Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

prepare for 1.5.1 🚀

Browse source
This commit is contained in:
florian 2023-06-14 21:39:12 +02:00
parent 4023e6dc69
commit dcf1561358
No known key found for this signature in database
GPG key ID: 3D80806F12602A7C
28 changed files with 29 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -12,10 +12,17 @@
- [BUGFIX] Custom certificate bug after the refactoring
- [BUGFIX] Fix wrong variables in header phase (fix CORS feature too)
- [BUGFIX] Fix UI not working in Ubuntu (python zope module)
- [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
- [PERFORMANCE] Reduce CPU usage of scheduler
- [PERFORMANCE] Cache ngx.ctx instead of loading it each time
- [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
- [FEATURE] Add Turnstile antibot mode
- [FEATURE] Add more CORS headers
- [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
- [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
- [MISC] Temp remove VMWare provider for Vagrant integration
- [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
## v1.5.0 - 2023/05/23

13
README.md
View file

@ -305,12 +305,13 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| Name | Version | Description | Link |
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
| **ClamAV** | 1.0 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **CrowdSec** | 1.0 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.0 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.0 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.0 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **Coraza** | 0.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **ClamAV** | 1.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.1 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.1/plugins) of the documentation.

2
SECURITY.md
View file

@ -4,7 +4,7 @@ Even though this project is focused on security, it is still prone to possible v
## Responsible disclosure
If you have found a security bug, please send us an email at security \[@\] bunkerity.com with technical details so we can resolve it as soon as possible.
If you have found a security bug, please send us an email at security \[@\] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.
Here is a non-exhaustive list of issues we consider as high risk :
- Vulnerability in the code

15
docs/plugins.md
View file

@ -8,12 +8,13 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
| Name | Version | Description | Link |
| :------------: | :-----: | :------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------: |
| **ClamAV** | 1.0 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **CrowdSec** | 1.0 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.0 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.0 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.0 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **Coraza** | 0.1 | Inspect requests using a Core Rule Set and deny malicious ones. | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **ClamAV** | 1.1 | Automatically scans uploaded files with the ClamAV antivirus engine and denies the request when a file is detected as malicious. | [bunkerweb-plugins/clamav](https://github.com/bunkerity/bunkerweb-plugins/tree/main/clamav) |
| **Coraza** | 1.1 | Inspect requests using a the Coraza WAF (alternative of ModSecurity). | [bunkerweb-plugins/coraza](https://github.com/bunkerity/bunkerweb-plugins/tree/main/coraza) |
| **CrowdSec** | 1.1 | CrowdSec bouncer for BunkerWeb. | [bunkerweb-plugins/crowdsec](https://github.com/bunkerity/bunkerweb-plugins/tree/main/crowdsec) |
| **Discord** | 1.1 | Send security notifications to a Discord channel using a Webhook. | [bunkerweb-plugins/discord](https://github.com/bunkerity/bunkerweb-plugins/tree/main/discord) |
| **Slack** | 1.1 | Send security notifications to a Slack channel using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/slack) |
| **VirusTotal** | 1.1 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) |
| **WebHook** | 1.1 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) |
## How to use a plugin
@ -21,7 +22,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug
If you want to quickly install external plugins, you can use the `EXTERNAL_PLUGIN_URLS` setting. It takes a list of URLs, separated with space, pointing to compressed (zip format) archive containing one or more plugin(s).
You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.0.zip`
You can use the following value if you want to automatically install the official plugins : `EXTERNAL_PLUGIN_URLS=https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.1.zip`
### Manual

1
docs/settings.md
View file

@ -65,7 +65,6 @@ Bot detection by using a challenge.
|`ANTIBOT_RECAPTCHA_SCORE` |`0.7` |multisite|no |Minimum score required for reCAPTCHA challenge. |
|`ANTIBOT_RECAPTCHA_SITEKEY`| |multisite|no |Sitekey for reCAPTCHA challenge. |
|`ANTIBOT_RECAPTCHA_SECRET` | |multisite|no |Secret for reCAPTCHA challenge. |
|`ANTIBOT_HCAPTCHA_PASSIVE` |`no` |multisite|no |Use hCaptcha in passive mode. |
|`ANTIBOT_HCAPTCHA_SITEKEY` | |multisite|no |Sitekey for hCaptcha challenge. |
|`ANTIBOT_HCAPTCHA_SECRET` | |multisite|no |Secret for hCaptcha challenge. |
|`ANTIBOT_TURNSTILE_SITEKEY`| |multisite|no |Sitekey for Turnstile challenge. |

