Introduction

Make security by default great again !

bunkerized-nginx is a web server based on the notorious nginx and focused on security. It integrates into existing environments (Linux, Docker, Swarm, Kubernetes, …) to make your web services “secured by default” without any hassle. The security best practices are automatically applied for you while keeping control of every settings to meet your own use case.

Non-exhaustive list of features :

  • HTTPS support with transparent Let’s Encrypt automation

  • State-of-the-art web security : HTTP security headers, prevent leaks, TLS hardening, …

  • Integrated ModSecurity WAF with the OWASP Core Rule Set

  • Automatic ban of strange behaviors

  • Antibot challenge through cookie, javascript, captcha or recaptcha v3

  • Block TOR, proxies, bad user-agents, countries, …

  • Block known bad IP with DNSBL

  • Prevent bruteforce attacks with rate limiting

  • Plugins system for external security checks (ClamAV, CrowdSec, …)

  • Easy to configure with environment variables or web UI

  • Seamless integration into existing environments : Linux, Docker, Swarm, Kubernetes, …

Fooling automated tools/scanners :

You can find a live demo at https://demo-nginx.bunkerity.com, feel free to do some security tests.