Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
bunkerweb/1.4/settings/index.html

2386 lines
59 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Make your web services secure by default.">
<link rel="canonical" href="https://docs.bunkerweb.io/1.4/settings/">
<link rel="icon" href="../assets/favicon.png">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.2.5">
<title>Settings - BunkerWeb</title>
<link rel="stylesheet" href="../assets/stylesheets/main.2d9f7617.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.e6a45f82.min.css">
<script
async
defer
data-domain="docs.bunkerweb.io"
src="https://data.bunkerity.com/js/script.js"
></script>
<link rel="stylesheet" href="../assets/extra.css">
<script>__md_scope=new URL("..",location),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#settings" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
<aside class="md-banner">
<div class="md-banner__inner md-grid md-typeset">
📢 Looking for tailored support, consulting or
development for BunkerWeb ? Contact us at
<a
href="mailto:contact@bunkerity.com"
style="color: #3f6ec6; text-decoration: underline"
>contact@bunkerity.com</a
>
for enterprise offers !
</div>
</aside>
</div>
<div data-md-component="outdated" hidden>
<aside class="md-banner md-banner--warning">
<div class="md-banner__inner md-grid md-typeset">
You're not viewing the
documentation for the current version.
<a href="../.."><strong>Click here to change.</strong></a>
</div>
<script>var el=document.querySelector("[data-md-component=outdated]"),outdated=__md_get("__outdated",sessionStorage);!0===outdated&&el&&(el.hidden=!1)</script>
</aside>
</div>
<header class="md-header md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="BunkerWeb" class="md-header__button md-logo" aria-label="BunkerWeb" data-md-component="logo">
<img src="../assets/logo.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
BunkerWeb
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Settings
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/bunkerity/bunkerweb/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-tabs__inner md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href=".." class="md-tabs__link">
Introduction
</a>
</li>
<li class="md-tabs__item">
<a href="../migrating/" class="md-tabs__link">
Migrating from bunkerized
</a>
</li>
<li class="md-tabs__item">
<a href="../concepts/" class="md-tabs__link">
Concepts
</a>
</li>
<li class="md-tabs__item">
<a href="../integrations/" class="md-tabs__link">
Integrations
</a>
</li>
<li class="md-tabs__item">
<a href="../quickstart-guide/" class="md-tabs__link">
Quickstart guide
</a>
</li>
<li class="md-tabs__item">
<a href="../security-tuning/" class="md-tabs__link">
Security tuning
</a>
</li>
<li class="md-tabs__item">
<a href="./" class="md-tabs__link md-tabs__link--active">
Settings
</a>
</li>
<li class="md-tabs__item">
<a href="../web-ui/" class="md-tabs__link">
Web UI
</a>
</li>
<li class="md-tabs__item">
<a href="../troubleshooting/" class="md-tabs__link">
Troubleshooting
</a>
</li>
<li class="md-tabs__item">
<a href="../plugins/" class="md-tabs__link">
Plugins
</a>
</li>
<li class="md-tabs__item">
<a href="../about/" class="md-tabs__link">
About
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted md-nav--integrated" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="BunkerWeb" class="md-nav__button md-logo" aria-label="BunkerWeb" data-md-component="logo">
<img src="../assets/logo.png" alt="logo">
</a>
BunkerWeb
</label>
<div class="md-nav__source">
<a href="https://github.com/bunkerity/bunkerweb/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
GitHub
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="../migrating/" class="md-nav__link">
Migrating from bunkerized
</a>
</li>
<li class="md-nav__item">
<a href="../concepts/" class="md-nav__link">
Concepts
</a>
</li>
<li class="md-nav__item">
<a href="../integrations/" class="md-nav__link">
Integrations
</a>
</li>
<li class="md-nav__item">
<a href="../quickstart-guide/" class="md-nav__link">
Quickstart guide
</a>
</li>
<li class="md-nav__item">
<a href="../security-tuning/" class="md-nav__link">
Security tuning
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Settings
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
Settings
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#global-settings" class="md-nav__link">
Global settings
</a>
</li>
<li class="md-nav__item">
<a href="#core-settings" class="md-nav__link">
Core settings
</a>
<nav class="md-nav" aria-label="Core settings">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#antibot" class="md-nav__link">
Antibot
</a>
</li>
<li class="md-nav__item">
<a href="#auth-basic" class="md-nav__link">
Auth basic
</a>
</li>
<li class="md-nav__item">
<a href="#bad-behavior" class="md-nav__link">
Bad behavior
</a>
</li>
<li class="md-nav__item">
<a href="#blacklist" class="md-nav__link">
Blacklist
</a>
</li>
