630
Anubis is awesome and I want to talk about it (media.piefed.social)
submitted 3 days ago* (last edited 3 days ago) by SmokeyDope@piefed.social to c/selfhosted@lemmy.world
144 comments fedilink hide all child comments

I got into the self-hosting scene this year when I wanted to start up my own website run on old recycled thinkpad. A lot of time was spent learning about ufw, reverse proxies, header security hardening, fail2ban.

Despite all that I still had a problem with bots knocking on my ports spamming my logs. I tried some hackery getting fail2ban to read caddy logs but that didnt work for me. I nearly considered giving up and going with cloudflare like half the internet does. But my stubbornness for open source self hosting and the recent cloudflare outages this year have encouraged trying alternatives.

Coinciding with that has been an increase in exposure to seeing this thing in the places I frequent like codeberg. This is Anubis, a proxy type firewall that forces the browser client to do a proof-of-work security check and some other nice clever things to stop bots from knocking. I got interested and started thinking about beefing up security.

I'm here to tell you to try it if you have a public facing site and want to break away from cloudflare It was VERY easy to install and configure with caddyfile on a debian distro with systemctl. In an hour its filtered multiple bots and so far it seems the knocks have slowed down.

https://anubis.techaro.lol/

My botspam woes have seemingly been seriously mitigated if not completely eradicated. I'm very happy with tonights little security upgrade project that took no more than an hour of my time to install and read through documentation. Current chain is caddy reverse proxy -> points to Anubis -> points to services

Good place to start for install is here

https://anubis.techaro.lol/docs/admin/native-install/

(page 2) 50 comments
sorted by: hot top controversial new old
[-] sixty@sh.itjust.works 5 points 2 days ago

Yeah im not gonna use this anime stuff

[-] Mwa@thelemmy.club 3 points 2 days ago

can be removed btw

load more comments (2 replies)
[-] panda_abyss@lemmy.ca 16 points 3 days ago

I like the quirky SPH character

[-] Arghblarg@lemmy.ca 13 points 3 days ago* (last edited 3 days ago)

I have a script that watches apache or caddy logs for poison link hits and a set of bot user agents, adding IPs to an ipset blacklist, blocking with iptables. I should polish it up for others to try. My list of unique IPs is well over 10k in just a few days.

git repos seem to be real bait for these damn AI scrapers.

load more comments (5 replies)
[-] orbituary@lemmy.dbzer0.com 13 points 3 days ago

It's a great service. I hate the character.

load more comments (9 replies)
[-] quick_snail@feddit.nl 5 points 3 days ago

It's amazing how few people here are familiar with caching

[-] perishthethought@piefed.social 11 points 3 days ago

I don't really understand what I am seeing here, so I have to ask -- are these Security issues a concern?

https://github.com/TecharoHQ/anubis/security

I have a server running a few tiny web sites, so I am considering this, but I'm always concerned about the possibility that adding more things to it could make it less secure, versus more. Thanks for any thoughts.

[-] lime@feddit.nu 16 points 3 days ago

all of the issues listed are closed so any recent version is fine.

also, you probably don't need to deploy this unless you have a problem with bots.

load more comments (2 replies)
[-] mrbn@lemmy.ca 11 points 3 days ago

When I visit sites on my cellphone, Anubis often doesn't let me through.

[-] cmnybo@discuss.tchncs.de 12 points 3 days ago

I've never had any issues on my phone using Fennec or Firefox. I don't have many addons installed apart from uBlock Origin. I wouldn't be surprised if some privacy addons cause issues with Anubis though.

load more comments (1 replies)
load more comments (1 replies)
[-] Goretantath@lemmy.world 9 points 3 days ago

My phone hates anubis.

[-] A_norny_mousse@feddit.org 7 points 3 days ago

it's mentioned in this article

[-] Appoxo@lemmy.dbzer0.com 3 points 3 days ago

Maybe you know the answer to my question:
If I'd want to use any app that doesnt run in a webbrowser (e.g. the native jellyfin app), how would that work? Does it still work then?

load more comments (4 replies)
load more comments
view more: ‹ prev next ›
this post was submitted on 28 Nov 2025
630 points (100.0% liked)

Selfhosted

53262 readers
1463 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz