Add techniques/anubis/howto_anubis.md

2026-06-03 20:51:33 +00:00 · 2026-06-03 20:51:33 +00:00 · 8782d1545d
commit 8782d1545d
parent 5772cc7cba
1 changed files with 121 additions and 0 deletions
--- a/techniques/anubis/howto_anubis.md
+++ b/techniques/anubis/howto_anubis.md
@ -0,0 +1,121 @@
+# Anubis Proof-of-Work Deployment Guide (Docker, Binary, nginx, Apache)
+
+The Church of Malware (CoM) does not condone the use or introduction of egyptian deities onto any individual, human, or animal; however AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Anubis as the primary proof-of-work wall. It covers Docker, bare-metal binary, and integration with standard nginx and Apache.
+
+## 1. Quick Start (Docker Compose — Recommended)
+
+```yaml
+# docker-compose.yml
+version: "3.8"
+services:
+  anubis:
+    image: ghcr.io/techarohq/anubis:latest
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - ANUBIS_TARGET=http://origin:8080
+      - ANUBIS_POLICY=hardened
+      - ANUBIS_SERVE_ROBOTS_TXT=true
+    volumes:
+      - ./anubis.yaml:/config.yaml:ro
+    restart: unless-stopped
+
+  origin:
+    image: nginx:alpine
+    volumes:
+      - ./site:/usr/share/nginx/html:ro
+    expose:
+      - "8080"
+```
+
+```yaml
+# anubis.yaml
+target: http://origin:8080
+policy: hardened
+serve_robots_txt: true
+```
+
+```bash
+docker compose up -d
+```
+
+## 2. Bare-Metal Binary Installation
+
+```bash
+curl -L https://github.com/TecharoHQ/anubis/releases/latest/download/anubis-linux-amd64 -o /usr/local/bin/anubis
+chmod +x /usr/local/bin/anubis
+
+cat > /etc/systemd/system/anubis.service <<'EOF'
+[Unit]
+Description=Anubis PoW Reverse Proxy
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/anubis --config /etc/anubis/config.yaml
+Restart=always
+User=anubis
+WorkingDirectory=/etc/anubis
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable --now anubis
+```
+
+## 3. nginx Integration (Origin Server)
+
+```nginx
+server {
+    listen 127.0.0.1:8080;
+    server_name _;
+    root /var/www/html;
+
+    # Apply aggressive-bot map from known-aggressive-bot-user-agents.md
+    include /etc/nginx/snippets/aggressive-bots.conf;
+
+    location / {
+        if ($aggressive_bot) {
+            # optional: serve tarpit or malformed response after PoW
+        }
+        try_files $uri $uri/ =404;
+    }
+}
+```
+
+Anubis proxies to this internal origin after successful proof-of-work validation.
+
+## 4. Apache Integration
+
+```apache
+<VirtualHost 127.0.0.1:8080>
+    ServerName example.com
+    DocumentRoot /var/www/html
+
+    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless" aggressive_bot
+    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
+</VirtualHost>
+```
+
+## 5. robots.txt Recommendation
+
+```txt
+User-agent: *
+Disallow: /tarpit/
+Disallow: /malformed/
+Disallow: /slow-tarpit/
+```
+
+## 6. Testing
+
+```bash
+# Should trigger Anubis challenge
+curl -I -A "GPTBot/1.0" https://example.com/
+
+# Should receive fast response
+curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/
+```
+
+*Part of the passive defense layer. See also the tarpit and rate-limiting documentation.*