22
docs/web-ui.md
View file

@ -55,7 +55,6 @@ Because the web UI is a web application, the recommended installation procedure
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `ABSOLUTE_URI` : full URI of your web UI instance (like `http://www.example.com/foo/`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.
@ -88,7 +87,6 @@ Because the web UI is a web application, the recommended installation procedure
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:
- bw-universe
@ -125,7 +123,6 @@ Because the web UI is a web application, the recommended installation procedure
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the changeme user
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker
@ -178,7 +175,6 @@ Because the web UI is a web application, the recommended installation procedure
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `ABSOLUTE_URI` : full URI of your web UI instance (like `http://www.example.com/foo/`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler and autoconf) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.
@ -270,14 +266,12 @@ Because the web UI is a web application, the recommended installation procedure
- AUTOCONF_MODE=yes
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
labels:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:
@ -316,7 +310,6 @@ Because the web UI is a web application, the recommended installation procedure
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `ABSOLUTE_URI` : full URI of your web UI instance (like `http://www.example.com/foo/`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler and autoconf) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.
@ -422,7 +415,6 @@ Because the web UI is a web application, the recommended installation procedure
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the changeme user
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker
@ -433,9 +425,8 @@ Because the web UI is a web application, the recommended installation procedure
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS=no"
- "INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:
bw-data:
@ -466,7 +457,6 @@ Because the web UI is a web application, the recommended installation procedure
- `ADMIN_USERNAME` : username to access the web UI
- `ADMIN_PASSWORD` : password to access the web UI
- `ABSOLUTE_URI` : full URI of your web UI instance (like `http://www.example.com/foo/`)
Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). Network segmentation between web UI and web services is not covered in this documentation. Please note that the web UI container is listening on the `7000` port.
@ -715,8 +705,6 @@ Because the web UI is a web application, the recommended installation procedure
value: "changeme"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/changeme/"
- name: KUBERNETES_MODE
value: "YES"
- name: "DATABASE_URI"
@ -791,8 +779,8 @@ Because the web UI is a web application, the recommended installation procedure
name: ingress
annotations:
bunkerweb.io/www.example.com_USE_UI: "yes"
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
bunkerweb.io/www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS: "no"
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: '400 404 405 413 429 500 501 502 503 504'
spec:
rules:
- host: www.example.com
@ -822,7 +810,6 @@ Because the web UI is a web application, the recommended installation procedure
```conf
ADMIN_USERNAME=changeme
ADMIN_PASSWORD=changeme
ABSOLUTE_URI=http://www.example.com/changeme/
```
Each time you edit the `/etc/bunkerweb/ui.env` file, you will need to restart the service :
@ -846,7 +833,6 @@ Because the web UI is a web application, the recommended installation procedure
www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/changeme/
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
```
@ -865,7 +851,6 @@ Because the web UI is a web application, the recommended installation procedure
```conf
ADMIN_USERNAME=changeme
ADMIN_PASSWORD=changeme
ABSOLUTE_URI=http://www.example.com/changeme/
```
Here is the `my_variables.env` boilerplate you can use :
@ -880,7 +865,6 @@ Because the web UI is a web application, the recommended installation procedure
www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/changeme/
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
```
@ -932,7 +916,6 @@ Because the web UI is a web application, the recommended installation procedure
```conf
ADMIN_USERNAME=changeme
ADMIN_PASSWORD=changeme
ABSOLUTE_URI=http://www.example.com/changeme/
