30 open-source projects similar to bunkerity/bunkerweb, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Bunkerweb alternative.
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c
Traefik is a cloud-native load balancer and dynamic reverse proxy designed for microservices traffic routing. It automatically discovers services and generates network routes by listening to infrastructure changes in orchestrators and service registries. The project distinguishes itself through auto-configuring service routing, which eliminates manual configuration by updating routing rules in real time as infrastructure scales. It also provides automated SSL certificate management, utilizing ACME-based automation to request and renew certificates from remote authorities. Additional capabili
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
CapRover is a self-hosted platform-as-a-service that provides a centralized dashboard for managing containerized applications and databases. It functions as a container orchestration platform, simplifying the deployment, scaling, and networking of services across server environments. By leveraging a reverse-proxy-based architecture, the platform handles domain mapping, traffic routing, and automated SSL certificate lifecycle management to ensure secure, encrypted access for hosted web services. The platform distinguishes itself through its integrated automation capabilities, which include aut
Nginx Proxy Manager is a web-based administrative interface for configuring and managing Nginx reverse proxy hosts and server rules within Docker containers. It functions as a containerized network gateway that routes external web traffic to internal services and backend applications. The system automates the acquisition and renewal of Let's Encrypt SSL certificates to encrypt network traffic without manual command line intervention. It provides a graphical dashboard for defining proxy hosts, access lists, and custom server configurations, removing the need for manual configuration file editi
V2Ray-agent is a shell-based orchestration tool designed to automate the deployment, configuration, and lifecycle management of network proxy services. It provides a structured framework for setting up encrypted tunnels and managing proxy processes as persistent background services through system initialization managers. The project distinguishes itself through a modular architecture that integrates automated security certificate management and multi-user access control into the deployment workflow. By utilizing template-driven configuration generation and reverse proxy traffic multiplexing,
Tyk is an open-source API gateway written in Go that routes, secures, and monitors network traffic across REST, GraphQL, TCP, and gRPC protocols. It functions as a multi-protocol proxy designed to deliver requests to backend services while managing the end-to-end API lifecycle. The system distinguishes itself through a plugin-based architecture that allows for the injection of custom logic into the request and response middleware chain. It also features native Kubernetes integration, operating as an ingress controller that uses operators and custom resource definitions to deploy security poli
This project is a collection of Linux server automation scripts designed to automate the installation and configuration of core server software. It provides specialized tools for deploying proxy servers, configuring DNS servers, managing container infrastructure, and optimizing the Linux kernel. The automation suite distinguishes itself by integrating geo-restriction bypass capabilities via proxy protocols and implementing advanced network tuning, such as enabling BBR congestion control to improve throughput and latency. It also features distribution-aware automation that detects CPU architec
Naxsi is a web application firewall for NGINX servers designed to protect web applications from attacks by inspecting HTTP traffic for malicious patterns and vulnerability signatures. It functions as a vulnerability signature filter that matches incoming requests against known markers for threats such as SQL injection and cross-site scripting. The system includes a learning system and an automated rule generation utility to reduce false positives. It analyzes website behavior over time to create traffic whitelists and security exceptions for legitimate traffic patterns. The project provides
Godoxy is a Docker container orchestrator and reverse proxy manager. It provides a centralized system for managing the lifecycle, power states, and resource usage of virtualized containers, while routing HTTP, TCP, and UDP traffic to backend services with automatic route discovery. The project distinguishes itself through an OIDC access control gateway that authenticates users via external identity providers and a resource optimization system that puts idle containers to sleep and wakes them automatically when network requests arrive. It also includes an automatic SSL certificate manager that
The Gateway API is a standardized set of resources for routing HTTP, gRPC, and TCP traffic into and within Kubernetes clusters. It serves as a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols, acting as a specification for ingress and service mesh traffic interfaces. The project utilizes a role-oriented configuration that separates infrastructure provisioning from routing logic. It implements a class-based provider selection system to match requested infrastructure to specific controller implementations and employs a conformance-driven sp
This project is a web-based management interface designed for the administration, monitoring, and configuration of Nginx server instances. It functions as a centralized platform for managing reverse proxy settings, traffic routing, and server lifecycles, providing a visual dashboard to replace manual configuration file editing. The platform distinguishes itself through integrated infrastructure automation and observability tools. It supports distributed environments by synchronizing configuration states across multiple nodes and containerized services, while offering artificial intelligence a
This project is a Kubernetes Ingress Controller that functions as a layer 7 traffic router and NGINX reverse proxy. It serves as a secure network gateway, directing external HTTP and HTTPS traffic to backend services within a cluster based on declarative routing rules. The controller acts as a TLS termination gateway to secure traffic and integrates with Prometheus to expose request metrics and latency data for cluster monitoring. It supports canary deployment workflows by implementing weight-based traffic splitting between different versions of a service. The system manages external access
This project is a Docker-based web gateway and Nginx reverse proxy manager. It functions as a containerized network edge designed to route incoming HTTP and HTTPS traffic to backend services using subdomains and subfolders. The system automates the procurement and renewal of Let's Encrypt SSL certificates via the ACME protocol and various DNS plugins. It includes a mechanism to export and share these certificates through persistent volumes so other containers can utilize the same encryption keys. Security is handled through a combination of server intrusion prevention, using Fail2Ban to moni
