tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-11 10:16:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services/networking/anubis.md

2.6 KiB
Raw Blame History

Anubis

Anubis is a scraper defense software that blocks AI scrapers. It is designed to sit between a reverse proxy and the service to be protected.

Quickstart

This module is designed to use Unix domain sockets as the socket paths can be automatically configured for multiple instances, but TCP sockets are also supported.

Configuring multiple instances may look like the following.

Notes:

  • Each instance as its runtime directory set to anubis/anubis-<instance name>.
  • When a single instance is declared with unix sockets, the runtime directory anubis is allowed for backward compatibility.
{
  services.anubis.instances."instance-1" = {
    # Runtime directory: "anubis/anubis-instance-1".
    settings = {
      BIND = "/run/anubis/anubis-instance-1/anubis.sock";
      TARGET = "http://localhost:8001";
    };
  };

  services.anubis.instances."instance-2" = {
    # Runtime directory: "anubis/anubis-instance-2".
    settings = {
      BIND = "/run/anubis/anubis-instance-2/anubis.sock";
      TARGET = "http://localhost:8002";
    };
  };
}

A minimal configuration with nginx may look like the following:

{ config, ... }:
{
  services.anubis.instances.default.settings.TARGET = "http://localhost:8000";

  # required due to unix socket permissions
  users.users.nginx.extraGroups = [ config.users.groups.anubis.name ];
  services.nginx.virtualHosts."example.com" = {
    locations = {
      "/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}";
    };
  };
}

If Unix domain sockets are not needed or desired, this module supports operating with only TCP sockets.

{
  services.anubis = {
    instances.default = {
      settings = {
        TARGET = "http://localhost:8080";
        BIND = ":9000";
        BIND_NETWORK = "tcp";
        METRICS_BIND = "127.0.0.1:9001";
        METRICS_BIND_NETWORK = "tcp";
      };
    };
  };
}

Configuration

It is possible to configure default settings for all instances of Anubis, via {option}services.anubis.defaultOptions.

{
  services.anubis.defaultOptions = {
    botPolicy = {
      dnsbl = false;
    };
    settings.DIFFICULTY = 3;
  };
}

Note that at the moment, a custom bot policy is not merged with the baked-in one. That means to only override a setting like dnsbl, copying the entire bot policy is required. Check the upstream repository for the policy.