From 1ce9d9ca725e2a00b406e1ccb87914dd9ac61533 Mon Sep 17 00:00:00 2001 From: vvaznis <111252312+vvaznis@users.noreply.github.com> Date: Tue, 13 Jan 2026 02:13:06 -0500 Subject: [PATCH 1/4] add onion support --- .env.sample | 3 ++ traefik.yml.tmpl | 76 +++++++++++++++++++++++++----------------------- 2 files changed, 43 insertions(+), 36 deletions(-) diff --git a/.env.sample b/.env.sample index ab6fd7c..5f97943 100644 --- a/.env.sample +++ b/.env.sample @@ -185,3 +185,6 @@ COMPOSE_FILE="compose.yml" #ANUBIS_OG_EXPIRY_TIME=1h #ANUBIS_OG_CACHE_CONSIDER_HOST=true #ANUBIS_SERVE_ROBOTS_TXT=true + +## Enable onion service support +#ONION_ENABLED=1 diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl index 8a9c812..17d9e04 100644 --- a/traefik.yml.tmpl +++ b/traefik.yml.tmpl @@ -42,86 +42,90 @@ entrypoints: allowEncodedPercent: true allowEncodedQuestionMark: true allowEncodedHash: true - {{ if eq (env "GITEA_SSH_ENABLED") "1" }} + {{ if eq (env "GITEA_SSH_ENABLED") "1" -}} gitea-ssh: address: ":2222" - {{ end }} - {{ if eq (env "P2PANDA_ENABLED") "1" }} + {{- end }} + {{ if eq (env "P2PANDA_ENABLED") "1" -}} p2panda-udp-v4: address: ":2022/udp" p2panda-udp-v6: address: ":2023/udp" - {{ end }} - {{ if eq (env "GARAGE_RPC_ENABLED") "1" }} + {{- end }} + {{ if eq (env "GARAGE_RPC_ENABLED") "1" -}} garage-rpc: address: ":3901" - {{ end }} - {{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" }} + {{- end }} + {{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" -}} foodsoft-smtp: address: ":2525" - {{ end }} - {{ if eq (env "SMTP_ENABLED") "1" }} + {{- end }} + {{ if eq (env "SMTP_ENABLED") "1" -}} smtp-submission: address: ":587" - {{ end }} - {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }} + {{- end }} + {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" -}} peertube-rtmp: address: ":1935" - {{ end }} - {{ if eq (env "WEB_ALT_ENABLED") "1" }} + {{- end }} + {{ if eq (env "WEB_ALT_ENABLED") "1" -}} web-alt: address: ":8000" - {{ end }} - {{ if eq (env "SSB_MUXRPC_ENABLED") "1" }} + {{- end }} + {{ if eq (env "SSB_MUXRPC_ENABLED") "1" -}} ssb-muxrpc: address: ":8008" - {{ end }} - {{ if eq (env "MSSQL_ENABLED") "1" }} + {{- end }} + {{ if eq (env "MSSQL_ENABLED") "1" -}} mssql: address: ":1433" - {{ end }} - {{ if eq (env "MUMBLE_ENABLED") "1" }} + {{- end }} + {{ if eq (env "MUMBLE_ENABLED") "1" -}} mumble: address: ":64738" mumble-udp: address: ":64738/udp" - {{ end }} - {{ if eq (env "COMPY_ENABLED") "1" }} + {{- end }} + {{ if eq (env "COMPY_ENABLED") "1" -}} compy: address: ":9999" - {{ end }} - {{ if eq (env "IRC_ENABLED") "1" }} + {{- end }} + {{ if eq (env "IRC_ENABLED") "1" -}} irc: address: ":6697" - {{ end }} - {{ if eq (env "METRICS_ENABLED") "1" }} + {{- end }} + {{ if eq (env "METRICS_ENABLED") "1" -}} metrics: address: ":8082" http: middlewares: - basicauth@file - {{ end }} - {{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }} + {{- end }} + {{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" -}} matrix-federation: address: ":9001" - {{ end }} - {{ if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }} + {{- end }} + {{ if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" -}} nextcloud-talk-hpb: address: ":3478" nextcloud-talk-hpb-udp: address: ":3478/udp" - {{ end }} + {{- end }} + {{ if eq (env "ONION_ENABLED") "1" -}} + onion: + address: ":8080" + {{- end }} ping: entryPoint: web -{{ if eq (env "METRICS_ENABLED") "1" }} +{{ if eq (env "METRICS_ENABLED") "1" -}} metrics: prometheus: entryPoint: metrics addRoutersLabels: true addServicesLabels: true -{{ end }} +{{- end }} certificatesResolvers: staging: @@ -131,23 +135,23 @@ certificatesResolvers: caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" httpChallenge: entryPoint: web - {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }} + {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" -}} dnsChallenge: provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }} resolvers: - "1.1.1.1:53" - "8.8.8.8:53" - {{ end }} + {{- end }} production: acme: email: {{ env "LETS_ENCRYPT_EMAIL" }} storage: /etc/letsencrypt/production-acme.json httpChallenge: entryPoint: web - {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }} + {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" -}} dnsChallenge: provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }} resolvers: - "1.1.1.1:53" - "9.9.9.9:53" - {{ end }} + {{- end }} -- 2.49.0 From d3bf1bce2414c03e6b2fa55065882b7cb1f7f8dd Mon Sep 17 00:00:00 2001 From: vvaznis <111252312+vvaznis@users.noreply.github.com> Date: Tue, 13 Jan 2026 02:32:23 -0500 Subject: [PATCH 2/4] fix whitespace removal --- traefik.yml.tmpl | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl index 17d9e04..a2b9dff 100644 --- a/traefik.yml.tmpl +++ b/traefik.yml.tmpl @@ -42,76 +42,76 @@ entrypoints: allowEncodedPercent: true allowEncodedQuestionMark: true allowEncodedHash: true - {{ if eq (env "GITEA_SSH_ENABLED") "1" -}} + {{- if eq (env "GITEA_SSH_ENABLED") "1" }} gitea-ssh: address: ":2222" {{- end }} - {{ if eq (env "P2PANDA_ENABLED") "1" -}} + {{- if eq (env "P2PANDA_ENABLED") "1" }} p2panda-udp-v4: address: ":2022/udp" p2panda-udp-v6: address: ":2023/udp" {{- end }} - {{ if eq (env "GARAGE_RPC_ENABLED") "1" -}} + {{- if eq (env "GARAGE_RPC_ENABLED") "1" }} garage-rpc: address: ":3901" {{- end }} - {{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" -}} + {{- if eq (env "FOODSOFT_SMTP_ENABLED") "1" }} foodsoft-smtp: address: ":2525" {{- end }} - {{ if eq (env "SMTP_ENABLED") "1" -}} + {{- if eq (env "SMTP_ENABLED") "1" }} smtp-submission: address: ":587" {{- end }} - {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" -}} + {{- if eq (env "PEERTUBE_RTMP_ENABLED") "1" }} peertube-rtmp: address: ":1935" {{- end }} - {{ if eq (env "WEB_ALT_ENABLED") "1" -}} + {{- if eq (env "WEB_ALT_ENABLED") "1" }} web-alt: address: ":8000" {{- end }} - {{ if eq (env "SSB_MUXRPC_ENABLED") "1" -}} + {{- if eq (env "SSB_MUXRPC_ENABLED") "1" }} ssb-muxrpc: address: ":8008" {{- end }} - {{ if eq (env "MSSQL_ENABLED") "1" -}} + {{- if eq (env "MSSQL_ENABLED") "1" }} mssql: address: ":1433" {{- end }} - {{ if eq (env "MUMBLE_ENABLED") "1" -}} + {{- if eq (env "MUMBLE_ENABLED") "1" }} mumble: address: ":64738" mumble-udp: address: ":64738/udp" {{- end }} - {{ if eq (env "COMPY_ENABLED") "1" -}} + {{- if eq (env "COMPY_ENABLED") "1" }} compy: address: ":9999" {{- end }} - {{ if eq (env "IRC_ENABLED") "1" -}} + {{- if eq (env "IRC_ENABLED") "1" }} irc: address: ":6697" {{- end }} - {{ if eq (env "METRICS_ENABLED") "1" -}} + {{- if eq (env "METRICS_ENABLED") "1" }} metrics: address: ":8082" http: middlewares: - basicauth@file {{- end }} - {{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" -}} + {{- if