this post was submitted on 26 Apr 2024
50 points (98.1% liked)

Selfhosted

39980 readers
769 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

This project looks highly interesting, so thought I'd share it as I haven't seen it mentioned on Lemmy yet.


Make your web services secure by default, fool attackers and protect your web services with the open source BunkerWeb solution.

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable (don't panic, there is an awesome web UI if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. BunkerWeb contains primary security features as part of the core but can be easily extended with additional ones thanks to a plugin system.

Concept

conceptArt

Integrations

The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments. The following integrations are officially supported :

  • Docker
  • Docker autoconf
  • Swarm
  • Kubernetes
  • Linux
  • Ansible
  • Vagrant

Demo

A demo website protected with BunkerWeb is available at demo.bunkerweb.io. Feel free to visit it and perform some security tests. There is also a video demo available: https://yt.drgnz.club/watch?v=ZhYV-QELzA4

top 5 comments
sorted by: hot top controversial new old
[–] fightforlife@lemmy.world 3 points 6 months ago

One of the few options that allow docker conf via labels. Will try it, currently using caddy.

[–] jrgd@lemm.ee 3 points 6 months ago (1 children)

I have been utilizing BunkerWeb for some of my selfhost sites since it was bunkerized-nginx. It is indeed powerful and flexible, allowing multi-site proxying, hosting while allowing semi-flexible per-site security tweaks (some security options are forcibly global still, a limitation).

I use it on podman myself, and while it is generally great for having OWasp CRS, general traffic filtering targets and more built on top of nginx in a Docker container, the way Bunkerweb needs to be run hasn't really remained stable between versions. Throughout several version upgrades, there have been be severe breaking changes that will require reading the setup documentation again to get the new version functional.

[–] Sunny@slrpnk.net 2 points 6 months ago

Thanks for valuable feedback! 🙌

[–] lal309@lemmy.world 2 points 6 months ago

Following. Sounds interesting.

[–] N0x0n@lemmy.ml 2 points 6 months ago

Thanks for the share :))) ! Looks interesting ! Bookmarking until I have more time to read through the docs !