Protecting Homelab Apps with BunkerWeb

  Рет қаралды 16,580

Jim's Garage

Jim's Garage

Күн бұрын

Пікірлер: 49
@Jims-Garage
@Jims-Garage 18 күн бұрын
Update: The Founder has responded to feedback and stated that the paywalled LetsEncrypt will be removed in the next version.
@chrisumali9841
@chrisumali9841 18 күн бұрын
You have made a difference in your feedback, Fantastic
@panthonyy
@panthonyy 18 күн бұрын
@@Jims-Garage awesome!
@shootinputin6332
@shootinputin6332 9 күн бұрын
Great. Everyone wants to make money, but paywalling LetsEncrypt should not be one of them.
@panthonyy
@panthonyy 19 күн бұрын
A lot of people on your SafeLine video asked about this particular WAF, (that's how I became aware of it's existence) and you delivered already. Big props and thanks to you for that video and honest review. IMHO, Let's Encrypt wildcard certs (or any SSL/TLS protection feature for that matter), shouldn't be used as business tactics.
@Jims-Garage
@Jims-Garage 19 күн бұрын
@@panthonyy I totally agree. Hopefully a bit of heat might make them change their mind...
@LabMonkey-k2j
@LabMonkey-k2j 18 күн бұрын
totally agree, now we know not to go with bunkerweb. But great the SSL paywall gets changed with the next version
@Deffcolony
@Deffcolony 19 күн бұрын
Looks like a great app, but I totally agree that the SSL paywall is frustrating! It’s disappointing that essential features like wildcard certificates are locked behind a paywall, which limits the app's full potential, especially for homelab enthusiasts who value flexibility without extra costs. If they offered cloud support or had an open donation model instead of holding back core functionality, I think it would open up a lot more engagement from the community. It’s a shame to see such valuable features restricted this way-otherwise, BunkerWeb would be a fantastic WAF choice. Great walkthrough though; your testing with Docker really helped clarify the setup :)
@Jims-Garage
@Jims-Garage 19 күн бұрын
@@Deffcolony totally agree. Let's hope they re-evaluate the decision...
@chrisumali9841
@chrisumali9841 18 күн бұрын
Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day
@Jims-Garage
@Jims-Garage 18 күн бұрын
Glad you enjoyed it
@FTLN
@FTLN 18 күн бұрын
Thanks Jim for bringing up the subjects of features which should be free, hopefully they listen. But I do think wildcard is supported via port 80, at least it worked for me when I tested safeline.
@spoopyangie
@spoopyangie 18 күн бұрын
I think I'll keep my Traefik + CrowSec configuration. Hiding DNS-Challenge certificates behind a paywall is really silly.
@Jims-Garage
@Jims-Garage 18 күн бұрын
@@spoopyangie I agree 👍
@DigiDoc101
@DigiDoc101 18 күн бұрын
Great video! I agree with your points regarding SSL cwrts and paywall. I still think traefik + plugins is more sustainable for homelabbers.
@PCMagikHomeLab
@PCMagikHomeLab 17 күн бұрын
Jim for me You are Legend :D
@Jims-Garage
@Jims-Garage 17 күн бұрын
@@PCMagikHomeLab thanks 👍
@GundamExia88
@GundamExia88 18 күн бұрын
If we already have nginxreverseproxy or Traeffik working with wildcard DNS/SSL, can Bunkerweb use that instead of using or passing BW's Let's Encrypt DNS plugin?
@Jims-Garage
@Jims-Garage 18 күн бұрын
@@GundamExia88 yes, you can use that. To be honest you can add crowdsec to Traefik anyway, and add bunkerweb integration.
@OrigMaelstrom
@OrigMaelstrom 18 күн бұрын
Yeah, stopping any consideration (for now)at 3:20 -- that really is a deal breaker for a home lab; continuing to tune in to see if it fits a pro use case (and to make sure you get the view!)
@jameslucas583
@jameslucas583 17 күн бұрын
Great video JIm. Traefik 3 plus Coraza plugin next in the WAF series please.
@ninja2807
@ninja2807 16 күн бұрын
Great video...thanks for sharing. Would be nice to see how this would be configured in front of an real web application instead of protecting itself.
@Jims-Garage
@Jims-Garage 16 күн бұрын
Thanks, I plan to cover that if and when they change the certificate issue. It's similar to Traefik via the use of a label.
