const hash = await sha256(`${challenge}${nonce}`);

wget -O /tmp/anubis.deb https://github.com/TecharoHQ/anubis/releases/download/v1.21.3/anubis_1.21.3_amd64.deb && apt install /tmp/anubis.deb

wget -O /tmp/anubis.deb https://ghfast.top/https://github.com/TecharoHQ/anubis/releases/download/v1.21.3/anubis_1.21.3_amd64.deb && apt install /tmp/anubis.deb

BIND=/run/anubis/instance.sock
BIND_NETWORK=unix
SOCKET_MODE=0666
TARGET=unix:///run/nginx/nginx.sock

cp /usr/share/doc/anubis/botPolicies.yaml /etc/anubis/botPolicies.yaml

vi /etc/systemd/system/anubis.service

[Unit]
Description=Anubis Bot Protection
After=network.target

[Service]
EnvironmentFile=/etc/anubis/default.env
ExecStart=/usr/bin/anubis \
  -bind /run/anubis/instance.sock \
  -bind-network unix \
  -socket-mode 0666 \
  -target unix:///run/nginx/nginx.sock \
  -metrics-bind 127.0.0.1:9091 \
  -metrics-bind-network tcp \
  -policy-fname /etc/anubis/botPolicies.yaml

Restart=always
User=www-data
Group=www-data

[Install]
WantedBy=multi-user.target

mkdir -p /run/anubis /run/nginx

chown www-data:www-data /run/anubis /run/nginx

systemctl enable --now anubis.service

systemctl status anubis

user  root;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    upstream anubis {
        server unix:/run/anubis/instance.sock;
    }

    server {
        listen 443 ssl http2;
        server_name uptime.vio.vin;

        ssl_certificate     /etc/ssl/violet/certs/all.vio.vin.cert.pem;
        ssl_certificate_key /etc/ssl/violet/certs/all.vio.vin.key.pem;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://anubis;
        }
    }

    server {
        listen unix:/run/nginx/nginx.sock;
        server_name uptime.vio.vin;

        location / {
            proxy_pass http://10.115.15.178:3001;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }
}

- name: cloudflare-workers
  headers_regex:
    CF-Worker: .*
  action: WEIGH
  weight:
    adjust: 15

- name: lightpanda
  user_agent_regex: ^LightPanda/.*$
  action: DENY
- name: headless-chrome
  user_agent_regex: HeadlessChrome
  action: DENY
- name: headless-chromium
  user_agent_regex: HeadlessChromium
  action: DENY

- name: deny-aggressive-brazilian-scrapers
  action: WEIGH
  weight:
    adjust: 20
  expression:
    any:
      # Internet Explorer should be out of support
      - userAgent.contains("MSIE")
      # Trident is the Internet Explorer browser engine
      - userAgent.contains("Trident")
      # Opera is a fork of chrome now
      - userAgent.contains("Presto")
      # Windows CE is discontinued
      - userAgent.contains("Windows CE")
      # Windows 95 is discontinued
      - userAgent.contains("Windows 95")
      # Windows 98 is discontinued
      - userAgent.contains("Windows 98")
      # Windows 9.x is discontinued
      - userAgent.contains("Win 9x")
      # Amazon does not have an Alexa Toolbar.
      - userAgent.contains("Alexa Toolbar")
      # This is not released, even Windows 11 calls itself Windows 10
      - userAgent.contains("Windows NT 11.0")
      # iPods are not in common use
      - userAgent.contains("iPod")

# Acts on behalf of user requests
# https://docs.mistral.ai/robots/
- name: mistral-mistralai-user
  user_agent_regex: MistralAI-User/.+; \+https\://docs\.mistral\.ai/robots
  action: ALLOW
  # https://mistral.ai/mistralai-user-ips.json
  remote_addresses: [
    "20.240.160.161/32",
    "20.240.160.1/32",
  ]

- name: countries-with-aggressive-scrapers
  action: WEIGH
  geoip:
    countries:
      - BR
      - CN
  weight:
    adjust: 10

- name: aggressive-asns-without-functional-abuse-contact
  action: WEIGH
  asns:
    match:
      - 13335 # Cloudflare
      - 136907 # Huawei Cloud
      - 45102 # Alibaba Cloud
  weight:
    adjust: 10

- name: generic-bot-catchall
  user_agent_regex: (?i:bot|crawler)
  action: CHALLENGE
  challenge:
    difficulty: 16 # impossible
    report_as: 4 # lie to the operator
    algorithm: slow # intentionally waste CPU cycles and time

- name: mild-suspicion
  expression:
    all:
      - weight > 0
      - weight < 10
  action: CHALLENGE
  challenge:
    algorithm: metarefresh
    difficulty: 2
    report_as: 2

## System load based checks.
# If the system is under high load, add weight.
- name: high-load-average
  action: WEIGH
  expression: load_1m >= 10.0 # make sure to end the load comparison in a .0
  weight:
    adjust: 20

# If your backend service is running on the same operating system as Anubis,
# you can uncomment this rule to make the challenge easier when the system is
# under low load.
#
# If it is not, remove weight.
- name: low-load-average
  action: WEIGH
  expression: load_15m <= 4.0 # make sure to end the load comparison in a .0
  weight:
    adjust: -10