eq (env "MATRIX_FEDERATION_ENABLED") "1" }} matrix-federation: address: ":9001" {{- end }} - {{ if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" -}} + {{- if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }} nextcloud-talk-hpb: address: ":3478" nextcloud-talk-hpb-udp: address: ":3478/udp" {{- end }} - {{ if eq (env "ONION_ENABLED") "1" -}} + {{- if eq (env "ONION_ENABLED") "1" }} onion: address: ":8080" {{- end }} @@ -119,7 +119,7 @@ entrypoints: ping: entryPoint: web -{{ if eq (env "METRICS_ENABLED") "1" -}} +{{- if eq (env "METRICS_ENABLED") "1" }} metrics: prometheus: entryPoint: metrics @@ -135,7 +135,7 @@ certificatesResolvers: caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" httpChallenge: entryPoint: web - {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" -}} + {{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }} dnsChallenge: provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }} resolvers: @@ -148,7 +148,7 @@ certificatesResolvers: storage: /etc/letsencrypt/production-acme.json httpChallenge: entryPoint: web - {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" -}} + {{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }} dnsChallenge: provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }} resolvers: -- 2.49.0 From de7989f3caf3479a913d553adc96134605811e61 Mon Sep 17 00:00:00 2001 From: vvaznis <111252312+vvaznis@users.noreply.github.com> Date: Tue, 13 Jan 2026 12:13:12 -0500 Subject: [PATCH 3/4] use 9052 for onion port --- abra.sh | 2 +- traefik.yml.tmpl | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/abra.sh b/abra.sh index 2df62cd..2054e3f 100644 --- a/abra.sh +++ b/abra.sh @@ -1,3 +1,3 @@ -export TRAEFIK_YML_VERSION=v28 +export TRAEFIK_YML_VERSION=v29 export FILE_PROVIDER_YML_VERSION=v11 export ENTRYPOINT_VERSION=v5 diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl index a2b9dff..e01b621 100644 --- a/traefik.yml.tmpl +++ b/traefik.yml.tmpl @@ -11,14 +11,14 @@ providers: endpoint: "tcp://socket-proxy:2375" exposedByDefault: false network: proxy - {{ if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }} + {{- if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }} file: directory: /etc/traefik/file-providers watch: true - {{ else }} + {{- else }} file: filename: /etc/traefik/file-provider.yml - {{ end }} + {{- end }} api: dashboard: {{ env "DASHBOARD_ENABLED" }} @@ -113,7 +113,7 @@ entrypoints: {{- end }} {{- if eq (env "ONION_ENABLED") "1" }} onion: - address: ":8080" + address: ":9052" {{- end }} ping: -- 2.49.0 From 139202fa9c81b27b629506abb84d5f5c6dd3d0f8 Mon Sep 17 00:00:00 2001 From: vvaznis <111252312+vvaznis@users.noreply.github.com> Date: Wed, 14 Jan 2026 13:19:50 -0500 Subject: [PATCH 4/4] update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 5e7f334..dd7cc0e 100644 --- a/README.md +++ b/README.md @@ -68,4 +68,8 @@ After deploying these changes, go to each recipe that supports Anubis and follow the process there. **Enabling Anubis here is not enough for protection your apps.** +## Enabling onion service + +Uncomment the line in the config setting `ONION_ENABLED=1`. This will create a new entrypoint on port 9052 which can be used to bypass forced SSL. For more details, see the [onion recipe](https://recipes.coopcloud.tech/onion). + [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra -- 2.49.0