Codeberg/Community
54
325
Fork
You've already forked Community
12

Opengraph link previews no longer informative due to Anubis #1905

Open
opened 2025年05月02日 09:15:29 +02:00 by circlebuilder · 4 comments

Comment

Whether it is an acceptible tradeoff in the age of AI DDoS scrapers, I leave in the middle. Like earlier in #1896, reporting a side-effect that is a bummer. See the snapshot below taken from a Matrix chatroom after someone shared two codeberg URL's.

Link previews show an Anubis 'Making sure you are not a bot' message

### Comment Whether it is an acceptible tradeoff in the age of AI DDoS scrapers, I leave in the middle. Like earlier in #1896, reporting a side-effect that is a bummer. See the snapshot below taken from a Matrix chatroom after someone shared two codeberg URL's. ![Link previews show an Anubis 'Making sure you are not a bot' message](/attachments/9339b506-7b5c-473c-b952-89513fd5a037)
102 KiB

Anubis author here. The next release of Anubis will enable Opengraph preview support by default.

Anubis author here. The next release of Anubis will enable Opengraph preview support by default.

Forgejo helm v12.3.1 has features to deploy Anubis with little effort. It has been shielding https://code.forgejo.org for a few days now, with OpenGraph pass through. It is working fine and disposed of a four millions unique URLs rampage.

hosts:
- host:code.forgejo.org
paths:
- path:/
pathType:Prefix
port:anubis
service:
ssh:
ipFamilyPolicy: SingleStack # todo:remove after apply
http:
extraPorts:
- name:anubis
port:8080
targetPort:anubis
- name:anubis-bot-policy
configMap:
name:anubis-bot-policy
defaultMode:0555
extraContainers:
- name:anubis
image:ghcr.io/techarohq/anubis:v1.16.0
imagePullPolicy:Always
env:
- name:'BIND'
value:':8080'
- name:'DIFFICULTY'
value:'4'
- name:'OG_PASSTHROUGH'
value:'true'
- name:'OG_EXPIRY_TIME'
value:'24h'
- name:ED25519_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name:anubis-key
key:ED25519_PRIVATE_KEY_HEX
- name:'TARGET'
value:'http://localhost:3000'
- name:'POLICY_FNAME'
value:'/etc/anubisBotPolicy.json'
volumeMounts:
- name:anubis-bot-policy
mountPath:/etc/anubisBotPolicy.json
subPath:anubisBotPolicy.json
readOnly:true
ports:
- name:anubis
containerPort:8080
securityContext:
runAsUser:1000
runAsGroup:1000
runAsNonRoot:true
allowPrivilegeEscalation:false
capabilities:
drop:
- ALL
seccompProfile:
type:RuntimeDefault

It is using a very loose set of rules, only challenging clients advertised as mozilla or opera.

{
"bots": [
{
"name": "generic-browser",
"user_agent_regex": "(?i:mozilla|opera)",
"action": "CHALLENGE"
}
],
"dnsbl": false
}
- name:anubis-bot-policy
files:
- anubisBotPolicy.json
- path:spec/values/extraVolumes/configMap/name
kind:HelmRelease
[Forgejo helm v12.3.1](https://code.forgejo.org/forgejo-helm/forgejo-helm/releases/tag/v12.3.1) has features to deploy Anubis with little effort. It has been shielding https://code.forgejo.org for a few days now, with OpenGraph pass through. It is working fine and disposed of a [four millions unique URLs rampage](https://codeberg.org/forgejo/discussions/issues/339). https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/forgejo-code.yaml#L52-L57 https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/forgejo-code.yaml#L76-L84 https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/forgejo-code.yaml#L118-L122 https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/forgejo-code.yaml#L211-L251 It is using a very loose set of rules, only challenging clients advertised as `mozilla` or `opera`. https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/anubisBotPolicy.json#L1-L10 https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/kustomization.yaml#L24-L26 https://codeberg.org/forgejo/k8s-cluster/src/commit/05b2648b1da25bade3803fe95e228d8a00d2abee/flux/apps/forgejo-code/kustomizeconfig.yaml#L7-L8

Thank you @Pneuma! Anubis is an awesome project, thank you!

Thank you @Pneuma! Anubis is an awesome project, thank you!

Looks like the Anubis version that supports the OG bypass is now available: https://anubis.techaro.lol/docs/admin/configuration/open-graph

Maybe worth to set this up now, in case it hasn't been done yet? 🙂

Looks like the Anubis version that supports the OG bypass is now available: https://anubis.techaro.lol/docs/admin/configuration/open-graph Maybe worth to set this up now, in case it hasn't been done yet? 🙂
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#1905
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?