this post was submitted on 09 Apr 2026
1 points (100.0% liked)

Lemmy

14559 readers
1 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 6 years ago
MODERATORS
nutomic@lemmy.ml
1
Anyone with experience using anubis on their lemmy server, have a good config? (github.com)
submitted 2 days ago by dessalines@lemmy.ml to c/lemmy@lemmy.ml
13 comments fedilink hide all child comments
 

I've recently added anubis to lemmy.ml, and it seems to be working well.

I have a PR to add anubis to lemmy-ansible (our main installation method), and I could use some help tweaking / optimizing its botPolicy.yaml config, for federated services.

Anyone with experience running anubis, this would be much appreciated.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] julian@activitypub.space 0 points 2 days ago* (last edited 2 days ago) (1 children)

Sure. I have found that the default botPolicy works fine for blocking the AI bots, but blocks federation.

At the reverse proxy level:

if ($request_method = POST) {
    proxy_pass http://nodebb/; 
}

Because Anubis can't filter by HTTP method, unless I am mistaken. This just broadly allows all incoming activities. If you want to get specific, limit it to your shared inbox or individual user inboxes via regular expression or something. I didn't find that it was necessary.

As for botPolicies.yaml

  # Allow /inbox
  - name: allow-ap-headers
    headers_regex:
      Accept: application/ld\+json; profile="https://www.w3.org/ns/activitystreams"
      Accept: application/activity\+json
    action: ALLOW

  - name: allow-assets
    path_regex: /assets
    action: ALLOW

The former allows those specific AP headers (it is naive, some AP impls. send slight variations of those two headers.

The latter allows our uploads.

[โ€“] dessalines@lemmy.ml 0 points 2 days ago

Lemmy has a separated UI and backend hosted on different ports, so its trivial for us to just only use anubis for the front end. We couldn't put it in front of everything due to apps also.