<li class="md-nav__item">
<a href="#brotli" class="md-nav__link">
Brotli
</a>
</li>
<li class="md-nav__item">
<a href="#bunkernet" class="md-nav__link">
BunkerNet
</a>
</li>
<li class="md-nav__item">
<a href="#client-cache" class="md-nav__link">
Client cache
</a>
</li>
<li class="md-nav__item">
<a href="#country" class="md-nav__link">
Country
</a>
</li>
<li class="md-nav__item">
<a href="#custom-https-certificate" class="md-nav__link">
Custom HTTPS certificate
</a>
</li>
<li class="md-nav__item">
<a href="#dnsbl" class="md-nav__link">
DNSBL
</a>
</li>
<li class="md-nav__item">
<a href="#errors" class="md-nav__link">
Errors
</a>
</li>
<li class="md-nav__item">
<a href="#gzip" class="md-nav__link">
Gzip
</a>
</li>
<li class="md-nav__item">
<a href="#html-injection" class="md-nav__link">
HTML injection
</a>
</li>
<li class="md-nav__item">
<a href="#headers" class="md-nav__link">
Headers
</a>
</li>
<li class="md-nav__item">
<a href="#lets-encrypt" class="md-nav__link">
Let's Encrypt
</a>
</li>
<li class="md-nav__item">
<a href="#limit" class="md-nav__link">
Limit
</a>
</li>
<li class="md-nav__item">
<a href="#miscellaneous" class="md-nav__link">
Miscellaneous
</a>
</li>
<li class="md-nav__item">
<a href="#modsecurity" class="md-nav__link">
ModSecurity
</a>
</li>
<li class="md-nav__item">
<a href="#php" class="md-nav__link">
PHP
</a>
</li>
<li class="md-nav__item">
<a href="#real-ip" class="md-nav__link">
Real IP
</a>
</li>
<li class="md-nav__item">
<a href="#redirect" class="md-nav__link">
Redirect
</a>
</li>
<li class="md-nav__item">
<a href="#reverse-proxy" class="md-nav__link">
Reverse proxy
</a>
</li>
<li class="md-nav__item">
<a href="#self-signed-certificate" class="md-nav__link">
Self-signed certificate
</a>
</li>
<li class="md-nav__item">
<a href="#ui" class="md-nav__link">
UI
</a>
</li>
<li class="md-nav__item">
<a href="#whitelist" class="md-nav__link">
Whitelist
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../web-ui/" class="md-nav__link">
Web UI
</a>
</li>
<li class="md-nav__item">
<a href="../troubleshooting/" class="md-nav__link">
Troubleshooting
</a>
</li>
<li class="md-nav__item">
<a href="../plugins/" class="md-nav__link">
Plugins
</a>
</li>
<li class="md-nav__item">
<a href="../about/" class="md-nav__link">
About
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/bunkerity/bunkerweb/edit/master/docs/settings.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
</a>
<h1 id="settings">Settings</h1>
<div class="admonition info">
<p class="admonition-title">Settings generator tool</p>
<p>To help you tuning BunkerWeb we have made an easy to use settings generator tool available at <a href="https://config.bunkerweb.io">config.bunkerweb.io</a>.</p>
</div>
<p>This section contains the full list of settings supported by BunkerWeb. If you are not familiar with BunkerWeb, you should first read the <a href="/concepts">concepts</a> section of the documentation. Please follow the instructions for your own <a href="/integrations">integration</a> on how to apply the settings.</p>
<p>As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server you will need to add the primary (first) server name as a prefix like <code>www.example.com_USE_ANTIBOT=captcha</code> or <code>myapp.example.com_USE_GZIP=yes</code> for example.</p>
<p>When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like <code>REVERSE_PROXY_URL_1=/subdir</code>, <code>REVERSE_PROXY_HOST_1=http://myhost1</code>, <code>REVERSE_PROXY_URL_2=/anotherdir</code>, <code>REVERSE_PROXY_HOST_2=http://myhost2</code>, ... for example.</p>
<h2 id="global-settings">Global settings</h2>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TEMP_NGINX</code></td>
<td><code>no</code></td>
<td>global</td>
<td>no</td>
<td>internal-use</td>
</tr>
<tr>
<td><code>NGINX_PREFIX</code></td>
<td><code>/etc/nginx/</code></td>
<td>global</td>
<td>no</td>
<td>Where nginx will search for configurations.</td>
</tr>
<tr>
<td><code>HTTP_PORT</code></td>
<td><code>8080</code></td>
<td>global</td>
<td>no</td>
<td>HTTP port number which bunkerweb binds to.</td>
</tr>
<tr>
<td><code>HTTPS_PORT</code></td>
<td><code>8443</code></td>
<td>global</td>
<td>no</td>
<td>HTTPS port number which bunkerweb binds to.</td>
</tr>
<tr>
<td><code>MULTISITE</code></td>
<td><code>no</code></td>
<td>global</td>
<td>no</td>
<td>Multi site activation.</td>
</tr>
<tr>
<td><code>SERVER_NAME</code></td>
<td><code>www.example.com</code></td>
<td>multisite</td>
<td>no</td>
<td>List of the virtual hosts served by bunkerweb.</td>
</tr>
<tr>
<td><code>WORKER_PROCESSES</code></td>
<td><code>auto</code></td>
<td>global</td>
<td>no</td>
<td>Number of worker processes.</td>
</tr>
<tr>
<td><code>WORKER_RLIMIT_NOFILE</code></td>
<td><code>2048</code></td>
<td>global</td>
<td>no</td>
<td>Maximum number of open files for worker processes.</td>
</tr>
<tr>
<td><code>WORKER_CONNECTIONS</code></td>
<td><code>1024</code></td>
<td>global</td>
<td>no</td>
<td>Maximum number of connections per worker.</td>
</tr>
<tr>
<td><code>LOG_FORMAT</code></td>
<td><code>$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"</code></td>
<td>global</td>
<td>no</td>
<td>The format to use for access logs.</td>
</tr>
<tr>
<td><code>LOG_LEVEL</code></td>
<td><code>notice</code></td>
<td>global</td>
<td>no</td>
<td>The level to use for error logs.</td>
</tr>
<tr>
<td><code>DNS_RESOLVERS</code></td>
<td><code>127.0.0.11</code></td>
<td>global</td>
<td>no</td>
<td>DNS addresses of resolvers to use.</td>
</tr>
<tr>
<td><code>DATASTORE_MEMORY_SIZE</code></td>
<td><code>256m</code></td>
<td>global</td>
<td>no</td>
<td>Size of the internal datastore.</td>
</tr>
<tr>
<td><code>USE_API</code></td>
<td><code>yes</code></td>
<td>global</td>
<td>no</td>
<td>Activate the API to control BunkerWeb.</td>
</tr>
<tr>
<td><code>API_HTTP_PORT</code></td>
<td><code>5000</code></td>
<td>global</td>
<td>no</td>
<td>Listen port number for the API.</td>
</tr>
<tr>
<td><code>API_SERVER_NAME</code></td>
<td><code>bwapi</code></td>
<td>global</td>
<td>no</td>
<td>Server name (virtual host) for the API.</td>
</tr>
<tr>
<td><code>API_WHITELIST_IP</code></td>
<td><code>127.0.0.0/8</code></td>
<td>global</td>
<td>no</td>
<td>List of IP/network allowed to contact the API.</td>
</tr>
<tr>
<td><code>AUTOCONF_MODE</code></td>
<td><code>no</code></td>
<td>global</td>
<td>no</td>
<td>Enable Autoconf Docker integration.</td>
</tr>
<tr>
<td><code>SWARM_MODE</code></td>
<td><code>no</code></td>
<td>global</td>
<td>no</td>
<td>Enable Docker Swarm integration.</td>
</tr>
<tr>
<td><code>KUBERNETES_MODE</code></td>
<td><code>no</code></td>
<td>global</td>
<td>no</td>
<td>Enable Kubernetes integration.</td>
</tr>
</tbody>
</table>
<h2 id="core-settings">Core settings</h2>
<h3 id="antibot">Antibot</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_ANTIBOT</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate antibot feature.</td>
</tr>
<tr>
<td><code>ANTIBOT_URI</code></td>
<td><code>/challenge</code></td>
<td>multisite</td>
<td>no</td>
<td>Unused URI that clients will be redirected to solve the challenge.</td>
</tr>
<tr>
<td><code>ANTIBOT_SESSION_SECRET</code></td>
<td><code>random</code></td>
<td>global</td>
<td>no</td>
<td>Secret used to encrypt sessions variables for storing data related to challenges.</td>
</tr>
<tr>
<td><code>ANTIBOT_SESSION_NAME</code></td>
<td><code>random</code></td>
<td>global</td>
<td>no</td>
<td>Name of the cookie used by the antibot feature.</td>
</tr>
<tr>
<td><code>ANTIBOT_RECAPTCHA_SCORE</code></td>
<td><code>0.7</code></td>
<td>multisite</td>
<td>no</td>
<td>Minimum score required for reCAPTCHA challenge.</td>
</tr>
<tr>
<td><code>ANTIBOT_RECAPTCHA_SITEKEY</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Sitekey for reCAPTCHA challenge.</td>
</tr>
<tr>
<td><code>ANTIBOT_RECAPTCHA_SECRET</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Secret for reCAPTCHA challenge.</td>
</tr>
<tr>
<td><code>ANTIBOT_HCAPTCHA_SITEKEY</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Sitekey for hCaptcha challenge.</td>
</tr>
<tr>
<td><code>ANTIBOT_HCAPTCHA_SECRET</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Secret for hCaptcha challenge.</td>
</tr>
</tbody>
</table>
<h3 id="auth-basic">Auth basic</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_AUTH_BASIC</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Use HTTP basic auth</td>
</tr>
<tr>
<td><code>AUTH_BASIC_LOCATION</code></td>
<td><code>sitewide</code></td>
<td>multisite</td>
<td>no</td>
<td>URL of the protected resource or sitewide value.</td>
</tr>
<tr>
<td><code>AUTH_BASIC_USER</code></td>
<td><code>changeme</code></td>
<td>multisite</td>
<td>no</td>
<td>Username</td>
</tr>
<tr>
<td><code>AUTH_BASIC_PASSWORD</code></td>
<td><code>changeme</code></td>
<td>multisite</td>
<td>no</td>
<td>Password</td>
</tr>
<tr>
<td><code>AUTH_BASIC_TEXT</code></td>
<td><code>Restricted area</code></td>
<td>multisite</td>
<td>no</td>
<td>Text to display</td>
</tr>
</tbody>
</table>
<h3 id="bad-behavior">Bad behavior</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_BAD_BEHAVIOR</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate Bad behavior feature.</td>
</tr>
<tr>
<td><code>BAD_BEHAVIOR_STATUS_CODES</code></td>
<td><code>400 401 403 404 405 429 444</code></td>
<td>multisite</td>
<td>no</td>
<td>List of HTTP status codes considered as 'bad'.</td>
</tr>
<tr>
<td><code>BAD_BEHAVIOR_BAN_TIME</code></td>
<td><code>86400</code></td>
<td>multisite</td>
<td>no</td>
<td>The duration time (in seconds) of a ban when the corresponding IP has reached the threshold.</td>
</tr>
<tr>
<td><code>BAD_BEHAVIOR_THRESHOLD</code></td>
<td><code>10</code></td>
<td>multisite</td>
<td>no</td>
<td>Maximum number of 'bad' HTTP status codes within the period of time before IP is banned.</td>
</tr>
<tr>
<td><code>BAD_BEHAVIOR_COUNT_TIME</code></td>
<td><code>60</code></td>
<td>multisite</td>
<td>no</td>
<td>Period of time where we count 'bad' HTTP status codes.</td>
</tr>
</tbody>
</table>
<h3 id="blacklist">Blacklist</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_BLACKLIST</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate blacklist feature.</td>
</tr>
<tr>
<td><code>BLACKLIST_IP_URLS</code></td>
<td><code>https://www.dan.me.uk/torlist/?exit</code></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing bad IP/network to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_IP</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of IP/network, separated with spaces, to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_RDNS</code></td>
<td><code>.shodan.io .censys.io</code></td>
<td>multisite</td>
<td>no</td>
<td>List of reverse DNS suffixes, separated with spaces, to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_RDNS_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing reverse DNS suffixes to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_RDNS_GLOBAL</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Only perform RDNS blacklist checks on global IP addresses.</td>
</tr>
<tr>
<td><code>BLACKLIST_ASN</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of ASN numbers, separated with spaces, to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_ASN_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing ASN to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_USER_AGENT</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of User-Agent, separated with spaces, to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_USER_AGENT_URLS</code></td>
<td><code>https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list</code></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing bad User-Agent to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_URI</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of URI, separated with spaces, to block.</td>
</tr>
<tr>
<td><code>BLACKLIST_URI_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing bad URI to block.</td>
</tr>
</tbody>
</table>
<h3 id="brotli">Brotli</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_BROTLI</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Use brotli</td>
</tr>
<tr>
<td><code>BROTLI_TYPES</code></td>
<td><code>application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml</code></td>
<td>multisite</td>
<td>no</td>
<td>List of MIME types that will be compressed with brotli.</td>
</tr>
<tr>
<td><code>BROTLI_MIN_LENGTH</code></td>
<td><code>1000</code></td>
<td>multisite</td>
<td>no</td>
<td>Minimum length for brotli compression.</td>
</tr>
<tr>
<td><code>BROTLI_COMP_LEVEL</code></td>
<td><code>6</code></td>
<td>multisite</td>
<td>no</td>
<td>The compression level of the brotli algorithm.</td>
</tr>
</tbody>
</table>
<h3 id="bunkernet">BunkerNet</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_BUNKERNET</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate BunkerNet feature.</td>
</tr>
<tr>
<td><code>BUNKERNET_SERVER</code></td>
<td><code>https://api.bunkerweb.io</code></td>
<td>global</td>
<td>no</td>
<td>Address of the BunkerNet API.</td>
</tr>
</tbody>
</table>
<h3 id="client-cache">Client cache</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_CLIENT_CACHE</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Tell client to store locally static files.</td>
</tr>
<tr>
<td><code>CLIENT_CACHE_EXTENSIONS</code></td>
<td><code>jpg\|jpeg\|png\|bmp\|ico\|svg\|tif\|css\|js\|otf\|ttf\|eot\|woff\|woff2</code></td>
<td>global</td>
<td>no</td>
<td>List of file extensions that should be cached.</td>
</tr>
<tr>
<td><code>CLIENT_CACHE_ETAG</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Send the HTTP ETag header for static resources.</td>
</tr>
<tr>
<td><code>CLIENT_CACHE_CONTROL</code></td>
<td><code>public, max-age=15552000</code></td>
<td>multisite</td>
<td>no</td>
<td>Value of the Cache-Control HTTP header.</td>
</tr>
</tbody>
</table>
<h3 id="country">Country</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>BLACKLIST_COUNTRY</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Deny access if the country of the client is in the list (2 letters code).</td>
</tr>
<tr>
<td><code>WHITELIST_COUNTRY</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Deny access if the country of the client is not in the list (2 letters code).</td>
</tr>
</tbody>
</table>
<h3 id="custom-https-certificate">Custom HTTPS certificate</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_CUSTOM_HTTPS</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Use custom HTTPS certificate.</td>
</tr>
<tr>
<td><code>CUSTOM_HTTPS_CERT</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Full path of the certificate or bundle file.</td>
</tr>
<tr>
<td><code>CUSTOM_HTTPS_KEY</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Full path of the key file.</td>
</tr>
</tbody>
</table>
<h3 id="dnsbl">DNSBL</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_DNSBL</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate DNSBL feature.</td>
</tr>
<tr>
<td><code>DNSBL_LIST</code></td>
<td><code>bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org</code></td>
<td>global</td>
<td>no</td>
<td>List of DNSBL servers.</td>
</tr>
</tbody>
</table>
<h3 id="errors">Errors</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>ERRORS</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of HTTP error code and corresponding error pages (404=/my404.html 403=/errors/403.html ...).</td>
</tr>
</tbody>
</table>
<h3 id="gzip">Gzip</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_GZIP</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Use gzip</td>
</tr>
<tr>
<td><code>GZIP_TYPES</code></td>
<td><code>application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml</code></td>
<td>multisite</td>
<td>no</td>
<td>List of MIME types that will be compressed with gzip.</td>
</tr>
<tr>
<td><code>GZIP_MIN_LENGTH</code></td>
<td><code>1000</code></td>
<td>multisite</td>
<td>no</td>
<td>Minimum length for gzip compression.</td>
</tr>
<tr>
<td><code>GZIP_COMP_LEVEL</code></td>
<td><code>5</code></td>
<td>multisite</td>
<td>no</td>
<td>The compression level of the gzip algorithm.</td>
</tr>
</tbody>
</table>
<h3 id="html-injection">HTML injection</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>INJECT_BODY</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>The HTML code to inject.</td>
</tr>
</tbody>
</table>
<h3 id="headers">Headers</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>CUSTOM_HEADER</code></td>
<td></td>
<td>multisite</td>
<td>yes</td>
<td>Custom header to add (HeaderName: HeaderValue).</td>
</tr>
<tr>
<td><code>REMOVE_HEADERS</code></td>
<td><code>Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version</code></td>
<td>multisite</td>
<td>no</td>
<td>Headers to remove (Header1 Header2 Header3 ...)</td>
</tr>
<tr>
<td><code>STRICT_TRANSPORT_SECURITY</code></td>
<td><code>max-age=31536000</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the Strict-Transport-Security header.</td>
</tr>
<tr>
<td><code>COOKIE_FLAGS</code></td>
<td><code>* HttpOnly SameSite=Lax</code></td>
<td>multisite</td>
<td>no</td>
<td>Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).</td>
</tr>
<tr>
<td><code>COOKIE_AUTO_SECURE_FLAG</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Automatically add the Secure flag to all cookies.</td>
</tr>
<tr>
<td><code>CONTENT_SECURITY_POLICY</code></td>
<td><code>object-src 'none'; form-action 'self'; frame-ancestors 'self';</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the Content-Security-Policy header.</td>
</tr>
<tr>
<td><code>REFERRER_POLICY</code></td>
<td><code>strict-origin-when-cross-origin</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the Referrer-Policy header.</td>
</tr>
<tr>
<td><code>PERMISSIONS_POLICY</code></td>
<td><code>accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the Permissions-Policy header.</td>
</tr>
<tr>
<td><code>FEATURE_POLICY</code></td>
<td><code>accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the Feature-Policy header.</td>
</tr>
<tr>
<td><code>X_FRAME_OPTIONS</code></td>
<td><code>SAMEORIGIN</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the X-Frame-Options header.</td>
</tr>
<tr>
<td><code>X_CONTENT_TYPE_OPTIONS</code></td>
<td><code>nosniff</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the X-Content-Type-Options header.</td>
</tr>
<tr>
<td><code>X_XSS_PROTECTION</code></td>
<td><code>1; mode=block</code></td>
<td>multisite</td>
<td>no</td>
<td>Value for the X-XSS-Protection header.</td>
</tr>
</tbody>
</table>
<h3 id="lets-encrypt">Let's Encrypt</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>AUTO_LETS_ENCRYPT</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate automatic Let's Encrypt mode.</td>
</tr>
<tr>
<td><code>EMAIL_LETS_ENCRYPT</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Email used for Let's Encrypt notification and in certificate.</td>
</tr>
<tr>
<td><code>USE_LETS_ENCRYPT_STAGING</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Use the staging environment for Lets Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.</td>
</tr>
</tbody>
</table>
<h3 id="limit">Limit</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_LIMIT_REQ</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate limit requests feature.</td>
</tr>
<tr>
<td><code>LIMIT_REQ_URL</code></td>
<td><code>/</code></td>
<td>multisite</td>
<td>yes</td>
<td>URL where the limit request will be applied.</td>
</tr>
<tr>
<td><code>LIMIT_REQ_RATE</code></td>
<td><code>2r/s</code></td>
<td>multisite</td>
<td>yes</td>
<td>Rate to apply to the URL (s for second, m for minute, h for hour and d for day).</td>
</tr>
<tr>
<td><code>USE_LIMIT_CONN</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate limit connections feature.</td>
