forked from Archives/searxng
Merge pull request #1332 from return42/searxng-install
Upgrade installation scripts and documentationdependabot/pip/master/sphinx-6.1.3
commit
645c2a2ca1
@ -1,52 +0,0 @@
|
||||
# -*- coding: utf-8; mode: sh -*-
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
# shellcheck shell=bash disable=SC2034
|
||||
#
|
||||
# This file should be edited only ones just before the installation of any
|
||||
# service is done. After the installation of the searx service a copy of this
|
||||
# file is placed into the $SEARX_SRC of the instance, e.g.::
|
||||
#
|
||||
# /usr/local/searx/searx-src/.config.sh
|
||||
#
|
||||
# .. hint::
|
||||
#
|
||||
# Before you change a value here, You have to fully uninstall any previous
|
||||
# installation of searx, morty and filtron services!
|
||||
|
||||
# utils/searx.sh
|
||||
# --------------
|
||||
|
||||
# The setup of the SearXNG instance is done in the settings.yml
|
||||
# (SEARXNG_SETTINGS_PATH). Read the remarks in [1] carefully and don't forget to
|
||||
# rebuild instance's environment (make buildenv) if needed. The settings.yml
|
||||
# file of an already installed instance is shown by::
|
||||
#
|
||||
# $ ./utils/searx.sh --help
|
||||
# ---- SearXNG instance setup (already installed)
|
||||
# SEARXNG_SETTINGS_PATH : /etc/searxng/settings.yml
|
||||
# SEARX_SRC : /usr/local/searx/searx-src
|
||||
#
|
||||
# [1] https://docs.searxng.org/admin/engines/settings.html
|
||||
|
||||
# utils/filtron.sh
|
||||
# ----------------
|
||||
|
||||
# FILTRON_API="127.0.0.1:4005"
|
||||
# FILTRON_LISTEN="127.0.0.1:4004"
|
||||
|
||||
# utils/morty.sh
|
||||
# --------------
|
||||
|
||||
# morty listen address
|
||||
# MORTY_LISTEN="127.0.0.1:3000"
|
||||
# PUBLIC_URL_PATH_MORTY="/morty/"
|
||||
|
||||
# system services
|
||||
# ---------------
|
||||
|
||||
# Common $HOME folder of the service accounts
|
||||
# SERVICE_HOME_BASE="/usr/local"
|
||||
|
||||
# **experimental**: Set SERVICE_USER to run all services by one account, but be
|
||||
# aware that removing discrete components might conflict!
|
||||
# SERVICE_USER=searx
|
@ -1,33 +1,30 @@
|
||||
digraph G {
|
||||
|
||||
node [style=filled, shape=box, fillcolor="#ffffcc", fontname="Sans"];
|
||||
node [style=filled, shape=box, fillcolor="#ffffcc", fontname=Sans];
|
||||
edge [fontname="Sans"];
|
||||
|
||||
browser [label="Browser", shape=Mdiamond];
|
||||
rp [label="Reverse Proxy", href="https://docs.searxng.org/utils/filtron.sh.html#public-reverse-proxy"];
|
||||
filtron [label="Filtron", href="https://docs.searxng.org/utils/filtron.sh.html"];
|
||||
morty [label="Morty", href="https://docs.searxng.org/utils/morty.sh.html"];
|
||||
static [label="Static files", href="url to configure static files"];
|
||||
uwsgi [label="uwsgi", href="https://docs.searxng.org/utils/searx.sh.html"]
|
||||
searx1 [label="Searx #1"];
|
||||
searx2 [label="Searx #2"];
|
||||
searx3 [label="Searx #3"];
|
||||
searx4 [label="Searx #4"];
|
||||
browser [label="browser", shape=tab, fillcolor=aliceblue];
|
||||
rp [label="reverse proxy"];
|
||||
static [label="static files", shape=folder, href="url to configure static files", fillcolor=lightgray];
|
||||
uwsgi [label="uwsgi", shape=parallelogram href="https://docs.searxng.org/utils/searx.sh.html"]
|
||||
redis [label="redis DB", shape=cylinder];
|
||||
searxng1 [label="SearXNG #1", fontcolor=blue3];
|
||||
searxng2 [label="SearXNG #2", fontcolor=blue3];
|
||||
searxng3 [label="SearXNG #3", fontcolor=blue3];
|
||||
searxng4 [label="SearXNG #4", fontcolor=blue3];
|
||||
|
||||
browser -> rp [label="HTTPS"]
|
||||
|
||||
subgraph cluster_searx {
|
||||
label = "Searx instance" fontname="Sans";
|
||||
subgraph cluster_searxng {
|
||||
label = "SearXNG instance" fontname=Sans;
|
||||
bgcolor="#fafafa";
|
||||
{ rank=same; static rp };
|
||||
rp -> morty [label="optional: images and HTML pages proxy"];
|
||||
rp -> static [label="optional: reverse proxy serves directly static files"];
|
||||
rp -> filtron [label="HTTP"];
|
||||
filtron -> uwsgi [label="HTTP"];
|
||||
uwsgi -> searx1;
|
||||
uwsgi -> searx2;
|
||||
uwsgi -> searx3;
|
||||
uwsgi -> searx4;
|
||||
rp -> static [label="optional: reverse proxy serves static files", fillcolor=slategray, fontcolor=slategray];
|
||||
rp -> uwsgi [label="http:// (tcp) or unix:// (socket)"];
|
||||
uwsgi -> searxng1 -> redis;
|
||||
uwsgi -> searxng2 -> redis;
|
||||
uwsgi -> searxng3 -> redis;
|
||||
