feat: serve default robots txt

.env.sample

@@ -175,3 +175,13 @@ COMPOSE_FILE="compose.yml"
 ## Nextcloud Talk HPB
 #COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
 #NEXTCLOUD_TALK_HPB_ENABLED=1
+
+## Anubis
+#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
+#ANUBIS_COOKIE_DOMAIN=example.com
+#ANUBIS_DOMAIN=anubis.example.com
+#ANUBIS_REDIRECT_DOMAINS=
+#ANUBIS_OG_PASSTHROUGH=true
+#ANUBIS_OG_EXPIRY_TIME=1h
+#ANUBIS_OG_CACHE_CONSIDER_HOST=true
+#ANUBIS_SERVE_ROBOTS_TXT=true

MAINTENANCE.md

@@ -1,32 +1,24 @@
 # Traefik Recipe Maintenance
 
-All contributions should be made via a pull request. This is to ensure a
+All contributions should be made via a pull request. This is to ensure a certain quality / consistency, that others can rely on.
-certain quality and consistency, that others can rely on.
+
 
 ## Maintainer Responsibilities
 
 A recipe maintainer has the following responsibilities:
-
+- respond to pull requests / issues within a week
-- Respond to pull requests / issues within a week
+- make image security updates within a day
-- Make image security updates within a day
+- make image patch / minor updates within a week
-- Make image patch / minor updates within a week
+- make image major updates within a month
-- Make image major updates within a month
 
 In order to fullfill these responsibilities a recipe maintainer:
+- has to watch the repository (to get notifications)
+- needs to make sure renovate is configured properly
 
-- Has to watch the repository (to get notifications)
+## Merge rules
-- Needs to make sure renovate is configured properly
 
-## Pull Requests
+A pull request can be merged if it is approved by at least one maintainer. For pull requests opened by a maintainer they need to be approved by another maintainer.
 
-A pull request can be merged if it is approved by at least one maintainer. For
+## Becoming a maintainer
-pull requests opened by a maintainer they need to be approved by another
-maintainer. Even though it is okay to merge a pull request with one approval, it
-is always better if all maintainers looked at the pull request and approved it.
 
-## Become a maintainer
+Everyone can apply to be a recipe maintainer. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change.
-
-Everyone can apply to be a recipe maintainer:
-1. Watch the repository to always get updates
-2. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change.
-3. Once the pull request gets merged you will be added to the [traefik maintainers team](https://git.coopcloud.tech/org/coop-cloud/teams/traefik-maintainers).

README.md

@@ -5,7 +5,7 @@
 > https://docs.traefik.io
 
 <!-- metadata -->
-* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se)
+* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1)
 * **Status**: `stable`
 * **Category**: Utilities
 * **Features**: ?
@@ -55,4 +55,17 @@ Letsencrypt DNS challenges.
      Access Token, in which case use compose.gandi-personal-access-token.yml.
 6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
 
+## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
+
+Uncomment the lines on the Anubis section of the configuration.  Set
+a domain name for the cookies and a domain that will serve Anubis
+redirection service.  Optionally and for [added
+security](https://anubis.techaro.lol/docs/admin/configuration/redirect-domains),
+set a list of the domain names for the apps that are going to be
+protected.
+
+After deploying these changes, go to each recipe that supports Anubis
+and follow the process there.  **Enabling Anubis here is not enough for
+protection your apps.**
+
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra

abra.sh

@@ -1,3 +1,3 @@
 export TRAEFIK_YML_VERSION=v28
-export FILE_PROVIDER_YML_VERSION=v11
+export FILE_PROVIDER_YML_VERSION=v10
 export ENTRYPOINT_VERSION=v5

compose.anubis.yml

@@ -0,0 +1,29 @@
+---
+version: "3.8"
+services:
+  app:
+    deploy:
+      labels:
+      - "traefik.http.middlewares.anubis.forwardauth.address=http://anubis:8080/.within.website/x/cmd/anubis/api/check"
+  anubis:
+    image: "ghcr.io/techarohq/anubis:v1.24.0"
+    environment:
+      BIND: ":8080"
+      TARGET: " "
+      REDIRECT_DOMAINS: "${ANUBIS_REDIRECT_DOMAINS}"
+      COOKIE_DOMAIN: "${ANUBIS_COOKIE_DOMAIN}"
+      PUBLIC_URL: "https://${ANUBIS_DOMAIN}"
+      OG_PASSTHROUGH: "${ANUBIS_OG_PASSTHROUGH}"
+      OG_EXPIRY_TIME: "${ANUBIS_OG_EXPIRY_TIME}"
+      OG_CACHE_CONSIDER_HOST: "${ANUBIS_OG_CACHE_CONSIDER_HOST}"
+      SERVE_ROBOTS_TXT: "${ANUBIS_SERVE_ROBOTS_TXT}"
+    networks:
+    - proxy
+    deploy:
+      labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.anubis.rule=Host(`${ANUBIS_DOMAIN}`)"
+      - "traefik.http.routers.anubis.tls.certresolver=${LETS_ENCRYPT_ENV}"
+      - "traefik.http.routers.anubis.entrypoints=web-secure"
+      - "traefik.http.services.anubis.loadbalancer.server.port=8080"
+      - "traefik.http.routers.anubis.service=anubis"

file-provider.yml.tmpl

@@ -43,7 +43,6 @@ tls:
       curvePreferences:
         - CurveP521
         - CurveP384
-        - CurveP256
       sniStrict: true
   {{ if eq (env "WILDCARDS_ENABLED") "1" }}
   certificates: