Commit Graph

3071 Commits

Author SHA1 Message Date
Robin Schneider
a1d9c81915
Fix Nginx subdir URL install docs which allowed download of settings.yml
Closes: #1617

There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:

```nginx
root /usr/local/searx;

location = /searx { rewrite ^ /searx/; }
        try_files $uri @searx;
}
location @searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_modifier1 30;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that  `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).

To fix this, I propose:

```nginx
location = /searx {
        rewrite ^ /searx/;
}

location /searx/static {
}

location /searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

And add

```
route-run = fixpathinfo:
```

to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action

I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).

https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:

> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Markus Heiser
f602cb8e4d docs(admin): moved settings description from wiki to docs
Move wiki entry https://github.com/asciimoo/searx/wiki/settings.yml
into admin section of the docs (#1785).

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 21:56:09 +01:00
Markus Heiser
f9be534b2a docs(dev): fix minor markup typos
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 21:55:15 +01:00
Markus Heiser
10997a01e0 docs(admin): add weight & disabled cols to engine table
BTW: remove internal suspend_end_time

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 20:29:37 +01:00
Markus Heiser
754a10c1c1
Merge pull request #1661 from 0xhtml/fix-engine-spotify
Fix engine spotify

As you can read here https://developer.spotify.com/documentation/web-api/#authentication all requests to the spotify api require authentication. You can not test the api without credentials.
2019-12-30 07:44:31 +01:00
Markus Heiser
36e72a4619
Merge branch 'master' into fix-engine-spotify 2019-12-29 09:47:06 +01:00
Markus Heiser
f6d66c0f6f
Merge pull request #1776 from return42/makefile-doc
doc: describe Makefile targets & add reST primer
2019-12-28 13:55:20 +01:00
Markus Heiser
b91e07bbf1 docs(css): render HTML rst-example slightly more discreet
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:26:24 +01:00
Markus Heiser
d1892b2112 docs(admin): add article 'Buildhosts' with system requirements
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:25:16 +01:00
Markus Heiser
d6f2802e4b docs(dev): add more markups to reST primer
- Literal blocks
- Unicode substitution
- Horizontal list
- Math equations

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:01:11 +01:00
Markus Heiser
92afe68d65 doc(dev): reST/sphinx add tabbed views extension (sphinx_tabs.tabs)
See issue #1785:

  idea: in the doc, provide installation instructions with one tab per
  distrubution

preview (don't bookmark):

  https://return42.github.io/searx/dev/reST.html#tabbed-views

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-26 10:26:12 +01:00
Markus Heiser
62505f8982 docs(dev): add refs to to gitmoji and Semantic PR in contrib section
preview (don't bookmark):

  https://return42.github.io/searx/dev/contribution_guide.html#code

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-25 09:57:21 +01:00
Mathieu Brunot
359c18f9e6
Merge branch 'master' into docker/opencontainers 2019-12-24 21:38:07 +01:00
Markus Heiser
4ca8b69c81 doc(dev): add remarks about creating good commits (messages)
preview (don't bookmark):

  https://return42.github.io/searx/dev/contribution_guide.html#code

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-24 18:48:23 +01:00
Markus Heiser
5eb8cf4ebb Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc 2019-12-24 18:00:24 +01:00
Markus Heiser
a52a638ba8
Merge pull request #1701 from CaffeinatedTech/patch-1
Update README.rst

for the future: please select meaningful commit messages. Here is a good summarize how a useful commit messages looks like: https://www.conventionalcommits.org/en/v1.0.0-beta.2/#summary