@TomWhi
@TomWhi 18 күн бұрын
I there a way to double up a CloudFlare tunnel and a WAF like this in my home lab? I know CF tunnels have protections available but I’d love to utilise both so I can take advantage of the crowdsourcing!
@Jims-Garage
@Jims-Garage 18 күн бұрын
Should be doable. Check my Cloudflare Tunnels video where I do this with Traefik and crowdsec
@TomWhi
@TomWhi 18 күн бұрын
@Jims-Garage cheers!
@User-ec2bh
@User-ec2bh 15 күн бұрын
Is this just a WAF or can it also be used as a reversed proxy? Looking to get rid of NPM and if this can do the same + adds a lot of protection then it's a no-brainer.
@Jims-Garage
@Jims-Garage 15 күн бұрын
Multisite makes it act like a reverse proxy
@BrianPhillipsSKS
@BrianPhillipsSKS 18 күн бұрын
Thanks for the vid but I'll stick with SWAG with crowdsec and Fail2Ban integrated
@madburbel
@madburbel 15 күн бұрын
Is it going to work on system with less RAM? I am trying your compose file on RPi5 and 1st bunkerweb container cannot start with ngx failing: no memory
@Jims-Garage
@Jims-Garage 15 күн бұрын
@@madburbel try adding some limits to each container
@madburbel
@madburbel 15 күн бұрын
@@Jims-Garage I have added mem_limit: "1024MB" on each container, no change
@Jims-Garage
@Jims-Garage 15 күн бұрын
@madburbel try 512 perhaps?
@madburbel
@madburbel 2 күн бұрын
@@Jims-Garage at the end I found old issue with ARM based CPUs. Works fine on x64 i5.
@michaeldziegiel4954
@michaeldziegiel4954 18 күн бұрын
I already have Nginx configured as a reverse proxy for my web apps. Can I set up BunkerWeb to work alongside this setup? I assume I’ll need to configure port forwarding so that traffic routes through BunkerWeb before reaching Nginx?
@Jims-Garage
@Jims-Garage 18 күн бұрын
@@michaeldziegiel4954 yes, with non multisite it behaves like a proxy
@stephanfuchs5691
@stephanfuchs5691 17 күн бұрын
Yes as it acts as a reverse proxy. And even don't think about to install the binary version on your linux machine with nginx. I've already done this for you and I cannot recommend this approach :-D It will destroy your nginx config. Use the docker version in that case & choose some ports which are not in use...
@LabMonkey-k2j
@LabMonkey-k2j 18 күн бұрын
bunkerweb doesnt have Anti-exploit and no Nginx modules like anti-bot and rate-limiting. Better go for something like SafeLine
@Jims-Garage
@Jims-Garage 18 күн бұрын
@@LabMonkey-k2j fairly certain it has both of those features
@1111s-y6j
@1111s-y6j 18 күн бұрын
Considering security protection performance, SafeLine is better.
@hanibachi5228
@hanibachi5228 19 күн бұрын
Looks unnecessarily complex to host
@Jims-Garage
@Jims-Garage 19 күн бұрын
Perhaps, but what's your comparitor? Might be a bit more leg work initially but once it's done it's infra as code.
@KH40T1C_yt
@KH40T1C_yt 17 күн бұрын
Crowdsec over bunker. You cant be trying to help keep the web secure and then paywall FREE letsencrypt certs. Thats just, wow...
Should You Switch? Deployment Guide and Initial Thoughts
27:56
Jim's Garage
Рет қаралды 11 М.
Ice Cream or Surprise Trip Around the World?
00:31
Hungry FAM
Рет қаралды 22 МЛН
Кто круче, как думаешь?
00:44
МЯТНАЯ ФАНТА
Рет қаралды 6 МЛН
This tool annoyed me (so I built a free version)
19:38
Theo - t3․gg
Рет қаралды 172 М.
Tailscale Is Awesome - Deployment, Testing, ACLs, and Exit Nodes
29:23
I Paid Almost NOTHING For This PC... But What IS It?
23:16
Hardware Haven
Рет қаралды 176 М.
Ollama on Kubernetes: ChatGPT for free!
18:29
Mathis Van Eetvelde
Рет қаралды 6 М.
docker stack is my new favorite way to deploy to a VPS
27:47
Dreams of Code
Рет қаралды 69 М.
Keep Hackers Out with Crowdsec Now!
20:54
Jim's Garage
Рет қаралды 23 М.
I Have 2 Weeks to File a Dispute for this Scam TV
25:35
Linus Tech Tips
Рет қаралды 3,4 МЛН
Nextcloud - You Own Your Cloud
16:37
The Linux Cast
Рет қаралды 20 М.
Ice Cream or Surprise Trip Around the World?
00:31
Hungry FAM
Рет қаралды 22 МЛН