diff --git a/techniques/anubis/howto_anubis.md b/techniques/anubis/howto_anubis.md new file mode 100644 index 0000000..e10a315 --- /dev/null +++ b/techniques/anubis/howto_anubis.md @@ -0,0 +1,121 @@ +# Anubis Proof-of-Work Deployment Guide (Docker, Binary, nginx, Apache) + +The Church of Malware (CoM) does not condone the use or introduction of egyptian deities onto any individual, human, or animal; however AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Anubis as the primary proof-of-work wall. It covers Docker, bare-metal binary, and integration with standard nginx and Apache. + +## 1. Quick Start (Docker Compose — Recommended) + +```yaml +# docker-compose.yml +version: "3.8" +services: + anubis: + image: ghcr.io/techarohq/anubis:latest + ports: + - "80:80" + - "443:443" + environment: + - ANUBIS_TARGET=http://origin:8080 + - ANUBIS_POLICY=hardened + - ANUBIS_SERVE_ROBOTS_TXT=true + volumes: + - ./anubis.yaml:/config.yaml:ro + restart: unless-stopped + + origin: + image: nginx:alpine + volumes: + - ./site:/usr/share/nginx/html:ro + expose: + - "8080" +``` + +```yaml +# anubis.yaml +target: http://origin:8080 +policy: hardened +serve_robots_txt: true +``` + +```bash +docker compose up -d +``` + +## 2. Bare-Metal Binary Installation + +```bash +curl -L https://github.com/TecharoHQ/anubis/releases/latest/download/anubis-linux-amd64 -o /usr/local/bin/anubis +chmod +x /usr/local/bin/anubis + +cat > /etc/systemd/system/anubis.service <<'EOF' +[Unit] +Description=Anubis PoW Reverse Proxy +After=network.target + +[Service] +ExecStart=/usr/local/bin/anubis --config /etc/anubis/config.yaml +Restart=always +User=anubis +WorkingDirectory=/etc/anubis + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable --now anubis +``` + +## 3. nginx Integration (Origin Server) + +```nginx +server { + listen 127.0.0.1:8080; + server_name _; + root /var/www/html; + + # Apply aggressive-bot map from known-aggressive-bot-user-agents.md + include /etc/nginx/snippets/aggressive-bots.conf; + + location / { + if ($aggressive_bot) { + # optional: serve tarpit or malformed response after PoW + } + try_files $uri $uri/ =404; + } +} +``` + +Anubis proxies to this internal origin after successful proof-of-work validation. + +## 4. Apache Integration + +```apache + + ServerName example.com + DocumentRoot /var/www/html + + SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless" aggressive_bot + CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot + +``` + +## 5. robots.txt Recommendation + +```txt +User-agent: * +Disallow: /tarpit/ +Disallow: /malformed/ +Disallow: /slow-tarpit/ +``` + +## 6. Testing + +```bash +# Should trigger Anubis challenge +curl -I -A "GPTBot/1.0" https://example.com/ + +# Should receive fast response +curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/ +``` + +*Part of the passive defense layer. See also the tarpit and rate-limiting documentation.* \ No newline at end of file