uwsgi -> searxng4 -> redis;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,193 +0,0 @@
|
||||
|
||||
.. _searxng filtron:
|
||||
|
||||
==========================
|
||||
How to protect an instance
|
||||
==========================
|
||||
|
||||
.. tip::
|
||||
|
||||
To protect your instance a installation of filtron (as described here) is no
|
||||
longer needed, alternatively activate the :ref:`limiter plugin` in your
|
||||
``settings.yml``. Note that the :ref:`limiter plugin` requires a :ref:`Redis
|
||||
<settings redis>` database.
|
||||
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`filtron.sh`
|
||||
- :ref:`nginx searxng site`
|
||||
|
||||
.. _filtron: https://github.com/searxng/filtron
|
||||
|
||||
SearXNG depends on external search services. To avoid the abuse of these services
|
||||
it is advised to limit the number of requests processed by SearXNG.
|
||||
|
||||
An application firewall, filtron_ solves exactly this problem. Filtron is just
|
||||
a middleware between your web server (nginx, apache, ...) and searx, we describe
|
||||
such infrastructures in chapter: :ref:`architecture`.
|
||||
|
||||
|
||||
filtron & go
|
||||
============
|
||||
|
||||
.. _Go: https://golang.org/
|
||||
.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md
|
||||
|
||||
Filtron needs Go_ installed. If Go_ is preinstalled, filtron_ is simply
|
||||
installed by ``go get`` package management (see `filtron README`_). If you use
|
||||
filtron as middleware, a more isolated setup is recommended. To simplify such
|
||||
an installation and the maintenance of, use our script :ref:`filtron.sh`.
|
||||
|
||||
.. _Sample configuration of filtron:
|
||||
|
||||
Sample configuration of filtron
|
||||
===============================
|
||||
|
||||
.. sidebar:: Tooling box
|
||||
|
||||
- :origin:`/etc/filtron/rules.json <utils/templates/etc/filtron/rules.json>`
|
||||
|
||||
An example configuration can be find below. This configuration limits the access
|
||||
of:
|
||||
|
||||
- scripts or applications (roboagent limit)
|
||||
- webcrawlers (botlimit)
|
||||
- IPs which send too many requests (IP limit)
|
||||
- too many json, csv, etc. requests (rss/json limit)
|
||||
- the same UserAgent of if too many requests (useragent limit)
|
||||
|
||||
.. code:: json
|
||||
|
||||
[
|
||||
{
|
||||
"name": "search request",
|
||||
"filters": [
|
||||
"Param:q",
|
||||
"Path=^(/|/search)$"
|
||||
],
|
||||
"interval": "<time-interval-in-sec (int)>",
|
||||
"limit": "<max-request-number-in-interval (int)>",
|
||||
"subrules": [
|
||||
{
|
||||
"name": "missing Accept-Language",
|
||||
"filters": ["!Header:Accept-Language"],
|
||||
"limit": "<max-request-number-in-interval (int)>",
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{"name":"log"},
|
||||
{"name": "block",
|
||||
"params": {"message": "Rate limit exceeded"}}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "suspiciously Connection=close header",
|
||||
"filters": ["Header:Connection=close"],
|
||||
"limit": "<max-request-number-in-interval (int)>",
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{"name":"log"},
|
||||
{"name": "block",
|
||||
"params": {"message": "Rate limit exceeded"}}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "IP limit",
|
||||
"interval": "<time-interval-in-sec (int)>",
|
||||
"limit": "<max-request-number-in-interval (int)>",
|
||||
"stop": true,
|
||||
"aggregations": [
|
||||
"Header:X-Forwarded-For"
|
||||
],
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "rss/json limit",
|
||||
"filters": [
|
||||
"Param:format=(csv|json|rss)"
|
||||
],
|
||||
"interval": "<time-interval-in-sec (int)>",
|
||||
"limit": "<max-request-number-in-interval (int)>",
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "useragent limit",
|
||||
"interval": "<time-interval-in-sec (int)>",
|
||||
"limit": "<max-request-number-in-interval (int)>",
|
||||
"aggregations": [
|
||||
"Header:User-Agent"
|
||||
],
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
|
||||
|
||||
.. _filtron route request:
|
||||
|
||||
Route request through filtron
|
||||
=============================
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`filtron.sh overview`
|
||||
- :ref:`installation nginx`
|
||||
- :ref:`installation apache`
|
||||
|
||||
Filtron can be started using the following command:
|
||||
|
||||
.. code:: sh
|
||||
|
||||
$ filtron -rules rules.json
|
||||
|
||||
It listens on ``127.0.0.1:4004`` and forwards filtered requests to
|
||||
``127.0.0.1:8888`` by default.
|
||||
|
||||
Use it along with ``nginx`` with the following example configuration.
|
||||
|
||||
.. code:: nginx
|
||||
|
||||
# https://example.org/searx
|
||||
|
||||
location /searx {
|
||||
proxy_pass http://127.0.0.1:4004/;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
proxy_set_header X-Script-Name /searx;
|
||||
}
|
||||
|
||||
location /searx/static {
|
||||
/usr/local/searx/searx-src/searx/static;
|
||||
}
|
||||
|
||||
|
||||
Requests are coming from port 4004 going through filtron and then forwarded to
|
||||
port 8888 where a SearXNG is being run. For a complete setup see: :ref:`nginx
|
||||
searxng site`.
|
@ -0,0 +1,62 @@
|
||||
.. _installation scripts:
|
||||
|
||||
===================
|
||||
Installation Script
|
||||
===================
|
||||
|
||||
.. sidebar:: Update the OS first!
|
||||
|
||||
To avoid unwanted side effects, update your OS before installing SearXNG.
|
||||
|
||||
The following will install a setup as shown in :ref:`the reference architecture
|
||||
<arch public>`. First you need to get a clone of the repository. The clone is only needed for
|
||||
the installation procedure and some maintenance tasks.
|
||||
|
||||
.. sidebar:: further read
|
||||
|
||||
- :ref:`toolboxing`
|
||||
|
||||
Jump to a folder that is readable by *others* and start to clone SearXNG,
|
||||
alternatively you can create your own fork and clone from there.
|
||||
|
||||
.. code:: bash
|
||||
|
||||
$ cd ~/Downloads
|
||||
$ git clone https://github.com/searxng/searxng.git searxng
|
||||
$ cd searxng
|
||||
|
||||
.. sidebar:: further read
|
||||
|
||||
- :ref:`inspect searxng`
|
||||
|
||||
To install a SearXNG :ref:`reference setup <use_default_settings.yml>`
|
||||
including a :ref:`uWSGI setup <architecture uWSGI>` as described in the
|
||||
:ref:`installation basic` and in the :ref:`searxng uwsgi` section type:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
$ sudo -H ./utils/searxng.sh install all
|
||||
|
||||
.. attention::
|
||||
|
||||
For the installation procedure, use a *sudoer* login to run the scripts. If
|
||||
you install from ``root``, take into account that the scripts are creating a
|
||||
``searxng`` user. In the installation procedure this new created user does
|
||||
need read access to the cloned SearXNG repository, which is not the case if you clone
|
||||
it into a folder below ``/root``!
|
||||
|
||||
.. sidebar:: further read
|
||||
|
||||
- :ref:`update searxng`
|
||||
|
||||
.. _caddy: https://hub.docker.com/_/caddy
|
||||
|
||||
When all services are installed and running fine, you can add SearXNG to your
|
||||
HTTP server. We do not have any preferences for the HTTP server, you can use
|
||||
whatever you prefer.
|
||||
|
||||
We use caddy in our :ref:`docker image <installation docker>` and we have
|
||||
implemented installation procedures for:
|
||||
|
||||
- :ref:`installation nginx`
|
||||
- :ref:`installation apache`
|
@ -1,75 +0,0 @@
|
||||
.. _installation switch2ng:
|
||||
|
||||
============================
|
||||
Switch from searx to SearXNG
|
||||
============================
|
||||
|
||||
.. sidebar:: info
|
||||
|
||||
- :pull:`456`
|
||||
- :pull:`A comment about rolling release <446#issuecomment-954730358>`
|
||||
|
||||
.. contents:: Contents
|
||||
:depth: 2
|
||||
:local:
|
||||
:backlinks: entry
|
||||
|
||||
If you have a searx installation on your sever and want to switch to SearXNG,
|
||||
you need to uninstall searx first. If you have an old searx docker installation
|
||||
replace your docker image / see :ref:`installation docker`.
