bunkerized-nginx v1.4.4 releases: nginx Docker image secure by default

bunkerized-nginx

nginx Docker image secure by default.

Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings, and tools so you don’t need to do it yourself.

A non-exhaustive list of features :

• HTTPS support with transparent Let’s Encrypt automation
• State-of-the-art web security: HTTP security headers, prevent leaks, TLS hardening, …
• Integrated ModSecurity WAF with the OWASP Core Rule Set
• Automatic ban of strange behaviors with fail2ban
• Antibot challenge through a cookie, javascript, captcha, or recaptcha v3
• Block TOR, proxies, bad user-agents, countries, …
• Block known bad IP with DNSBL and CrowdSec
• Prevent bruteforce attacks with rate limiting
• Detect bad files with ClamAV
• Easy to configure with environment variables

Fooling automated tools/scanners :

Changelog v1.4.4

• Fix k8s controller not watching the events when there is an exception
• Fix python dependencies bug in CentOS and Fedora
• Fix incorrect log when reloading nginx using Linux integration
• Fix UI dev mode, production mode is now the default
• Fix wrong exposed port in the UI container
• Fix endless loading in the UI
• Fix *CUSTOM_CONF* dissapear when jobs are executed
• Fix various typos in documentation
• Fix warning about StartLimitIntervalSec directive when using Linux
• Fix incorrect log when issuing certbot renew
• Fix certbot renew error when using Linux or Docker integration
• Add greylist core feature
• Add BLACKLIST_IGNORE_* settings
• Add automatic change of SecRequestBodyLimit modsec directive based on MAX_CLIENT_SIZE setting
• Add MODSECURITY_SEC_RULE_ENGINE and MODSECURITY_SEC_AUDIT_LOG_PARTS settings
• Add manual ban and get bans to the API/CLI
• Add Brawdunoir community example
• Improve core plugins order and add documentation about it
• Improve overall documentation
• Improve CI/CD

Install & Use

Copyright (C) 2022 bunkerity