# List of environment variables for bunkerized-nginx. # Manual : https://bunkerized-nginx.readthedocs.io/en/latest/ # Antibot #USE_ANTIBOT=no #ANTIBOT_URI=/challenge #ANTIBOT_SESSION_SECRET=random #ANTIBOT_RECAPTCHA_SITEKEY= #ANTIBOT_RECAPTCHA_SECRET= #ANTIBOT_RECAPTCHA_SCORE=0.7 # Authelia #USE_AUTHELIA=no #AUTHELIA_BACKEND= #AUTHELIA_UPSTREAM= #AUTHELIA_MODE=portal # Basic auth #USE_AUTH_BASIC=no #AUTH_BASIC_LOCATION=sitewide #AUTH_BASIC_USER=changeme #AUTH_BASIC_PASSWORD=changeme #AUTH_BASIC_TEXT=Restricted area # Blacklist #USE_BLACKLIST_IP=yes #BLACKLIST_IP_LIST= #USE_BLACKLIST_REVERSE=yes #BLACKLIST_REVERSE_LIST=.shodan.io #BLACKLIST_COUNTRY= # Block #BLOCK_USER_AGENT=yes #BLOCK_TOR_EXIT_NODE=yes #BLOCK_PROXIES=yes #BLOCK_ABUSERS=yes #BLOCK_REFERRER=yes # Cache #USE_CLIENT_CACHE=no #CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2 #CLIENT_CACHE_CONTROL=public, max-age=15552000 #CLIENT_CACHE_ETAG=on #USE_OPEN_FILE_CACHE=no #OPEN_FILE_CACHE=max=1000 inactive=20s #OPEN_FILE_CACHE_ERRORS=on #OPEN_FILE_CACHE_MIN_USES=2 #OPEN_FILE_CACHE_VALID=30s #USE_PROXY_CACHE=no #PROXY_CACHE_PATH_ZONE_SIZE=10m #PROXY_CACHE_PATH_PARAMS=max_size=100m #PROXY_CACHE_METHODS=GET HEAD #PROXY_CACHE_MIN_USES=2 #PROXY_CACHE_KEY=\$scheme\$host\$request_uri #PROXY_CACHE_VALID=200=10m 301=10m 302=1h #PROXY_NO_CACHE=\$http_authorization #PROXY_CACHE_BYPASS=\$http_authorization # Compression #USE_GZIP=no #GZIP_COMP_LEVEL=5 #GZIP_MIN_LENGTH=1000 #GZIP_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml #USE_BROTLI=no #BROTLI_COMP_LEVEL=6 #BROTLI_MIN_LENGTH=1000 #BROTLI_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml # DNSBL #USE_DNSBL=yes #DNSBL_LIST=bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org # HTTPS #AUTO_LETS_ENCRYPT=no #EMAIL_LETS_ENCRYPT= #USE_LETS_ENCRYPT_STAGING=no #REDIRECT_HTTP_TO_HTTPS=no #HTTP2=yes #HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3 #LISTEN_HTTP=yes #USE_CUSTOM_HTTPS=no #CUSTOM_HTTPS_CERT= #CUSTOM_HTTPS_KEY= #GENERATE_SELF_SIGNED_SSL=no #SELF_SIGNED_SSL_EXPIRY=365 #SELF_SIGNED_SSL_COUNTRY=CH #SELF_SIGNED_SSL_STATE=Switzerland #SELF_SIGNED_SSL_CITY=Bern #SELF_SIGNED_SSL_OU=IT #SELF_SIGNED_SSL_ORG=Acme Inc #SELF_SIGNED_SSL_CN=bunkerized # Headers #X_FRAME_OPTIONS=DENY #X_XSS_PROTECTION=1; mode=block #X_CONTENT_TYPE_OPTIONS=nosniff #REFERRER_POLICY=no-referrer #FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vibrate 'none'; vr 'none' #PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), sync-xhr=(), usb=(), vibrate=(), vr=() #COOKIE_FLAGS=* HttpOnly SameSite=Lax #COOKIE_AUTO_SECURE_FLAG=yes #STRICT_TRANSPORT_SECURITY=max-age=31536000 #CONTENT_SECURITY_POLICY=object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; # Info leak #REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version #DISABLE_DEFAULT_SERVER=no #ERRORS= # Limit conn #USE_LIMIT_CONN=yes #LIMIT_CONN_MAX=50 #LIMIT_CONN_CACHE=10m # Limit req #USE_LIMIT_REQ=yes #LIMIT_REQ_RATE=1r/s #LIMIT_REQ_BURST=2 #LIMIT_REQ_CACHE=10m # Misc #SERVER_NAME=www.example.com #MAX_CLIENT_SIZE=10m #ALLOWED_METHODS=GET|POST|HEAD #SERVE_FILES=yes #INJECT_BODY= #REDIRECT_TO= #REDIRECT_TO_REQUEST_URI=no # ModSecurity #USE_MODSECURITY=yes #USE_MODSECURITY_CRS=yes #MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly # PHP #REMOTE_PHP= #REMOTE_PHP_PATH=/app #LOCAL_PHP= #LOCAL_PHP_PATH=/app # Reverse proxy #USE_REVERSE_PROXY=no #REVERSE_PROXY_URL= #REVERSE_PROXY_HOST= #REVERSE_PROXY_WS=no #REVERSE_PROXY_HEADERS= #PROXY_REAL_IP=no #PROXY_REAL_IP_FROM=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 #PROXY_REAL_IP_HEADER=X-Forwarded-For #PROXY_REAL_IP_RECURSIVE=on # Bad behavior #USE_BAD_BEHAVIOR=yes #BAD_BEHAVIOR_BAN_TIME=86400 #BAD_BEHAVIOR_COUNT_TIME=60 #BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444 #BAD_BEHAVIOR_THRESHOLD=10 # Internal #USE_API=no #API_WHITELIST_IP=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 #API_URI=random #SWARM_MODE=no #KUBERNETES_MODE=no #USE_REDIS=no #REDIS_HOST= # nginx #MULTISITE=no #DNS_RESOLVERS=127.0.0.11 #LOG_FORMAT=$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" #LOG_LEVEL=info #ROOT_FOLDER=/opt/bunkerized-nginx/www #ROOT_SITE_SUBFOLDER= #SERVER_TOKENS=off #HTTP_PORT=8080 #HTTPS_PORT=8443 #WORKER_RLIMIT_NOFILE=2048 #WORKER_CONNECTIONS=1024 #WORKER_PROCESSES=auto # Whitelist #USE_WHITELIST_IP=yes #WHITELIST_IP_LIST=23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8 #USE_WHITELIST_REVERSE=yes #WHITELIST_REVERSE_LIST=.googlebot.com .google.com .search.msn.com .crawl.yahoo.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net #WHITELIST_COUNTRY= #WHITELIST_USER_AGENT= #WHITELIST_URI=