|
||||
|
||||
If your searx instance was installed *"Step by step"* or by the *"Installation
|
||||
scripts"*, you need to undo the installation procedure completely. If you have
|
||||
morty & filtron installed, it is recommended to uninstall these services also.
|
||||
In case of scripts, to uninstall use the scripts from the origin you installed
|
||||
searx from.
|
||||
|
||||
If you have removed the old searx installation, clone from SearXNG and and start
|
||||
with your installation procedure (e.g. :ref:`installation scripts`):
|
||||
|
||||
.. code:: bash
|
||||
|
||||
$ cd ~/Downloads
|
||||
$ git clone https://github.com/searxng/searxng.git searxng
|
||||
$ cd searxng
|
||||
$ ...
|
||||
|
||||
``.config.sh``
|
||||
==============
|
||||
|
||||
Please take into account; SearXNG has normalized ``.config.sh`` with
|
||||
``settings.yml`` and some of the environment settings has been removed from or
|
||||
renamed in the ``.config.sh``:
|
||||
|
||||
- :patch:`[mod] normalize .config.sh with settings.yml <f61c918d>`
|
||||
- :patch:`[fix] ./utils/filtron.sh - FILTRON_TARGET from YAML settings <7196a9b5>`
|
||||
- :patch:`SearXNG: SEARXNG_SETTINGS_PATH <253b8503>`
|
||||
|
||||
|
||||
Check after Installation
|
||||
========================
|
||||
|
||||
Once you have done your installation, you can run a SearXNG *check* procedure,
|
||||
to see if there are some left overs. In this example there exists a *old*
|
||||
``/etc/searx/settings.yml``::
|
||||
|
||||
$ sudo -H ./utils/searx.sh install check
|
||||
|
||||
============================
|
||||
SearXNG (check installation)
|
||||
============================
|
||||
ERROR: settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/
|
||||
INFO: SearXNG instance already installed at: /usr/local/searx/searx-src
|
||||
...
|
||||
INFO: Service account searx exists.
|
||||
INFO: ~searx: python environment is available.
|
||||
INFO: ~searx: SearXNG software is installed.
|
||||
INFO: uWSGI app searxng.ini is enabled.
|
||||
INFO searx : merge the default settings ( /usr/local/searx/searx-src/searx/settings.yml ) and the user setttings ( /etc/searxng/settings.yml )
|
||||
INFO searx : max_request_timeout=None
|
||||
|
||||
|
||||
To *check* the filtron & morty installations, use similar commands::
|
||||
|
||||
$ sudo -H /utils/filtron.sh install check
|
||||
$ sudo -H /utils/morty.sh install check
|
@ -1,40 +0,0 @@
|
||||
|
||||
.. _searxng morty:
|
||||
|
||||
=========================
|
||||
How to setup result proxy
|
||||
=========================
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`morty.sh`
|
||||
|
||||
.. _morty: https://github.com/asciimoo/morty
|
||||
.. _morty's README: https://github.com/asciimoo/morty
|
||||
|
||||
By default SearXNG can only act as an image proxy for result images, but it is
|
||||
possible to proxify all the result URLs with an external service, morty_.
|
||||
|
||||
To use this feature, morty has to be installed and activated in SearXNG's
|
||||
``settings.yml``. Add the following snippet to your ``settings.yml`` and
|
||||
restart searx:
|
||||
|
||||
.. code:: yaml
|
||||
|
||||
result_proxy:
|
||||
url : http://127.0.0.1:3000/
|
||||
key : !!binary "insert_your_morty_proxy_key_here"
|
||||
|
||||
Note that the example above (``http://127.0.0.1:3000``) is only for single-user
|
||||
instances without a HTTP proxy. If your morty service is public, the url is the
|
||||
address of the reverse proxy (e.g ``https://example.org/morty``).
|
||||
|
||||
For more information about *result proxy* have a look at *"SearXNG via filtron
|
||||
plus morty"* in the :ref:`nginx <nginx searxng via filtron plus morty>` and
|
||||
:ref:`apache <apache searxng via filtron plus morty>` sections.
|
||||
|
||||
``url``
|
||||
Is the address of the running morty service.
|
||||
|
||||
``key``
|
||||
Is an optional argument, see `morty's README`_ for more information.
|
@ -1,59 +1,115 @@
|
||||
===================
|
||||
SearXNG maintenance
|
||||
===================
|
||||
|
||||
.. sidebar:: further read
|
||||
|
||||
- :ref:`toolboxing`
|
||||
- :ref:`uWSGI maintenance`
|
||||
|
||||
.. contents:: Contents
|
||||
:depth: 2
|
||||
:local:
|
||||
:backlinks: entry
|
||||
|
||||
.. _update searxng:
|
||||
|
||||
=============
|
||||
How to update
|
||||
=============
|
||||
|
||||
How to update depends on the :ref:`installation` method. If you have used the
|
||||
:ref:`installation scripts`, use ``update`` command from the scripts.
|
||||
|
||||
**Update** :ref:`SearXNG service <searx.sh>`
|
||||
:ref:`installation scripts`, use the ``update`` command from the :ref:`searxng.sh`
|
||||
script.
|
||||
|
||||
.. code:: sh
|
||||
|
||||
sudo -H ./utils/searx.sh update searx
|
||||
sudo -H ./utils/searxng.sh instance update
|
||||
|
||||
.. _inspect searxng:
|
||||
|
||||
**Update** :ref:`filtron reverse proxy <filtron.sh>`
|
||||
How to inspect & debug
|
||||
======================
|
||||
|
||||
How to debug depends on the :ref:`installation` method. If you have used the
|
||||
:ref:`installation scripts`, use the ``inspect`` command from the :ref:`searxng.sh`
|
||||
script.
|
||||
|
||||
.. code:: sh
|
||||
|
||||
sudo -H ./utils/filtron.sh update filtron
|
||||
sudo -H ./utils/searxng.sh instance inspect
|
||||
|
||||
**Update** :ref:`result proxy <morty.sh>`
|
||||
.. _migrate and stay tuned:
|
||||
|
||||
.. code:: bash
|
||||
Migrate and stay tuned!
|
||||
=======================
|
||||
|
||||
$ sudo -H ./utils/morty.sh update morty
|
||||
.. sidebar:: info
|
||||
|
||||
.. _inspect searxng:
|
||||
- :pull:`1332`
|
||||
- :pull:`456`
|
||||
- :pull:`A comment about rolling release <446#issuecomment-954730358>`
|
||||
|
||||
======================
|
||||
How to inspect & debug
|
||||
======================
|
||||
SearXNG is a *rolling release*; each commit to the master branch is a release.
|
||||
SearXNG is growing rapidly, the services and opportunities are change every now
|
||||
and then, to name just a few:
|
||||
|
||||
.. sidebar:: further read
|
||||
- Bot protection has been switched from filtron to SearXNG's :ref:`limiter
|
||||
<limiter>`, this requires a :ref:`Redis <settings redis>` database.
|
||||
|
||||
- :ref:`toolboxing`
|
||||
- :ref:`Makefile`
|
||||
- The image proxy morty is no longer needed, it has been replaced by the
|
||||
:ref:`image proxy <image_proxy>` from SearXNG.
|
||||
|
||||
How to debug depends on the :ref:`installation` method. If you have used the
|
||||
:ref:`installation scripts`, use ``inspect`` command from the scripts.
|
||||
- To save bandwith :ref:`cache busting <static_use_hash>` has been implemented.
|
||||
To get in use, the ``static-expires`` needs to be set in the :ref:`uwsgi
|
||||
setup`.
|
||||
|
||||
**Inspect** :ref:`SearXNG service <searx.sh>`
|
||||
To stay tuned and get in use of the new features, instance maintainers have to
|
||||
update the SearXNG code regularly (see :ref:`update searxng`). As the above
|
||||
examples show, this is not always enough, sometimes services have to be set up
|
||||
or reconfigured and sometimes services that are no longer needed should be
|
||||
uninstalled.
|
||||
|
||||
.. code:: sh
|
||||
.. hint::
|
||||
|
||||
sudo -H ./utils/searx.sh inspect service
|
||||
First of all: SearXNG is installed by the script :ref:`searxng.sh`. If you
|
||||
have old filtron, morty or searx setup you should consider complete
|
||||
uninstall/reinstall.
|
||||
|
||||
**Inspect** :ref:`filtron reverse proxy <filtron.sh>`
|
||||
|
||||
.. code:: sh
|
||||
remove obsolete services
|
||||
------------------------
|
||||
|
||||
If your searx instance was installed *"Step by step"* or by the *"Installation
|
||||
scripts"*, you need to undo the installation procedure completely. If you have
|
||||
morty & filtron installed, it is recommended to uninstall these services also.
|
||||
In case of scripts, to uninstall use the scripts from the origin you installed
|
||||
searx from or try::
|
||||
|
||||
$ sudo -H ./utils/filtron.sh remove all
|
||||
$ sudo -H ./utils/morty.sh remove all
|
||||
$ sudo -H ./utils/searx.sh remove all
|
||||
|
||||
.. hint::
|
||||
|
||||
If you are migrate from searx take into account that the ``.config.sh`` is no
|
||||
longer used.
