bunkerized-nginx v1.4.1 releases: nginx Docker image secure by default
bunkerized-nginx
nginx Docker image secure by default.
Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings, and tools so you don’t need to do it yourself.
A non-exhaustive list of features :
- HTTPS support with transparent Let’s Encrypt automation
- State-of-the-art web security: HTTP security headers, prevent leaks, TLS hardening, …
- Integrated ModSecurity WAF with the OWASP Core Rule Set
- Automatic ban of strange behaviors with fail2ban
- Antibot challenge through a cookie, javascript, captcha, or recaptcha v3
- Block TOR, proxies, bad user-agents, countries, …
- Block known bad IP with DNSBL and CrowdSec
- Prevent bruteforce attacks with rate limiting
- Detect bad files with ClamAV
- Easy to configure with environment variables
Fooling automated tools/scanners :
Changelog v1.4.1
- Fix sending local IPs to BunkerNet when DISABLE_DEFAULT_SERVER=yes
- Fix certbot bug when AUTOCONF_MODE=yes
- Fix certbot bug when MULTISITE=no
- Add reverse proxy timeouts settings
- Add auth_request settings
- Add authentik and authelia examples
- Prebuilt Docker images for arm64 and armv7
- Improve documentation for Linux integration
- Various fixes in the documentation
Install & Use
Copyright (C) 2022 bunkerity