A lot of people on your SafeLine video asked about this particular WAF, (that's how I became aware of it's existence) and you delivered already. Big props and thanks to you for that video and honest review. IMHO, Let's Encrypt wildcard certs (or any SSL/TLS protection feature for that matter), shouldn't be used as business tactics.
Looks like a great app, but I totally agree that the SSL paywall is frustrating! It’s disappointing that essential features like wildcard certificates are locked behind a paywall, which limits the app's full potential, especially for homelab enthusiasts who value flexibility without extra costs. If they offered cloud support or had an open donation model instead of holding back core functionality, I think it would open up a lot more engagement from the community. It’s a shame to see such valuable features restricted this way-otherwise, BunkerWeb would be a fantastic WAF choice. Great walkthrough though; your testing with Docker really helped clarify the setup :)
Thanks Jim for bringing up the subjects of features which should be free, hopefully they listen. But I do think wildcard is supported via port 80, at least it worked for me when I tested safeline.
If we already have nginxreverseproxy or Traeffik working with wildcard DNS/SSL, can Bunkerweb use that instead of using or passing BW's Let's Encrypt DNS plugin?
Yeah, stopping any consideration (for now)at 3:20 -- that really is a deal breaker for a home lab; continuing to tune in to see if it fits a pro use case (and to make sure you get the view!)
I there a way to double up a CloudFlare tunnel and a WAF like this in my home lab? I know CF tunnels have protections available but I’d love to utilise both so I can take advantage of the crowdsourcing!
I already have Nginx configured as a reverse proxy for my web apps. Can I set up BunkerWeb to work alongside this setup? I assume I’ll need to configure port forwarding so that traffic routes through BunkerWeb before reaching Nginx?
Yes as it acts as a reverse proxy. And even don't think about to install the binary version on your linux machine with nginx. I've already done this for you and I cannot recommend this approach :-D It will destroy your nginx config. Use the docker version in that case & choose some ports which are not in use...
Update: The Founder has responded to feedback and stated that the paywalled LetsEncrypt will be removed in the next version.
You have made a difference in your feedback, Fantastic
@@Jims-Garage awesome!
A lot of people on your SafeLine video asked about this particular WAF, (that's how I became aware of it's existence) and you delivered already. Big props and thanks to you for that video and honest review. IMHO, Let's Encrypt wildcard certs (or any SSL/TLS protection feature for that matter), shouldn't be used as business tactics.
@@panthonyy I totally agree. Hopefully a bit of heat might make them change their mind...
totally agree, now we know not to go with bunkerweb. But great the SSL paywall gets changed with the next version
Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day
Glad you enjoyed it
Looks like a great app, but I totally agree that the SSL paywall is frustrating! It’s disappointing that essential features like wildcard certificates are locked behind a paywall, which limits the app's full potential, especially for homelab enthusiasts who value flexibility without extra costs. If they offered cloud support or had an open donation model instead of holding back core functionality, I think it would open up a lot more engagement from the community. It’s a shame to see such valuable features restricted this way-otherwise, BunkerWeb would be a fantastic WAF choice. Great walkthrough though; your testing with Docker really helped clarify the setup :)
@@Deffcolony totally agree. Let's hope they re-evaluate the decision...
Thanks Jim for bringing up the subjects of features which should be free, hopefully they listen. But I do think wildcard is supported via port 80, at least it worked for me when I tested safeline.
If we already have nginxreverseproxy or Traeffik working with wildcard DNS/SSL, can Bunkerweb use that instead of using or passing BW's Let's Encrypt DNS plugin?
@@GundamExia88 yes, you can use that. To be honest you can add crowdsec to Traefik anyway, and add bunkerweb integration.
I think I'll keep my Traefik + CrowSec configuration.
Hiding DNS-Challenge certificates behind a paywall is really silly.
@@spoopyangie I agree 👍
Great video! I agree with your points regarding SSL cwrts and paywall. I still think traefik + plugins is more sustainable for homelabbers.
Great video JIm. Traefik 3 plus Coraza plugin next in the WAF series please.
Jim for me You are Legend :D
@@PCMagikHomeLab thanks 👍
Yeah, stopping any consideration (for now)at 3:20 -- that really is a deal breaker for a home lab; continuing to tune in to see if it fits a pro use case (and to make sure you get the view!)
I there a way to double up a CloudFlare tunnel and a WAF like this in my home lab? I know CF tunnels have protections available but I’d love to utilise both so I can take advantage of the crowdsourcing!
Should be doable. Check my Cloudflare Tunnels video where I do this with Traefik and crowdsec
@Jims-Garage cheers!
Thanks for the vid but I'll stick with SWAG with crowdsec and Fail2Ban integrated
I already have Nginx configured as a reverse proxy for my web apps. Can I set up BunkerWeb to work alongside this setup? I assume I’ll need to configure port forwarding so that traffic routes through BunkerWeb before reaching Nginx?
@@michaeldziegiel4954 yes, with non multisite it behaves like a proxy
Yes as it acts as a reverse proxy. And even don't think about to install the binary version on your linux machine with nginx. I've already done this for you and I cannot recommend this approach :-D It will destroy your nginx config. Use the docker version in that case & choose some ports which are not in use...
bunkerweb doesnt have Anti-exploit and no Nginx modules like anti-bot and rate-limiting. Better go for something like SafeLine
@@LabMonkey-k2j fairly certain it has both of those features
Considering security protection performance, SafeLine is better.
Crowdsec over bunker. You cant be trying to help keep the web secure and then paywall FREE letsencrypt certs. Thats just, wow...
Looks unnecessarily complex to host
Perhaps, but what's your comparitor? Might be a bit more leg work initially but once it's done it's infra as code.