Add techniques/anubis/howto_anubis.md

2026-06-03 20:51:33 +00:00 · 2026-06-03 20:51:33 +00:00 · 8782d1545d
commit 8782d1545d
parent 5772cc7cba
1 changed files with 121 additions and 0 deletions
--- a/techniques/anubis/howto_anubis.md
+++ b/techniques/anubis/howto_anubis.md
@ -0,0 +1,121 @@
 # Anubis Proof-of-Work Deployment Guide (Docker, Binary, nginx, Apache)
 The Church of Malware (CoM) does not condone the use or introduction of egyptian deities onto any individual, human, or animal; however AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Anubis as the primary proof-of-work wall. It covers Docker, bare-metal binary, and integration with standard nginx and Apache.
 ## 1. Quick Start (Docker Compose — Recommended)
 ```yaml
 # docker-compose.yml
 version: "3.8"
 services:
  anubis:
    image: ghcr.io/techarohq/anubis:latest
    ports:
      - "80:80"
      - "443:443"
    environment:
      - ANUBIS_TARGET=http://origin:8080
      - ANUBIS_POLICY=hardened
      - ANUBIS_SERVE_ROBOTS_TXT=true
    volumes:
      - ./anubis.yaml:/config.yaml:ro
    restart: unless-stopped
  origin:
    image: nginx:alpine
    volumes:
      - ./site:/usr/share/nginx/html:ro
    expose:
      - "8080"
 ```
 ```yaml
 # anubis.yaml
 target: http://origin:8080
 policy: hardened
 serve_robots_txt: true
 ```
 ```bash
 docker compose up -d
 ```
 ## 2. Bare-Metal Binary Installation
 ```bash
 curl -L https://github.com/TecharoHQ/anubis/releases/latest/download/anubis-linux-amd64 -o /usr/local/bin/anubis
 chmod +x /usr/local/bin/anubis
 cat > /etc/systemd/system/anubis.service <<'EOF'
 [Unit]
 Description=Anubis PoW Reverse Proxy
 After=network.target
 [Service]
 ExecStart=/usr/local/bin/anubis --config /etc/anubis/config.yaml
 Restart=always
 User=anubis
 WorkingDirectory=/etc/anubis
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable --now anubis
 ```
 ## 3. nginx Integration (Origin Server)
 ```nginx
 server {
    listen 127.0.0.1:8080;
    server_name _;
    root /var/www/html;
    # Apply aggressive-bot map from known-aggressive-bot-user-agents.md
    include /etc/nginx/snippets/aggressive-bots.conf;
    location / {
        if ($aggressive_bot) {
            # optional: serve tarpit or malformed response after PoW
        }
        try_files $uri $uri/ =404;
    }
 }
 ```
 Anubis proxies to this internal origin after successful proof-of-work validation.
 ## 4. Apache Integration
 ```apache
 <VirtualHost 127.0.0.1:8080>
    ServerName example.com
    DocumentRoot /var/www/html
    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless" aggressive_bot
    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
 </VirtualHost>
 ```
 ## 5. robots.txt Recommendation
 ```txt
 User-agent: *
 Disallow: /tarpit/
 Disallow: /malformed/
 Disallow: /slow-tarpit/
 ```
 ## 6. Testing
 ```bash
 # Should trigger Anubis challenge
 curl -I -A "GPTBot/1.0" https://example.com/
 # Should receive fast response
 curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/
 ```
 *Part of the passive defense layer. See also the tarpit and rate-limiting documentation.*