Citiverse
Citiverse

  • Anyone with experience using anubis on their lemmy server, have a good config?

    Lemmy
    6 8 11
    dessalines@lemmy.mlD
    2
    0
    dessalines@lemmy.mlD

    I've recently added anubis to lemmy.ml, and it seems to be working well.

    I have a PR to add anubis to lemmy-ansible (our main installation method), and I could use some help tweaking / optimizing its botPolicy.yaml config, for federated services.

    Anyone with experience running anubis, this would be much appreciated.

    Link Preview Image
    Adding an optional anubis config by dessalines · Pull Request #285 · LemmyNet/lemmy-ansible

    A docker deploy for ansible. Contribute to LemmyNet/lemmy-ansible development by creating an account on GitHub.

    favicon

    GitHub (github.com)
    0
  • otter@lemmy.caO
    4
    0
    otter@lemmy.caO

    https://lemmy.nz/ and https://quokk.au/ are running Anubis, and so those admins may be able to offer insight 🙂

    0
  • alabaster_mango@lemmy.caA
    1
    0
    alabaster_mango@lemmy.caA

    Do we have an equivalent service on lemmy.ca? (I don't know anything about net security and am just curious)

    0
  • bjoern_tantau@swg-empire.deB
    1
    0
    bjoern_tantau@swg-empire.deB

    I regularly encounter images not loading from quock.au. No idea if they've got that under control now but that is the most visible issue every instance fights with. Gonna ne great when we have a recommended configuration for Lemmy.

    0
  • otter@lemmy.caO
    4
    0
    otter@lemmy.caO

    We are not running Anubis, although we do block a large number of AI/LLM companies through IP addresses. Each time we block a new one, it makes a noticeable difference in the performance graphs.

    0
  • ex_06@slrpnk.netE
    7
    0
    ex_06@slrpnk.netE

    @poVoq@slrpnk.net

    0
  • dessalines@lemmy.mlD
    2
    0
    dessalines@lemmy.mlD

    Yep, essentially the botPolicy.yaml there could be a collectively developed anubis config, based on what works best.

    0
  • julian@activitypub.spaceJ
    222
    0
    julian@activitypub.spaceJ

    Sure. I have found that the default botPolicy works fine for blocking the AI bots, but blocks federation.

    At the reverse proxy level:

    if ($request_method = POST) {
    proxy_pass http://nodebb; 
}

    Because Anubis can't filter by HTTP method, unless I am mistaken. This just broadly allows all incoming activities. If you want to get specific, limit it to your shared inbox or individual user inboxes via regular expression or something. I didn't find that it was necessary.

    As for botPolicies.yaml

      # Allow /inbox
  - name: allow-ap-headers
    headers_regex:
      Accept: application/ld\+json; profile="https://www.w3.org/ns/activitystreams"
      Accept: application/activity\+json
    action: ALLOW

  - name: allow-assets
    path_regex: /assets
    action: ALLOW

    The former allows those specific AP headers (it is naive, some AP impls. send slight variations of those two headers.

    The latter allows our uploads.

    0
  • julian@activitypub.spaceJ julian@activitypub.space ha condiviso questa discussione su

Citiverse è un progetto che si basa su NodeBB ed è federato! | Categorie federate | Chat | 📱 Installa web app o APK | 🧡 Donazioni | Privacy Policy

Il server utilizzato è quello di Webdock, in Danimarca. Se volete provarlo potete ottenere il 20% di sconto con questo link e noi riceveremo un aiuto sotto forma di credito da usare proprio per mantenere Citiverse.