Overview
BunkerWeb is a security-focused web server and WAF built on NGINX that automatically hardens your web services against common threats. It integrates OWASP CRS rules, bot detection, rate limiting, and security headers out of the box, with a plugin system for extensibility. Configuration can be done via environment variables, files, or its web UI (BunkerWeb UI). Deploys as a deb/rpm package, Docker container, or Docker Compose stack.
Where it falls short of Heroku
- WAF/security-focused; lacks any application deployment or build pipeline capabilities
- No global CDN or edge network; all traffic routes through self-hosted nodes
- Advanced bot management and behavioral analytics are less mature than commercial WAFs
- Multi-node clustering and high-availability configurations require significant manual setup
We list the gaps honestly so you can decide if the trade-off is worth owning your data.
Tags
Claim this listing to keep it accurate, add a deploy template, or feature it on relevant pages.
Embed the BunkerWeb difficulty badge in your README — it links back here.
[](https://openreplace.com/bunkerweb)Similar open-source projects
Other self-hostable tools in the same space worth comparing.
Automatic HTTPS web server and reverse proxy with zero config TLS
Cloud-native HTTP reverse proxy and load balancer for microservices
Self-hostable Heroku/Netlify alternative for apps, databases, and services
Modern Linux server and web-app management panel with app store deploys