How to set up BunkerWeb with Docker Compose?

Use the prebuilt Docker images, define environment variables for settings, and run the scheduler container alongside BunkerWeb. Examples in the docs show compose files for auto-configuration via labels.

BunkerWeb vs ModSecurity standalone: which should I use?

BunkerWeb bundles ModSecurity with NGINX, automation, and a UI for easier management, while standalone ModSecurity offers more control but requires manual integration and configuration.

How to configure bot protection with captcha in BunkerWeb?

Set the USE_ANTIBOT setting to 'captcha' and configure related keys via environment variables or the web UI. The feature is documented with examples for different challenge types.

What databases are supported for BunkerWeb configuration storage?

BunkerWeb supports SQLite, MariaDB, MySQL, and PostgreSQL as backend databases, as outlined in the database concepts section of the documentation.

Does BunkerWeb support SSL termination for backend services?

Yes, it acts as a reverse proxy with SSL offloading, handling HTTPS with Let's Encrypt automation and forwarding requests to upstream services over HTTP or HTTPS as configured.

How to upgrade from the open-source to PRO version?

Purchase a license from the BunkerWeb panel, then input the key via the web UI or a specific setting. A free trial is available with a promo code, as mentioned in the PRO section.

BunkerWeb

AGPL-3.0Pythonv1.6.9Self-Hosted

An open-source, next-generation Web Application Firewall (WAF) that integrates as a reverse proxy to make web services secure by default.

Visit Website

What is BunkerWeb?

BunkerWeb is an open-source, next-generation Web Application Firewall (WAF) and web server based on NGINX. It protects web services by acting as a reverse proxy, integrating seamlessly into existing environments like Docker, Kubernetes, and Linux. It aims to simplify cybersecurity by providing robust, configurable security features out of the box, adhering to a 'security by default' philosophy.

Target Audience

System administrators, DevOps engineers, and security professionals who need to secure web applications in containerized, cloud, or traditional server environments. It is particularly suited for teams managing multiple web services across diverse deployment platforms.

Value Proposition

Developers choose BunkerWeb for its seamless integration into existing infrastructures without requiring major architectural changes, its comprehensive 'security by default' feature set including ModSecurity WAF and Let's Encrypt automation, and its flexibility through a plugin system and optional web UI for management without CLI dependency.

Overview

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Use Cases

Best For

Securing multiple web applications (multisite mode) with a single reverse proxy instance in Docker or Kubernetes environments.

Related Projects

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

GitHub

10.3k stars584 forks0 contributors

Implementing a WAF with OWASP Core Rule Set and bot protection (e.g., captcha challenges) for web services without extensive configuration.

Automating HTTPS setup with Let's Encrypt for web applications across various deployment platforms like Linux, Swarm, or Azure.

Extending security features via plugins for specific needs such as antivirus scanning with ClamAV or notifications via Discord/Slack webhooks.

Managing WAF configurations through a graphical web interface instead of command-line tools for teams preferring UI-based administration.

Protecting web services in hybrid or multi-cloud environments with supported integrations for Docker, Kubernetes, Swarm, and Microsoft Azure.

Not Ideal For

Projects using fully managed hosting platforms (e.g., Vercel, Netlify) where built-in security eliminates the need for a self-managed reverse proxy
Teams with extensive, custom NGINX configurations who prefer fine-grained, manual WAF rule management over opinionated defaults
Organizations requiring enterprise-grade support SLAs and vendor-backed compliance certifications without self-hosting complexity
Lightweight applications where a minimal, single-binary WAF suffices and the overhead of a full web server stack is undesirable

Pros & Cons

Pros

Seamless Multi-Platform Integration

Officially supports deployment across Linux, Docker, Kubernetes, Swarm, and Azure via documented integrations, allowing protection of diverse environments without architectural overhauls.

Comprehensive Security Defaults

Includes ModSecurity WAF with OWASP Core Rule Set, automatic Let's Encrypt HTTPS, and bot challenges out of the box, ensuring immediate protection with minimal setup.

Extensible Plugin System

Offers official plugins for antivirus scanning (ClamAV), alternative WAF engines (Coraza), and notifications (Discord/Slack), enabling tailored security enhancements beyond core features.

Web UI for Management

Provides an optional graphical interface to manage settings, view logs, and monitor attacks, reducing CLI dependency for teams preferring visual configuration tools.

Cons

Architectural Overhead

Requires managing a scheduler service and backend database (SQLite, MariaDB, etc.) for configuration state, adding operational complexity compared to simpler, standalone WAFs.

PRO Features Upsell

Enhanced security and monitoring capabilities are gated behind the PRO version, as noted by crown icons in docs, pushing users toward paid upgrades for advanced needs.

Multisite Configuration Verbosity

In multisite mode, settings must be prefixed with server names (e.g., www.example.com_USE_ANTIBOT), making configuration cumbersome for environments with many services.

Frequently Asked Questions

Home

Docker

traefik

The Cloud Native Application Proxy

Stars62,835

Forks5,934

Last commit2 days ago

Kong

🦍 The API and AI Gateway

Stars43,245

Forks5,119

Last commit28 days ago

Nginx Proxy Manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface

Stars32,578

Forks3,706

Last commit4 days ago

Envoy

Cloud-native high-performance edge/middle/service proxy

#web-application-firewall