OpenSource-Hub
B

bunkerweb

10.4k stars·Developer Tools·SHA-256 checksum verified

An open-source next-generation Web Application Firewall (WAF) that makes your web services secure by default, based on NGINX.

Smart Download

Visit Project Homepage

No installer available yet — head to the source repository

An open-source WAF based on NGINX that secures your web services out of the box.

Core Features

  • Secure by default: HTTPS, ModSecurity, OWASP CRS, etc. included out of the box
  • Easy integration: works with Linux, Docker, Swarm, Kubernetes, and more
  • User-friendly Web UI for configuration (optional)
  • Plugin system for extending functionality
  • Automatic banning of suspicious behaviors based on HTTP status codes

What It Can't Do

  • Free version includes full features but some advanced ones (e.g., multi-node management, detailed stats) require PRO. The Web UI listens on port 7000 by default – restrict to local network or add authentication. Configuration can be complex; reading the docs is recommended. Migration from existing Nginx may require some learning.

Use Cases

  • Protect personal or small business websites from common attacks
  • Unified security gateway for microservices in Docker/Kubernetes
  • Drop-in replacement for Nginx reverse proxy with added WAF capabilities

Detailed Introduction

BunkerWeb is a full-featured, open-source Web Application Firewall that wraps NGINX to provide out-of-the-box security for your web services. It integrates easily into Linux, Docker, Swarm, Kubernetes, and other environments as a reverse proxy. Core features include automatic HTTPS with Let's Encrypt, ModSecurity with OWASP Core Rule Set, IP blacklisting, bot blocking via challenges (captcha, JS, etc.), rate limiting, and more. It offers both CLI and an optional web UI for easy configuration, plus a plugin system to extend functionality. Licensed under AGPLv3, it is free to use, modify, and distribute. A professional cloud version is also available.

Troubleshooting & FAQ (2)

Troubleshooting
How to fix 'No migration file found for database version: 1.6.11~rc1' error in BunkerWeb?

The error occurs because version 1.6.11~rc1 was incorrectly exposed as an upgrade target. To resolve, stop the scheduler, update the version in the database, then restart.

1. Stop the scheduler:
- Docker: docker compose stop bw-scheduler
- Linux: sudo systemctl stop bunkerweb-scheduler
2. Connect to your BunkerWeb database (e.g., using docker compose exec bw-db mysql -u bunkerweb -p bunkerweb for Docker, or use sqlite3/mysql directly) and run:

UPDATE bw_metadata SET version = '1.6.11' WHERE id = 1;

3. Start the scheduler again:
- Docker: docker compose start bw-scheduler
- Linux: sudo systemctl start bunkerweb-scheduler

GitHub Issue #3601
Troubleshooting
Why does nginx config test fail with 'invalid number of arguments in client_body_timeout' error in BunkerWeb?

In BunkerWeb 1.6.9, timeout settings like client_body_timeout may default to empty values if not explicitly defined, causing nginx config test failure. Workaround: Set the corresponding environment variables to valid durations (e.g., '60s'). Add -e CLIENT_BODY_TIMEOUT=60s -e CLIENT_HEADER_TIMEOUT=60s -e KEEPALIVE_TIMEOUT=60s -e SEND_TIMEOUT=60s to your Docker run command or service definition. This bug is tracked in issue #3450 and will be fixed in a future release.

GitHub Issue #3450

Tags

wafsecuritynginxfirewallweb-application-firewallopen-sourcereverse-proxy

Getting Started

1

Download installer

Click the button above to download the installer for your system

Visit Project Homepage
2

Install the software

Double-click the downloaded installer and follow the prompts

3

Step 1: Choose your installation method (Docker is easiest: docker run -d -p 80:80 -p 443:443 bunkerity/bunkerweb)

4

Step 2: Access http://your-server:7000 to open the Web UI and complete initial setup via wizard

5

Step 3: Point your domain DNS to the server; BunkerWeb automatically gets Let's Encrypt certificates

Install Guide
  1. Step 1: Choose your installation method (Docker is easiest: docker run -d -p 80:80 -p 443:443 bunkerity/bunkerweb)
  2. Step 2: Access http://your-server:7000 to open the Web UI and complete initial setup via wizard
  3. Step 3: Point your domain DNS to the server; BunkerWeb automatically gets Let's Encrypt certificates
File Integrity

Checksum not available

This project has not published a SHA-256 checksum on its GitHub Release page

SHA256 Checksum

No checksum available

Download directly from GitHub Releases and verify file integrity yourself

All SHA-256 checksums on this platform are extracted from the project's official GitHub Release page, without any modification. You can independently verify them on the GitHub Releases page.

Open Source Transparency

View GitHub Source
Environment Guide

Uninstall Info

For Docker: docker stop bunkerweb && docker rm bunkerweb and remove configuration directory. For Linux: uninstall the package or remove installation directory. For Kubernetes: delete the namespace/resources.

No Extra Dependencies

Ready to use after download. No additional runtime required.

Project Info
LicenseAGPL-3.0
Last Updated2026-06-26 22:35:22
GitHub RepositoryOfficial Website

Having issues? Check the FAQ below

2 FAQs

Similar Projects

G

godot

Godot Engine is a free, open-source, cross-platform 2D and 3D game engine with a unified editor. Unlike Unity or Unreal, it's entirely MIT-licensed and community-driven, offering a lightweight yet powerful node-based workflow that runs on a single executable.

H

Hoppscotch

Open source API development ecosystem with a lightweight, fast, and feature-rich interface for testing HTTP, WebSocket, GraphQL, and more.

L

lazygit

A simple terminal UI for git commands