mirror of
https://github.com/searxng/searxng
synced 2024-11-09 01:10:26 +00:00
a1d9c81915
Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
346 lines
6.6 KiB
ReStructuredText
346 lines
6.6 KiB
ReStructuredText
.. _installation:
|
|
|
|
============
|
|
Installation
|
|
============
|
|
|
|
.. contents::
|
|
:depth: 3
|
|
|
|
Basic installation
|
|
==================
|
|
|
|
Step by step installation for Debian/Ubuntu with virtualenv. For Ubuntu, be sure
|
|
to have enable universe repository.
|
|
|
|
Install packages:
|
|
|
|
.. code:: sh
|
|
|
|
$ sudo -H apt-get install \
|
|
git build-essential libxslt-dev \
|
|
python-dev python-virtualenv python-babel \
|
|
zlib1g-dev libffi-dev libssl-dev
|
|
|
|
Install searx:
|
|
|
|
.. code:: sh
|
|
|
|
cd /usr/local
|
|
sudo -H git clone https://github.com/asciimoo/searx.git
|
|
sudo -H useradd searx -d /usr/local/searx
|
|
sudo -H chown searx:searx -R /usr/local/searx
|
|
|
|
Install dependencies in a virtualenv:
|
|
|
|
.. code:: sh
|
|
|
|
cd /usr/local/searx
|
|
sudo -H -u searx -i
|
|
|
|
.. code:: sh
|
|
|
|
(searx)$ virtualenv searx-ve
|
|
(searx)$ . ./searx-ve/bin/activate
|
|
(searx)$ ./manage.sh update_packages
|
|
|
|
Configuration
|
|
==============
|
|
|
|
.. code:: sh
|
|
|
|
sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml
|
|
|
|
Edit searx/settings.yml if necessary.
|
|
|
|
Check
|
|
=====
|
|
|
|
Start searx:
|
|
|
|
.. code:: sh
|
|
|
|
python searx/webapp.py
|
|
|
|
Go to http://localhost:8888
|
|
|
|
If everything works fine, disable the debug option in settings.yml:
|
|
|
|
.. code:: sh
|
|
|
|
sed -i -e "s/debug : True/debug : False/g" searx/settings.yml
|
|
|
|
At this point searx is not demonized ; uwsgi allows this.
|
|
|
|
You can exit the virtualenv and the searx user bash (enter exit command
|
|
twice).
|
|
|
|
uwsgi
|
|
=====
|
|
|
|
Install packages:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H apt-get install \
|
|
uwsgi uwsgi-plugin-python
|
|
|
|
Create the configuration file ``/etc/uwsgi/apps-available/searx.ini`` with this
|
|
content:
|
|
|
|
.. code:: ini
|
|
|
|
[uwsgi]
|
|
# Who will run the code
|
|
uid = searx
|
|
gid = searx
|
|
|
|
# disable logging for privacy
|
|
disable-logging = true
|
|
|
|
# Number of workers (usually CPU count)
|
|
workers = 4
|
|
|
|
# The right granted on the created socket
|
|
chmod-socket = 666
|
|
|
|
# Plugin to use and interpretor config
|
|
single-interpreter = true
|
|
master = true
|
|
plugin = python
|
|
lazy-apps = true
|
|
enable-threads = true
|
|
|
|
# Module to import
|
|
module = searx.webapp
|
|
|
|
# Support running the module from a webserver subdirectory.
|
|
route-run = fixpathinfo:
|
|
|
|
# Virtualenv and python path
|
|
virtualenv = /usr/local/searx/searx-ve/
|
|
pythonpath = /usr/local/searx/
|
|
chdir = /usr/local/searx/searx/
|
|
|
|
Activate the uwsgi application and restart:
|
|
|
|
.. code:: sh
|
|
|
|
cd /etc/uwsgi/apps-enabled
|
|
ln -s ../apps-available/searx.ini
|
|
/etc/init.d/uwsgi restart
|
|
|
|
Web server
|
|
==========
|
|
|
|
with nginx
|
|
----------
|
|
|
|
If nginx is not installed (uwsgi will not work with the package
|
|
nginx-light):
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H apt-get install nginx
|
|
|
|
Hosted at /
|
|
~~~~~~~~~~~
|
|
|
|
Create the configuration file ``/etc/nginx/sites-available/searx`` with this
|
|
content:
|
|
|
|
.. code:: nginx
|
|
|
|
server {
|
|
listen 80;
|
|
server_name searx.example.com;
|
|
root /usr/local/searx;
|
|
|
|
location / {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
|
|
}
|
|
}
|
|
|
|
Create a symlink to sites-enabled:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
|
|
|
|
Restart service:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H service nginx restart
|
|
sudo -H service uwsgi restart
|
|
|
|
from subdirectory URL (/searx)
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Add this configuration in the server config file
|
|
``/etc/nginx/sites-enabled/default``:
|
|
|
|
.. code:: nginx
|
|
|
|
location = /searx {
|
|
rewrite ^ /searx/;
|
|
}
|
|
|
|
location /searx/static {
|
|
}
|
|
|
|
location /searx {
|
|
uwsgi_param SCRIPT_NAME /searx;
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
|
|
}
|
|
|
|
|
|
**OR** using reverse proxy (Please, note that reverse proxy advised to be used
|
|
in case of single-user or low-traffic instances.)
