update README.md

use 9052 for onion port
fix whitespace removal
2026-01-14 13:19:50 -05:00 · 2026-01-13 12:13:12 -05:00 · 2026-01-13 02:32:23 -05:00 · 2026-01-13 02:13:06 -05:00 · 2026-01-03 14:32:02 +00:00 · 2026-01-03 15:31:32 +01:00
7 changed files with 123 additions and 45 deletions
@@ -1,5 +1,5 @@
 TYPE=traefik
-TIMEOUT=300
+#TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 ENABLE_BACKUPS=true

@@ -174,4 +174,17 @@ COMPOSE_FILE="compose.yml"

 ## Nextcloud Talk HPB
 #COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
-#NEXTCLOUD_TALK_HPB_ENABLED=1
+#NEXTCLOUD_TALK_HPB_ENABLED=1
+
+## Anubis
+#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
+#ANUBIS_COOKIE_DOMAIN=example.com
+#ANUBIS_DOMAIN=anubis.example.com
+#ANUBIS_REDIRECT_DOMAINS=
+#ANUBIS_OG_PASSTHROUGH=true
+#ANUBIS_OG_EXPIRY_TIME=1h
+#ANUBIS_OG_CACHE_CONSIDER_HOST=true
+#ANUBIS_SERVE_ROBOTS_TXT=true
+
+## Enable onion service support
+#ONION_ENABLED=1
@@ -0,0 +1,15 @@
+---
+name: "Traefik pull request template"
+---
+
+<!-- 
+Thank you for doing recipe maintenance work!
+Please mark all checklist items which are relevant for your changes.
+Please remove the checklist items which are not relevant for your changes.
+Feel free to remove this comment.
+-->
+
+* [ ] I have deployed and tested my changes
+* [ ] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash)
+* [ ] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes)
+* [ ] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)
@@ -5,7 +5,7 @@
 > https://docs.traefik.io

 <!-- metadata -->
-* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se)
+* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico)
 * **Status**: `stable`
 * **Category**: Utilities
 * **Features**: ?
@@ -55,4 +55,21 @@ Letsencrypt DNS challenges.
     Access Token, in which case use compose.gandi-personal-access-token.yml.
 6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`

+## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
+
+Uncomment the lines on the Anubis section of the configuration.  Set
+a domain name for the cookies and a domain that will serve Anubis
+redirection service.  Optionally and for [added
+security](https://anubis.techaro.lol/docs/admin/configuration/redirect-domains),
+set a list of the domain names for the apps that are going to be
+protected.
+
+After deploying these changes, go to each recipe that supports Anubis
+and follow the process there.  **Enabling Anubis here is not enough for
+protection your apps.**
+
+## Enabling onion service
+
+Uncomment the line in the config setting `ONION_ENABLED=1`. This will create a new entrypoint on port 9052 which can be used to bypass forced SSL. For more details, see the [onion recipe](https://recipes.coopcloud.tech/onion).
+
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v28
+export TRAEFIK_YML_VERSION=v29
 export FILE_PROVIDER_YML_VERSION=v11
 export ENTRYPOINT_VERSION=v5
@@ -0,0 +1,29 @@
+---
+version: "3.8"
+services:
+  app:
+    deploy:
+      labels:
+      - "traefik.http.middlewares.anubis.forwardauth.address=http://anubis:8080/.within.website/x/cmd/anubis/api/check"
+  anubis:
+    image: "ghcr.io/techarohq/anubis:v1.24.0"
+    environment:
+      BIND: ":8080"
+      TARGET: " "
+      REDIRECT_DOMAINS: "${ANUBIS_REDIRECT_DOMAINS}"
+      COOKIE_DOMAIN: "${ANUBIS_COOKIE_DOMAIN}"
+      PUBLIC_URL: "https://${ANUBIS_DOMAIN}"
+      OG_PASSTHROUGH: "${ANUBIS_OG_PASSTHROUGH}"
+      OG_EXPIRY_TIME: "${ANUBIS_OG_EXPIRY_TIME}"
+      OG_CACHE_CONSIDER_HOST: "${ANUBIS_OG_CACHE_CONSIDER_HOST}"
+      SERVE_ROBOTS_TXT: "${ANUBIS_SERVE_ROBOTS_TXT}"
+    networks:
+    - proxy
+    deploy:
+      labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.anubis.rule=Host(`${ANUBIS_DOMAIN}`)"
+      - "traefik.http.routers.anubis.tls.certresolver=${LETS_ENCRYPT_ENV}"
+      - "traefik.http.routers.anubis.entrypoints=web-secure"
+      - "traefik.http.services.anubis.loadbalancer.server.port=8080"
+      - "traefik.http.routers.anubis.service=anubis"
@@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "traefik:v3.6.5"
+    image: "traefik:v3.6.6"
    # Note(decentral1se): *please do not* add any additional ports here.
    # Doing so could break new installs with port conflicts. Please use
    # the usual `compose.$app.yml` approach for any additional ports
@@ -49,7 +49,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.service=api@internal"
        - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
        - "coop-cloud.${STACK_NAME}.version=3.9.0+v3.6.5"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"

