Hello,
I have the following compose for all my services:
x-all-common: &all-common
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
x-bw-common: &bw-common
TZ: ${TZ}
AUTOCONF_MODE: yes
API_HTTP_PORT: 5000
API_LISTEN_IP: ${BUNKERWEB_NETWORK_IP4}.160
API_SERVER_NAME: bwapi
API_WHITELIST_IP: "127.0.0.0/24 ${BUNKERWEB_NETWORK_IP4}.0/24"
API_TOKEN: ${BW_APITOKEN}
x-bw-db: &bw-db
DATABASE_URI: mariadb+pymysql://bunkerweb:${BUNKERWEB_DBPASSWORD}@bunkerweb-db:3306/bunkerweb
x-authrequest: &authrequest
bunkerweb.REVERSE_PROXY_AUTH_REQUEST: /outpost.goauthentik.io/auth/nginx
#bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL: '@goauthentik_proxy_signin'
bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET: $$auth_cookie $$upstream_http_set_cookie;$$authentik_username $$upstream_http_x_authentik_username;$$authentik_groups $$upstream_http_x_authentik_groups;$$authentik_entitlements $$upstream_http_x_authentik_entitlements;$$authentik_email $$upstream_http_x_authentik_email;$$authentik_name $$upstream_http_x_authentik_name;$$authentik_uid $$upstream_http_x_authentik_uid
bunkerweb.REVERSE_PROXY_HEADERS: X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-entitlements $$authentik_entitlements;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid
bunkerweb.REVERSE_PROXY_HEADERS_CLIENT: Set-Cookie $$auth_cookie
bunkerweb.ERRORS: '401=@goauthentik_proxy_signin'
bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS: no
#bunkerweb.REVERSE_PROXY_URL_2: /outpost.goauthentik.io
#bunkerweb.REVERSE_PROXY_HOST_2: http://authentik-server:9000/outpost.goauthentik.io
#bunkerweb.REVERSE_PROXY_HEADERS_2: X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
#bunkerweb.REVERSE_PROXY_HEADERS_CLIENT_2: Set-Cookie $$auth_cookie
#bunkerweb.REVERSE_PROXY_AUTH_REQUEST_SET_2: $$auth_cookie $$upstream_http_set_cookie
#bunkerweb.REVERSE_PROXY_PASS_REQUEST_BODY_2: no
#bunkerweb.REVERSE_PROXY_INTERCEPT_ERRORS_2: no
bunkerweb.CUSTOM_CONF_SERVER_HTTP_authrequestlocations: |
location /outpost.goauthentik.io {
proxy_pass http://authentik-server:9000/outpost.goauthentik.io;
proxy_set_header Host $$host;
proxy_set_header X-Original-URL $$scheme://$$http_host$$request_uri;
add_header Set-Cookie $$auth_cookie;
auth_request_set $$auth_cookie $$upstream_http_set_cookie;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $$auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$$scheme://$$http_host$$request_uri;
}
networks:
services:
name: services
enable_ipv6: true
#macvlan:
# name: macvlan
# driver: macvlan
# driver_opts:
# parent: enp7s0
podmansocket:
name: podmansocket
internal: true
clamav:
name: clamav
crowdsec:
name: crowdsec
bunkerweb-db:
name: bunkerweb-db
internal: true
bunkerweb-valkey:
name: bunkerweb-valkey
internal: true
bunkerweb-universe:
name: bunkerweb-universe
ipam:
driver: default
config:
- subnet: ${BUNKERWEB_NETWORK_IP4}.0/24
services:
bunkerweb-main:
container_name: bunkerweb-main
image: ghcr.io/bunkerity/bunkerweb:${BUNKERWEB_VERSION}
environment:
<<: *bw-common
restart: always
networks:
bunkerweb-universe:
ipv4_address: ${BUNKERWEB_NETWORK_IP4}.160
services:
clamav:
crowdsec:
bunkerweb-valkey:
ports:
- "80:80/tcp"
- "443:443/tcp"
- "443:443/udp"
labels:
bunkerweb.INSTANCE: yes
depends_on:
- bunkerweb-valkey
bunkerweb-autoconf:
container_name: bunkerweb-autoconf
image: ghcr.io/bunkerity/bunkerweb-autoconf:${BUNKERWEB_VERSION}
depends_on:
- bunkerweb-main
- podmansocket
environment:
<<: [*bw-common, *bw-db]
DOCKER_HOST: tcp://podmansocket:2375
restart: always
networks:
bunkerweb-universe:
podmansocket:
bunkerweb-db:
bunkerweb-db:
container_name: bunkerweb-db
image: mariadb:11
command: --max-allowed-packet=67108864
environment:
MYSQL_RANDOM_ROOT_PASSWORD: yes
MYSQL_DATABASE: bunkerweb
MYSQL_USER: bunkerweb
MYSQL_PASSWORD: ${BUNKERWEB_DBPASSWORD}
<<: *all-common
volumes:
- ${CONFIG_FOLDER}/bunkerweb/db:/var/lib/mysql:Z
restart: always
networks:
bunkerweb-db:
bunkerweb-valkey:
container_name: bunkerweb-valkey
image: bitnami/valkey:latest
restart: always
environment:
<<: *all-common
VALKEY_PASSWORD: ${BUNKERWEBVALKEY_DBPASSWORD}
volumes:
- ${CONFIG_FOLDER}/bunkerweb/valkey:/bitnami/valkey/data:Z
networks:
bunkerweb-valkey:
bunkerweb-ui:
container_name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:${BUNKERWEB_VERSION}
restart: always
environment:
<<: [*bw-common, *bw-db]
ADMIN_USERNAME: admin
ADMIN_PASSWORD: ${BUNKERWEB_UIPASSWORD}
TOTP_ENCRYPTION_KEYS: ${BUNKERWEB_TOTPSECRET}
depends_on:
- bunkerweb-db
networks:
bunkerweb-universe:
bunkerweb-db:
bunkerweb-valkey:
labels:
bunkerweb.SERVER_NAME: bunkerweb.${DOMAIN}
bunkerweb.USE_TEMPLATE: ui
bunkerweb.USE_REVERSE_PROXY: yes
bunkerweb.REVERSE_PROXY_URL: /bwui
bunkerweb.REVERSE_PROXY_HOST: http://bunkerweb-ui:7000
bunkerweb-scheduler:
container_name: bunkerweb-scheduler
image: ghcr.io/bunkerity/bunkerweb-scheduler:${BUNKERWEB_VERSION}
volumes:
- ${CONFIG_FOLDER}/bunkerweb/scheduler:/data:Z
restart: always
depends_on:
- bunkerweb-db
networks:
bunkerweb-universe:
bunkerweb-db:
environment:
<<: [*bw-common, *bw-db]
# ------------------ General ----------------------
MULTISITE: yes
SESSIONS_SECRET: ${BUNKERWEB_SESSION}
#SERVICE_API: yes
BUNKERWEB_INSTANCES: ""
SERVER_NAME: ${DOMAIN}
UI_HOST: "http://bunkerweb-ui:7000"
# ------------------ Plugins ----------------------
EXTERNAL_PLUGIN_URLS: https://github.com/bunkerity/bunkerweb-plugins/archive/refs/tags/v1.10.zip
# ClamAV
USE_CLAMAV: yes
CLAMAV_HOST: clamav
# Valkey(Redis)
USE_REDIS: yes
REDIS_HOST: bunkerweb-valkey
REDIS_PASSWORD: ${BUNKERWEBVALKEY_DBPASSWORD}
# Crowdsec
USE_CROWDSEC: yes
CROWDSEC_API: http://crowdsec:8080
CROWDSEC_APPSEC_URL: http://crowdsec:7422
CROWDSEC_API_KEY: ${BUNKERWEB_CROWDSECKEY}
# Webhooks
#USE_WEBHOOK: yes
#WEBHOOK_URL: http://gotify:80/plugin/1/custom/${GOTIFY_BWTOKEN}/webhook
# ------------------ FEATURES ----------------------
# General comm
USE_IPV6: yes
SERVE_FILES: no
DISABLE_DEFAULT_SERVER: yes
USE_CLIENT_CACHE: yes
USE_GZIP: yes
USE_BROTLI: yes
REDIRECT_HTTP_TO_HTTPS: yes
HTTP3: yes
LISTEN_HTTP: no
DENY_HTTP_STATUS: 444
SSL_PROTOCOLS: TLSv1.3
#DATASTORE_MEMORY_SIZE: 256m
#CACHESTORE_MEMORY_SIZE: 256m
# Countries
WHITELIST_COUNTRY: FR CH DE
# Antibot
USE_ANTIBOT: captcha
# Encryption
AUTO_LETS_ENCRYPT: yes
