foaly
November 27, 2025, 3:50pm
1
Hi,
I just installed Bunkerweb on kubernetes, but it’s not working. I’m getting the error:The last changes could not be applied because it creates a configuration error on NGINX, please check BunkerWeb’s logs for more information. The configuration fell back to the last working one.
With failover message:
Thats strange, can you post your yaml, remove all password before posting.
foaly
November 28, 2025, 9:48am
3
This is the Yaml:
bunkerweb:
affinity: {}
enableInstance: true
enabled: true
extraEnvs: []
hostPorts: true
hpa:
behavior:
scaleDown:
policies:
- periodSeconds: 60
type: Percent
value: 50
- periodSeconds: 60
type: Pods
value: 1
selectPolicy: Min
stabilizationWindowSeconds: 300
scaleUp:
policies:
- periodSeconds: 60
type: Percent
value: 100
- periodSeconds: 60
type: Pods
value: 2
selectPolicy: Min
stabilizationWindowSeconds: 60
cpu:
enabled: true
targetAverageUtilization: 90
enabled: false
maxReplicas: 10
memory:
enabled: false
targetAverageUtilization: 90
minReplicas: 2
nameOverride: ""
targetKind: Deployment
imagePullSecrets: []
kind: Deployment
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
nodeSelector: {}
pdb:
create: true
maxUnavailable: ""
minAvailable: ""
podAnnotations: {}
podAntiAffinityPreset: soft
podLabels: {}
pullPolicy: Always
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
- ok
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
replicas: 1
repository: bunkerity/bunkerweb
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 101
runAsUser: 101
service:
headless: true
tag: 1.6.6
tolerations: []
volumeMounts: []
volumes: []
controller:
enabled: true
extraEnvs: []
imagePullSecrets: []
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck-autoconf.sh
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
nodeSelector: {}
podAnnotations: {}
podLabels: {}
pullPolicy: Always
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck-autoconf.sh
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
repository: bunkerity/bunkerweb-autoconf
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 101
runAsUser: 101
tag: 1.6.6
tolerations: []
fullnameOverride: ""
grafana:
adminPassword: ""
adminUser: admin
enabled: false
existingSecret: ""
extraEnvs: []
ingress:
enabled: false
persistence:
accessModes:
- ReadWriteOnce
enabled: false
size: 10Gi
storageClass: ""
podAnnotations: {}
podLabels: {}
prometheusDatasource:
access: proxy
isDefault: true
name: Prometheus
type: prometheus
url: http://prometheus-{{ include "bunkerweb.fullname" . }}.{{ include "bunkerweb.namespace"
. }}.svc:9090
pullPolicy: IfNotPresent
replicas: 1
repository: grafana/grafana
securityContext: {}
service:
port: 3000
type: ClusterIP
tag: latest
imagePullSecrets: []
ingressClass:
controller: bunkerweb.io/ingress-controller
enabled: true
name: bunkerweb
mariadb:
args:
- --max-allowed-packet=67108864
config:
database: db
password: ""
randomRootPassword: ""
user: bunkerweb
enabled: true
imagePullSecrets: []
nodeSelector: {}
persistence:
size: 5Gi
storageClass: ""
pullPolicy: Always
repository: mariadb
tag: "11"
tolerations: []
nameOverride: ""
namespaceOverride: ""
networkPolicy:
egress:
allowDatabaseVNet: true
allowInternet: true
allowSameNamespace: true
databasePort: 3306
databaseVNetCIDR: 10.0.0.0/16
internetPorts:
- 80
- 443
enabled: false
nodeSelector: {}
prometheus:
enabled: false
persistence:
accessModes:
- ReadWriteOnce
enabled: true
size: 8Gi
storageClass: ""
podAnnotations: {}
podLabels: {}
pullPolicy: Always
replicas: 1
repository: prom/prometheus
securityContext:
fsGroup: 65534
tag: v3.3.1
redis:
config:
file: |
appendonly yes
save ""
loglevel verbose
maxmemory 512mb
maxmemory-policy allkeys-lru
password: ""
enabled: true
imagePullSecrets: []
nodeSelector: {}
persistence:
size: 1Gi
storageClass: ""
pullPolicy: Always
repository: redis
tag: 7-alpine
tolerations: []
useConfigFile: false
scheduler:
extraEnvs: []
features:
antibot:
antibotIgnoreIp: ""
antibotIgnoreUri: ""
antibotTimeResolve: ""
antibotTimeValid: ""
antibotUri: ""
useAntibot: ""
authBasic:
authBasicLocation: ""
authBasicPassword: ""
authBasicText: ""
authBasicUser: ""
useAuthBasic: ""
backup:
backupDirectory: ""
backupRotation: ""
backupSchedule: ""
useBackup: ""
badBehavior:
badBehaviorBanTime: ""
badBehaviorCountTime: ""
badBehaviorStatusCodes: ""
badBehaviorThreshold: ""
useBadBehavior: ""
blacklist:
blacklistCommunityLists: ""
blacklistIp: ""
blacklistIpUrls: ""
useBlacklist: ""
bunkerNet:
bunkernetServer: ""
useBunkernet: ""
clientCache:
clientCacheControl: ""
clientCacheEtag: ""
clientCacheExtensions: ""
useClientCache: ""
compression:
brotliCompLevel: ""
gzipCompLevel: ""
gzipMinLength: ""
useBrotli: ""
useGzip: ""
cors:
corsAllowCredentials: ""
corsAllowHeaders: ""
corsAllowMethods: ""
corsAllowOrigin: ""
useCors: ""
crowdSec:
crowdSecApi: ""
crowdSecApiKey: ""
crowdSecAppsecUrl: ""
crowdSecMode: ""
useCrowdSec: ""
customSsl:
customSslCert: ""
customSslCertPriority: ""
customSslKey: ""
useCustomSsl: ""
dnsbl:
dnsblList: ""
useDnsbl: ""
errors:
errors: ""
interceptedErrorCodes: ""
geoBlocking:
blacklistCountry: ""
whitelistCountry: ""
global:
disableDefaultServer: ""
disableDefaultServerStrictSni: ""
securityMode: ""
greylist:
greylistIp: ""
greylistIpUrls: ""
useGreylist: ""
headers:
contentSecurityPolicy: ""
contentSecurityPolicyReportOnly: ""
customHeader: ""
referrerPolicy: ""
removeHeaders: ""
strictTransportSecurity: ""
xContentTypeOptions: ""
xFrameOptions: ""
htmlInjection:
injectBody: ""
injectHead: ""
letsEncrypt:
autoLetsEncrypt: ""
emailLetsEncrypt: ""
letsEncryptChallenge: ""
letsEncryptDnsProvider: ""
useLetsEncryptWildcard: ""
metrics:
metricsMaxBlockedRequests: ""
metricsMemorySize: ""
metricsSaveToRedis: ""
useMetrics: ""
modsecurity:
modsecurityCrsPlugins: ""
modsecurityCrsVersion: ""
modsecuritySecRuleEngine: ""
useModsecurity: ""
useModsecurityCrs: ""
useModsecurityCrsPlugins: ""
php:
localPhp: ""
localPhpPath: ""
remotePhp: ""
remotePhpPort: ""
remotephpPath: ""
rateLimit:
limitConnMaxHttp1: ""
limitConnMaxHttp2: ""
limitConnMaxHttp3: ""
limitReqRate: ""
limitReqUrl: ""
useLimitConn: ""
useLimitReq: ""
realIp:
realIpFrom: ""
realIpHeader: ""
realIpRecursive: ""
useProxyProtocol: ""
useRealIp: ""
redirect:
redirectFrom: ""
redirectTo: ""
redirectToRequestUri: ""
redirectToStatusCode: ""
reverseProxy:
reverseProxyConnectTimeout: ""
reverseProxyHost: ""
reverseProxyReadTimeout: ""
reverseProxySendTimeout: ""
reverseProxyUrl: ""
useReverseProxy: ""
reverseScan:
reverseScanPorts: ""
reverseScanTimeout: ""
useReverseScan: ""
robotsTxt:
robotsTxtCommunityLists: ""
robotsTxtDarkvisitorsToken: ""
robotsTxtRule: ""
robotsTxtSitemap: ""
useRobotsTxt: ""
securityTxt:
securityTxtContact: ""
securityTxtExpires: ""
securityTxtPolicy: ""
useSecurityTxt: ""
sessions:
sessionsAbsoluteTimeout: ""
sessionsCheckIp: ""
sessionsCheckUserAgent: ""
sessionsIdlingTimeout: ""
sessionsName: ""
sessionsRollingTimeout: ""
sessionsSecret: ""
ssl:
autoRedirectHttpToHttps: ""
listenHttps: ""
sslCiphersLevel: ""
sslProtocols: ""
whitelist:
useWhitelist: ""
whitelistIp: ""
whitelistIpUrls: ""
imagePullSecrets: []
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck-scheduler.sh
failureThreshold: 3
initialDelaySeconds: 90
periodSeconds: 10
timeoutSeconds: 1
nodeSelector: {}
podAnnotations: {}
podLabels: {}
proLicenseKey: ""
pullPolicy: Always
repository: bunkerity/bunkerweb-scheduler
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 101
runAsUser: 101
tag: 1.6.6
tolerations: []
usePrometheusExporter: false
service:
annotations: {}
enabled: true
externalTrafficPolicy: Local
type: LoadBalancer
settings:
existingSecret: ""
kubernetes:
domainName: cluster.local
ignoreAnnotations: ""
ingressClass: ""
namespaces: ""
misc:
apiWhitelistIp: 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
databaseUri: ""
dnsResolvers: coredns.kube-system.svc.cluster.local
redis:
redisHost: ""
redisPassword: ""
redisUsername: ""
useRedis: "yes"
ui:
adminPassword: ""
adminUsername: ""
flaskSecret: ""
ingress:
enabled: false
extraAnnotations: {}
ingressClassName: ""
serverName: ""
serverPath: /
tlsSecretName: ""
overrideAdminCreds: "no"
totpSecrets: ""
wizard: true
tolerations: []
topologySpreadConstraints: []
ui:
enabled: true
extraEnvs: []
imagePullSecrets: []
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck-ui.sh
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
logs:
enabled: false
persistence:
size: 5Gi
storageClass: ""
pullPolicy: Always
repository: balabit/syslog-ng
tag: 4.8.0
nodeSelector: {}
podAnnotations: {}
podLabels: {}
pullPolicy: Always
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck-ui.sh
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
repository: bunkerity/bunkerweb-ui
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 101
runAsUser: 101
tag: 1.6.6
tolerations: []
In the instruction it said I needed to extract an IP address, but that command doesn’t work and it didn’t specify what to do with that IP address
Redis is not set, do that
settings:
and check that your db setup properly
settings:
check your ingessbunkerweb.example.com
probably you should limit settings:
Personally i would start with docker setup, once this running your can stack docker in Kubernetes pods.