```
Each time you edit the `/etc/bunkerweb/ui.env` file, you will need to restart the service :
@ -955,7 +938,6 @@ Because the web UI is a web application, the recommended installation procedure
www.example.com_USE_REVERSE_PROXY=yes
www.example.com_REVERSE_PROXY_URL=/changeme/
www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000
www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
```

3
examples/web-ui/docker-compose.yml
View file

@ -19,9 +19,7 @@ services:
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/ # replace with another url
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme # replace with another url
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
- www.example.com_SECURITY_POLICY=object-src 'none'; frame-ancestors 'self';
labels:
- "bunkerweb.INSTANCE"
networks:
@ -45,7 +43,6 @@ services:
depends_on:
- bw-docker-proxy
environment:
- ABSOLUTE_URI=https://www.example.com/changeme/ # replace with another url
- DOCKER_HOST=tcp://bw-docker-proxy:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme # replace with a stronger password

2
misc/integrations/autoconf.mariadb.ui.yml
View file

@ -79,14 +79,12 @@ services:
- AUTOCONF_MODE=yes
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
labels:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
misc/integrations/autoconf.mysql.ui.yml
View file

@ -79,14 +79,12 @@ services:
- AUTOCONF_MODE=yes
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
labels:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
misc/integrations/autoconf.postgres.ui.yml
View file

@ -78,14 +78,12 @@ services:
- AUTOCONF_MODE=yes
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
labels:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
misc/integrations/autoconf.ui.yml
View file

@ -69,14 +69,12 @@ services:
- AUTOCONF_MODE=yes
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
labels:
- "bunkerweb.SERVER_NAME=www.example.com"
- "bunkerweb.USE_UI=yes"
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
misc/integrations/docker.mariadb.ui.yml
View file

@ -20,7 +20,6 @@ services:
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:
- bw-universe
@ -57,7 +56,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the changeme user
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker

2
misc/integrations/docker.mysql.ui.yml
View file

@ -20,7 +20,6 @@ services:
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/admin/
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /admin
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:
- bw-universe
@ -57,7 +56,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the admin user
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker

2
misc/integrations/docker.postgres.ui.yml
View file

@ -21,7 +21,6 @@ services:
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/admin/
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /admin
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:
- bw-universe
@ -58,7 +57,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the admin user
- ABSOLUTE_URI=http://www.example.com/changeme
networks:
- bw-universe
- bw-docker

2
misc/integrations/docker.ui.yml
View file

@ -16,7 +16,6 @@ services:
- www.example.com_USE_REVERSE_PROXY=yes
- www.example.com_REVERSE_PROXY_URL=/changeme/
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme
- www.example.com_INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504
networks:
- bw-universe
@ -55,7 +54,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker

3
misc/integrations/k8s.mariadb.ui.yml
View file

@ -237,8 +237,6 @@ spec:
value: "changeme"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/changeme/"
- name: KUBERNETES_MODE
value: "YES"
- name: "DATABASE_URI"
@ -313,7 +311,6 @@ metadata:
name: ingress
annotations:
bunkerweb.io/www.example.com_USE_UI: "yes"
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: "400 404 405 413 429 500 501 502 503 504"
spec:
rules:

3
misc/integrations/k8s.mysql.ui.yml
View file

@ -237,8 +237,6 @@ spec:
value: "changeme"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/changeme/"
- name: KUBERNETES_MODE
value: "YES"
- name: "DATABASE_URI"
@ -312,7 +310,6 @@ metadata:
name: ingress
annotations:
bunkerweb.io/www.example.com_USE_UI: "yes"
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: "400 404 405 413 429 500 501 502 503 504"
spec:
rules:

3
misc/integrations/k8s.postgres.ui.yml
View file

@ -237,8 +237,6 @@ spec:
value: "changeme"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/changeme/"
- name: KUBERNETES_MODE
value: "YES"
- name: "DATABASE_URI"
@ -312,7 +310,6 @@ metadata:
name: ingress
annotations:
bunkerweb.io/www.example.com_USE_UI: "yes"
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS_1: "X-Script-Name /changeme"
bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: "400 404 405 413 429 500 501 502 503 504"
spec:
rules:

2
misc/integrations/swarm.mariadb.ui.yml
View file

@ -93,7 +93,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the changeme user
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker
@ -104,7 +103,6 @@ services:
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
misc/integrations/swarm.mysql.ui.yml
View file

@ -93,7 +93,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the changeme user
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker
@ -104,7 +103,6 @@ services:
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
misc/integrations/swarm.postgres.ui.yml
View file

@ -92,7 +92,6 @@ services:
- DOCKER_HOST=tcp://bw-docker:2375
- ADMIN_USERNAME=changeme
- ADMIN_PASSWORD=changeme
- ABSOLUTE_URI=http://www.example.com/changeme/
networks:
- bw-universe
- bw-docker
@ -103,7 +102,6 @@ services:
- "bunkerweb.USE_REVERSE_PROXY=yes"
- "bunkerweb.REVERSE_PROXY_URL=/changeme/"
- "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
- "bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /changeme"
- "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
volumes:

2
src/bw/lua/bunkerweb/datastore.lua
View file

@ -66,7 +66,7 @@ end
function datastore:delete_all(pattern, worker)
local keys = {}
if worker then
lru:keys(0)
keys = lru:keys(0)
else
keys = self.dict:get_keys(0)
end

0
src/common/core/reverseproxy/reverseproxy.lua → src/common/core/reverseproxy/reverseproxy.lua.bak
View file

2
src/common/gen/save_config.py
View file

@ -381,7 +381,7 @@ if __name__ == "__main__":
if apis:
for api in apis:
endpoint_data = api.endpoint.replace("http://", "").split(":")
err = db.add_instance(endpoint_data[0], endpoint_data[1], api.host)
err = db.add_instance(endpoint_data[0], endpoint_data[1].replace("/", ""), api.host)
if err:
logger.warning(err)

1
src/linux/scripts/bunkerweb-ui.sh
View file

@ -7,7 +7,6 @@ export PYTHONPATH=/usr/share/bunkerweb/deps/python:/usr/share/bunkerweb/ui
if [ ! -f /etc/bunkerweb/ui.env ]; then
echo "ADMIN_USERNAME=admin" > /etc/bunkerweb/ui.env
echo "ADMIN_PASSWORD=changeme" >> /etc/bunkerweb/ui.env
echo "ABSOLUTE_URI=http://bwadm.example.com/changeme/" >> /etc/bunkerweb/ui.env
fi
# Function to start the UI

4
tests/core/limit/main.py
View file

@ -113,7 +113,7 @@ try:
flush=True,
)
exit(0)
elif request_number < rate + 1 or request_number > rate + 3:
elif request_number != rate + 1:
print(
f"❌ The limit_req directive is not working correctly, {request_number} requests were made in {total:.2f}s while the limit was set to {limit_req_rate}, exiting ...",
flush=True,
@ -155,7 +155,7 @@ try:
total = time() - start
rate = int(limit_req_rate_1[:-3])
if request_number < rate + 1 or request_number > rate + 3:
if request_number != rate + 1:
if stopped:
print(
f"❌ The limit_req_1 directive is not working correctly, the limit was not reached in 20 requests in {total:.2f}s, exiting ...",

2
tests/ui/docker-compose.dev.yml
View file

@ -25,7 +25,6 @@ services:
www.example.com_REVERSE_PROXY_URL: "/admin/"
www.example.com_REVERSE_PROXY_HOST: "http://bw-ui:7000"
www.example.com_REVERSE_PROXY_KEEPALIVE: "yes"
www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
www.example.com_INTERCEPTED_ERROR_CODES: "400 405 413 429 500 501 502 503 504"
labels:
- "bunkerweb.INSTANCE"
@ -58,7 +57,6 @@ services:
volumes:
- bw-data:/data
environment:
ABSOLUTE_URI: "http://www.example.com/admin/"
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "S$$cr3tP@ssw0rd"
DOCKER_HOST: "tcp://docker-proxy:2375"

2
tests/ui/docker-compose.yml
View file

@ -23,7 +23,6 @@ services:
www.example.com_USE_REVERSE_PROXY: "yes"
www.example.com_REVERSE_PROXY_URL: "/admin/"
www.example.com_REVERSE_PROXY_HOST: "http://bw-ui:7000"
www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
www.example.com_INTERCEPTED_ERROR_CODES: "400 405 413 429 500 501 502 503 504"
CUSTOM_CONF_SERVER_HTTP_port-redirect: "port_in_redirect on;"
labels:
@ -53,7 +52,6 @@ services:
- bw
- bw-docker-proxy
environment:
ABSOLUTE_URI: "http://www.example.com/admin/"
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "S$$cr3tP@ssw0rd"
DOCKER_HOST: "tcp://bw-docker-proxy:2375"