diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml
index ab78c38..4257bc2 100644
--- a/.github/workflows/smoke-tests.yml
+++ b/.github/workflows/smoke-tests.yml
@@ -23,6 +23,7 @@ jobs:
- healthcheck
- i18n
- log-file
+ - nginx
- palemoon/amd64
#- palemoon/i386
- robots_txt
@@ -35,10 +36,10 @@ jobs:
- uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
- node-version: '24.11.0'
+ node-version: "24.11.0"
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
- go-version: '1.25.4'
+ go-version: "1.25.4"
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
diff --git a/docs/docs/admin/environments/nginx.mdx b/docs/docs/admin/environments/nginx.mdx
index 74a07d2..df31bd5 100644
--- a/docs/docs/admin/environments/nginx.mdx
+++ b/docs/docs/admin/environments/nginx.mdx
@@ -1,5 +1,7 @@
# Nginx
+import CodeBlock from "@theme/CodeBlock";
+
Anubis is intended to be a filter proxy. The way to integrate this with nginx is to break your configuration up into two parts: TLS termination and then HTTP routing. Consider this diagram:
```mermaid
@@ -36,110 +38,26 @@ These examples assume that you are using a setup where your nginx configuration
Assuming that we are protecting `anubistest.techaro.lol`, here's what the server configuration file would look like:
-```nginx
-# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
+import anubisTest from "!!raw-loader!./nginx/server-anubistest-techaro-lol.conf";
-# HTTP - Redirect all HTTP traffic to HTTPS
-server {
- listen 80;
- listen [::]:80;
-
- server_name anubistest.techaro.lol;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
-# TLS termination server, this will listen over TLS (https) and then
-# proxy all traffic to the target via Anubis.
-server {
- # Listen on TCP port 443 with TLS (https) and HTTP/2
- listen 443 ssl;
- listen [::]:443 ssl;
- http2 on;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Http-Version $server_protocol;
- proxy_pass http://anubis;
- }
-
- server_name anubistest.techaro.lol;
-
- ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
- ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
-}
-
-# Backend server, this is where your webapp should actually live.
-server {
- listen unix:/run/nginx/nginx.sock;
-
- server_name anubistest.techaro.lol;
- root "/srv/http/anubistest.techaro.lol";
- index index.html;
-
- # Get the visiting IP from the TLS termination server
- set_real_ip_from unix:;
- real_ip_header X-Real-IP;
-
- # Your normal configuration can go here
- # location .php { fastcgi...} etc.
-}
-```
+{anubisTest}
:::tip
You can copy the `location /` block into a separate file named something like `conf-anubis.inc` and then include it inline to other `server` blocks:
-```nginx
-# /etc/nginx/conf.d/conf-anubis.inc
+import anubisInclude from "!!raw-loader!./nginx/conf-anubis.inc";
-# Forward to anubis
-location / {
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_pass http://anubis;
-}
-```
+{anubisInclude}
Then in a server block:
Full nginx config
-```nginx
-# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
+import mimiTecharoLol from "!!raw-loader!./nginx/server-mimi-techaro-lol.conf";
-server {
- # Listen on 443 with SSL
- listen 443 ssl;
- listen [::]:443 ssl;
- http2 on;
-
- # Slipstream via Anubis
- include "conf-anubis.inc";
-
- server_name mimi.techaro.lol;
-
- ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
- ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
-}
-
-server {
- listen unix:/run/nginx/nginx.sock;
-
- server_name mimi.techaro.lol;
-
- port_in_redirect off;
- root "/srv/http/mimi.techaro.lol";
- index index.html;
-
- # Your normal configuration can go here
- # location .php { fastcgi...} etc.
-}
-```
+{mimiTecharoLol}
@@ -147,24 +65,9 @@ server {
Create an upstream for Anubis.
-```nginx
-# /etc/nginx/conf.d/upstream-anubis.conf
+import anubisUpstream from "!!raw-loader!./nginx/upstream-anubis.conf";
-upstream anubis {
- # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
- # If this does not match, your services will not be protected by Anubis.
-
- # Try anubis first over a UNIX socket
- server unix:/run/anubis/nginx.sock;
- #server 127.0.0.1:8923;
-
- # Optional: fall back to serving the websites directly. This allows your
- # websites to be resilient against Anubis failing, at the risk of exposing
- # them to the raw internet without protection. This is a tradeoff and can
- # be worth it in some edge cases.