|
|
|
|
.. code:: nginx
|
|
|
|
location /searx {
|
|
proxy_pass http://127.0.0.1:8888;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Scheme $scheme;
|
|
proxy_set_header X-Script-Name /searx;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
|
|
Enable ``base_url`` in ``searx/settings.yml``
|
|
|
|
.. code:: yaml
|
|
|
|
base_url : http://your.domain.tld/searx/
|
|
|
|
Restart service:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H service nginx restart
|
|
sudo -H service uwsgi restart
|
|
|
|
disable logs
|
|
^^^^^^^^^^^^
|
|
|
|
for better privacy you can disable nginx logs about searx.
|
|
|
|
how to proceed: below ``uwsgi_pass`` in ``/etc/nginx/sites-available/default``
|
|
add:
|
|
|
|
.. code:: nginx
|
|
|
|
access_log /dev/null;
|
|
error_log /dev/null;
|
|
|
|
Restart service:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H service nginx restart
|
|
|
|
with apache
|
|
-----------
|
|
|
|
Add wsgi mod:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H apt-get install libapache2-mod-uwsgi
|
|
sudo -H a2enmod uwsgi
|
|
|
|
Add this configuration in the file ``/etc/apache2/apache2.conf``:
|
|
|
|
.. code:: apache
|
|
|
|
<Location />
|
|
Options FollowSymLinks Indexes
|
|
SetHandler uwsgi-handler
|
|
uWSGISocket /run/uwsgi/app/searx/socket
|
|
</Location>
|
|
|
|
Note that if your instance of searx is not at the root, you should change
|
|
``<Location />`` by the location of your instance, like ``<Location /searx>``.
|
|
|
|
Restart Apache:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H /etc/init.d/apache2 restart
|
|
|
|
disable logs
|
|
~~~~~~~~~~~~
|
|
|
|
For better privacy you can disable Apache logs.
|
|
|
|
.. warning::
|
|
|
|
You can only disable logs for the whole (virtual) server not for a specific
|
|
path.
|
|
|
|
Go back to ``/etc/apache2/apache2.conf`` and above ``<Location />`` add:
|
|
|
|
.. code:: apache
|
|
|
|
CustomLog /dev/null combined
|
|
|
|
Restart Apache:
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H /etc/init.d/apache2 restart
|
|
|
|
How to update
|
|
=============
|
|
|
|
.. code:: sh
|
|
|
|
cd /usr/local/searx
|
|
sudo -H -u searx -i
|
|
|
|
.. code:: sh
|
|
|
|
(searx)$ . ./searx-ve/bin/activate
|
|
(searx)$ git stash
|
|
(searx)$ git pull origin master
|
|
(searx)$ git stash apply
|
|
(searx)$ ./manage.sh update_packages
|
|
|
|
.. code:: sh
|
|
|
|
sudo -H service uwsgi restart
|
|
|
|
Docker
|
|
======
|
|
|
|
Make sure you have installed Docker. For instance, you can deploy searx like this:
|
|
|
|
.. code:: sh
|
|
|
|
docker pull wonderfall/searx
|
|
docker run -d --name searx -p $PORT:8888 wonderfall/searx
|
|
|
|
Go to ``http://localhost:$PORT``.
|
|
|
|
See https://hub.docker.com/r/wonderfall/searx/ for more informations. It's also
|
|
possible to build searx from the embedded Dockerfile.
|
|
|
|
.. code:: sh
|
|
|
|
git clone https://github.com/asciimoo/searx.git
|
|
cd searx
|
|
docker build -t whatever/searx .
|
|
|
|
References
|
|
==========
|
|
|
|
* https://about.okhin.fr/posts/Searx/ with some additions
|
|
|
|
* How to: `Setup searx in a couple of hours with a free SSL certificate
|
|
<https://www.reddit.com/r/privacytoolsIO/comments/366kvn/how_to_setup_your_own_privacy_respecting_search/>`__
|