This project looks highly interesting, so thought I’d share it as I haven’t seen it mentioned on Lemmy yet.
Make your web services secure by default, fool attackers and protect your web services with the open source BunkerWeb solution.
- Github Link: https://github.com/bunkerity/bunkerweb
- Project Link: https://www.bunkerweb.io
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them “secure by default”. BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable (don’t panic, there is an awesome web UI if you don’t like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. BunkerWeb contains primary security features as part of the core but can be easily extended with additional ones thanks to a plugin system.
Concept
Integrations
The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word “integration” instead of “installation” because one of the goals of BunkerWeb is to integrate seamlessly into existing environments. The following integrations are officially supported :
- Docker
- Docker autoconf
- Swarm
- Kubernetes
- Linux
- Ansible
- Vagrant
Demo
A demo website protected with BunkerWeb is available at demo.bunkerweb.io. Feel free to visit it and perform some security tests. There is also a video demo available: https://yt.drgnz.club/watch?v=ZhYV-QELzA4
I have been utilizing BunkerWeb for some of my selfhost sites since it was bunkerized-nginx. It is indeed powerful and flexible, allowing multi-site proxying, hosting while allowing semi-flexible per-site security tweaks (some security options are forcibly global still, a limitation).
I use it on podman myself, and while it is generally great for having OWasp CRS, general traffic filtering targets and more built on top of nginx in a Docker container, the way Bunkerweb needs to be run hasn’t really remained stable between versions. Throughout several version upgrades, there have been be severe breaking changes that will require reading the setup documentation again to get the new version functional.
Thanks for valuable feedback! 🙌