- #server unix:/run/nginx.sock backup;
-}
-```
+{anubisUpstream}
This can be repeated for multiple sites. Anubis does not care about the HTTP `Host` header and will happily cope with multiple websites via the same instance.
diff --git a/docs/docs/admin/environments/nginx/conf-anubis.inc b/docs/docs/admin/environments/nginx/conf-anubis.inc
new file mode 100644
index 0000000..6e5083a
--- /dev/null
+++ b/docs/docs/admin/environments/nginx/conf-anubis.inc
@@ -0,0 +1,8 @@
+# /etc/nginx/conf-anubis.inc
+
+# Forward to anubis
+location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://anubis;
+}
\ No newline at end of file
diff --git a/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf b/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf
new file mode 100644
index 0000000..cc5eab2
--- /dev/null
+++ b/docs/docs/admin/environments/nginx/server-anubistest-techaro-lol.conf
@@ -0,0 +1,50 @@
+# /etc/nginx/conf.d/server-anubistest-techaro-lol.conf
+
+# HTTP - Redirect all HTTP traffic to HTTPS
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name anubistest.techaro.lol;
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
+
+# TLS termination server, this will listen over TLS (https) and then
+# proxy all traffic to the target via Anubis.
+server {
+ # Listen on TCP port 443 with TLS (https) and HTTP/2
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Http-Version $server_protocol;
+ proxy_pass http://anubis;
+ }
+
+ server_name anubistest.techaro.lol;
+
+ ssl_certificate /path/to/your/certs/anubistest.techaro.lol.crt;
+ ssl_certificate_key /path/to/your/certs/anubistest.techaro.lol.key;
+}
+
+# Backend server, this is where your webapp should actually live.
+server {
+ listen unix:/run/nginx/nginx.sock;
+
+ server_name anubistest.techaro.lol;
+ root "/srv/http/anubistest.techaro.lol";
+ index index.html;
+
+ # Get the visiting IP from the TLS termination server
+ set_real_ip_from unix:;
+ real_ip_header X-Real-IP;
+
+ # Your normal configuration can go here
+ # location .php { fastcgi...} etc.
+}
\ No newline at end of file
diff --git a/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf b/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf
new file mode 100644
index 0000000..905a0e2
--- /dev/null
+++ b/docs/docs/admin/environments/nginx/server-mimi-techaro-lol.conf
@@ -0,0 +1,29 @@
+# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
+
+server {
+ # Listen on 443 with SSL
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+
+ # Slipstream via Anubis
+ include "conf-anubis.inc";
+
+ server_name mimi.techaro.lol;
+
+ ssl_certificate /path/to/your/certs/mimi.techaro.lol.crt;
+ ssl_certificate_key /path/to/your/certs/mimi.techaro.lol.key;
+}
+
+server {
+ listen unix:/run/nginx/nginx.sock;
+
+ server_name mimi.techaro.lol;
+
+ port_in_redirect off;
+ root "/srv/http/mimi.techaro.lol";
+ index index.html;
+
+ # Your normal configuration can go here
+ # location .php { fastcgi...} etc.
+}
\ No newline at end of file
diff --git a/docs/docs/admin/environments/nginx/upstream-anubis.conf b/docs/docs/admin/environments/nginx/upstream-anubis.conf
new file mode 100644
index 0000000..6860ae5
--- /dev/null
+++ b/docs/docs/admin/environments/nginx/upstream-anubis.conf
@@ -0,0 +1,16 @@
+# /etc/nginx/conf.d/upstream-anubis.conf
+
+upstream anubis {
+ # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
+ # If this does not match, your services will not be protected by Anubis.
+
+ # Try anubis first over a UNIX socket
+ server unix:/run/anubis/nginx.sock;
+ #server 127.0.0.1:8923;
+
+ # Optional: fall back to serving the websites directly. This allows your
+ # websites to be resilient against Anubis failing, at the risk of exposing
+ # them to the raw internet without protection. This is a tradeoff and can
+ # be worth it in some edge cases.
