bunkerized-nginx v1.3.2 releases: nginx Docker image secure by default

bunkerized-nginx

nginx Docker image secure by default.

Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings, and tools so you don’t need to do it yourself.

A non-exhaustive list of features :

• HTTPS support with transparent Let’s Encrypt automation
• State-of-the-art web security: HTTP security headers, prevent leaks, TLS hardening, …
• Integrated ModSecurity WAF with the OWASP Core Rule Set
• Automatic ban of strange behaviors with fail2ban
• Antibot challenge through a cookie, javascript, captcha, or recaptcha v3
• Block TOR, proxies, bad user-agents, countries, …
• Block known bad IP with DNSBL and CrowdSec
• Prevent bruteforce attacks with rate limiting
• Detect bad files with ClamAV
• Easy to configure with environment variables

Fooling automated tools/scanners :

Changelog

v1.3.2

• Use API instead of a shared folder for Swarm and Kubernetes integrations
• Beta integration of distributed bad IPs database through a remote API
• Improvement of the request limiting feature : hour/day rate and multiple URL support
• Various bug fixes related to antibot feature
• Init support of Arch Linux
• Fix Moodle example
• Fix ROOT_FOLDER bug in serve-files.conf when using the UI
• Update default values for PERMISSIONS_POLICY and FEATURE_POLICY
• Disable COUNTRY ban if IP is local

Install & Use