  socket-proxy:
@@ -11,14 +11,14 @@ providers:
    endpoint: "tcp://socket-proxy:2375"
    exposedByDefault: false
    network: proxy
-  {{ if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
+  {{- if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
  file:
    directory: /etc/traefik/file-providers
    watch: true
-  {{ else }}
+  {{- else }}
  file:
    filename: /etc/traefik/file-provider.yml
-  {{ end }}
+  {{- end }}

 api:
  dashboard: {{ env "DASHBOARD_ENABLED" }}
@@ -42,86 +42,90 @@ entrypoints:
        allowEncodedPercent: true
        allowEncodedQuestionMark: true
        allowEncodedHash: true
-  {{ if eq (env "GITEA_SSH_ENABLED") "1" }}
+  {{- if eq (env "GITEA_SSH_ENABLED") "1" }}
  gitea-ssh:
    address: ":2222"
-  {{ end }}
-  {{ if eq (env "P2PANDA_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "P2PANDA_ENABLED") "1" }}
  p2panda-udp-v4:
    address: ":2022/udp"
  p2panda-udp-v6:
    address: ":2023/udp"
-  {{ end }}
-  {{ if eq (env "GARAGE_RPC_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "GARAGE_RPC_ENABLED") "1" }}
  garage-rpc:
    address: ":3901"
-  {{ end }}
-  {{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
  foodsoft-smtp:
    address: ":2525"
-  {{ end }}
-  {{ if eq (env "SMTP_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "SMTP_ENABLED") "1" }}
  smtp-submission:
    address: ":587"
-  {{ end }}
-  {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
  peertube-rtmp:
    address: ":1935"
-  {{ end }}
-  {{ if eq (env "WEB_ALT_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "WEB_ALT_ENABLED") "1" }}
  web-alt:
    address: ":8000"
-  {{ end }}
-  {{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "SSB_MUXRPC_ENABLED") "1" }}
  ssb-muxrpc:
    address: ":8008"
-  {{ end }}
-  {{ if eq (env "MSSQL_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "MSSQL_ENABLED") "1" }}
  mssql:
    address: ":1433"
-  {{ end }}
-  {{ if eq (env "MUMBLE_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "MUMBLE_ENABLED") "1" }}
  mumble:
    address: ":64738"
  mumble-udp:
    address: ":64738/udp"
-  {{ end }}
-  {{ if eq (env "COMPY_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "COMPY_ENABLED") "1" }}
  compy:
    address: ":9999"
-  {{ end }}
-  {{ if eq (env "IRC_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "IRC_ENABLED") "1" }}
  irc:
    address: ":6697"
-  {{ end }}
-  {{ if eq (env "METRICS_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "METRICS_ENABLED") "1" }}
  metrics:
    address: ":8082"
    http:
      middlewares:
        - basicauth@file
-  {{ end }}
-  {{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
  matrix-federation:
    address: ":9001"
-  {{ end }}
-  {{ if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }}
+  {{- end }}
+  {{- if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }}
  nextcloud-talk-hpb:
    address: ":3478"
  nextcloud-talk-hpb-udp:
    address: ":3478/udp"
-  {{ end }}
+  {{- end }}
+  {{- if eq (env "ONION_ENABLED") "1" }}
+  onion:
+    address: ":9052"
+  {{- end }}

 ping:
  entryPoint: web

-{{ if eq (env "METRICS_ENABLED") "1" }}
+{{- if eq (env "METRICS_ENABLED") "1" }}
 metrics:
  prometheus:
    entryPoint: metrics
    addRoutersLabels: true
    addServicesLabels: true
-{{ end }}
+{{- end }}

 certificatesResolvers:
  staging:
@@ -131,23 +135,23 @@ certificatesResolvers:
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web
-      {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
+      {{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
      dnsChallenge:
        provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
-      {{ end }}
+      {{- end }}
  production:
    acme:
      email: {{ env "LETS_ENCRYPT_EMAIL" }}
      storage: /etc/letsencrypt/production-acme.json
      httpChallenge:
        entryPoint: web
-      {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
+      {{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
      dnsChallenge:
        provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
        resolvers:
          - "1.1.1.1:53"
          - "9.9.9.9:53"
-      {{ end }}
+      {{- end }}
Author	SHA1	Message	Date
vvaznis	139202fa9c	update README.md continuous-integration/drone/pr Build is failing Details	2026-01-14 13:19:50 -05:00
vvaznis	de7989f3ca	use 9052 for onion port continuous-integration/drone/pr Build is failing Details	2026-01-13 12:13:12 -05:00
vvaznis	d3bf1bce24	fix whitespace removal continuous-integration/drone/pr Build is failing Details	2026-01-13 02:32:23 -05:00
vvaznis	1ce9d9ca72	add onion support	2026-01-13 02:13:06 -05:00
decentral1se	a233438f80	Merge pull request 'Remove Default Timeout' (#79 ) from remove-default-timeout into master continuous-integration/drone/push Build is failing Details Reviewed-on: #79 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2026-01-03 14:32:02 +00:00
iexos	ed257bd0b2	remove default TIMEOUT (abra #596 ) continuous-integration/drone/pr Build is failing Details	2026-01-03 15:31:32 +01:00
decentral1se	7dd833dbec	Merge pull request 'anubis support' (#72 ) from anubis into master continuous-integration/drone/push Build is failing Details Reviewed-on: #72 Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech> Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2026-01-03 14:23:39 +00:00
decentral1se	d5f19d3b11	Merge pull request 'feat: pull request template' (#75 ) from feat-pull-request-template into master continuous-integration/drone/push Build is failing Details Reviewed-on: #75 Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech>	2026-01-01 19:34:22 +00:00
decentral1se	f16f434877	feat: pull request template continuous-integration/drone/pr Build is failing Details	2026-01-01 20:33:36 +01:00
decentral1se	5d656ccb72	Merge pull request 'chore(deps): update traefik docker tag to v3.6.6' (#76 ) from renovate/traefik-3.x into master continuous-integration/drone/push Build is failing Details Reviewed-on: #76 Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech> Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2026-01-01 17:39:01 +00:00
decentral1se	fa55efb0c3	Merge pull request 'docs: Improve the maintainers docs' (#78 ) from improve-docs into master continuous-integration/drone/push Build is failing Details Reviewed-on: #78 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2026-01-01 16:05:42 +00:00
decentral1se	98fe0de193	Merge pull request 'chore: add @javielico as maintainer' (#77 ) from javielico/traefik:master into master continuous-integration/drone/push Build is failing Details Reviewed-on: #77 Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech> Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>	2026-01-01 16:05:08 +00:00
javielico	0238b73f77	chore: add @javielico as maintainer continuous-integration/drone/pr Build is failing Details	2025-12-30 10:18:46 +00:00
renovate-bot	5df55f7833	chore(deps): update traefik docker tag to v3.6.6 continuous-integration/drone/pr Build is failing Details	2025-12-29 22:20:37 +00:00
fauno	92650aa12a	feat: serve default robots txt continuous-integration/drone/pr Build is failing Details	2025-12-26 13:40:51 -03:00
fauno	0e38a772e9	feat: anubis open graph cache	2025-12-26 13:29:05 -03:00
fauno	f469a1a90e	doc: readme continuous-integration/drone/pr Build is failing Details	2025-12-26 13:23:06 -03:00
fauno	0d85f97200	fix: traefik complains the network is not set	2025-12-24 19:00:41 -03:00
fauno	ac33efe73a	fix: labels continuous-integration/drone/pr Build is failing Details	2025-12-24 18:26:33 -03:00
fauno	a135d170bb	fix: anubis continuous-integration/drone/pr Build is failing Details	2025-12-24 16:58:51 -03:00
fauno	fa7cf3e17b	fix: labels	2025-12-24 16:49:37 -03:00
fauno	d05c81b4d7	feat: anubis	2025-12-24 16:27:05 -03:00