+ #server unix:/run/nginx.sock backup;
+}
\ No newline at end of file
diff --git a/docs/package-lock.json b/docs/package-lock.json
index dbac446..90f34e2 100644
--- a/docs/package-lock.json
+++ b/docs/package-lock.json
@@ -14,6 +14,7 @@
"@mdx-js/react": "^3.0.0",
"clsx": "^2.0.0",
"prism-react-renderer": "^2.3.0",
+ "raw-loader": "^4.0.2",
"react": "^19.0.0",
"react-dom": "^19.0.0"
},
@@ -161,6 +162,7 @@
"resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.29.0.tgz",
"integrity": "sha512-cZ0Iq3OzFUPpgszzDr1G1aJV5UMIZ4VygJ2Az252q4Rdf5cQMhYEIKArWY/oUjMhQmosM8ygOovNq7gvA9CdCg==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@algolia/client-common": "5.29.0",
"@algolia/requester-browser-xhr": "5.29.0",
@@ -308,6 +310,7 @@
"resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz",
"integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@babel/code-frame": "^7.27.1",
"@babel/generator": "^7.28.3",
@@ -2145,6 +2148,7 @@
}
],
"license": "MIT",
+ "peer": true,
"engines": {
"node": ">=18"
},
@@ -2167,6 +2171,7 @@
}
],
"license": "MIT",
+ "peer": true,
"engines": {
"node": ">=18"
}
@@ -2247,6 +2252,7 @@
"resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz",
"integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"cssesc": "^3.0.0",
"util-deprecate": "^1.0.2"
@@ -2610,6 +2616,7 @@
"resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz",
"integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"cssesc": "^3.0.0",
"util-deprecate": "^1.0.2"
@@ -3523,6 +3530,7 @@
"resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.8.1.tgz",
"integrity": "sha512-oByRkSZzeGNQByCMaX+kif5Nl2vmtj2IHQI2fWjCfCootsdKZDPFLonhIp5s3IGJO7PLUfe0POyw0Xh/RrGXJA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@docusaurus/core": "3.8.1",
"@docusaurus/logger": "3.8.1",
@@ -4246,6 +4254,7 @@
"resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.0.tgz",
"integrity": "sha512-QjHtSaoameoalGnKDT3FoIl4+9RwyTmo9ZJGBdLOks/YOiWHoRDI3PUwEzOE7kEmGcV3AFcp9K6dYu9rEuKLAQ==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@types/mdx": "^2.0.0"
},
@@ -4558,6 +4567,7 @@
"resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz",
"integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@babel/core": "^7.21.3",
"@svgr/babel-preset": "8.1.0",
@@ -5200,6 +5210,7 @@
"resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.12.tgz",
"integrity": "sha512-V6Ar115dBDrjbtXSrS+/Oruobc+qVbbUxDFC1RSbRqLt5SYvxxyIDrSC85RWml54g+jfNeEMZhEj7wW07ONQhA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"csstype": "^3.0.2"
}
@@ -5539,6 +5550,7 @@
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
"license": "MIT",
+ "peer": true,
"bin": {
"acorn": "bin/acorn"
},
@@ -5594,6 +5606,7 @@
"resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
"integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"fast-deep-equal": "^3.1.3",
"fast-uri": "^3.0.1",
@@ -5639,6 +5652,7 @@
"resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.29.0.tgz",
"integrity": "sha512-E2l6AlTWGznM2e7vEE6T6hzObvEyXukxMOlBmVlMyixZyK1umuO/CiVc6sDBbzVH0oEviCE5IfVY1oZBmccYPQ==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@algolia/client-abtesting": "5.29.0",
"@algolia/client-analytics": "5.29.0",
@@ -6092,6 +6106,7 @@
}
],
"license": "MIT",
+ "peer": true,
"dependencies": {
"caniuse-lite": "^1.0.30001737",
"electron-to-chromium": "^1.5.211",
@@ -6375,6 +6390,7 @@
"resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz",
"integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==",
"license": "Apache-2.0",
+ "peer": true,
"dependencies": {
"@chevrotain/cst-dts-gen": "11.0.3",
"@chevrotain/gast": "11.0.3",
@@ -7079,6 +7095,7 @@
"resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz",
"integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"cssesc": "^3.0.0",
"util-deprecate": "^1.0.2"
@@ -7398,6 +7415,7 @@
"resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.32.0.tgz",
"integrity": "sha512-5JHBC9n75kz5851jeklCPmZWcg3hUe6sjqJvyk3+hVqFaKcHwHgxsjeN1yLmggoUc6STbtm9/NQyabQehfjvWQ==",
"license": "MIT",
+ "peer": true,
"engines": {
"node": ">=0.10"
}
@@ -7819,6 +7837,7 @@
"resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz",
"integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==",
"license": "ISC",
+ "peer": true,
"engines": {
"node": ">=12"
}
@@ -8977,6 +8996,7 @@
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -13596,6 +13616,7 @@
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -14170,6 +14191,7 @@
}
],
"license": "MIT",
+ "peer": true,
"dependencies": {
"nanoid": "^3.3.11",
"picocolors": "^1.1.1",
@@ -15073,6 +15095,7 @@
"resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz",
"integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"cssesc": "^3.0.0",
"util-deprecate": "^1.0.2"
@@ -15845,6 +15868,76 @@
"node": ">= 0.8"
}
},
+ "node_modules/raw-loader": {
+ "version": "4.0.2",
+ "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-4.0.2.tgz",
+ "integrity": "sha512-ZnScIV3ag9A4wPX/ZayxL/jZH+euYb6FcUinPcgiQW0+UBtEv0O6Q3lGd3cqJ+GHH+rksEv3Pj99oxJ3u3VIKA==",
+ "license": "MIT",
+ "dependencies": {
+ "loader-utils": "^2.0.0",
+ "schema-utils": "^3.0.0"
+ },
+ "engines": {
+ "node": ">= 10.13.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/webpack"
+ },
+ "peerDependencies": {
+ "webpack": "^4.0.0 || ^5.0.0"
+ }
+ },
+ "node_modules/raw-loader/node_modules/ajv": {
+ "version": "6.12.6",
+ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+ "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+ "license": "MIT",
+ "peer": true,
+ "dependencies": {
+ "fast-deep-equal": "^3.1.1",
+ "fast-json-stable-stringify": "^2.0.0",
+ "json-schema-traverse": "^0.4.1",
+ "uri-js": "^4.2.2"
+ },
+ "funding": {
+ "type": "github",
+ "url": "https://github.com/sponsors/epoberezkin"
+ }
+ },
+ "node_modules/raw-loader/node_modules/ajv-keywords": {
+ "version": "3.5.2",
+ "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz",
+ "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==",
+ "license": "MIT",
+ "peerDependencies": {
+ "ajv": "^6.9.1"
+ }
+ },
+ "node_modules/raw-loader/node_modules/json-schema-traverse": {
+ "version": "0.4.1",
+ "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+ "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+ "license": "MIT"
+ },
+ "node_modules/raw-loader/node_modules/schema-utils": {
+ "version": "3.3.0",
+ "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz",
+ "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==",
+ "license": "MIT",
+ "dependencies": {
+ "@types/json-schema": "^7.0.8",
+ "ajv": "^6.12.5",
+ "ajv-keywords": "^3.5.2"
+ },
+ "engines": {
+ "node": ">= 10.13.0"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/webpack"
+ }
+ },
"node_modules/rc": {
"version": "1.2.8",
"resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz",
@@ -15874,6 +15967,7 @@
"resolved": "https://registry.npmjs.org/react/-/react-19.0.0.tgz",
"integrity": "sha512-V8AVnmPIICiWpGfm6GLzCR/W5FXLchHop40W4nXBmdlEceh16rCN8O8LNWm5bh5XUX91fh7KpA+W0TgMKmgTpQ==",
"license": "MIT",
+ "peer": true,
"engines": {
"node": ">=0.10.0"
}
@@ -15883,6 +15977,7 @@
"resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.0.0.tgz",
"integrity": "sha512-4GV5sHFG0e/0AD4X+ySy6UJd3jVl1iNsNHdpad0qhABJ11twS3TTBnseqsKurKcsNqCEFeGL3uLpVChpIO3QfQ==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"scheduler": "^0.25.0"
},
@@ -15938,6 +16033,7 @@
"resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz",
"integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@types/react": "*"
},
@@ -15966,6 +16062,7 @@
"resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz",
"integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@babel/runtime": "^7.12.13",
"history": "^4.9.0",
@@ -17804,6 +17901,7 @@
"integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==",
"devOptional": true,
"license": "Apache-2.0",
+ "peer": true,
"bin": {
"tsc": "bin/tsc",
"tsserver": "bin/tsserver"
@@ -18151,6 +18249,7 @@
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
"integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
@@ -18398,6 +18497,7 @@
"resolved": "https://registry.npmjs.org/webpack/-/webpack-5.98.0.tgz",
