feat: anubis support

chore: publish 2.19.1+6.9.4 release
chore: replace depricated traefik.docker.* with traefik.swarm.*
2026-04-20 12:10:15 -03:00 · 2026-03-17 17:11:56 +01:00 · 2026-03-17 17:11:07 +01:00 · 2026-03-17 16:11:37 +01:00 · 2026-03-10 19:34:45 +00:00 · 2026-03-10 19:33:29 +00:00
8 changed files with 27 additions and 8 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,5 +1,5 @@
 TYPE=wordpress
-TIMEOUT=300
+#TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
 COMPOSE_FILE="compose.yml"
 ENABLE_BACKUPS=true
@ -92,3 +92,6 @@ SECRET_DB_PASSWORD_VERSION=v1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2223.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2224.yml"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.ftp-2225.yml"
+
+# Anubis
+#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
--- a/README.md
+++ b/README.md
@ -77,3 +77,9 @@ Below are the instructions for the local relay.
 [abra]: https://git.autonomic.zone/autonomic-cooperative/abra
 [cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
 [cc-postfix-relay]: https://git.autonomic.zone/coop-cloud/traefik
+
+## Protect Wordpress from scrapers with Anubis
+
+Uncomment the Anubis compose file from the `.env` file and re-deploy the
+app.  Don't forget to actually [enable Anubis on the Traefik app
+too](https://recipes.coopcloud.tech/traefik)!
--- a/abra.sh
+++ b/abra.sh
@ -63,6 +63,8 @@ set_authentik(){
        \"endpoint_userinfo\":\"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
        \"endpoint_token\":\"https://$AUTHENTIK_DOMAIN/application/o/token/\",
        \"endpoint_end_session\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/\",
+        \"endpoint_jwks\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/jwks/\",
+        \"issuer\":\"https://$AUTHENTIK_DOMAIN/application/o/wordpress/\",
        \"acr_values\":\"\",
        \"identity_key\":\"preferred_username\",
        \"no_sslverify\":\"0\",
--- a/compose.anubis.yml
+++ b/compose.anubis.yml
@ -0,0 +1,7 @@
+---
+version: "3.8"
+services:
+  app:
+    deploy:
+      labels:
+      - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname,anubis"
--- a/compose.ftp.yml
+++ b/compose.ftp.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  ftp:
-    image: atmoz/sftp
+    image: atmoz/sftp:alpine
    secrets:
      - ftp_pass
    volumes:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "wordpress:6.8.1"
+    image: "wordpress:6.9.4"
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    networks:
@ -48,7 +48,7 @@ services:
        order: start-first
      labels:
        - "traefik.enable=true"
-        - "traefik.docker.network=proxy"
+        - "traefik.swarm.network=proxy"
        - "traefik.http.routers.${STACK_NAME}.tls=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
@ -61,11 +61,11 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://(${REDIRECTS})/(.*)"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=2.16.1+6.8.1"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
+        - "coop-cloud.${STACK_NAME}.version=2.19.1+6.9.4"

  db:
-    image: "mariadb:11.7"
+    image: "mariadb:12.2"
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
--- a/release/2.17.1+6.9.0
+++ b/release/2.17.1+6.9.0
@ -0,0 +1 @@
+Breaking change for openid plugin: The issuer must be provided, thus the set_authentik function now includes issuer and endpoint_jwks.
--- a/renovate.json
+++ b/renovate.json
@ -1,6 +1,6 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
-    "config:base"
+    "config:recommended"
  ]
 }
Author	SHA1	Message	Date
f	a3a1db97be	feat: anubis support	2026-04-20 12:10:15 -03:00
Moritz	a09bd166ad	chore: publish 2.19.1+6.9.4 release	2026-03-17 17:11:56 +01:00
Moritz	b4c5d04382	chore: replace depricated traefik.docker.* with traefik.swarm.*	2026-03-17 17:11:07 +01:00
Moritz	3c013d39fd	chore: publish 2.19.0+6.9.4 release	2026-03-17 16:11:37 +01:00
3wordchant	285bc01bef	Merge pull request 'chore(config): migrate Renovate config' (#52 ) from renovate/migrate-config into main Reviewed-on: coop-cloud/wordpress#52	2026-03-10 19:34:45 +00:00
Renovate Bot	2ca12bff9c	chore(config): migrate config renovate.json	2026-03-10 19:33:29 +00:00
p4u1	da2e62b618	chore: publish 2.18.0+6.9.1 release	2026-03-07 09:39:38 +01:00
p4u1	364b5c8b8a	chore: update image tags	2026-03-07 09:39:16 +01:00
carla	306b348961	chore: publish 2.17.1+6.9.0 release	2026-02-16 10:58:29 +01:00
iexos	3c1121b7ce	remove default TIMEOUT (abra #596 )	2025-12-30 14:02:39 +01:00
3wc	b0eb1756a3	chore: publish 2.17.0+6.9.0 release	2025-12-07 17:27:49 -05:00
trav	97b9b99e93	chore: publish 2.16.2+6.8.3 release	2025-10-15 11:30:23 -04:00
				`@ -0,0 +1 @@`
				`Breaking change for openid plugin: The issuer must be provided, thus the set_authentik function now includes issuer and endpoint_jwks.`