Protecting Homelab Apps with BunkerWeb

Поделиться
HTML-код
  • Опубликовано: 7 ноя 2024

Комментарии • 37

  • @Jims-Garage
    @Jims-Garage  День назад +23

    Update: The Founder has responded to feedback and stated that the paywalled LetsEncrypt will be removed in the next version.

    • @chrisumali9841
      @chrisumali9841 День назад +5

      You have made a difference in your feedback, Fantastic

    • @panthonyy
      @panthonyy День назад +2

      @@Jims-Garage awesome!

  • @panthonyy
    @panthonyy 2 дня назад +11

    A lot of people on your SafeLine video asked about this particular WAF, (that's how I became aware of it's existence) and you delivered already. Big props and thanks to you for that video and honest review. IMHO, Let's Encrypt wildcard certs (or any SSL/TLS protection feature for that matter), shouldn't be used as business tactics.

    • @Jims-Garage
      @Jims-Garage  2 дня назад +1

      @@panthonyy I totally agree. Hopefully a bit of heat might make them change their mind...

    • @LabMonkey-k2j
      @LabMonkey-k2j День назад +2

      totally agree, now we know not to go with bunkerweb. But great the SSL paywall gets changed with the next version

  • @chrisumali9841
    @chrisumali9841 День назад +1

    Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day

  • @Deffcolony
    @Deffcolony 2 дня назад +9

    Looks like a great app, but I totally agree that the SSL paywall is frustrating! It’s disappointing that essential features like wildcard certificates are locked behind a paywall, which limits the app's full potential, especially for homelab enthusiasts who value flexibility without extra costs. If they offered cloud support or had an open donation model instead of holding back core functionality, I think it would open up a lot more engagement from the community. It’s a shame to see such valuable features restricted this way-otherwise, BunkerWeb would be a fantastic WAF choice. Great walkthrough though; your testing with Docker really helped clarify the setup :)

    • @Jims-Garage
      @Jims-Garage  2 дня назад

      @@Deffcolony totally agree. Let's hope they re-evaluate the decision...

  • @FTLN
    @FTLN День назад +2

    Thanks Jim for bringing up the subjects of features which should be free, hopefully they listen. But I do think wildcard is supported via port 80, at least it worked for me when I tested safeline.

  • @GundamExia88
    @GundamExia88 День назад +6

    If we already have nginxreverseproxy or Traeffik working with wildcard DNS/SSL, can Bunkerweb use that instead of using or passing BW's Let's Encrypt DNS plugin?

    • @Jims-Garage
      @Jims-Garage  День назад

      @@GundamExia88 yes, you can use that. To be honest you can add crowdsec to Traefik anyway, and add bunkerweb integration.

  • @spoopyangie
    @spoopyangie День назад +5

    I think I'll keep my Traefik + CrowSec configuration.
    Hiding DNS-Challenge certificates behind a paywall is really silly.

  • @DigiDoc101
    @DigiDoc101 День назад +1

    Great video! I agree with your points regarding SSL cwrts and paywall. I still think traefik + plugins is more sustainable for homelabbers.

  • @jameslucas583
    @jameslucas583 23 часа назад

    Great video JIm. Traefik 3 plus Coraza plugin next in the WAF series please.

  • @PCMagikHomeLab
    @PCMagikHomeLab 21 час назад +1

    Jim for me You are Legend :D

    • @Jims-Garage
      @Jims-Garage  18 часов назад

      @@PCMagikHomeLab thanks 👍

  • @OrigMaelstrom
    @OrigMaelstrom День назад

    Yeah, stopping any consideration (for now)at 3:20 -- that really is a deal breaker for a home lab; continuing to tune in to see if it fits a pro use case (and to make sure you get the view!)

  • @TomWhi
    @TomWhi День назад +1

    I there a way to double up a CloudFlare tunnel and a WAF like this in my home lab? I know CF tunnels have protections available but I’d love to utilise both so I can take advantage of the crowdsourcing!

    • @Jims-Garage
      @Jims-Garage  День назад +1

      Should be doable. Check my Cloudflare Tunnels video where I do this with Traefik and crowdsec

    • @TomWhi
      @TomWhi День назад

      @Jims-Garage cheers!

  • @BrianPhillipsSKS
    @BrianPhillipsSKS День назад +1

    Thanks for the vid but I'll stick with SWAG with crowdsec and Fail2Ban integrated

  • @michaeldziegiel4954
    @michaeldziegiel4954 День назад +1

    I already have Nginx configured as a reverse proxy for my web apps. Can I set up BunkerWeb to work alongside this setup? I assume I’ll need to configure port forwarding so that traffic routes through BunkerWeb before reaching Nginx?

    • @Jims-Garage
      @Jims-Garage  День назад

      @@michaeldziegiel4954 yes, with non multisite it behaves like a proxy

    • @stephanfuchs5691
      @stephanfuchs5691 3 часа назад +1

      Yes as it acts as a reverse proxy. And even don't think about to install the binary version on your linux machine with nginx. I've already done this for you and I cannot recommend this approach :-D It will destroy your nginx config. Use the docker version in that case & choose some ports which are not in use...

  • @LabMonkey-k2j
    @LabMonkey-k2j День назад +3

    bunkerweb doesnt have Anti-exploit and no Nginx modules like anti-bot and rate-limiting. Better go for something like SafeLine

    • @Jims-Garage
      @Jims-Garage  День назад

      @@LabMonkey-k2j fairly certain it has both of those features

    • @1111s-y6j
      @1111s-y6j День назад

      Considering security protection performance, SafeLine is better.

  • @KH40T1C_yt
    @KH40T1C_yt 22 часа назад

    Crowdsec over bunker. You cant be trying to help keep the web secure and then paywall FREE letsencrypt certs. Thats just, wow...

  • @hanibachi5228
    @hanibachi5228 2 дня назад +2

    Looks unnecessarily complex to host

    • @Jims-Garage
      @Jims-Garage  2 дня назад +1

      Perhaps, but what's your comparitor? Might be a bit more leg work initially but once it's done it's infra as code.