mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-12 18:56:59 +01:00
93 lines
2.6 KiB
Markdown
93 lines
2.6 KiB
Markdown
# Anubis {#module-services-anubis}
|
|
|
|
[Anubis](https://anubis.techaro.lol) is a scraper defense software that blocks AI scrapers. It is designed to sit
|
|
between a reverse proxy and the service to be protected.
|
|
|
|
## Quickstart {#module-services-anubis-quickstart}
|
|
|
|
This module is designed to use Unix domain sockets as the socket paths can be automatically configured for multiple
|
|
instances, but TCP sockets are also supported.
|
|
|
|
Configuring multiple instances may look like the following.
|
|
|
|
Notes:
|
|
|
|
- Each instance as its runtime directory set to `anubis/anubis-<instance name>`.
|
|
- When a single instance is declared with unix sockets, the runtime directory `anubis` is allowed for backward
|
|
compatibility.
|
|
|
|
```nix
|
|
{
|
|
services.anubis.instances."instance-1" = {
|
|
# Runtime directory: "anubis/anubis-instance-1".
|
|
settings = {
|
|
BIND = "/run/anubis/anubis-instance-1/anubis.sock";
|
|
TARGET = "http://localhost:8001";
|
|
};
|
|
};
|
|
|
|
services.anubis.instances."instance-2" = {
|
|
# Runtime directory: "anubis/anubis-instance-2".
|
|
settings = {
|
|
BIND = "/run/anubis/anubis-instance-2/anubis.sock";
|
|
TARGET = "http://localhost:8002";
|
|
};
|
|
};
|
|
}
|
|
```
|
|
|
|
A minimal configuration with [nginx](#opt-services.nginx.enable) may look like the following:
|
|
|
|
```nix
|
|
{ config, ... }:
|
|
{
|
|
services.anubis.instances.default.settings.TARGET = "http://localhost:8000";
|
|
|
|
# required due to unix socket permissions
|
|
users.users.nginx.extraGroups = [ config.users.groups.anubis.name ];
|
|
services.nginx.virtualHosts."example.com" = {
|
|
locations = {
|
|
"/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}";
|
|
};
|
|
};
|
|
}
|
|
```
|
|
|
|
If Unix domain sockets are not needed or desired, this module supports operating with only TCP sockets.
|
|
|
|
```nix
|
|
{
|
|
services.anubis = {
|
|
instances.default = {
|
|
settings = {
|
|
TARGET = "http://localhost:8080";
|
|
BIND = ":9000";
|
|
BIND_NETWORK = "tcp";
|
|
METRICS_BIND = "127.0.0.1:9001";
|
|
METRICS_BIND_NETWORK = "tcp";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
```
|
|
|
|
## Configuration {#module-services-anubis-configuration}
|
|
|
|
It is possible to configure default settings for all instances of Anubis, via {option}`services.anubis.defaultOptions`.
|
|
|
|
```nix
|
|
{
|
|
services.anubis.defaultOptions = {
|
|
botPolicy = {
|
|
dnsbl = false;
|
|
};
|
|
settings.DIFFICULTY = 3;
|
|
};
|
|
}
|
|
```
|
|
|
|
Note that at the moment, a custom bot policy is not merged with the baked-in one. That means to only override a setting
|
|
like `dnsbl`, copying the entire bot policy is required. Check
|
|
[the upstream repository](https://github.com/TecharoHQ/anubis/blob/1509b06cb921aff842e71fbb6636646be6ed5b46/cmd/anubis/botPolicies.json)
|
|
for the policy.
|