Initial commit

5 years ago · fe312fdae9
parent f3be3c76f2
commit fe312fdae9
4 changed files with 111 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,4 @@
+LETSENCRYPT_EMAIL=email@example.com
+SEARX_HOSTNAME=localhost
+# use openssl rand -base64 33
+MORTY_KEY=RemplaceThisBase64KeySharedBetweenMortyAndSearxByARealKey
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*~
--- a/51
+++ b/51
@ -0,0 +1,51 @@
+{$SEARX_HOSTNAME} {
+  tls self_signed
+  gzip
+  root /srv
+
+  header / {
+  	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
+	# connect via HTTPS
+	# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+	# Enable cross-site filter (XSS) and tell browser to block detected attacks
+	X-XSS-Protection "1; mode=block"
+
+	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+	X-Content-Type-Options "nosniff"
+
+	# Disallow the site to be rendered within a frame (clickjacking protection)
+	X-Frame-Options "SAMEORIGIN"
+
+	# CSP
+	Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
+	X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
+	X-WebKit-CSP "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
+
+	# 
+	Access-Control-Allow-Methods "GET, POST, OPTIONS"
+	Access-Control-Allow-Origin  "*"
+
+	# Disable some features
+	Feature-Policy "accelerometer 'none';autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';notifications 'none';payment 'none';push 'none';speaker 'none';sync-xhr 'none';usb 'none';vibrate 'none';vr 'none'"
+
+	# Cache
+	Cache-Control "private, no-store"
+	Pragma "no-cache"
+
+	# Referer
+	Referrer-Policy "no-referrer"
+
+	# Remove Server header
+	-Server
+  }
+
+  proxy / searx:8080 {
+    	except /morty
+  }
+
+  proxy /morty morty:3000 {
+  	transparent
+  }
+
+}
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,55 @@
+version: '3.7'
+
+services:
+
+  caddy:
+    image: abiosoft/caddy:no-stats
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      searx:
+        ipv4_address: 10.10.10.2
+    command: -email ${LETSENCRYPT_EMAIL} -agree=true -log stdout -host ${SEARX_HOSTNAME} -conf /etc/Caddyfile
+    restart: always
+    # -quic=true -http2=true
+    volumes:
+      - ./Caddyfile:/etc/Caddyfile
+      - ./caddy:/root/.caddy
+
+#  filtron:
+#    image: filtron
+#    hostname: filtron
+#    networks:
+#      searx:
+#        ipv4_address: 10.10.10.3
+
+  searx:
+    image: searx
+    hostname: searx
+    networks:
+      searx:
+         ipv4_address: 10.10.10.4
+    volumes:
+      - ./searx:/etc/searx
+    environment:
+      - BASE_URL=http://${SEARX_HOSTNAME}/
+      - MORTY_URL=http://${SEARX_HOSTNAME}/morty/
+      - MORTY_KEY=${MORTY_KEY}
+
+  morty:
+    image: morty
+    hostname: morty
+    networks:
+      searx:
+        ipv4_address: 10.10.10.5
+    command: -listen 10.10.10.5:3000 -key ${MORTY_KEY}
+    environment:
+      - MORTY_KEY=${MORTY_KEY}
+
+networks:
+  searx:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.10.10.0/24