To help you tuning BunkerWeb we have made an easy to use settings generator tool available at config.bunkerweb.io.
This section contains the full list of settings supported by BunkerWeb. If you are not familiar with BunkerWeb, you should first read the concepts section of the documentation. Please follow the instructions for your own integration on how to apply the settings.
As a general rule when multisite mode is enabled, if you want to apply settings with multisite context to a specific server you will need to add the primary (first) server name as a prefix like www.example.com_USE_ANTIBOT=captcha or myapp.example.com_USE_GZIP=yes for example.
When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like REVERSE_PROXY_URL_1=/subdir, REVERSE_PROXY_HOST_1=http://myhost1, REVERSE_PROXY_URL_2=/anotherdir, REVERSE_PROXY_HOST_2=http://myhost2, ... for example.
Global settings
Setting
Default
Context
Multiple
Description
TEMP_NGINX
no
global
no
internal-use
NGINX_PREFIX
/etc/nginx/
global
no
Where nginx will search for configurations.
HTTP_PORT
8080
global
no
HTTP port number which bunkerweb binds to.
HTTPS_PORT
8443
global
no
HTTPS port number which bunkerweb binds to.
MULTISITE
no
global
no
Multi site activation.
SERVER_NAME
www.example.com
multisite
no
List of the virtual hosts served by bunkerweb.
WORKER_PROCESSES
auto
global
no
Number of worker processes.
WORKER_RLIMIT_NOFILE
2048
global
no
Maximum number of open files for worker processes.
Email used for Let's Encrypt notification and in certificate.
USE_LETS_ENCRYPT_STAGING
no
multisite
no
Use the staging environment for Let’s Encrypt certificate generation. Useful when you are testing your deployments to avoid being rate limited in the production environment.
Limit
Setting
Default
Context
Multiple
Description
USE_LIMIT_REQ
yes
multisite
no
Activate limit requests feature.
LIMIT_REQ_URL
/
multisite
yes
URL where the limit request will be applied.
LIMIT_REQ_RATE
2r/s
multisite
yes
Rate to apply to the URL (s for second, m for minute, h for hour and d for day).
USE_LIMIT_CONN
yes
multisite
no
Activate limit connections feature.
LIMIT_CONN_MAX_HTTP1
10
multisite
no
Maximum number of connections per IP when using HTTP/1.X protocol.
LIMIT_CONN_MAX_HTTP2
100
multisite
no
Maximum number of streams per IP when using HTTP/2 protocol.
Miscellaneous
Setting
Default
Context
Multiple
Description
DISABLE_DEFAULT_SERVER
no
global
no
Close connection if the request vhost is unknown.
REDIRECT_HTTP_TO_HTTPS
no
multisite
no
Redirect all HTTP request to HTTPS.
AUTO_REDIRECT_HTTP_TO_HTTPS
yes
multisite
no
Try to detect if HTTPS is used and activate HTTP to HTTPS redirection if that's the case.
ALLOWED_METHODS
GET\|POST\|HEAD
multisite
no
Allowed HTTP methods to be sent by clients.
MAX_CLIENT_SIZE
10m
multisite
no
Maximum body size (0 for infinite).
SERVE_FILES
yes
multisite
no
Serve files from the local folder.
ROOT_FOLDER
multisite
no
Root folder containing files to serve (/opt/bunkerweb/www/{server_name} if unset).
HTTPS_PROTOCOLS
TLSv1.2 TLSv1.3
multisite
no
The supported version of TLS. We recommend the default value TLSv1.2 TLSv1.3 for compatibility reasons.
HTTP2
yes
multisite
no
Support HTTP2 protocol when HTTPS is enabled.
LISTEN_HTTP
yes
multisite
no
Respond to (insecure) HTTP requests.
USE_OPEN_FILE_CACHE
no
multisite
no
Enable open file cache feature
OPEN_FILE_CACHE
max=1000 inactive=20s
multisite
no
Open file cache directive
OPEN_FILE_CACHE_ERRORS
yes
multisite
no
Enable open file cache for errors
OPEN_FILE_CACHE_MIN_USES
2
multisite
no
Enable open file cache minimum uses
OPEN_FILE_CACHE_VALID
30s
multisite
no
Open file cache valid time
ModSecurity
Setting
Default
Context
Multiple
Description
USE_MODSECURITY
yes
multisite
no
Enable ModSecurity WAF.
