Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


BunkerWeb: web server based on the notorious NGINX and focused on security.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

BunkerWeb: web server based on the notorious NGINX and focused on security.

Tony40Tony40 Member

Make your web services secure by default !

BunkerWeb is a web server based on the notorious NGINX and focused on security.

It integrates into existing environments (Linux, Docker, Swarm, Kubernetes, …) to make your web services "secure by default" without any hassle. The security best practices are automatically applied for you while keeping control of every setting to meet your use case.

BunkerWeb contains primary security features as part of the core but can be easily extended with additional ones thanks to a plugin system.

Why BunkerWeb ?

  • Easy integration into existing environments : support for Linux, Docker, Swarm and Kubernetes

    • Highly customizable : enable, disable and configure features easily to meet your use case
    • Secure by default : offers out-of-the-box and hassle-free minimal security for your web services
    • Free as in "freedom" : licensed under the free AGPLv3 license

Security features

A non-exhaustive list of security features :

  • HTTPS support with transparent Let's Encrypt automation
  • State-of-the-art web security : HTTP security headers, prevent leaks, TLS hardening, ...
  • Integrated ModSecurity WAF with the OWASP Core Rule Set
  • Automatic ban of strange behaviors based on HTTP status code
  • Apply connections and requests limit for clients
  • Block bots by asking them to solve a challenge (e.g. : cookie, javascript, captcha, hCaptcha or reCAPTCHA)
  • Block known bad IPs with external blacklists and DNSBL
  • And much more ...

https://github.com/bunkerity/bunkerweb

Thanked by 1JasonM

Comments

  • An AGPLv3 webserver? Wouldn't this mean every site you host with it would need a link to the repo?

    Thanked by 1bulbasaur
  • szarkaszarka Member

    I don't think "notorious" is the word you're looking for here.

  • My webservices ARE secure by default out the box...

  • ericlsericls Member, Patron Provider
    edited July 2022

    Not very SaaS friendly tho? Unless I’m missing something. But does offer some interesting features

  • jarjar Patron Provider, Top Host, Veteran

    My brain started in immediately with “this sounds like taking advantage of people who don’t know how to manage their own stuff” but it quickly turned into “this looks like a potential life saver for people who would rather not.”

    Thanked by 1MannDude
  • Bloatware

  • melp57melp57 Member

    @szarka said:
    I don't think "notorious" is the word you're looking for here.

    Thinking the same.

  • risharderisharde Patron Provider, Veteran

    Interesting, will bookmark just in case, my stack doesn't use nginx nor apache though but you never know if a middle proxy might come in handy if it can do that

  • ArkasArkas Moderator

    I guess it's an easier fix but it has restrictions.

  • @MallocVoidstar said:
    An AGPLv3 webserver? Wouldn't this mean every site you host with it would need a link to the repo?

    Only if you make your own modifications to the software and distribute that. Not different to the “must retain the above copyright notice” wording in the 2-clausde BSD license that nginx itself is covered by.

    I'm assuming here that hosting content through the executable doesn't count as linking or creating a derivative work, much the same as processing images through ImageMagick doesn't affect the licensing terms associated with the resulting output. Though maybe worth clarifying with the project maintainers for paranoia's sake, in case they are interpreting things in an unusually strict manner.

  • HostSlickHostSlick Member, Patron Provider

    Anyone knows if it is like nginx proxy manager?

  • MannDudeMannDude Host Rep, Veteran

    @jar said:
    My brain started in immediately with “this sounds like taking advantage of people who don’t know how to manage their own stuff” but it quickly turned into “this looks like a potential life saver for people who would rather not.”

    Exactly. Nothing it does is inherently that complicated to do to a stock nginx config. But it does seem like something that would be of interest to those either new to nginx or something someone who does managed hosting could use to just make their life a bit easier / faster if doing a lot of deployments if they haven't already rolled a more crude solution.

    I'd say it's value is about as much as any other Nginx auto-installer / configuration script. Has it's place for sure.

  • whats the minimum system specs to run this?

  • ralfralf Member

    @szarka said:
    I don't think "notorious" is the word you're looking for here.

    It depends if this project is B.I.G.

  • LordSpockLordSpock Member, Host Rep

    Not really someone who'd use this myself - but this actually looks like one of the cleanest 'bunkerized' NGINX setups I've seen for a while.

    Definitely a good shout for someone who might not want to do this sort of stuff themselves.

  • cazrzcazrz Member
    edited July 2022

    Looks like just a country blocker with entire Asia on the block list by default. I like it though that it doesn't require docker.

  • tjntjn Member

    @HostSlick said:
    Anyone knows if it is like nginx proxy manager?

    Seems so, just without the GUI I guess.
    From their docs:

    Protecting existing web applications already accessible with the HTTP(S) protocol is the main goal of BunkerWeb : it will act as a classical reverse proxy with extra security features.

Sign In or Register to comment.