</tr>
<tr>
<td><code>LIMIT_CONN_MAX_HTTP1</code></td>
<td><code>10</code></td>
<td>multisite</td>
<td>no</td>
<td>Maximum number of connections per IP when using HTTP/1.X protocol.</td>
</tr>
<tr>
<td><code>LIMIT_CONN_MAX_HTTP2</code></td>
<td><code>100</code></td>
<td>multisite</td>
<td>no</td>
<td>Maximum number of streams per IP when using HTTP/2 protocol.</td>
</tr>
</tbody>
</table>
<h3 id="miscellaneous">Miscellaneous</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>DISABLE_DEFAULT_SERVER</code></td>
<td><code>no</code></td>
<td>global</td>
<td>no</td>
<td>Close connection if the request vhost is unknown.</td>
</tr>
<tr>
<td><code>REDIRECT_HTTP_TO_HTTPS</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Redirect all HTTP request to HTTPS.</td>
</tr>
<tr>
<td><code>AUTO_REDIRECT_HTTP_TO_HTTPS</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.</td>
</tr>
<tr>
<td><code>ALLOWED_METHODS</code></td>
<td><code>GET\|POST\|HEAD</code></td>
<td>multisite</td>
<td>no</td>
<td>Allowed HTTP methods to be sent by clients.</td>
</tr>
<tr>
<td><code>MAX_CLIENT_SIZE</code></td>
<td><code>10m</code></td>
<td>multisite</td>
<td>no</td>
<td>Maximum body size (0 for infinite).</td>
</tr>
<tr>
<td><code>SERVE_FILES</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Serve files from the local folder.</td>
</tr>
<tr>
<td><code>ROOT_FOLDER</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Root folder containing files to serve (/opt/bunkerweb/www/{server_name} if unset).</td>
</tr>
<tr>
<td><code>HTTPS_PROTOCOLS</code></td>
<td><code>TLSv1.2 TLSv1.3</code></td>
<td>multisite</td>
<td>no</td>
<td>The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.</td>
</tr>
<tr>
<td><code>HTTP2</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Support HTTP2 protocol when HTTPS is enabled.</td>
</tr>
<tr>
<td><code>LISTEN_HTTP</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Respond to (insecure) HTTP requests.</td>
</tr>
<tr>
<td><code>USE_OPEN_FILE_CACHE</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable open file cache feature</td>
</tr>
<tr>
<td><code>OPEN_FILE_CACHE</code></td>
<td><code>max=1000 inactive=20s</code></td>
<td>multisite</td>
<td>no</td>
<td>Open file cache directive</td>
</tr>
<tr>
<td><code>OPEN_FILE_CACHE_ERRORS</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable open file cache for errors</td>
</tr>
<tr>
<td><code>OPEN_FILE_CACHE_MIN_USES</code></td>
<td><code>2</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable open file cache minimum uses</td>
</tr>
<tr>
<td><code>OPEN_FILE_CACHE_VALID</code></td>
<td><code>30s</code></td>
<td>multisite</td>
<td>no</td>
<td>Open file cache valid time</td>
</tr>
</tbody>
</table>
<h3 id="modsecurity">ModSecurity</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_MODSECURITY</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable ModSecurity WAF.</td>
</tr>
<tr>
<td><code>USE_MODSECURITY_CRS</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable OWASP Core Rule Set.</td>
</tr>
<tr>
<td><code>MODSECURITY_SEC_AUDIT_ENGINE</code></td>
<td><code>RelevantOnly</code></td>
<td>multisite</td>
<td>no</td>
<td>SecAuditEngine directive of ModSecurity.</td>
</tr>
</tbody>
</table>
<h3 id="php">PHP</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>REMOTE_PHP</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Hostname of the remote PHP-FPM instance.</td>
</tr>
<tr>
<td><code>REMOTE_PHP_PATH</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Root folder containing files in the remote PHP-FPM instance.</td>
</tr>
<tr>
<td><code>LOCAL_PHP</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Path to the PHP-FPM socket file.</td>
</tr>
<tr>
<td><code>LOCAL_PHP_PATH</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Root folder containing files in the local PHP-FPM instance.</td>
</tr>
</tbody>
</table>
<h3 id="real-ip">Real IP</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_REAL_IP</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Retrieve the real IP of client.</td>
</tr>
<tr>
<td><code>USE_PROXY_PROTOCOL</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable PROXY protocol communication.</td>
</tr>
<tr>
<td><code>REAL_IP_FROM</code></td>
<td><code>192.168.0.0/16 172.16.0.0/12 10.0.0.0/8</code></td>
<td>multisite</td>
<td>no</td>
<td>List of trusted IPs / networks where proxied requests come from.</td>
</tr>
<tr>
<td><code>REAL_IP_FROM_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs containing trusted IPs / networks where proxied requests come from.</td>
</tr>
<tr>
<td><code>REAL_IP_HEADER</code></td>
<td><code>X-Forwarded-For</code></td>
<td>multisite</td>
<td>no</td>
<td>HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.</td>
</tr>
<tr>
<td><code>REAL_IP_RECURSIVE</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Perform a recursive search in the header container IP address.</td>
</tr>
</tbody>
</table>
<h3 id="redirect">Redirect</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>REDIRECT_TO</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>Redirect a whole site to another one.</td>
</tr>
<tr>
<td><code>REDIRECT_TO_REQUEST_URI</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Append the requested URI to the redirect address.</td>
</tr>
</tbody>
</table>
<h3 id="reverse-proxy">Reverse proxy</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_REVERSE_PROXY</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate reverse proxy mode.</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_INTERCEPT_ERRORS</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Intercept and rewrite errors.</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_HOST</code></td>
<td></td>
<td>multisite</td>
<td>yes</td>
<td>Full URL of the proxied resource (proxy_pass).</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_URL</code></td>
<td></td>
<td>multisite</td>
<td>yes</td>
<td>Location URL that will be proxied.</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_WS</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>yes</td>
<td>Enable websocket on the proxied resource.</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_HEADERS</code></td>
<td></td>
<td>multisite</td>
<td>yes</td>
<td>List of HTTP headers to send to proxied resource.</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_BUFFERING</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>yes</td>
<td>Enable or disable buffering of responses from proxied resource.</td>
</tr>
<tr>
<td><code>REVERSE_PROXY_KEEPALIVE</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>yes</td>
<td>Enable or disable keepalive connections with the proxied resource.</td>
</tr>
<tr>
<td><code>USE_PROXY_CACHE</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Enable or disable caching of the proxied resources.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_PATH_LEVELS</code></td>
<td><code>1:2</code></td>
<td>global</td>
<td>no</td>
<td>Hierarchy levels of the cache.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_PATH_ZONE_SIZE</code></td>
<td><code>10m</code></td>
<td>global</td>
<td>no</td>
<td>Maximum size of cached metadata when caching proxied resources.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_PATH_PARAMS</code></td>
<td><code>max_size=100m</code></td>
<td>global</td>
<td>no</td>
<td>Additional parameters to add to the proxy_cache directive.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_METHODS</code></td>
<td><code>GET HEAD</code></td>
<td>multisite</td>
<td>no</td>
<td>HTTP methods that should trigger a cache operation.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_MIN_USES</code></td>
<td><code>2</code></td>
<td>multisite</td>
<td>no</td>
<td>The minimimum number of requests before a response is cached.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_KEY</code></td>
<td><code>$scheme$host$request_uri</code></td>
<td>multisite</td>
<td>no</td>
<td>The key used to uniquely identify a cached response.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_VALID</code></td>
<td><code>200=24h 301=1h 302=24h</code></td>
<td>multisite</td>
<td>no</td>
<td>Define the caching time dependending on the HTTP status code (list of status=time).</td>
</tr>
<tr>
<td><code>PROXY_NO_CACHE</code></td>
<td><code>$http_pragma $http_authorization</code></td>
<td>multisite</td>
<td>no</td>
<td>Conditions to disable caching of responses.</td>
</tr>
<tr>
<td><code>PROXY_CACHE_BYPASS</code></td>
<td><code>0</code></td>
<td>multisite</td>
<td>no</td>
<td>Conditions to bypass caching of responses.</td>
</tr>
</tbody>
</table>
<h3 id="self-signed-certificate">Self-signed certificate</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GENERATE_SELF_SIGNED_SSL</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Generate and use self-signed certificate.</td>
</tr>
<tr>
<td><code>SELF_SIGNED_SSL_EXPIRY</code></td>
<td><code>365</code></td>
<td>multisite</td>
<td>no</td>
<td>Self-signed certificate expiry.</td>
</tr>
<tr>
<td><code>SELF_SIGNED_SSL_SUBJ</code></td>
<td><code>/CN=www.example.com/</code></td>
<td>multisite</td>
<td>no</td>
<td>Self-signed certificate subject.</td>
</tr>
</tbody>
</table>
<h3 id="ui">UI</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_UI</code></td>
<td><code>no</code></td>
<td>multisite</td>
<td>no</td>
<td>Use UI</td>
</tr>
</tbody>
</table>
<h3 id="whitelist">Whitelist</h3>
<table>
<thead>
<tr>
<th>Setting</th>
<th>Default</th>
<th>Context</th>
<th>Multiple</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>USE_WHITELIST</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Activate whitelist feature.</td>
</tr>
<tr>
<td><code>WHITELIST_IP_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing good IP/network to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_IP</code></td>