LETS_ENCRYPT_CHALLENGE: dns
LETS_ENCRYPT_DNS_PROVIDER: cloudflare
LETS_ENCRYPT_DNS_CREDENTIAL_ITEM: "cloudflare_api_token ${CLOUDFLARE_DNSTOKEN}"
USE_LETS_ENCRYPT_STAGING: yes
clamav:
container_name: clamav
image: clamav/clamav:1.4
restart: always
environment:
<<: *all-common
volumes:
- ${CONFIG_FOLDER}/clamav:/var/lib/clamav:Z
networks:
clamav:
crowdsec:
container_name: crowdsec
image: ghcr.io/crowdsecurity/crowdsec:latest
restart: always
depends_on:
- podmansocket
environment:
COLLECTIONS: "bunkerity/bunkerweb crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve crowdsecurity/nginx"
<<: *all-common
BOUNCER_KEY_bunkerweb: ${BUNKERWEB_CROWDSECKEY}
DOCKER_HOST: tcp://podmansocket:2375
volumes:
- ${CONFIG_FOLDER}/crowdsec:/var/lib/crowdsec/data:Z
configs:
- source: acquislogs.yaml
target: /etc/crowdsec/acquis.d/acquislogs.yaml
- source: acquisappsec.yaml
target: /etc/crowdsec/acquis.d/appsec.yaml
networks:
crowdsec:
podmansocket:
podmansocket:
image: lscr.io/linuxserver/socket-proxy:latest
container_name: podmansocket
restart: always
volumes:
- /run/podman/podman.sock:/var/run/docker.sock:ro
environment:
ALLOW_START: 1 #optional
ALLOW_STOP: 1 #optional
ALLOW_RESTARTS: 1 #optional
ALLOW_PAUSE: 1 #optional
ALLOW_UNPAUSE: 1 #optional
AUTH: 0 #optional
BUILD: 0 #optional
COMMIT: 0 #optional
CONFIGS: 0 #optional
CONTAINERS: 1 #optional
DISABLE_IPV6: 0 #optional
DISTRIBUTION: 0 #optional
EVENTS: 1 #optional
EXEC: 0 #optional
IMAGES: 0 #optional
INFO: 1 #optional
LOG_LEVEL: info #optional
NETWORKS: 1 #optional
NODES: 0 #optional
PING: 1 #optional
PLUGINS: 0 #optional
POST: 1 #optional
SECRETS: 0 #optional
SERVICES: 1 #optional
SESSION: 0 #optional
SWARM: 0 #optional
SYSTEM: 0 #optional
TASKS: 0 #optional
VERSION: 1 #optional
VOLUMES: 0 #optional
<<: *all-common
networks:
podmansocket:
read_only: true
tmpfs:
- /run
ddns-updater:
container_name: ddns-updater
image: ghcr.io/qdm12/ddns-updater
restart: always
networks:
services:
environment:
<<: *all-common
CONFIG_FILEPATH: /updater/data/config.json
#SHOUTRRR_ADDRESSES: gotify://gotify:80/${GOTIFY_DDNSTOKEN}?DisableTLS=Yes
configs:
- source: ddns-updater_config
target: /updater/data/config.json
labels:
bunkerweb.SERVER_NAME: ddns.${DOMAIN}
bunkerweb.USE_REVERSE_PROXY: yes
bunkerweb.REVERSE_PROXY_URL: /
bunkerweb.REVERSE_PROXY_HOST: http://ddns-updater:8000
#<<: *authrequest
configs:
ddns-updater_config:
content: |
{
"settings": [
{
"provider": "cloudflare",
"zone_identifier": "${CLOUDFLARE_ZONEID}",
"domain": "${DOMAIN}",
"ttl": 1,
"token": "${CLOUDFLARE_DNSTOKEN}",
"ip_version": "ipv4",
"proxied": false
},
{
"provider": "cloudflare",
"zone_identifier": "${CLOUDFLARE_ZONEID}",
"domain": "${DOMAIN}",
"ttl": 1,
"token": "${CLOUDFLARE_DNSTOKEN}",
"ip_version": "ipv6",
"proxied": false
}
]
}
acquislogs.yaml:
content: |
source: docker
container_name:
- bunkerweb-main
labels:
type: bunkerweb
acquisappsec.yaml:
content: |
appsec_config: crowdsecurity/appsec-default
labels:
type: appsec
listen_addr: 0.0.0.0:7422
source: appsec
In Autoconf, I am having the following log:
[2026-05-18 21:37:41] - ENTRYPOINT - ℹ️ - Starting the job autoconf v1.6.10~rc7 ...
[2026-05-18 21:37:41] - ENTRYPOINT - ℹ️ - Setup and check /data folder ...
[2026-05-18 21:37:41] - ENTRYPOINT - ℹ️ - Processing Docker secrets from /run/secrets ...
[2026-05-18 21:37:41] - ENTRYPOINT - ℹ️ - Executing autoconf ...
[2026-05-18 21:37:42 +0200] [AUTOCONF] [21] [ℹ️ ] - Docker mode detected
[2026-05-18 21:37:42 +0200] [CONFIG] [21] [ℹ️ ] - ✅ Database connection established
[2026-05-18 21:37:42 +0200] [AUTOCONF] [21] [ℹ️ ] - Waiting for BunkerWeb instances ...
[2026-05-18 21:37:42 +0200] [DOCKER-CONTROLLER] [21] [⚠️ ] - No instance found, waiting 5s ...
[2026-05-18 21:37:47 +0200] [DOCKER-CONTROLLER] [21] [⚠️ ] - No instance found, waiting 5s ...
[2026-05-18 21:37:52 +0200] [DOCKER-CONTROLLER] [21] [⚠️ ] - No instance found, waiting 5s ...
[2026-05-18 21:37:57 +0200] [DOCKER-CONTROLLER] [21] [⚠️ ] - No instance found, waiting 5s ...
[2026-05-18 21:38:02 +0200] [DOCKER-CONTROLLER] [21] [⚠️ ] - No instance found, waiting 5s ...
All other containers seem to be running fine. Communication between containers also look fine.
My podmansocket container displays this (filtered to the ip of bunkerweb-autoconf)
::ffff:10.89.0.5:58136 [18/May/2026:21:40:58.332] proxy docker/socket 0/0/0/2/2 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:03.340] proxy docker/socket 0/0/0/3/3 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:03.344] proxy docker/socket 0/0/0/1/1 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:08.352] proxy docker/socket 0/0/0/3/3 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:08.357] proxy docker/socket 0/0/0/3/3 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:13.365] proxy docker/socket 0/0/0/5/5 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:13.371] proxy docker/socket 0/0/0/2/2 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:18.380] proxy docker/socket 0/0/0/3/3 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:18.385] proxy docker/socket 0/0/0/2/2 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:23.393] proxy docker/socket 0/0/0/6/6 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:23.400] proxy docker/socket 0/0/0/2/2 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:28.407] proxy docker/socket 0/0/0/4/4 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:28.413] proxy docker/socket 0/0/0/2/2 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:33.421] proxy docker/socket 0/0/0/4/4 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:33.426] proxy docker/socket 0/0/0/2/2 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:38.434] proxy docker/socket 0/0/0/5/5 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:38.441] proxy docker/socket 0/0/0/1/1 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:43.449] proxy docker/socket 0/0/0/4/4 200 4397 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:43.454] proxy docker/socket 0/0/0/1/1 200 9699 - - ---- 3/3/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:48.461] proxy docker/socket 0/0/0/5/5 200 4397 - - ---- 4/4/2/2/0 0/0 "GET /v1.44/containers/json?limit=-1&all=0&size=0&trunc_cmd=0&filters=%7B%22label%22%3A+%5B%22bunkerweb.INSTANCE%22%5D%7D HTTP/1.1"
::ffff:10.89.0.5:58136 [18/May/2026:21:41:48.467] proxy docker/socket 0/0/0/3/3 200 9699 - - ---- 4/4/2/2/0 0/0 "GET /v1.44/containers/d127dc590c5483dcff5b70e095e8c69ec540b4d000eaa961f08c8af3ed2bd859/json HTTP/1.1"
So it looks like podman socket access works.
I don’t understand why it can’t find the instance, because I checked that the main container does have
labels:
bunkerweb.INSTANCE: yes
What could be wrong?
Thanks in advance, have a nice day!