Further read: https://wiki.openstack.org/wiki/GitCommitMessages#Information_in_commit_messages
2019-12-24 17:56:24 +01:00
Markus Heiser
ecb054a7a0
Merge branch 'master' into patch-1 2019-12-24 17:45:13 +01:00
Markus Heiser
5a0a66e9bc
Merge pull request #1615 from Nachtalb/ne/fix-infinite_scroll-with-vim_bindings
Fix not jumping to results loaded by infinite scroll
2019-12-24 17:34:33 +01:00
Markus Heiser
38dad2e8e3
Merge branch 'master' into ne/fix-infinite_scroll-with-vim_bindings 2019-12-24 15:42:05 +01:00
Markus Heiser
a395fb4a8d
Merge pull request #1694 from finn0/libgen
Fix broken Library Gensis Engine
2019-12-24 13:37:29 +01:00
Markus Heiser
fb668e2075
Merge branch 'master' into libgen 2019-12-24 13:33:07 +01:00
Markus Heiser
46dd51afad
Merge branch 'master' into makefile-doc 2019-12-24 12:27:36 +01:00
Markus Heiser
6d232e9b69
Merge pull request #1787 from finn0/fix/infobox
[Fix] oscar: no HTML escaping prior to output
2019-12-24 11:37:33 +01:00
Vipul
8bea927bb0 [Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-24 15:11:48 +05:30
Markus Heiser
70f7142824
Merge branch 'master' into bug/oscar-theme 2019-12-23 18:47:23 +01:00
Markus Heiser
07c8ca87e6
Merge branch 'master' into makefile-doc 2019-12-23 13:58:53 +00:00
Markus Heiser
3e14bf4d27
Merge pull request #1686 from MarcAbonce/wiki_infobox_fixes
Infobox fixes
2019-12-23 12:31:31 +00:00
Markus Heiser
c8645d6e37 doc: reST-primer -- imrpove desription of definition lists
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-23 09:37:51 +01:00
Markus Heiser
d3e4e81faf makefile.sphinx: fix gh-pages / pull before add commits
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:28:07 +01:00
Markus Heiser
90174e215c doc: add plugin section to admin section (template)
- Plugins configured at built time (defaults)

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:26:06 +01:00
Vipul
f407dd8ef4
Switch to https for some domains 2019-12-22 13:39:00 +00:00
Markus Heiser
31db843c9c doc: CSS - fix alignment of code block in figure blocks
BTW: minor profread of reST.rst

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:08:57 +01:00
Markus Heiser
aa3b0265e7 doc: add 'Architecture' article to admin section
Herein we add some hints and suggestions about typical architectures of
searx infrastructures.  We start with a contribution from @dalf

- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320

thanks @dalf !!

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:05:33 +01:00
Vipul
ee6781d777
[Fix] Libgen engine
Libgen has switched to new domain (i.e https://libgen.is) with TLS
support and older domain (i.e. http://libgen.io) is no longer
accessible. See, https://en.wikipedia.org/wiki/Library_Genesis, for more
information.

Resolves: #1693
2019-12-22 13:04:46 +00:00
Markus Heiser
5bdca1a5bf doc: improved HTML table layout (CSS)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 11:46:03 +01:00
Markus Heiser
aea4667fbc Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc 2019-12-22 10:12:33 +01:00
Marc Abonce Seguin
495ae59b31 hide suggestions box if empty
This bug happens only in python3
because map returns an iterator.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin
5706c12fba remove empty parenthesis in wikipedia's summary
They're usually IPA pronunciations which are removed
by the API.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin
c18048e045 exclude disambiguation pages from wikipedia infobox 2019-12-21 22:47:08 -06:00
Vipul
6a5aae6530
[Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-22 02:27:45 +00:00
Vipul
36ca2dcc56
[Fix] oscar: move info box at top of the page
In low width devices like mobile, tablet etc, info box is present at
bottom of the page.

This change addresses the issue by rearranging column grids for low
width devices and move side bar at top of the page. See
  - https://getbootstrap.com/docs/3.3/css/#grid-column-ordering.
  - and Searx issue tracker (issue#1777), for more information.

Effect: Along with Info, Suggestion and Link boxes also move to top of
the page.

Resolves: #1777
2019-12-22 02:27:42 +00:00
Adam Tauber
34ad3d6b34 [enh] display error message if gigablast extra param expired 2019-12-21 21:25:50 +01:00
Adam Tauber
52ccaa7acc [mod] remove useless engine unit tests
These tests are not able to detect engine errors if the upstream
site changes.
2019-12-21 21:15:09 +01:00
Adam Tauber
fc457569f7 [fix] pep8 2019-12-21 21:13:43 +01:00
Adam Tauber
00512e36c1 [fix] handle empty response from wikipedia engine - closes #1114 2019-12-21 21:01:08 +01:00
Adam Tauber
f8713512be [fix] convert byte query to string in osm engine - fixes #1220 2019-12-21 20:56:38 +01:00
Adam Tauber
e5305f886c [fix] fetch extra search param of gigablast - fixes #1293 2019-12-21 20:51:30 +01:00
Adam Tauber
8850036ded [fix] add explicit useragent header to requests - closes #1459 2019-12-21 20:25:39 +01:00
Markus Heiser
d1154202bc doc: add reST templating // incl. generic engine tabe
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-21 17:13:38 +01:00
Markus Heiser
c2b9aa0c2f docs: reST-primer describe table markup (WIP)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-20 20:39:14 +01:00