Add BunkerWeb Basic Setup Example

examples/bunkerweb/README.md

@@ -0,0 +1,54 @@
+# BunkerWeb (Basic Setup)
+
+[BunkerWeb](https://www.bunkerweb.io) is a next-generation Web Application Firewall (WAF).
+This example implements the **Basic Setup** using:
+*   **BunkerWeb**: The core WAF and reverse proxy.
+*   **Scheduler**: Manages configuration and jobs.
+*   **UI**: Web administration interface (internal).
+*   **MariaDB**: Database storage.
+*   **Valkey**: High-performance key-value store (used for caching/stats, replacing Redis).
+*   **App**: A demo application (`bunkerity/bunkerweb-hello`) labeled as `app`.
+
+## Usage
+
+The provided `compose.yaml` follows the official Quickstart Guide. The configuration is primarily managed **via the Web UI**.
+
+### 1. Start the Services
+
+```bash
+docker compose up -d
+```
+
+### 2. Access the Setup Wizard
+
+Since `SERVER_NAME` is empty, BunkerWeb will initially route traffic to the **Setup Wizard**.
+
+1.  Open your browser and navigate to `http://localhost/setup` (or `http://<your-server-ip>/setup`).
+    *   *Note: Access via port 80/443 (HTTP/HTTPS) handled by the `bunkerweb` container.*
+2.  Follow the wizard to create an administrator account.
+3.  **Important**: When asked for the **Server Name** inside the wizard, enter `localhost` (or your domain).
+    *   This domain will be used to access the Web UI from now on.
+
+### 3. Configure the Application Service
+
+Once logged into the Web UI:
+
+1.  Go to the **Services** tab to create a new service.
+2.  **Domain**: `localhost` (or the domain you configured).
+    *   *Note: If you use the same domain as the UI, BunkerWeb manages the routing (UI path vs App path).*
+3.  **Upstream HTTP Host**: `http://app:80`
+4.  **Upstream Path**: `/`
+5.  Save the configuration.
+
+### 4. Verify
+
+*   Access your protected application at `http://localhost`.
+
+## Notes
+
+*   **Passwords**: The default password is set to `changeme` in the `compose.yaml`. **Change this immediately** for any serious usage.
+*   **Valkey**: This setup uses [Valkey](https://valkey.io/) (an open-source Redis fork) as recommended for recent BunkerWeb versions.
+*   **Networks**: 
+    *   `bw-universe`: For internal communication between BunkerWeb components.
+    *   `bw-services`: For connecting the WAF to your applications (like `app`).
+    *   `bw-db`: Dedicated network for database access.

examples/bunkerweb/compose.yaml

@@ -0,0 +1,106 @@
+x-bw-env:
+  &bw-env # We use an anchor to avoid repeating the same settings for both services
+  API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" # Make sure to set the correct IP range so the scheduler can send the configuration to the instance
+  # Optional: set an API token and mirror it in both containers
+  API_TOKEN: ""
+
+  DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database
+services:
+  bunkerweb:
+    # This is the name that will be used to identify the instance in the Scheduler
+    image: bunkerity/bunkerweb:1.6.7
+    ports:
+      - "80:8080/tcp"
+      - "443:8443/tcp"
+      - "443:8443/udp" # For QUIC / HTTP3 support
+    environment:
+      <<: *bw-env # We use the anchor to avoid repeating the same settings for all services
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.6.7
+    environment:
+      <<: *bw-env
+      BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name
+      SERVER_NAME: ""
+      MULTISITE: "yes"
+      UI_HOST: "http://bw-ui:7000" # Change it if needed
+      USE_REDIS: "yes"
+      REDIS_HOST: "valkey"
+    volumes:
+      - bw-storage:/data # This is used to persist the cache and other data like the backups
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+      - bw-db
+
+  bw-ui:
+    image: bunkerity/bunkerweb-ui:1.6.7
+    environment:
+      <<: *bw-env
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+      - bw-db
+
+  bw-db:
+    image: mariadb:11
+    # We set the max allowed packet size to avoid issues with large queries
+    command: --max-allowed-packet=67108864
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_DATABASE: "db"
+      MYSQL_USER: "bunkerweb"
+      MYSQL_PASSWORD: "changeme" # Remember to set a stronger password for the database
+    volumes:
+      - bw-data:/var/lib/mysql
+    restart: "unless-stopped"
+    networks:
+      - bw-db
+
+  valkey: # Valkey service for the persistence of reports/bans/stats
+    image: valkey/valkey:9-alpine
+    command: >
+      valkey-server
+      --maxmemory 256mb
+      --maxmemory-policy allkeys-lru
+      --save 60 1000
+      --appendonly yes
+    healthcheck:
+      test: ["CMD-SHELL", "valkey-cli ping | grep PONG"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    sysctls:
+      - net.core.somaxconn=1024
+    volumes:
+      - valkey-data:/data
+    restart: "unless-stopped"
+    networks:
+      - bw-universe
+
+  app:
+    image: bunkerity/bunkerweb-hello:v1.0
+    networks:
+      - bw-services
+    restart: "unless-stopped"
+
+volumes:
+  bw-data:
+  bw-storage:
+  valkey-data:
+
+networks:
+  bw-universe:
+    name: bw-universe
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24 # Make sure to set the correct IP range so the scheduler can send the configuration to the instance
+  bw-services:
+    name: bw-services
+  bw-db:
+    name: bw-db