      - bw-services
+  app2:
+    image: tutum/hello-world
+    networks:
+      - bw-services
+
+  # AUTHELIA
+  authelia:
+    image: authelia/authelia:4
+    container_name: authelia
+    networks:
+      - bw-services
+    volumes:
+      - ./authelia:/config
+    restart: unless-stopped
+    healthcheck:
+      disable: true
+    environment:
+      - TZ=Europe/Paris
+
+  redis:
+    image: redis:7-alpine
+    container_name: redis
+    networks:
+      - bw-services
+    volumes:
+      - ./redis:/data
+    expose:
+      - 6379
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Paris
+
+volumes:
+  bw-data:
+
+networks:
+  bw-universe:
+    name: bw-universe
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  bw-docker:
--- a/examples/authelia/kubernetes.yml
+++ b/examples/authelia/kubernetes.yml
@ -0,0 +1,303 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress
+  annotations:
+    bunkerweb.io/AUTO_LETS_ENCRYPT: "yes"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_AUTH_REQUEST: "/authelia"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: "https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET: "$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_HEADERS: "Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_URL_999: "/authelia"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_HOST_999: "http://authelia:9091/api/verify"
+    bunkerweb.io/app1.example.com_REVERSE_PROXY_HEADERS_999: "X-Original-URL $scheme://$http_host$request_uri;Content-Length ''"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_AUTH_REQUEST: "/authelia"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: "https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET: "$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_HEADERS: "Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_URL_999: "/authelia"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_HOST_999: "http://authelia:9091/api/verify"
+    bunkerweb.io/app2.example.com_REVERSE_PROXY_HEADERS_999: "X-Original-URL $scheme://$http_host$request_uri;Content-Length ''"
+    bunkerweb.io/auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
+spec:
+  rules:
+    - host: app1.example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: svc-app1
+                port:
+                  number: 80
+    - host: app2.example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: svc-app2
+                port:
+                  number: 80
+    - host: auth.example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: svc-authelia
+                port:
+                  number: 9091
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app1
+  labels:
+    app: app1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: app1
+  template:
+    metadata:
+      labels:
+        app: app1
+    spec:
+      containers:
+        - name: app1
+          image: tutum/hello-world
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc-app1
+spec:
+  selector:
+    app: app1
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app2
+  labels:
+    app: app2
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: app2
+  template:
+    metadata:
+      labels:
+        app: app2
+    spec:
+      containers:
+        - name: app2
+          image: tutum/hello-world
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc-app2
+spec:
+  selector:
+    app: app2
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cfg-authelia
+data:
+  configuration.yml: |
+    ---
+    ###############################################################
+    #                   Authelia configuration                    #
+    ###############################################################
+
+    jwt_secret: a_very_important_secret
+    default_redirection_url: https://auth.example.com
+
+    ntp:
+      disable_failure: true
+
+    server:
+      host: 0.0.0.0
+      port: 9091
+
+    log:
+      level: debug
+    # This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+
+    totp:
+      issuer: authelia.com
+
+    # duo_api:
+    #  hostname: api-123456789.example.com
+    #  integration_key: ABCDEF
+    #  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
+    #  secret_key: 1234567890abcdefghifjkl
+
+    authentication_backend:
+      file:
+        path: /config/users_database.yml
+
+    access_control:
+      default_policy: deny
+      rules:
+        # Rules applied to everyone
+        - domain: auth.example.com
+          policy: bypass
+        - domain: app1.example.com
+          policy: one_factor
+        - domain: app2.example.com
+          policy: two_factor
+
+    session:
+      name: authelia_session
+      # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+      secret: unsecure_session_secret
+      expiration: 3600  # 1 hour
+      inactivity: 300  # 5 minutes
+      domain: example.com  # Should match whatever your root protected domain is
+
+      redis:
+        host: svc-redis
+        port: 6379
+        # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
+        # password: authelia
+
+    regulation:
+      max_retries: 3
+      find_time: 120
+      ban_time: 300
+
+    storage:
+      encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
+      local:
+        path: /config/db.sqlite3
+
+    notifier:
+      filesystem:
+        filename: /config/notification.txt
+    #notifier:
+    #  smtp:
+    #    username: test
+        # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
+    #    password: password
+    #    host: mail.example.com
+    #    port: 25
+    #    sender: admin@example.com
+    ...
+  users_database.yml: |
+    ---
+    ###############################################################
+    #                         Users Database                      #
+    ###############################################################
+
+    # This file can be used if you do not have an LDAP set up.
+
+    # List of users
+    users:
+      authelia:
+        displayname: "Authelia User"
+        # Password is authelia
+        password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"  # yamllint disable-line rule:line-length
+        email: authelia@authelia.com
+        groups:
+          - admins
+          - dev
+    ...
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authelia
+  labels:
+    app: authelia
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: authelia
+  template:
+    metadata:
+      labels:
+        app: authelia
+    spec:
+      containers:
+        - name: authelia
+          image: authelia/authelia
+          env:
+            - name: TZ
+              value: "Europe/Paris"
+          volumeMounts:
+            - name: config
+              mountPath: /config/configuration.yml
+              subPath: configuration.yml
+            - name: config
+              mountPath: /config/users_database.yml
+              subPath: users_database.yml
+      volumes:
+        - name: config
+          configMap:
+            name: cfg-authelia
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc-authelia
+spec:
+  selector:
+    app: authelia
+  ports:
+    - protocol: TCP
+      port: 9091
+      targetPort: 9091
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+  labels:
+    app: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: redis
+          image: redis:alpine
+          env:
+            - name: TZ
+              value: "Europe/Paris"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: svc-redis
+spec:
+  selector:
+    app: redis
+  ports:
+    - protocol: TCP
+      port: 6379
+      targetPort: 6379
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`src/ui/templates/profile.html:hashicorp-tf-password:343`
				`@ -0,0 +1 @@`
				<mxfile host="app.diagrams.net" modified="2022-10-13T12:11:36.746Z" agent="5.0 (Windows)" etag="qIM9S_K3KBWfpHSqmD4a" version="20.4.0"><diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">7Z1df6I4FIc/jZfdHxDevFSkrVuHzqjdrntHlVF20HQR2zqffkMhAglqtEJoYW4Gjrz/z3OScxJoCxjLtxvffl58gzPHa0nC7K0Fei1JkkRdR/+Flm1sAWo7ssx9dxbZxMQwcn87sVGIrRt35qwzGwYQeoH7nDVO4WrlTIOMzfZ9+Jrd7Cf0smd9tucOZRhNbY+2PrqzYBFZdUlL7LeOO1/gM4v4/pY23ji+k/XCnsHXlAmYLWD4EAbR0vLNcLzw6eHn8tjfPnqDX+rNnz/W/9kP3bux9ddVdLDrU3bZ3YLvrIKzD73a2Lf9lfFyfbUdXc2DjvjPuH8lg+jYL7a3iR9YfLPBFj9BZ4YeaLwK/WAB53Ble2Zi7fpws5o54XkEtJZsM4DwGRlFZPzXCYJt7B32JoDItAiWXvxrdM7wRIRoR+443m4NN/7UOXCbsYKB7c+d4NDjkHa6IiIcuHQCf4t29B3PDtyX7NXZsWfOd9slTx8txAKcIIaQo4XqoevtztwXtDgPFzuGYY5G+Ad0ntRvOZt3zZu+he1PPrkluT8pvechTkOJXxdu4Iye7ffH/IpiRZ6AL44fOG9nSEg/cRyA2nJ0nDj8KNHaa0KyiPFcpCjWhYIkwnh8cV5kRl6kPeqVw4tMafF42x+bg/5obKI19GyvKXH8BVw+bdbHPfqn63kG9KD/vh8QRUXVtNAOV0HKfv3+r0ACVFXIEHCF/T3NgJLDgAgKg4B+8F8Rgl135SgFgCcF+MBHmo3B0Oz0JiEVzI0B3Zh0LCsh68w2hZ3APaTtI7MoAvV29QhU60EgYCVQ4Uog3YnuDjrG3YUaoopgIO56WhXiQK8HBworBxpXDhRKjZuhOfliGAClehhoLF0A4/7BGg8nTWt/WF9Fr5y+oB5Zp9RmDHOAa9qJL/Mwbbuol5RfjhLXs0bdQe2BE9v8gatHhgtYM1zANcMFTBnuOcB1H6w7c2iZ49pBR/ZiqgBdXi+mfOjQY/W3f6dXJuHB/lDwau8tPni0to3XCoeVNRkG+gdhjXf9Dl104YnLCHLWZSRFyR4jurJ4N8IZdtfxAf/IG6uikB52xiYz/4P+t/64hn1cMpWvAv108niQfsd7gq9p8N8N6IfwcblT23sHdNYJh5CRderZ67U7zeqRjRXngu+8ucFuN7Sc2gutJTuFK2UFC5wRHq8YtPM9JeUIeX6AbR+NKaqWdUSF9K/oTqmYQh9JI1xaJscA90Qn5CD2NrXZc7jB+sAla8SAjKhmxt3RQnTIi8Y+WWmaQrKFYxnP55oogrzqJD0yY4373fuwB2rcmsYdc9tlmWavfk2X1q5cy4W7RRedt2Fava8zawMpQotU6rwNWW3iJxkWWeKnkK9zSfM7mPL+UQqVo1gZt53BwLRu9qYIZHzcuYDIECOzsRB1BAxVPxA7i8JPJgpqzNOm1MLwk7niJ1QMP4kVP670SSz0fR/en9SuDc0fD+ZofH6H5SsAydocFscj04Bhz7TYRwsbYdMq8lP2xBkRBZZRUoF2komzh8soeLkKZRSZtYyyr6NUThll97JF7IaA7EezVlEkorYByKTpQkUUmaw/KmXUUPLGbT9VhTHBYdJK6o2cKozMOcSeOUnloLErKOKyIBl5WdEgR6llsRg0qAJHGWgoeSWMBo2ip63yRUMjau9y+0w0dLL0LheDRlvggUZeEaJBo+iZrJxbDeFSrYZSTqshCjx6VEpeiaBho+gxW85skEO2pEuzsqGSzQYJ2aXYEAEPNk58s7rqbAh82WCdGsyZDfVIT4iZDTKjJ/tmn5uNE6fXNmwcYoN5Fi/ndIPwtLOn+mhkJl7UTB8+fapPPw+uUmx8jlScDPfntxtkAbegdqMt8kCDbT7VYHD/2Axb5XrznmErgN2N27CV0tTmecyPVPa8KlBSb5kojijnDlupwpGuxYWiHjlbGWglRD3MXAXQIEZ0RVY00t0BziO6CvPUYa4juoB412ZXkDwVDUAMJ8lKMWjIZMJaBhpasXnkCq6cg1yc0eFFh792w7ssZ/4CTx/WyfB+bqFQJI+EneviGR8gP7ZVxrsdGkvGV0pf5oPuWPHuxnE3Yq5AENGZtXJ9MY+hEyHrnvIZlDQEWS9ZBz785eBMIw5v6aQkNtmeO1+FroZkd5C9i+NjJ/5h6c5m7wE0L+HJ+mKroByGHHSmp1SqOa5U2EsgGp3A1E4SUSAjPl9NdLrnXD9NJL1amtDTKSbmqG6iKGK1RJEaUChN8mbpl6sKPYJcP1U08jslgLcqdM5ZP1XIRoU/K3QOVT9VBKFqqtCfqa1fY08WjfmrQr/8VTtWdLJcib+ozE0UOqWvISrkpzfxRCFeqrTpDLJ+qlBj/XidmypNDhmqIFdNliaLROmJVjVV6CyyhrAoxBdp+MtCp5GNLLtvqfGThc4jaygLFcS4y9IkknktfnGyoNXkDxtGw5bJ34cE5v8=</diagram></mxfile>