bunkerized-nginx v1.5 releases: nginx Docker image secure by default
bunkerized-nginx
nginx Docker image secure by default.
Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings, and tools so you don’t need to do it yourself.
A non-exhaustive list of features :
- HTTPS support with transparent Let’s Encrypt automation
- State-of-the-art web security: HTTP security headers, prevent leaks, TLS hardening, …
- Integrated ModSecurity WAF with the OWASP Core Rule Set
- Automatic ban of strange behaviors with fail2ban
- Antibot challenge through a cookie, javascript, captcha, or recaptcha v3
- Block TOR, proxies, bad user-agents, countries, …
- Block known bad IP with DNSBL and CrowdSec
- Prevent bruteforce attacks with rate limiting
- Detect bad files with ClamAV
- Easy to configure with environment variables
Fooling automated tools/scanners :
Changelog v1.5
- Refactoring of almost all the components of the project
- Dedicated scheduler service to manage jobs and configuration
- Store configuration in a database backend
- Improved web UI and make it working with all integrations
- Improved internal LUA code
- Improved internal cache of BW
- Add Redis support when using clustered integrations
- Add RHEL integration
- Add Vagrant integration
- Init support of generic TCP/UDP (stream)
- Init support of IPv6
- Improved CI/CD : UI tests, core tests and release automation
- Reduce Docker images size
- Fix and improved core plugins : antibot, cors, dnsbl, …
- Use PCRE regex instead of LUA patterns
- Connectivity tests at startup/reload with logging
Install & Use
Copyright (C) 2022 bunkerity