Bunkerized-nginx is an open source project aimed to help you following the security best practices each time you need a web server or reverse proxy. It provides generic security configs, settings and tools so you don't need to do it yourself. Non-exhaustive list of features : HTTPS support with transparent Let's Encrypt automation State-of-the-art web security : HTTP security headers, prevent leaks, TLS hardening, ... Integrated ModSecurity WAF with the OWASP Core Rule Set Automatic ban of strange behaviors with fail2ban Antibot challenge through cookie, javascript, captcha or recaptcha v3 Block TOR, proxies, bad user-agents, countries, ... Block known bad IP with DNSBL and CrowdSec Prevent bruteforce attacks with rate limiting Detect bad files with ClamAV Easy to configure with environment variables or web UI Automatic configuration with container labels Docker Swarm support Fooling automated tools/scanners : https://raw.githubusercontent.com/bunkerity/bunkerized-nginx/master/demo.gif Links : GitHub repository Quickstart guide Examples Settings
