this post was submitted on 28 Nov 2025
609 points (94.6% liked)

Selfhosted

53242 readers
1058 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
609
Anubis is awesome and I want to talk about it (europe.pub)
submitted 2 days ago* (last edited 2 days ago) by SmokeyDope@piefed.social to c/selfhosted@lemmy.world
150 comments fedilink hide all child comments
 

I got into the self-hosting scene this year when I wanted to start up my own website run on old recycled thinkpad. A lot of time was spent learning about ufw, reverse proxies, header security hardening, fail2ban.

Despite all that I still had a problem with bots knocking on my ports spamming my logs. I tried some hackery getting fail2ban to read caddy logs but that didnt work for me. I nearly considered giving up and going with cloudflare like half the internet does. But my stubbornness for open source self hosting and the recent cloudflare outages this year have encouraged trying alternatives.

Coinciding with that has been an increase in exposure to seeing this thing in the places I frequent like codeberg. This is Anubis, a proxy type firewall that forces the browser client to do a proof-of-work security check and some other nice clever things to stop bots from knocking. I got interested and started thinking about beefing up security.

I'm here to tell you to try it if you have a public facing site and want to break away from cloudflare It was VERY easy to install and configure with caddyfile on a debian distro with systemctl. In an hour its filtered multiple bots and so far it seems the knocks have slowed down.

https://anubis.techaro.lol/

My botspam woes have seemingly been seriously mitigated if not completely eradicated. I'm very happy with tonights little security upgrade project that took no more than an hour of my time to install and read through documentation. Current chain is caddy reverse proxy -> points to Anubis -> points to services

Good place to start for install is here

https://anubis.techaro.lol/docs/admin/native-install/

(page 2) 50 comments
sorted by: hot top controversial new old
[–] natecox@programming.dev 27 points 2 days ago (1 children)

Counterpoint: Anubis is not awesome: https://lock.cmpxchg8b.com/anubis.html

[–] Cyberflunk@lemmy.world 9 points 2 days ago (3 children)

thank you! this needed said.

  • This post is a bit critical of a small well-intentioned project, so I felt obliged to email the maintainer to discuss it before posting it online. I didn’t hear back.

i used to watch the dev on mastodon, they seemed pretty radicalized on killing AI, and anyone who uses it (kidding!!) i'm not even surprised you didn't hear back

great take on the software, and as far as i can tell, playwright still works/completes the unit of work. at scale anubis still seems to work if you have popular content, but does hasnt stopped me using claude code + virtual browsers

im not actively testing it though. im probably very wrong about a few things, but i know anubis isn't hindering my personal scraping, it does fuck up perplexity and chatgpt bots, which is fun to see.

good luck Blue team!

[–] kilgore_trout@feddit.it 14 points 2 days ago

the dev […] seemed pretty radicalized on killing Ai

As one should, to lead a similar project.

load more comments (2 replies)
[–] Appoxo@lemmy.dbzer0.com 3 points 1 day ago (3 children)

Maybe you know the answer to my question:
If I'd want to use any app that doesnt run in a webbrowser (e.g. the native jellyfin app), how would that work? Does it still work then?

[–] chaospatterns@lemmy.world 1 points 1 day ago (1 children)

If the app is just a WebView wrapper around the application, then the challenge page would load and try to be evaluated.

If it's a native Android/iOS app, then it probably wouldn't work because the app would try to make HTTP API calls and get back something unexpected.

load more comments (1 replies)
load more comments (2 replies)
[–] Arghblarg@lemmy.ca 14 points 2 days ago* (last edited 2 days ago) (5 children)

I have a script that watches apache or caddy logs for poison link hits and a set of bot user agents, adding IPs to an ipset blacklist, blocking with iptables. I should polish it up for others to try. My list of unique IPs is well over 10k in just a few days.

git repos seem to be real bait for these damn AI scrapers.

[–] quick_snail@feddit.nl 3 points 1 day ago

You just described what wazuh does ootb

load more comments (4 replies)
[–] mrbn@lemmy.ca 12 points 2 days ago (2 children)

When I visit sites on my cellphone, Anubis often doesn't let me through.

[–] cmnybo@discuss.tchncs.de 11 points 2 days ago (1 children)

I've never had any issues on my phone using Fennec or Firefox. I don't have many addons installed apart from uBlock Origin. I wouldn't be surprised if some privacy addons cause issues with Anubis though.

load more comments (1 replies)
load more comments (1 replies)
[–] turdas@suppo.fi 3 points 1 day ago* (last edited 1 day ago)

Inspired by this post I spent a couple of hours today trying to set this up on my toy server, only to immediately run into what seems to be a bug where <video> tags loading a simple WebM video from right next to index.html broke because the media response got Anubis's HTML bot check instead of media.

I suppose my use-case was just too complicated.

[–] panda_abyss@lemmy.ca 11 points 2 days ago

I like the quirky SPH character

[–] perishthethought@piefed.social 11 points 2 days ago (3 children)

I don't really understand what I am seeing here, so I have to ask -- are these Security issues a concern?

https://github.com/TecharoHQ/anubis/security

I have a server running a few tiny web sites, so I am considering this, but I'm always concerned about the possibility that adding more things to it could make it less secure, versus more. Thanks for any thoughts.

[–] lime@feddit.nu 17 points 2 days ago

all of the issues listed are closed so any recent version is fine.

also, you probably don't need to deploy this unless you have a problem with bots.

load more comments (2 replies)
[–] quick_snail@feddit.nl 3 points 1 day ago (1 children)

getting fail2ban to read caddy logs

You should look into wazuh

[–] victorz@lemmy.world 5 points 1 day ago (1 children)

Seems like they already have a working solution now.

[–] quick_snail@feddit.nl 5 points 1 day ago* (last edited 1 day ago) (1 children)

sure, but they have to maintain it.

Wazuh ships with rules that are maintained by wazuh. Less code rot.

[–] victorz@lemmy.world 2 points 1 day ago

That's really good, could be worth looking into in that case. 👍 Thanks for following up!

load more comments
view more: ‹ prev next ›