"integrity": "sha512-UFynvx+gM44Gv9qFgj0acCQK2VE1CtdfwFdimkapco3hlPCJ/zeq73n2yVKimVbtm+TnApIugGhLJnkU6gjYXA==",
"license": "MIT",
+ "peer": true,
"dependencies": {
"@types/eslint-scope": "^3.7.7",
"@types/estree": "^1.0.6",
diff --git a/docs/package.json b/docs/package.json
index cde6077..5c5a047 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -21,6 +21,7 @@
"@mdx-js/react": "^3.0.0",
"clsx": "^2.0.0",
"prism-react-renderer": "^2.3.0",
+ "raw-loader": "^4.0.2",
"react": "^19.0.0",
"react-dom": "^19.0.0"
},
diff --git a/test/nginx/conf/nginx/conf-anubis.inc b/test/nginx/conf/nginx/conf-anubis.inc
new file mode 100644
index 0000000..6e5083a
--- /dev/null
+++ b/test/nginx/conf/nginx/conf-anubis.inc
@@ -0,0 +1,8 @@
+# /etc/nginx/conf-anubis.inc
+
+# Forward to anubis
+location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://anubis;
+}
\ No newline at end of file
diff --git a/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf
new file mode 100644
index 0000000..e0e69e6
--- /dev/null
+++ b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf
@@ -0,0 +1,29 @@
+# /etc/nginx/conf.d/server-mimi-techaro-lol.conf
+
+server {
+ # Listen on 443 with SSL
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
+
+ # Slipstream via Anubis
+ include "conf-anubis.inc";
+
+ server_name mimi.techaro.lol;
+
+ ssl_certificate /techaro/pki/mimi.techaro.lol/cert.pem;
+ ssl_certificate_key /techaro/pki/mimi.techaro.lol/key.pem;
+}
+
+server {
+ listen unix:/tmp/nginx.sock;
+
+ server_name mimi.techaro.lol;
+
+ port_in_redirect off;
+ root "/srv/http/mimi.techaro.lol";
+ index index.html;
+
+ # Your normal configuration can go here
+ # location .php { fastcgi...} etc.
+}
\ No newline at end of file
diff --git a/test/nginx/conf/nginx/conf.d/upstream-anubis.conf b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf
new file mode 100644
index 0000000..7aca929
--- /dev/null
+++ b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf
@@ -0,0 +1,17 @@
+# /etc/nginx/conf.d/upstream-anubis.conf
+
+upstream anubis {
+ zone anubis_zone 64k;
+ # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`.
+ # If this does not match, your services will not be protected by Anubis.
+
+ # Try anubis first over a UNIX socket
+ #server unix:/run/anubis/nginx.sock;
+ server anubis:3000 resolve;
+
+ # Optional: fall back to serving the websites directly. This allows your
+ # websites to be resilient against Anubis failing, at the risk of exposing
+ # them to the raw internet without protection. This is a tradeoff and can
+ # be worth it in some edge cases.
+ #server unix:/run/nginx.sock backup;
+}
\ No newline at end of file
diff --git a/test/nginx/conf/nginx/mime.types b/test/nginx/conf/nginx/mime.types
new file mode 100644
index 0000000..1c00d70
--- /dev/null
+++ b/test/nginx/conf/nginx/mime.types
@@ -0,0 +1,99 @@
+
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/avif avif;
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+
+ font/woff woff;
+ font/woff2 woff2;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/wasm wasm;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
diff --git a/test/nginx/conf/nginx/nginx.conf b/test/nginx/conf/nginx/nginx.conf
new file mode 100644
index 0000000..90be80e
--- /dev/null
+++ b/test/nginx/conf/nginx/nginx.conf
@@ -0,0 +1,32 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log notice;
+pid /run/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ resolver 169.254.42.1 valid=300s ipv6=on;
+ resolver_timeout 10s;
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ include /etc/nginx/conf.d/*.conf;
+}
diff --git a/test/nginx/test.sh b/test/nginx/test.sh
new file mode 100755
index 0000000..4062cfe
--- /dev/null
+++ b/test/nginx/test.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+export VERSION=$GITHUB_COMMIT-test
+export KO_DOCKER_REPO=ko.local
+
+source ../lib/lib.sh
+
+set -euo pipefail
+
+build_anubis_ko
+mint_cert mimi.techaro.lol
+
+docker run --rm -it \
+ -v ./conf/nginx:/etc/nginx:ro \
+ -v ../pki:/techaro/pki:ro \
+ nginx \
+ nginx -t
+
+docker compose up -d
+
+docker compose down -t 1 || :
+docker compose rm -f || :
+
+exit 0