this post was submitted on 28 Nov 2025
575 points (94.3% liked)

Selfhosted

53360 readers
235 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
575
Anubis is awesome and I want to talk about it (media.piefed.social)
submitted 6 days ago* (last edited 6 days ago) by SmokeyDope@piefed.social to c/selfhosted@lemmy.world
143 comments fedilink hide all child comments
 

I got into the self-hosting scene this year when I wanted to start up my own website run on old recycled thinkpad. A lot of time was spent learning about ufw, reverse proxies, header security hardening, fail2ban.

Despite all that I still had a problem with bots knocking on my ports spamming my logs. I tried some hackery getting fail2ban to read caddy logs but that didnt work for me. I nearly considered giving up and going with cloudflare like half the internet does. But my stubbornness for open source self hosting and the recent cloudflare outages this year have encouraged trying alternatives.

Coinciding with that has been an increase in exposure to seeing this thing in the places I frequent like codeberg. This is Anubis, a proxy type firewall that forces the browser client to do a proof-of-work security check and some other nice clever things to stop bots from knocking. I got interested and started thinking about beefing up security.

I'm here to tell you to try it if you have a public facing site and want to break away from cloudflare It was VERY easy to install and configure with caddyfile on a debian distro with systemctl. In an hour its filtered multiple bots and so far it seems the knocks have slowed down.

https://anubis.techaro.lol/

My botspam woes have seemingly been seriously mitigated if not completely eradicated. I'm very happy with tonights little security upgrade project that took no more than an hour of my time to install and read through documentation. Current chain is caddy reverse proxy -> points to Anubis -> points to services

Good place to start for install is here

https://anubis.techaro.lol/docs/admin/native-install/

(page 2) 50 comments
sorted by: hot top controversial new old
[–] panda_abyss@lemmy.ca 11 points 6 days ago

I like the quirky SPH character

[–] perishthethought@piefed.social 11 points 6 days ago (3 children)

I don't really understand what I am seeing here, so I have to ask -- are these Security issues a concern?

https://github.com/TecharoHQ/anubis/security

I have a server running a few tiny web sites, so I am considering this, but I'm always concerned about the possibility that adding more things to it could make it less secure, versus more. Thanks for any thoughts.

[–] SmokeyDope@piefed.social 5 points 6 days ago

Security issues are always a concern the question is how much. Looking at it they seem to at most be ways to circumvent the Anubis redirect system to get to your page using very specific exploits. These are marked as m low to moderate priority and I do not see anything that implies like system level access which is the big concern. Obviously do what you feel is best but IMO its not worth sweating about. Nice thing about open source projects is that anyone can look through and fix, if this gets more popular you can expect bug bounties and professional pen testing submissions.

load more comments (2 replies)
[–] Goretantath@lemmy.world 8 points 6 days ago (1 children)

My phone hates anubis.

[–] A_norny_mousse@feddit.org 6 points 6 days ago

it's mentioned in this article

[–] termaxima@slrpnk.net 2 points 4 days ago

I am very annoyed that I have to enable cloudflare's JavaScript on so many websites, I would much prefer if more of them used Anubis so I didn't have third-party JavaScript running as often.

( coming from an annoying user who tries to enable the fewest things possible in NoScript )

[–] Appoxo@lemmy.dbzer0.com 3 points 5 days ago (4 children)

Maybe you know the answer to my question:
If I'd want to use any app that doesnt run in a webbrowser (e.g. the native jellyfin app), how would that work? Does it still work then?

load more comments (4 replies)
[–] orbituary@lemmy.dbzer0.com 5 points 6 days ago (3 children)

It's a great service. I hate the character.

[–] CoyoteFacts@piefed.ca 5 points 6 days ago (1 children)
[–] natecox@programming.dev 5 points 6 days ago (4 children)

I can’t access the page to validate this because I don’t allow JS; isn’t that gated behind a paywall?

[–] orbituary@lemmy.dbzer0.com 6 points 6 days ago (4 children)

Not sure why you're getting down votes for just asking a question.

load more comments (4 replies)
[–] MissingInteger@lemmy.zip 5 points 6 days ago

You can just fork it and replace the image.

The authors talks about it here on their blog a bit more.

load more comments (2 replies)
load more comments (2 replies)
[–] turdas@suppo.fi 3 points 5 days ago* (last edited 5 days ago)

Inspired by this post I spent a couple of hours today trying to set this up on my toy server, only to immediately run into what seems to be a bug where <video> tags loading a simple WebM video from right next to index.html broke because the media response got Anubis's HTML bot check instead of media.

I suppose my use-case was just too complicated.

load more comments
view more: ‹ prev next ›