Fabio is a network gateway that provides reverse proxying, layer 7 traffic management, and automated service discovery mapping. It functions as an HTTP reverse proxy, a gRPC and TCP proxy, and a service discovery gateway to route incoming traffic to healthy backend instances. The project distinguishes itself through deep integration with service registries, specifically acting as a Consul load balancer to automatically synchronize routing tables and update destination targets. It manages diverse traffic types using SNI-based routing for raw TCP streams and maintains full protocol compatibilit
Zoraxy is a network administration tool centered on HTTP reverse proxy management. It provides a centralized graphical interface for routing web traffic from public domains to internal backend services, utilizing a Go-based proxy to intercept and forward requests. The project extends beyond standard web routing by offering a browser-based SSH interface for remote server administration and command execution. It also supports transport-layer TCP and WebSocket forwarding to manage non-HTTP traffic between external clients and internal ports. Broad capabilities include automated TLS certificate
This project is a GitOps infrastructure framework designed for managing bare metal servers, container clusters, and networking. It serves as a declarative system for orchestrating the deployment and lifecycle of self-hosted services, using Git as the source of truth to synchronize the desired state of the environment. The framework differentiates itself through a comprehensive automation suite that covers the entire hardware-to-service pipeline. It includes a PXE-based bare metal provisioner for network booting and operating system installation, alongside a lightweight container orchestration
This project is a Kubernetes deployment guide and infrastructure provisioner designed for hobbyist and home lab environments. It provides a framework for setting up multi-node clusters across various cloud providers and physical or virtual nodes, acting as a self-hosted cluster orchestrator. The project focuses on security hardening and infrastructure stability through specific implementation guides. This includes a framework for network security that covers host firewalls and encrypted network overlays, as well as detailed instructions for configuring ingress routing to manage external publi
Uncloud is a decentralized container orchestrator designed to deploy and manage applications across multiple servers without a central control plane. It functions as a peer-to-peer system and a Docker Compose cluster deployer, using SSH-based infrastructure management to coordinate operations across remote nodes. The project distinguishes itself by using a secure mesh network overlay to enable direct inter-container communication across different physical machines. It facilitates container image distribution by transferring missing layers directly from local environments to target nodes, bypa
This project is an automated SSL certificate manager and orchestrator for Nginx proxy configurations. It functions as an ACME protocol client that handles the request, issuance, and renewal of security certificates for web services running in containers. The system monitors Docker container lifecycle events to automatically provision certificates based on assigned hostnames. It automates the full certificate lifecycle, including domain ownership validation and the issuance of specialized wildcard or multi-domain certificates. The tool manages security through both HTTP and DNS challenge reso
Higress is an AI-native and cloud-native API gateway that routes, secures, and optimizes traffic between clients and large language model services. It functions as a centralized entry point for microservices, serving as both a Kubernetes ingress controller and an AI gateway orchestrator. The project distinguishes itself by managing traffic across multiple AI providers using a unified protocol, incorporating token-aware rate limiting and response caching to optimize model inference. It coordinates communication between AI models and external tools to provide real-time context and data, while a
This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,
Opensnitch is a host-based application firewall for Linux that monitors and intercepts outbound network connections in real time. By hooking into kernel-level interfaces, it tracks system-wide network activity and maps connection attempts to specific local processes, allowing users to explicitly permit or deny traffic on a per-application basis. The project distinguishes itself through its ability to manage security policies across multiple distributed nodes from a single, unified dashboard. This centralized management is secured via encrypted socket communication, enabling consistent rule en
nginxconfig.io is a web-based NGINX configuration generator designed to build and optimize server configuration files through a visual interface. It functions as a management tool to help avoid manual syntax errors when defining server blocks. The project provides specialized utilities for implementing Gzip and Brotli compression, configuring caching strategies, and managing the deployment and renewal of SSL certificates. It also includes a reverse proxy configurator for defining routing rules and backend application server mappings to distribute network traffic. Additional capabilities cove
SafeLine is a containerized web application firewall and reverse proxy designed to secure web services by inspecting incoming HTTP traffic. It acts as a security gateway that sits in front of backend infrastructure to filter malicious requests and enforce access policies before they reach the application server. The platform distinguishes itself through advanced bot mitigation and content protection capabilities. It employs challenge-response mechanisms to verify human users and dynamically obfuscates HTML and JavaScript content to prevent unauthorized scraping and code tampering. These featu
Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte
SpaceBarChat is an open-source, self-hosted chat server that implements the Discord client-server protocol, allowing existing Discord clients and bots to connect without modification. It provides a complete communication platform for real-time messaging, voice, and video, all running on your own infrastructure with data stored in a PostgreSQL database that automatically synchronizes its schema with the application source code. The platform is built on a three-service architecture that separates API, Gateway, and CDN processes, communicating via Unix domain sockets or RabbitMQ for coordination
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Lando is a Docker development environment manager and local development orchestrator used to create isolated application stacks. It functions as a web development stack provisioner that coordinates web servers, databases, and runtimes to ensure consistent environment parity across different operating systems. The project distinguishes itself through recipe-based environment bootstrapping for common stacks such as LAMP, LEMP, and MEAN, as well as dedicated provisioning for CMS platforms like WordPress, Drupal, and Joomla. It further differentiates its capabilities by acting as a remote hosting