<td><code>20.191.45.212 40.88.21.235 40.76.173.151 40.76.163.7 20.185.79.47 52.142.26.175 20.185.79.15 52.142.24.149 40.76.162.208 40.76.163.23 40.76.162.191 40.76.162.247 54.208.102.37 107.21.1.8</code></td>
<td>multisite</td>
<td>no</td>
<td>List of IP/network, separated with spaces, to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_RDNS</code></td>
<td><code>.google.com .googlebot.com .yandex.ru .yandex.net .yandex.com .search.msn.com .baidu.com .baidu.jp .crawl.yahoo.net .fwd.linkedin.com .twitter.com .twttr.com .discord.com</code></td>
<td>multisite</td>
<td>no</td>
<td>List of reverse DNS suffixes, separated with spaces, to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_RDNS_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing reverse DNS suffixes to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_RDNS_GLOBAL</code></td>
<td><code>yes</code></td>
<td>multisite</td>
<td>no</td>
<td>Only perform RDNS whitelist checks on global IP addresses.</td>
</tr>
<tr>
<td><code>WHITELIST_ASN</code></td>
<td><code>32934</code></td>
<td>multisite</td>
<td>no</td>
<td>List of ASN numbers, separated with spaces, to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_ASN_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing ASN to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_USER_AGENT</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of User-Agent, separated with spaces, to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_USER_AGENT_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing good User-Agent to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_URI</code></td>
<td></td>
<td>multisite</td>
<td>no</td>
<td>List of URI, separated with spaces, to whitelist.</td>
</tr>
<tr>
<td><code>WHITELIST_URI_URLS</code></td>
<td></td>
<td>global</td>
<td>no</td>
<td>List of URLs, separated with spaces, containing bad URI to whitelist.</td>
</tr>
</tbody>
</table>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer">
<a href="../security-tuning/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Security tuning" rel="prev">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Previous
</span>
Security tuning
</div>
</div>
</a>
<a href="../web-ui/" class="md-footer__link md-footer__link--next" aria-label="Next: Web UI" rel="next">
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Next
</span>
Web UI
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2022 Bunkerity
</div>
</div>
<div class="md-social">
<a href="https://discord.com/invite/fTf46FmtyD" target="_blank" rel="noopener" title="discord.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 512"><!--! Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M524.531 69.836a1.5 1.5 0 0 0-.764-.7A485.065 485.065 0 0 0 404.081 32.03a1.816 1.816 0 0 0-1.923.91 337.461 337.461 0 0 0-14.9 30.6 447.848 447.848 0 0 0-134.426 0 309.541 309.541 0 0 0-15.135-30.6 1.89 1.89 0 0 0-1.924-.91 483.689 483.689 0 0 0-119.688 37.107 1.712 1.712 0 0 0-.788.676C39.068 183.651 18.186 294.69 28.43 404.354a2.016 2.016 0 0 0 .765 1.375 487.666 487.666 0 0 0 146.825 74.189 1.9 1.9 0 0 0 2.063-.676A348.2 348.2 0 0 0 208.12 430.4a1.86 1.86 0 0 0-1.019-2.588 321.173 321.173 0 0 1-45.868-21.853 1.885 1.885 0 0 1-.185-3.126 251.047 251.047 0 0 0 9.109-7.137 1.819 1.819 0 0 1 1.9-.256c96.229 43.917 200.41 43.917 295.5 0a1.812 1.812 0 0 1 1.924.233 234.533 234.533 0 0 0 9.132 7.16 1.884 1.884 0 0 1-.162 3.126 301.407 301.407 0 0 1-45.89 21.83 1.875 1.875 0 0 0-1 2.611 391.055 391.055 0 0 0 30.014 48.815 1.864 1.864 0 0 0 2.063.7A486.048 486.048 0 0 0 610.7 405.729a1.882 1.882 0 0 0 .765-1.352c12.264-126.783-20.532-236.912-86.934-334.541zM222.491 337.58c-28.972 0-52.844-26.587-52.844-59.239s23.409-59.241 52.844-59.241c29.665 0 53.306 26.82 52.843 59.239 0 32.654-23.41 59.241-52.843 59.241zm195.38 0c-28.971 0-52.843-26.587-52.843-59.239s23.409-59.241 52.843-59.241c29.667 0 53.307 26.82 52.844 59.239 0 32.654-23.177 59.241-52.844 59.241z"/></svg>
</a>
<a href="https://github.com/bunkerity" target="_blank" rel="noopener" title="github.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
</a>
<a href="https://www.linkedin.com/company/bunkerity/" target="_blank" rel="noopener" title="www.linkedin.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3 0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2 0 38.5 17.3 38.5 38.5 0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9V416z"/></svg>
</a>
<a href="https://twitter.com/bunkerity" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2022 Fonticons, Inc.--><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": ["navigation.tracking", "navigation.tabs", "navigation.tabs.sticky", "toc.integrate"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.bd0b6b67.min.js", "version": {"provider": "mike", "version": "latest"}}</script>
<script src="../assets/javascripts/bundle.467223ff.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink