Container Port: 8923

Target

8923

Default

8923

Value

8923

Container Port: 9090

Target

9090

Default

9090

Value

9090

The URL of the service that Anubis should forward valid requests to. Supports Unix domain sockets, set this to a URI like so: unix:///path/to/socket.sock.

Target

TARGET

Default

http://localhost:3923

Value

http://localhost:3923

Path to the bot policy file.

Target

/data/cfg/botPolicy.yaml

Default

/mnt/user/appdata/anubis/botPolicy.yaml

Value

/mnt/user/appdata/anubis/botPolicy.yaml

If set, adds a global prefix to all Anubis endpoints. For example, setting this to /myapp would make Anubis accessible at /myapp/ instead of /. This is useful when running Anubis behind a reverse proxy that routes based on path prefixes.

Target

BASE_PREFIX

Internal bind port to the host system

Target

BIND

Default

:8923

Value

:8923

The address family that Anubis listens on

Target

BIND_NETWORK

Default

tcp

Value

tcp

The domain the Anubis challenge pass cookie should be set to. This should be set to the domain you bought from your registrar (EG: techaro.lol if your webapp is running on anubis.techaro.lol)

Target

COOKIE_DOMAIN

If set to true, automatically set cookie domain fields based on the hostname of the request. EG: if you are making a request to anubis.techaro.lol, the Anubis cookie will be valid for any subdomain of techaro.lol.

Target

COOKIE_DYNAMIC_DOMAIN

Default

false|true

The amount of time the authorization cookie is valid for.

Target

COOKIE_EXPIRATION_TIME

Default

168h

Value

168h

If set to true, enables the partitioned (CHIPS) flag, meaning that Anubis inside an iframe has a different set of cookies than the domain hosting the iframe.

Target

COOKIE_PARTITIONED

Default

false|true

If set to true, enables the Secure flag, meaning that the cookies will only be transmitted over HTTPS. If Anubis is used in an unsecure context (plain HTTP), this will be need to be set to false.

Target

COOKIE_SECURE

Default

true|false

The difficulty of the challenge, or the number of leading zeroes that must be in successful responses.

Target

DIFFICULTY

Default

4

Value

4

The hex-encoded ed25519 private key used to sign Anubis responses. If this is not set, Anubis will generate one for you. This should be exactly 64 characters long. When running multiple instances on the same base domain, the key must be the same across all instances.

Target

ED25519_PRIVATE_KEY_HEX

Internal path to a file containing the hex-encoded ed25519 private key. Only one of this or its sister option may be set.

Target

ED25519_PRIVATE_KEY_HEX_FILE

Internal bind network address that Anubis serves Prometheus metrics on.

Target

METRICS_BIND

Default

:9090

Value

:9090

The address family that the Anubis metrics server listens on.

Target

METRICS_BIND_NETWORK

Default

tcp

Value

tcp

The expiration time for the Open Graph tag cache. Prefer using the policy file to configure the Open Graph subsystem.

Target

OG_EXPIRY_TIME

Default

24h

Value

24h

If set to true, Anubis will enable Open Graph tag passthrough. Prefer using the policy file to configure the Open Graph subsystem.

Target

OG_PASSTHROUGH

Default

false|true

If set to true, Anubis will consider the host in the Open Graph tag cache key. Prefer using the policy file to configure the Open Graph subsystem.

Target

OG_CACHE_CONSIDER_HOST

Default

false|true

The internal file name containing bot policy configuration. See the bot policy documentation for more details. If unset, the default bot policy configuration is used.

Target

POLICY_FNAME

If set, restrict the domains that Anubis can redirect to when passing a challenge. If unset, Anubis may redirect to any domain which could cause security issues in the unlikely case that an attacker passes a challenge for your browser and then tricks you into clicking a link to your domain. Note, if you are hosting Anubis on a non-standard port, you must also include the port number here.

Target

REDIRECT_DOMAINS

If set true, Anubis will serve a default robots.txt file that disallows all known AI scrapers by name and then additionally disallows every scraper. This is useful if facts and circumstances make it difficult to change the underlying service to serve such a robots.txt file.

Target

SERVE_ROBOTS_TXT

Default

false|true

If set to true, strips the base prefix from request paths when forwarding to the target server. This is useful when your target service expects to receive requests without the base prefix. For example, with BASE_PREFIX=/foo and STRIP_BASE_PREFIX=true, a request to /foo/bar would be forwarded to the target as /bar.

Target

STRIP_BASE_PREFIX

Default

false|true

If set to true, Anubis will take the client's IP from the network socket. For production deployments, it is expected that a reverse proxy is used in front of Anubis, which pass the IP using headers, instead.

Target

USE_REMOTE_ADDRESS

If set, shows a contact email address when rendering error pages. This email address will be how users can get in contact with administrators.

Target

WEBMASTER_EMAIL

If set, strip private addresses from X-Forwarded-For headers.

Target

XFF_STRIP_PRIVATE

Default

true|false

Only used when at least one of the *_BIND_NETWORK variables are set to unix. The socket mode (permissions) for Unix domain sockets.

Target

SOCKET_MODE