SubINaclS/Lyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8782d1545d
Lyre/techniques/anubis/howto_anubis.md

2.9 KiB
Raw Blame History

Anubis Proof-of-Work Deployment Guide (Docker, Binary, nginx, Apache)

The Church of Malware (CoM) does not condone the use or introduction of egyptian deities onto any individual, human, or animal; however AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Anubis as the primary proof-of-work wall. It covers Docker, bare-metal binary, and integration with standard nginx and Apache.

1. Quick Start (Docker Compose — Recommended)

# docker-compose.yml
version: "3.8"
services:
  anubis:
    image: ghcr.io/techarohq/anubis:latest
    ports:
      - "80:80"
      - "443:443"
    environment:
      - ANUBIS_TARGET=http://origin:8080
      - ANUBIS_POLICY=hardened
      - ANUBIS_SERVE_ROBOTS_TXT=true
    volumes:
      - ./anubis.yaml:/config.yaml:ro
    restart: unless-stopped

  origin:
    image: nginx:alpine
    volumes:
      - ./site:/usr/share/nginx/html:ro
    expose:
      - "8080"

# anubis.yaml
target: http://origin:8080
policy: hardened
serve_robots_txt: true

docker compose up -d

2. Bare-Metal Binary Installation

curl -L https://github.com/TecharoHQ/anubis/releases/latest/download/anubis-linux-amd64 -o /usr/local/bin/anubis
chmod +x /usr/local/bin/anubis

cat > /etc/systemd/system/anubis.service <<'EOF'
[Unit]
Description=Anubis PoW Reverse Proxy
After=network.target

[Service]
ExecStart=/usr/local/bin/anubis --config /etc/anubis/config.yaml
Restart=always
User=anubis
WorkingDirectory=/etc/anubis

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now anubis

3. nginx Integration (Origin Server)

server {
    listen 127.0.0.1:8080;
    server_name _;
    root /var/www/html;

    # Apply aggressive-bot map from known-aggressive-bot-user-agents.md
    include /etc/nginx/snippets/aggressive-bots.conf;

    location / {
        if ($aggressive_bot) {
            # optional: serve tarpit or malformed response after PoW
        }
        try_files $uri $uri/ =404;
    }
}

Anubis proxies to this internal origin after successful proof-of-work validation.

4. Apache Integration

<VirtualHost 127.0.0.1:8080>
    ServerName example.com
    DocumentRoot /var/www/html

    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless" aggressive_bot
    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
</VirtualHost>

5. robots.txt Recommendation

User-agent: *
Disallow: /tarpit/
Disallow: /malformed/
Disallow: /slow-tarpit/

6. Testing

# Should trigger Anubis challenge
curl -I -A "GPTBot/1.0" https://example.com/

# Should receive fast response
curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/

Part of the passive defense layer. See also the tarpit and rate-limiting documentation.