Protecting Homelab Apps with BunkerWeb

Поделиться
HTML-код
  • Опубликовано: 20 ноя 2024

Комментарии • 48

  • @Jims-Garage
    @Jims-Garage  14 дней назад +55

    Update: The Founder has responded to feedback and stated that the paywalled LetsEncrypt will be removed in the next version.

    • @chrisumali9841
      @chrisumali9841 14 дней назад +10

      You have made a difference in your feedback, Fantastic

    • @panthonyy
      @panthonyy 14 дней назад +2

      @@Jims-Garage awesome!

    • @shootinputin6332
      @shootinputin6332 5 дней назад +1

      Great. Everyone wants to make money, but paywalling LetsEncrypt should not be one of them.

  • @panthonyy
    @panthonyy 14 дней назад +14

    A lot of people on your SafeLine video asked about this particular WAF, (that's how I became aware of it's existence) and you delivered already. Big props and thanks to you for that video and honest review. IMHO, Let's Encrypt wildcard certs (or any SSL/TLS protection feature for that matter), shouldn't be used as business tactics.

    • @Jims-Garage
      @Jims-Garage  14 дней назад +2

      @@panthonyy I totally agree. Hopefully a bit of heat might make them change their mind...

    • @LabMonkey-k2j
      @LabMonkey-k2j 14 дней назад +1

      totally agree, now we know not to go with bunkerweb. But great the SSL paywall gets changed with the next version

  • @Deffcolony
    @Deffcolony 14 дней назад +10

    Looks like a great app, but I totally agree that the SSL paywall is frustrating! It’s disappointing that essential features like wildcard certificates are locked behind a paywall, which limits the app's full potential, especially for homelab enthusiasts who value flexibility without extra costs. If they offered cloud support or had an open donation model instead of holding back core functionality, I think it would open up a lot more engagement from the community. It’s a shame to see such valuable features restricted this way-otherwise, BunkerWeb would be a fantastic WAF choice. Great walkthrough though; your testing with Docker really helped clarify the setup :)

    • @Jims-Garage
      @Jims-Garage  14 дней назад

      @@Deffcolony totally agree. Let's hope they re-evaluate the decision...

  • @chrisumali9841
    @chrisumali9841 14 дней назад +3

    Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day

  • @FTLN
    @FTLN 14 дней назад +2

    Thanks Jim for bringing up the subjects of features which should be free, hopefully they listen. But I do think wildcard is supported via port 80, at least it worked for me when I tested safeline.

  • @spoopyangie
    @spoopyangie 14 дней назад +4

    I think I'll keep my Traefik + CrowSec configuration.
    Hiding DNS-Challenge certificates behind a paywall is really silly.

  • @DigiDoc101
    @DigiDoc101 14 дней назад

    Great video! I agree with your points regarding SSL cwrts and paywall. I still think traefik + plugins is more sustainable for homelabbers.

  • @OrigMaelstrom
    @OrigMaelstrom 14 дней назад

    Yeah, stopping any consideration (for now)at 3:20 -- that really is a deal breaker for a home lab; continuing to tune in to see if it fits a pro use case (and to make sure you get the view!)

  • @GundamExia88
    @GundamExia88 14 дней назад +5

    If we already have nginxreverseproxy or Traeffik working with wildcard DNS/SSL, can Bunkerweb use that instead of using or passing BW's Let's Encrypt DNS plugin?

    • @Jims-Garage
      @Jims-Garage  14 дней назад

      @@GundamExia88 yes, you can use that. To be honest you can add crowdsec to Traefik anyway, and add bunkerweb integration.

  • @PCMagikHomeLab
    @PCMagikHomeLab 13 дней назад +2

    Jim for me You are Legend :D

    • @Jims-Garage
      @Jims-Garage  13 дней назад

      @@PCMagikHomeLab thanks 👍

  • @jameslucas583
    @jameslucas583 13 дней назад

    Great video JIm. Traefik 3 plus Coraza plugin next in the WAF series please.

  • @ninja2807
    @ninja2807 12 дней назад +1

    Great video...thanks for sharing. Would be nice to see how this would be configured in front of an real web application instead of protecting itself.

    • @Jims-Garage
      @Jims-Garage  11 дней назад

      Thanks, I plan to cover that if and when they change the certificate issue. It's similar to Traefik via the use of a label.

  • @TomWhi
    @TomWhi 14 дней назад +1

    I there a way to double up a CloudFlare tunnel and a WAF like this in my home lab? I know CF tunnels have protections available but I’d love to utilise both so I can take advantage of the crowdsourcing!

    • @Jims-Garage
      @Jims-Garage  14 дней назад +1

      Should be doable. Check my Cloudflare Tunnels video where I do this with Traefik and crowdsec

    • @TomWhi
      @TomWhi 14 дней назад

      @Jims-Garage cheers!

  • @User-ec2bh
    @User-ec2bh 11 дней назад +1

    Is this just a WAF or can it also be used as a reversed proxy? Looking to get rid of NPM and if this can do the same + adds a lot of protection then it's a no-brainer.

    • @Jims-Garage
      @Jims-Garage  11 дней назад

      Multisite makes it act like a reverse proxy

  • @BrianPhillipsSKS
    @BrianPhillipsSKS 14 дней назад

    Thanks for the vid but I'll stick with SWAG with crowdsec and Fail2Ban integrated

  • @madburbel
    @madburbel 11 дней назад +1

    Is it going to work on system with less RAM? I am trying your compose file on RPi5 and 1st bunkerweb container cannot start with ngx failing: no memory

    • @Jims-Garage
      @Jims-Garage  11 дней назад

      @@madburbel try adding some limits to each container

    • @madburbel
      @madburbel 11 дней назад +1

      @@Jims-Garage I have added mem_limit: "1024MB" on each container, no change

    • @Jims-Garage
      @Jims-Garage  11 дней назад

      @madburbel try 512 perhaps?

  • @michaeldziegiel4954
    @michaeldziegiel4954 14 дней назад

    I already have Nginx configured as a reverse proxy for my web apps. Can I set up BunkerWeb to work alongside this setup? I assume I’ll need to configure port forwarding so that traffic routes through BunkerWeb before reaching Nginx?

    • @Jims-Garage
      @Jims-Garage  14 дней назад

      @@michaeldziegiel4954 yes, with non multisite it behaves like a proxy

    • @stephanfuchs5691
      @stephanfuchs5691 12 дней назад +1

      Yes as it acts as a reverse proxy. And even don't think about to install the binary version on your linux machine with nginx. I've already done this for you and I cannot recommend this approach :-D It will destroy your nginx config. Use the docker version in that case & choose some ports which are not in use...

  • @LabMonkey-k2j
    @LabMonkey-k2j 14 дней назад +2

    bunkerweb doesnt have Anti-exploit and no Nginx modules like anti-bot and rate-limiting. Better go for something like SafeLine

    • @Jims-Garage
      @Jims-Garage  14 дней назад +1

      @@LabMonkey-k2j fairly certain it has both of those features

    • @1111s-y6j
      @1111s-y6j 14 дней назад

      Considering security protection performance, SafeLine is better.

  • @hanibachi5228
    @hanibachi5228 14 дней назад +1

    Looks unnecessarily complex to host

    • @Jims-Garage
      @Jims-Garage  14 дней назад +1

      Perhaps, but what's your comparitor? Might be a bit more leg work initially but once it's done it's infra as code.

  • @KH40T1C_yt
    @KH40T1C_yt 13 дней назад

    Crowdsec over bunker. You cant be trying to help keep the web secure and then paywall FREE letsencrypt certs. Thats just, wow...