Bunkerized Nginx Versions Save

🛡️ Make your web services secure by default !

v1.5.6

1 month ago

Documentation : https://docs.bunkerweb.io/1.5.6/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:1.5.6 or ghcr.io/bunkerity/bunkerweb:1.5.6
  • Scheduler : bunkerity/bunkerweb-scheduler:1.5.6 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.6
  • Autoconf : bunkerity/bunkerweb-autoconf:1.5.6 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.6
  • UI : bunkerity/bunkerweb-ui:1.5.6 or ghcr.io/bunkerity/bunkerweb-ui:1.5.6

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.6&filter=all&dist=

Changelog :

  • [LINUX] Support RHEL 9.3
  • [BUGFIX] Fix issues with the antibot feature (#866, #870)
  • [BUGFIX] Fix Bad behavior whitelist check in access phase
  • [BUGFIX] Fix ModSecurity FP on antibot page
  • [BUGFIX] Fix Whitelist core plugin missing a check for empty server_name in multisite mode
  • [BUGFIX] Fix Templator missing some common configs
  • [BUGFIX] Database update with external plugins reupload
  • [BUGFIX] UI delete or edit multiple setting
  • [LINUX] Add logrotate support for the logs
  • [UI] New : add bans management page in the web UI
  • [UI] New : add blocked requests page in the web UI
  • [UI] New : some core plugins pages in the web UI
  • [UI] General : enhance the Content-Security-Policy header in the web UI
  • [UI] General : dark mode enhancement
  • [UI] General : add visual feedback when filtering is matching nothing
  • [UI] General : blog news working and add dynamic banner news
  • [UI] Global config page : Add multisite edit, add context filter
  • [UI] Global config / Service page : remove tabs for select and enhance filtering (plugin name, multiple settings and context now includes)
  • [UI] Service page : add the possibility to clone a service in the web UI
  • [UI] Service page : add the possibility to set a service as draft in the web UI
  • [UI] Service page : add services filter when at least 4 services
  • [UI] Configs page : add path filtering related to config presence, remove service when config is root only
  • [UI] Pro license : add home card, show pro plugins on menu and plugins page, resume in account page, alert in case issue with license usage
  • [UI] Log page : enhance UX
  • [FEATURE] Add setting REDIS_SSL_VERIFY to activate/disable the SSL certificate verification when using Redis
  • [FEATURE] Add Redis Sentinel fallback to master automatically if no slaves are available
  • [FEATURE] Add Redis Sentinel support for bwcli
  • [FEATURE] Add new Metrics core plugin that will allow metrics collection and retrieval of internal metrics
  • [FEATURE] Add setting DATABASE_LOG_LEVEL to control SQLAlchemy loggers separately from the main one
  • [FEATURE] Add whitelist check for the default-server as well
  • [FEATURE] Add the possibility to choose between the coreruleset v3 and v4 that will be used by ModSecurity (default is v3)
  • [FEATURE] Add the TIMERS_LOG_LEVEL setting to control the log level of the lua timers
  • [FEATURE] Add pro version management to core plugins, the scheduler and the web UI
  • [FEATURE] Add REVERSE_PROXY_CUSTOM_HOST setting to set a custom Host header when using reverse proxy
  • [MISC] Add a better custom certificate cache handling
  • [MISC] Updated Linux base images in Dockerfiles
  • [MISC] Add recommended dialects to databases string
  • [MISC] Refine the data sent in the anonymous reporting feature and move the setting and the job to the "jobs" plugin
  • [MISC] BunkerWeb will now load the default loading page even on 404 errors when generating the configuration
  • [MISC] Update database schema to support the new pro version and optimize it
  • [MISC] Refactor SSL/TLS logics to make it more consistent
  • [MISC] Use ECDSA key instead of RSA for selfsigned/default/fallback certificates
  • [MISC] Refactor certbot-new job to optimize the certbot requests
  • [MISC] Refactor jobs utils to make it more consistent
  • [MISC] Review jobs and utils to make it more consistent and better in general
  • [MISC] Change BunkerWeb base Docker image to nginx:1.24.0-alpine-slim
  • [DOCUMENTATION] Update web UI's setup wizard instructions in the documentation
  • [DOCUMENTATION] Update plugins documentation to reflect the new plugin system
  • [DOCUMENTATION] Update ModSecurity documentation to reflect the new changes in the Security Tuning section
  • [DOCUMENTATION] Add pro version documentation
  • [DEPS] Updated stream-lua-nginx-module to v0.0.14
  • [DEPS] Updated lua-nginx-module version to v0.10.26
  • [DEPS] Updated libmaxminddb version to v1.9.1
  • [DEPS] Updated lua-resty-core to v0.1.28
  • [DEPS] Updated zlib version to v1.3.1
  • [DEPS] Updated ModSecurity version to v3.0.12
  • [DEPS] Updated coreruleset version to v3.3.5
  • [DEPS] Added coreruleset version v4.1.0
  • [DEPS] Updated lua-resty-mlcache version to v2.7.0
  • [DEPS] Updated lua-resty-openssl version to v1.2.1
  • [DEPS] Updated lua-resty-http version to v0.17.2

v1.5.5

3 months ago

Documentation : https://docs.bunkerweb.io/1.5.5/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:1.5.5 or ghcr.io/bunkerity/bunkerweb:1.5.5
  • Scheduler : bunkerity/bunkerweb-scheduler:1.5.5 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.5
  • Autoconf : bunkerity/bunkerweb-autoconf:1.5.5 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.5
  • UI : bunkerity/bunkerweb-ui:1.5.5 or ghcr.io/bunkerity/bunkerweb-ui:1.5.5

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.5&filter=all&dist=

Changelog :

  • [BUGFIX] Fix issues with the database when upgrading from version 1.5.3 and 1.5.4 to the most recent version
  • [BUGFIX] Fix ModSecurity-nginx to make it work with brotli
  • [BUGFIX] Remove certbot renew delay causing errors on k8s
  • [BUGFIX] Fix missing custom modsec files when BW instances change
  • [BUGFIX] Fix inconsistency on config changes when using Redis
  • [BUGFIX] Fix web UI not working when using / URL
  • [FEATURE] Add Anonymous reporting feature
  • [FEATURE] Add support for fallback Referrer-Policies
  • [FEATURE] Add 2FA support to web UI
  • [FEATURE] Add username and password management to web UI
  • [FEATURE] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies
  • [FEATURE] Add support for Redis Sentinel
  • [FEATURE] Add support for tls in Ingress definition
  • [MISC] Fallback to default HTTPS certificate to prevent errors
  • [MISC] Various internal improvements in LUA code
  • [MISC] Check nginx configuration before reload
  • [MISC] Updated Python Docker image to 3.12.1-alpine3.18 in Dockerfiles
  • [MISC] Switch gunicorn worker_class back to gevent in web UI
  • [DEPS] Updated ModSecurity to v3.0.11

v1.5.4

5 months ago

Documentation : https://docs.bunkerweb.io/1.5.4/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:1.5.4 or ghcr.io/bunkerity/bunkerweb:1.5.4
  • Scheduler : bunkerity/bunkerweb-scheduler:1.5.4 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.4
  • Autoconf : bunkerity/bunkerweb-autoconf:1.5.4 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.4
  • UI : bunkerity/bunkerweb-ui:1.5.4 or ghcr.io/bunkerity/bunkerweb-ui:1.5.4

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.4&filter=all&dist=

Changelog :

  • [UI] Add an optional setup wizard for the web UI
  • [BUGFIX] Fix issues with the Linux integration and external databases
  • [BUGFIX] Fix scheduler trying to connect to Docker socket in k8s and swarm
  • [LINUX] Support Debian 12, Fedora 39 and RHEL 8.9
  • [DOCKER] Handle start and stop event of BunkerWeb with the scheduler
  • [MISC] Refactor database session handling to make it more stable with SQLite
  • [MISC] Add conditional block for open file cache in nginx config
  • [MISC] Updated core dependencies
  • [MISC] Updated python dependencies
  • [MISC] Updated Python Docker image to 3.12.0-alpine3.18 in Dockerfiles

v1.5.3

6 months ago

Documentation : https://docs.bunkerweb.io/1.5.3/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:1.5.3 or ghcr.io/bunkerity/bunkerweb:1.5.3
  • Scheduler : bunkerity/bunkerweb-scheduler:1.5.3 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.3
  • Autoconf : bunkerity/bunkerweb-autoconf:1.5.3 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.3
  • UI : bunkerity/bunkerweb-ui:1.5.3 or ghcr.io/bunkerity/bunkerweb-ui:1.5.3

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.3&filter=all&dist=

Changelog :

  • [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
  • [BUGFIX] Fix Custom configs not following the service name after an update on the UI
  • [BUGFIX] Fix UI clearing configs folder at startup
  • [BUGFIX] Fix Database not clearing old services when not using multisite
  • [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
  • [BUGFIX] Small fixes on linux paths creating unnecessary folders
  • [BUGFIX] Fix ACME renewal fails on redirection enabled Service
  • [BUGFIX] Fix errors when using a server name with multiple values in web UI
  • [BUGFIX] Fix error when deleting a service that have custom configs on web UI
  • [BUGFIX] Fix rare bug where database is locked
  • [MISC] Updated core dependencies
  • [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
  • [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
  • [MISC] Replaced gevent with gthread in UI for security reasons
  • [MISC] Add HTML sanitization when injecting code in pages in the UI
  • [MISC] Optimize the way the UI handles services creation and edition
  • [MISC] Optimize certbot renew script to renew all domains in one command
  • [MISC] Use capability instead of sudo in Linux
  • [SECURITY] Init work on OpenSSF best practices

v1.5.2

7 months ago

Documentation : https://docs.bunkerweb.io/1.5.2/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:1.5.2 or ghcr.io/bunkerity/bunkerweb:1.5.2
  • Scheduler : bunkerity/bunkerweb-scheduler:1.5.2 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.2
  • Autoconf : bunkerity/bunkerweb-autoconf:1.5.2 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.2
  • UI : bunkerity/bunkerweb-ui:1.5.2 or ghcr.io/bunkerity/bunkerweb-ui:1.5.2

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.2&filter=all&dist=

Changelog :

  • [BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
  • [BUGFIX] Fix infinite loop when using autoconf
  • [BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
  • [BUGFIX] Fix logs page not working in UI on Linux integrations
  • [BUGFIX] Fix settings regex that had issues in general and with the UI
  • [BUGFIX] Fix scheduler error with external plugins when reloading
  • [BUGFIX] Fix permissions with folders in linux integrations
  • [MISC] Push Docker images to GitHub packages (ghcr.io repository)
  • [MISC] Improved CI/CD
  • [MISC] Updated python dependencies
  • [MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
  • [MISC] Add support for ModSecurity JSON LogFormat
  • [MISC] Updated OWASP coreruleset to 3.3.5

testing

8 months ago

The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.

Documentation : https://docs.bunkerweb.io/testing/

Docker tags :

  • BunkerWeb : bunkerity/bunkerweb:testing or ghcr.io/bunkerity/bunkerweb:testing
  • Scheduler : bunkerity/bunkerweb-scheduler:testing or ghcr.io/bunkerity/bunkerweb-scheduler:testing
  • Autoconf : bunkerity/bunkerweb-autoconf:testing or ghcr.io/bunkerity/bunkerweb-autoconf:testing
  • UI : bunkerity/bunkerweb-ui:testing or ghcr.io/bunkerity/bunkerweb-ui:testing

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=testing&filter=all&dist=

Please note that when using Linux Debian or Ubuntu integration, you will need to add the force-bad-version directive to your /etc/dpkg/dpkg.cfg file before installing the testing version of BunkerWeb.

v1.5.1

8 months ago

Documentation : https://docs.bunkerweb.io/1.5.1/

Docker tags :

  • bunkerity/bunkerweb:1.5.1
  • bunkerity/bunkerweb-scheduler:1.5.1
  • bunkerity/bunkerweb-autoconf:1.5.1
  • bunkerity/bunkerweb-ui:1.5.1

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.1&filter=all&dist=

Changelog :

  • [BUGFIX] New version checker in logs displays "404 not found"
  • [BUGFIX] New version checker in UI
  • [BUGFIX] Only get the right keys from plugin.json files when importing plugins
  • [BUGFIX] Remove external resources for Google fonts in UI
  • [BUGFIX] Support multiple plugin uploads in one zip when using the UI
  • [BUGFIX] Variable being ignored instead of saved in the database when value is empty
  • [BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
  • [BUGFIX] Custom certificate bug after the refactoring
  • [BUGFIX] Wrong variables in header phase (fix CORS feature too)
  • [BUGFIX] UI not working in Ubuntu (python zope module)
  • [BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
  • [BUGFIX] Custom configurations from env were not being deleted properly
  • [BUGFIX] Missing concepts image not displayed in the documentation
  • [BUGFIX] Scheduler not picking up new instances IPs in autoconf modes
  • [BUGFIX] Autoconf deadlock in k8s
  • [BUGFIX] Missing HTTP and HTTPS ports for temp nginx
  • [BUGFIX] Infinite loop when sessions is not valid
  • [BUGFIX] Missing valid LE certificates in edge cases
  • [BUGFIX] Wrong service namespace in k8s
  • [BUGFIX] DNS_RESOLVERS regex not accepting hostnames
  • [PERFORMANCE] Reduce CPU and RAM usage of scheduler
  • [PERFORMANCE] Cache ngx.ctx instead of loading it each time
  • [PERFORMANCE] Use per-worker LRU cache for common RO LUA values
  • [FEATURE] Add Turnstile antibot mode
  • [FEATURE] Add more CORS headers
  • [FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
  • [FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
  • [FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
  • [FEATURE] Add X-Forwarded-Prefix header when using reverse proxy
  • [FEATURE] Add REDIRECT_TO_STATUS_CODE to choose status code 301 or 302 when redirecting
  • [DOCUMENTATION] Add timezone information
  • [DOCUMENTATION] Add timezone informat
  • [MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
  • [MISC] Temp remove VMWare provider for Vagrant integration
  • [MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
  • [MISC] Move logs to /var/log/bunkerweb folder
  • [MISC] Reduce "Got an error reading communication packets" warnings in mariadb/mysql

v1.5.0

11 months ago

Documentation : https://docs.bunkerweb.io/1.5.0/

Docker tags :

  • bunkerity/bunkerweb:1.5.0
  • bunkerity/bunkerweb-scheduler:1.5.0
  • bunkerity/bunkerweb-autoconf:1.5.0
  • bunkerity/bunkerweb-ui:1.5.0

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.0&filter=all&dist=

Changelog :

  • Refactoring of almost all the components of the project
  • Dedicated scheduler service to manage jobs and configuration
  • Store configuration in a database backend
  • Improved web UI and make it working with all integrations
  • Improved internal LUA code
  • Improved internal cache of BW
  • Add Redis support when using clustered integrations
  • Add RHEL integration
  • Add Vagrant integration
  • Init support of generic TCP/UDP (stream)
  • Init support of IPv6
  • Improved CI/CD : UI tests, core tests and release automation
  • Reduce Docker images size
  • Fix and improved core plugins : antibot, cors, dnsbl, ...
  • Use PCRE regex instead of LUA patterns
  • Connectivity tests at startup/reload with logging

v1.5.0-beta

1 year ago

Documentation : https://docs.bunkerweb.io/1.5.0-beta/

Docker tags :

  • bunkerity/bunkerweb:1.5.0-beta
  • bunkerity/bunkerweb-scheduler:1.5.0-beta
  • bunkerity/bunkerweb-autoconf:1.5.0-beta
  • bunkerity/bunkerweb-ui:1.5.0-beta

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.0-beta&filter=all&dist=

Changelog :

  • Refactoring of almost all the components of the project
  • Dedicated scheduler service to manage jobs and configuration
  • Store configuration in a database backend
  • Improved web UI and make it working with all integrations
  • Improved internal LUA code
  • Add Redis support when using clustered integrations
  • Add RHEL integration
  • Add Vagrant integration
  • Improved CI/CD

v1.4.8

1 year ago

Documentation : https://docs.bunkerweb.io/1.4/

Docker tags :

  • bunkerity/bunkerweb:1.4.8
  • bunkerity/bunkerweb-autoconf:1.4.8
  • bunkerity/bunkerweb-ui:1.4.8

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.4.8&filter=all&dist=

Changelog :

  • Fix UI bug related to multiple settings
  • Increase check reload interval in UI to avoid rate limit
  • Fix Let's Encrypt error when using auth basic
  • Fix wrong setting name in realip job (again)
  • Fix blog posts retrieval in the UI
  • Fix missing logs for UI
  • Fix error log if BunkerNet ip list is empty
  • Updated python dependencies
  • Gunicorn will now show the logs in the console for the UI
  • BunkerNet job will now create the ip list file at the beginning of the job to avoid errors