USE_MODSECURITY_CRS
yes
multisite
no
Enable OWASP Core Rule Set.
MODSECURITY_SEC_AUDIT_ENGINE
RelevantOnly
multisite
no
SecAuditEngine directive of ModSecurity.
PHP
Setting
Default
Context
Multiple
Description
REMOTE_PHP
multisite
no
Hostname of the remote PHP-FPM instance.
REMOTE_PHP_PATH
multisite
no
Root folder containing files in the remote PHP-FPM instance.
LOCAL_PHP
multisite
no
Path to the PHP-FPM socket file.
LOCAL_PHP_PATH
multisite
no
Root folder containing files in the local PHP-FPM instance.
Real IP
Setting
Default
Context
Multiple
Description
USE_REAL_IP
no
multisite
no
Retrieve the real IP of client.
USE_PROXY_PROTOCOL
no
multisite
no
Enable PROXY protocol communication.
REAL_IP_FROM
192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
multisite
no
List of trusted IPs / networks where proxied requests come from.
REAL_IP_FROM_URLS
global
no
List of URLs containing trusted IPs / networks where proxied requests come from.
REAL_IP_HEADER
X-Forwarded-For
multisite
no
HTTP header containing the real IP or special value proxy_protocol for PROXY protocol.
REAL_IP_RECURSIVE
yes
multisite
no
Perform a recursive search in the header container IP address.
Redirect
Setting
Default
Context
Multiple
Description
REDIRECT_TO
multisite
no
Redirect a whole site to another one.
REDIRECT_TO_REQUEST_URI
no
multisite
no
Append the requested URI to the redirect address.
Reverse proxy
Setting
Default
Context
Multiple
Description
USE_REVERSE_PROXY
no
multisite
no
Activate reverse proxy mode.
REVERSE_PROXY_INTERCEPT_ERRORS
yes
multisite
no
Intercept and rewrite errors.
REVERSE_PROXY_HOST
multisite
yes
Full URL of the proxied resource (proxy_pass).
REVERSE_PROXY_URL
multisite
yes
Location URL that will be proxied.
REVERSE_PROXY_WS
no
multisite
yes
Enable websocket on the proxied resource.
REVERSE_PROXY_HEADERS
multisite
yes
List of HTTP headers to send to proxied resource.
REVERSE_PROXY_BUFFERING
yes
multisite
yes
Enable or disable buffering of responses from proxied resource.
REVERSE_PROXY_KEEPALIVE
no
multisite
yes
Enable or disable keepalive connections with the proxied resource.
USE_PROXY_CACHE
no
multisite
no
Enable or disable caching of the proxied resources.
PROXY_CACHE_PATH_LEVELS
1:2
global
no
Hierarchy levels of the cache.
PROXY_CACHE_PATH_ZONE_SIZE
10m
global
no
Maximum size of cached metadata when caching proxied resources.
PROXY_CACHE_PATH_PARAMS
max_size=100m
global
no
Additional parameters to add to the proxy_cache directive.
PROXY_CACHE_METHODS
GET HEAD
multisite
no
HTTP methods that should trigger a cache operation.
PROXY_CACHE_MIN_USES
2
multisite
no
The minimimum number of requests before a response is cached.
PROXY_CACHE_KEY
$scheme$host$request_uri
multisite
no
The key used to uniquely identify a cached response.
PROXY_CACHE_VALID
200=24h 301=1h 302=24h
multisite
no
Define the caching time dependending on the HTTP status code (list of status=time).
PROXY_NO_CACHE
$http_pragma $http_authorization
multisite
no
Conditions to disable caching of responses.
PROXY_CACHE_BYPASS
0
multisite
no
Conditions to bypass caching of responses.
Self-signed certificate
Setting
Default
Context
Multiple
Description
GENERATE_SELF_SIGNED_SSL
no
multisite
no
Generate and use self-signed certificate.
SELF_SIGNED_SSL_EXPIRY
365
multisite
no
Self-signed certificate expiry.
SELF_SIGNED_SSL_SUBJ
/CN=www.example.com/
multisite
no
Self-signed certificate subject.
UI
Setting
Default
Context
Multiple
Description
USE_UI
no
multisite
no
Use UI
Whitelist
Setting
Default
Context
Multiple
Description
USE_WHITELIST
yes
multisite
no
Activate whitelist feature.
WHITELIST_IP_URLS
global
no
List of URLs, separated with spaces, containing good IP/network to whitelist.