Context
Hi! I’m currently trying to setup services.anubis with services.traefik.
So this is my current config:
{ config, root-domain, ... }:
let
domain = "anubis.${root-domain}";
in
{
services = {
anubis = {
instances = {
main = {
enable = true;
settings = {
TARGET = " ";
REDIRECT_DOMAINS = root-domain;
PUBLIC_URL = "https://${domain}";
COOKIE_DOMAIN = root-domain;
};
};
};
};
traefik.dynamicConfigOptions.http =
let
anubis = config.services.anubis;
anubis-url = "unix://${anubis.instances.main.settings.BIND}";
in
{
middlewares.anubis.forwardAuth.address = "${anubis-url}";
routers.anubis = {
rule = "Host(`${domain}`)";
service = "anubis";
};
services.anubis.loadbalancer.servers =
[
{
url = anubis-url;
}
];
};
};
}
Questions
- The default setting uses a unix-socket to bind to. If I open up
anubis.<root-domain>then I’m getting anInternal Server Errorwith no relevant information fromjournalctl -eu anubis-main. Any ideas here? - How should the
forwardAuth.addresslook like if I use the unix-socket?
Alternatives
If I switch to http instead I’m able to open up my subdomain of anubis and it work fine (didn’t try the middleware yet though):
{ config, root-domain, ... }:
let
port = 49191;
domain = "anubis.${root-domain}";
in
{
services = {
anubis = {
instances = {
main = {
enable = true;
settings = {
TARGET = " ";
REDIRECT_DOMAINS = root-domain;
PUBLIC_URL = "https://${domain}";
COOKIE_DOMAIN = root-domain;
BIND_NETWORK = "tcp";
BIND = "127.0.0.1:${builtins.toString port}";
};
};
};
};
traefik.dynamicConfigOptions.http =
let
main = config.services.anubis.instances.main;
anubis-url = "http://${main.settings.BIND}/.within.website/x/cmd/anubis/api/check";
in
{
middlewares.anubis.forwardAuth.address = "${anubis-url}";
routers.anubis = {
rule = "Host(`${domain}`)";
service = "anubis";
};
services.anubis.loadbalancer.servers =
[
{
url = "http://${main.settings.BIND}";
}
];
};
};
}