Files

 master

/

variables.env

Copy path

Blame

Blame

Latest commit

 

History

History

191 lines (168 loc) · 6.06 KB

 master

/

variables.env

Top

File metadata and controls

• Code
• Blame

191 lines (168 loc) · 6.06 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

# List of environment variables for bunkerized-nginx.

# Manual : https://bunkerized-nginx.readthedocs.io/en/latest/

# Antibot

#USE_ANTIBOT=no

#ANTIBOT_URI=/challenge

#ANTIBOT_SESSION_SECRET=random

#ANTIBOT_RECAPTCHA_SITEKEY=

#ANTIBOT_RECAPTCHA_SECRET=

#ANTIBOT_RECAPTCHA_SCORE=0.7

# Authelia

#USE_AUTHELIA=no

#AUTHELIA_BACKEND=

#AUTHELIA_UPSTREAM=

#AUTHELIA_MODE=portal

# Basic auth

#USE_AUTH_BASIC=no

#AUTH_BASIC_LOCATION=sitewide

#AUTH_BASIC_USER=changeme

#AUTH_BASIC_PASSWORD=changeme

#AUTH_BASIC_TEXT=Restricted area

# Blacklist

#USE_BLACKLIST_IP=yes

#BLACKLIST_IP_LIST=

#USE_BLACKLIST_REVERSE=yes

#BLACKLIST_REVERSE_LIST=.shodan.io

#BLACKLIST_COUNTRY=

# Block

#BLOCK_USER_AGENT=yes

#BLOCK_TOR_EXIT_NODE=yes

#BLOCK_PROXIES=yes

#BLOCK_ABUSERS=yes

#BLOCK_REFERRER=yes

# Cache

#USE_CLIENT_CACHE=no

#CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2

#CLIENT_CACHE_CONTROL=public, max-age=15552000

#CLIENT_CACHE_ETAG=on

#USE_OPEN_FILE_CACHE=no

#OPEN_FILE_CACHE=max=1000 inactive=20s

#OPEN_FILE_CACHE_ERRORS=on

#OPEN_FILE_CACHE_MIN_USES=2

#OPEN_FILE_CACHE_VALID=30s

#USE_PROXY_CACHE=no

#PROXY_CACHE_PATH_ZONE_SIZE=10m

#PROXY_CACHE_PATH_PARAMS=max_size=100m

#PROXY_CACHE_METHODS=GET HEAD

#PROXY_CACHE_MIN_USES=2

#PROXY_CACHE_KEY=\$scheme\$host\$request_uri

#PROXY_CACHE_VALID=200=10m 301=10m 302=1h

#PROXY_NO_CACHE=\$http_authorization

#PROXY_CACHE_BYPASS=\$http_authorization

# Compression

#USE_GZIP=no

#GZIP_COMP_LEVEL=5

#GZIP_MIN_LENGTH=1000

#GZIP_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml

#USE_BROTLI=no

#BROTLI_COMP_LEVEL=6

#BROTLI_MIN_LENGTH=1000

#BROTLI_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml

# DNSBL

#USE_DNSBL=yes

#DNSBL_LIST=bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org

# HTTPS

#AUTO_LETS_ENCRYPT=no

#EMAIL_LETS_ENCRYPT=

#USE_LETS_ENCRYPT_STAGING=no

#REDIRECT_HTTP_TO_HTTPS=no

#HTTP2=yes

#HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3

#LISTEN_HTTP=yes

#USE_CUSTOM_HTTPS=no

#CUSTOM_HTTPS_CERT=

#CUSTOM_HTTPS_KEY=

#GENERATE_SELF_SIGNED_SSL=no

#SELF_SIGNED_SSL_EXPIRY=365

#SELF_SIGNED_SSL_COUNTRY=CH

#SELF_SIGNED_SSL_STATE=Switzerland

#SELF_SIGNED_SSL_CITY=Bern

#SELF_SIGNED_SSL_OU=IT

#SELF_SIGNED_SSL_ORG=Acme Inc

#SELF_SIGNED_SSL_CN=bunkerized

# Headers

#X_FRAME_OPTIONS=DENY

#X_XSS_PROTECTION=1; mode=block

#X_CONTENT_TYPE_OPTIONS=nosniff

#REFERRER_POLICY=no-referrer

#FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vibrate 'none'; vr 'none'

#PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), sync-xhr=(), usb=(), vibrate=(), vr=()

#COOKIE_FLAGS=* HttpOnly SameSite=Lax

#COOKIE_AUTO_SECURE_FLAG=yes

#STRICT_TRANSPORT_SECURITY=max-age=31536000

#CONTENT_SECURITY_POLICY=object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self';

# Info leak

#REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version

#DISABLE_DEFAULT_SERVER=no

#ERRORS=

# Limit conn

#USE_LIMIT_CONN=yes

#LIMIT_CONN_MAX=50

#LIMIT_CONN_CACHE=10m

# Limit req

#USE_LIMIT_REQ=yes

#LIMIT_REQ_RATE=1r/s

#LIMIT_REQ_BURST=2

#LIMIT_REQ_CACHE=10m

# Misc

#SERVER_NAME=www.example.com

#MAX_CLIENT_SIZE=10m

#ALLOWED_METHODS=GET|POST|HEAD

#SERVE_FILES=yes

#INJECT_BODY=

#REDIRECT_TO=

#REDIRECT_TO_REQUEST_URI=no

# ModSecurity

#USE_MODSECURITY=yes

#USE_MODSECURITY_CRS=yes

#MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly

# PHP

#REMOTE_PHP=

#REMOTE_PHP_PATH=/app

#LOCAL_PHP=

#LOCAL_PHP_PATH=/app

# Reverse proxy

#USE_REVERSE_PROXY=no

#REVERSE_PROXY_URL=

#REVERSE_PROXY_HOST=

#REVERSE_PROXY_WS=no

#REVERSE_PROXY_HEADERS=

#PROXY_REAL_IP=no

#PROXY_REAL_IP_FROM=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

#PROXY_REAL_IP_HEADER=X-Forwarded-For

#PROXY_REAL_IP_RECURSIVE=on

# Bad behavior

#USE_BAD_BEHAVIOR=yes

#BAD_BEHAVIOR_BAN_TIME=86400

#BAD_BEHAVIOR_COUNT_TIME=60

#BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444

#BAD_BEHAVIOR_THRESHOLD=10

# Internal

#USE_API=no

#API_WHITELIST_IP=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

#API_URI=random

#SWARM_MODE=no

#KUBERNETES_MODE=no

#USE_REDIS=no

#REDIS_HOST=

# nginx

#MULTISITE=no

#DNS_RESOLVERS=127.0.0.11

#LOG_FORMAT=$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"

#LOG_LEVEL=info

#ROOT_FOLDER=/opt/bunkerized-nginx/www

#ROOT_SITE_SUBFOLDER=

#SERVER_TOKENS=off

#HTTP_PORT=8080

#HTTPS_PORT=8443

#WORKER_RLIMIT_NOFILE=2048

#WORKER_CONNECTIONS=1024

#WORKER_PROCESSES=auto

# Whitelist

#USE_WHITELIST_IP=yes

#WHITELIST_IP_LIST=23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8

#USE_WHITELIST_REVERSE=yes

#WHITELIST_REVERSE_LIST=.googlebot.com .google.com .search.msn.com .crawl.yahoo.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net

#WHITELIST_COUNTRY=

#WHITELIST_USER_AGENT=

#WHITELIST_URI=