|
||||
|
||||
sudo -H ./utils/filtron.sh inspect service
|
||||
|
||||
**Inspect** :ref:`result proxy <morty.sh>`
|
||||
Check after Installation
|
||||
------------------------
|
||||
|
||||
.. code:: bash
|
||||
Once you have done your installation, you can run a SearXNG *check* procedure,
|
||||
to see if there are some left overs. In this example there exists a *old*
|
||||
``/etc/searx/settings.yml``::
|
||||
|
||||
$ sudo -H ./utils/morty.sh inspect service
|
||||
$ sudo -H ./utils/searxng.sh instance check
|
||||
|
||||
SearXNG checks
|
||||
--------------
|
||||
ERROR: settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/
|
||||
INFO: [OK] (old) account 'searx' does not exists
|
||||
INFO: [OK] (old) account 'filtron' does not exists
|
||||
INFO: [OK] (old) account 'morty' does not exists
|
||||
...
|
||||
INFO searx.shared : Use shared_simple implementation
|
||||
INFO searx.shared.redis : connected redis DB --> default
|
||||
|
@ -1,80 +0,0 @@
|
||||
|
||||
.. _filtron.sh:
|
||||
|
||||
====================
|
||||
``utils/filtron.sh``
|
||||
====================
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`searxng filtron`
|
||||
- :ref:`architecture`
|
||||
- :ref:`installation` (:ref:`nginx <installation nginx>` & :ref:`apache
|
||||
<installation apache>`)
|
||||
|
||||
.. _Go: https://golang.org/
|
||||
.. _filtron: https://github.com/searxng/filtron
|
||||
.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md
|
||||
|
||||
To simplify installation and maintenance of a filtron instance you can use the
|
||||
script :origin:`utils/filtron.sh`. In most cases you will install filtron_
|
||||
simply by running the command:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
sudo -H ./utils/filtron.sh install all
|
||||
|
||||
The script adds a ``${SERVICE_USER}`` (default:``filtron``) and installs filtron_
|
||||
into this user account:
|
||||
|
||||
#. Create a separated user account (``filtron``).
|
||||
#. Download and install Go_ binary in user's $HOME (``~filtron``).
|
||||
#. Install filtron with the package management from Go_ (``go get -v -u
|
||||
github.com/searxng/filtron``)
|
||||
#. Setup a proper rule configuration :origin:`[ref]
|
||||
<utils/templates/etc/filtron/rules.json>` (``/etc/filtron/rules.json``).
|
||||
#. Setup a systemd service unit :origin:`[ref]
|
||||
<utils/templates/lib/systemd/system/filtron.service>`
|
||||
(``/lib/systemd/system/filtron.service``).
|
||||
|
||||
|
||||
Create user
|
||||
===========
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
||||
:start-after: START create user
|
||||
:end-before: END create user
|
||||
|
||||
|
||||
Install go
|
||||
==========
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
||||
:start-after: START install go
|
||||
:end-before: END install go
|
||||
|
||||
|
||||
Install filtron
|
||||
===============
|
||||
|
||||
Install :origin:`rules.json <utils/templates/etc/filtron/rules.json>` at
|
||||
``/etc/filtron/rules.json`` (see :ref:`Sample configuration of filtron`) and
|
||||
install filtron software and systemd unit:
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
||||
:start-after: START install filtron
|
||||
:end-before: END install filtron
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
||||
:start-after: START install systemd unit
|
||||
:end-before: END install systemd unit
|
||||
|
||||
.. _filtron.sh overview:
|
||||
|
||||
Overview
|
||||
========
|
||||
|
||||
The ``--help`` output of the script is largely self-explanatory
|
||||
(:ref:`toolboxing common`):
|
||||
|
||||
.. program-output:: ../utils/filtron.sh --help
|
@ -1,52 +1,30 @@
|
||||
.. _searx_utils:
|
||||
.. _toolboxing:
|
||||
|
||||
===================
|
||||
Admin's tooling box
|
||||
===================
|
||||
==================
|
||||
DevOps tooling box
|
||||
==================
|
||||
|
||||
In the folder :origin:`utils/` we maintain some tools useful for administrators.
|
||||
In the folder :origin:`utils/` we maintain some tools useful for administrators
|
||||
and developers.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
:caption: Contents
|
||||
|
||||
searx.sh
|
||||
filtron.sh
|
||||
morty.sh
|
||||
searxng.sh
|
||||
lxc.sh
|
||||
|
||||
.. _toolboxing common:
|
||||
Common command environments
|
||||
===========================
|
||||
|
||||
Common commands & environment
|
||||
=============================
|
||||
|
||||
Scripts to maintain services often dispose of common commands and environments.
|
||||
|
||||
``shell`` : command
|
||||
Opens a shell from the service user ``${SERVICE_USSR}``, very helpful for
|
||||
troubleshooting.
|
||||
|
||||
``inspect service`` : command
|
||||
Shows status and log of the service, most often you have a option to enable
|
||||
more verbose debug logs. Very helpful for debugging, but be careful not to
|
||||
enable debugging in a production environment!
|
||||
The scripts in our tooling box often dispose of common environments:
|
||||
|
||||
``FORCE_TIMEOUT`` : environment
|
||||
Sets timeout for interactive prompts. If you want to run a script in batch
|
||||
job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a
|
||||
reverse proxy for filtron on all containers of the :ref:`SearXNG suite
|
||||
<lxc-searx.env>` use ::
|
||||
|
||||
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh apache install
|
||||
|
||||
.. _toolboxing setup:
|
||||
|
||||
Tooling box setup
|
||||
=================
|
||||
|
||||
The main setup is done in the :origin:`.config.sh` (read also :ref:`settings
|
||||
global`).
|
||||
SearXNG server and nginx proxy on all containers of the :ref:`SearXNG suite
|
||||
<lxc-searxng.env>` use::
|
||||
|
||||
.. literalinclude:: ../../.config.sh
|
||||
:language: bash
|
||||
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install all
|
||||
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx
|
||||
|
@ -1,80 +0,0 @@
|
||||
|
||||
.. _morty: https://github.com/asciimoo/morty
|
||||
.. _morty's README: https://github.com/asciimoo/morty
|
||||
.. _Go: https://golang.org/
|
||||
|
||||
.. _morty.sh:
|
||||
|
||||
==================
|
||||
``utils/morty.sh``
|
||||
==================
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`architecture`
|
||||
- :ref:`installation` (:ref:`nginx <installation nginx>` & :ref:`apache
|
||||
<installation apache>`)
|
||||
- :ref:`searxng morty`
|
||||
|
||||
To simplify installation and maintenance of a morty_ instance you can use the
|
||||
script :origin:`utils/morty.sh`. In most cases you will install morty_ simply by
|
||||
running the command:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
sudo -H ./utils/morty.sh install all
|
||||
|
||||
The script adds a ``${SERVICE_USER}`` (default:``morty``) and installs morty_
|
||||
into this user account:
|
||||
|
||||
#. Create a separated user account (``morty``).
|
||||
#. Download and install Go_ binary in user's $HOME (``~morty``).
|
||||
#. Install morty_ with the package management from Go_ (``go get -v -u
|
||||
github.com/asciimoo/morty``)
|
||||
#. Setup a systemd service unit :origin:`[ref]
|
||||
<utils/templates/lib/systemd/system/morty.service>`
|
||||
(``/lib/systemd/system/morty.service``).
|
||||
|
||||
.. hint::
|
||||
|
||||
To add morty to your SearXNG instance read chapter :ref:`searxng morty`.
|
||||
|
||||
Create user
|
||||
===========
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
||||
:start-after: START create user
|
||||
:end-before: END create user
|
||||
|
||||
|
||||
Install go
|
||||
==========
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
||||
:start-after: START install go
|
||||
:end-before: END install go
|
||||
|
||||
|
||||
Install morty
|
||||
=============
|
||||
|
||||
Install morty software and systemd unit:
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
||||
:start-after: START install morty
|
||||
:end-before: END install morty
|
||||
|
||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
||||
:start-after: START install systemd unit
|
||||
:end-before: END install systemd unit
|
||||
|
||||
.. _morty.sh overview:
|
||||
|
||||
Overview
|
||||
========
|
||||
|
||||
The ``--help`` output of the script is largely self-explanatory
|
||||
(:ref:`toolboxing common`):
|
||||
|
||||
.. program-output:: ../utils/morty.sh --help
|
||||
|
@ -1,39 +0,0 @@
|
||||
|
||||
.. _searx.sh:
|
||||
|
||||
==================
|
||||
``utils/searx.sh``
|
||||
==================
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`architecture`
|
||||
- :ref:`installation`
|
||||
- :ref:`installation nginx`
|
||||
- :ref:`installation apache`
|
||||
|
||||
To simplify installation and maintenance of a SearXNG instance you can use the
|
||||
script :origin:`utils/searx.sh`.
|
||||
|
||||
Install
|
||||
=======
|
||||
|
||||
In most cases you will install SearXNG simply by running the command:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
sudo -H ./utils/searx.sh install all
|
||||
|
||||
The script adds a ``${SERVICE_USER}`` (default:``searx``) and installs SearXNG
|
||||
into this user account. The installation is described in chapter
|
||||
:ref:`installation basic`.
|
||||
|
||||
.. _intranet reverse proxy:
|
||||
|
||||
Overview
|
||||
========
|
||||
|
||||
The ``--help`` output of the script is largely self-explanatory
|
||||
(:ref:`toolboxing common`):
|
||||
|
||||
.. program-output:: ../utils/searx.sh --help
|
@ -0,0 +1,36 @@
|
||||
|
||||
.. _searxng.sh:
|
||||
|
||||
====================
|
||||
``utils/searxng.sh``
|
||||
====================
|
||||
|
||||
.. sidebar:: further reading
|
||||
|
||||
- :ref:`architecture`
|
||||
- :ref:`installation`
|
||||
- :ref:`installation nginx`
|
||||
- :ref:`installation apache`
|
||||
|
||||
To simplify the installation and maintenance of a SearXNG instance you can use the
|
||||
script :origin:`utils/searxng.sh`.
|
||||
|
||||
Install
|
||||
=======
|
||||
|
||||
In most cases you will install SearXNG simply by running the command:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
sudo -H ./utils/searx.sh install all
|
||||
|
||||
The installation is described in chapter :ref:`installation basic`.
|
||||
|
||||
.. _searxng.sh overview:
|
||||
|
||||
Overview
|
||||
========
|
||||
|
||||
The ``--help`` output of the script is largely self-explanatory:
|
||||
|
||||
.. program-output:: ../utils/searxng.sh --help
|
@ -1,207 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
# https://github.com/koalaman/shellcheck/issues/356#issuecomment-853515285
|
||||
# shellcheck source=utils/lib.sh
|
||||
. /dev/null
|
||||
|
||||
# Initialize installation procedures:
|
||||
#
|
||||
# - Modified source_dot_config function that
|
||||
# - loads .config.sh from an existing installation (at SEARX_SRC).
|
||||
# - initialize **SEARX_SRC_INIT_FILES**
|
||||
# - functions like:
|
||||
# - install_log_searx_instance()
|
||||
# - install_searx_get_state()
|
||||
#
|
||||
# usage:
|
||||
# source lib_install.sh
|
||||
#
|
||||
# **Installation scripts**
|
||||
#
|
||||
# The utils/lib_install.sh is sourced by the installations scripts:
|
||||
#
|
||||
# - utils/searx.sh
|
||||
# - utils/morty.sh
|
||||
# - utils/filtron.sh
|
||||
#
|
||||
# If '${SEARX_SRC}/.config.sh' exists, the modified source_dot_config() function
|
||||
# loads this configuration (instead of './.config.sh').
|
||||
|
||||
# **SEARX_SRC_INIT_FILES**
|
||||
#
|
||||
# Array of file names to sync into a installation at $SEARX_SRC. The file names
|
||||
# are relative to the $REPO_ROOT. Set by function init_SEARX_SRC_INIT_FILES().
|
||||
# Most often theses are files like:
|
||||
# - .config.sh
|
||||
# - searx/settings.yml
|
||||
# - utils/brand.env
|
||||
# - ...
|
||||
|
||||
|
||||
SEARX_SRC_INIT_FILES=()
|
||||
|
||||
eval orig_"$(declare -f source_dot_config)"
|
||||
|
||||
source_dot_config() {
|
||||
|
||||
# Modified source_dot_config function that
|
||||
# - loads .config.sh from an existing installation (at SEARX_SRC).
|
||||
# - initialize SEARX_SRC_INIT_FILES
|
||||
|
||||
if [ -z "$eval_SEARX_SRC" ]; then
|
||||
export eval_SEARX_SRC='true'
|
||||
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
|
||||
SEARX_PYENV=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_PYENV)
|
||||
SEARXNG_SETTINGS_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_SETTINGS_PATH)
|
||||
if [ ! -r "${SEARX_SRC}" ]; then
|
||||
info_msg "not yet cloned: ${SEARX_SRC}"
|
||||
orig_source_dot_config
|
||||
return 0
|
||||
fi
|
||||
info_msg "using instance at: ${SEARX_SRC}"
|
||||
|
||||
# set and log DOT_CONFIG
|
||||
if [ -r "${SEARX_SRC}/.config.sh" ]; then
|
||||
info_msg "switching to ${SEARX_SRC}/.config.sh"
|
||||
DOT_CONFIG="${SEARX_SRC}/.config.sh"
|
||||
else
|
||||
info_msg "using local config: ${DOT_CONFIG}"
|
||||
fi
|
||||
init_SEARX_SRC_INIT_FILES
|
||||
fi
|
||||
}
|
||||
|
||||
init_SEARX_SRC_INIT_FILES(){
|
||||
# init environment SEARX_SRC_INIT_FILES
|
||||
|
||||
# Monitor modified files in the working-tree from the local repository, only
|
||||
# if the local file differs to the corresponding file in the instance. Most
|
||||
# often theses are files like:
|
||||
#
|
||||
# - .config.sh
|
||||
# - searx/settings.yml
|
||||
# - utils/brand.env
|
||||
# - ...
|
||||
|
||||
# keep list empty if there is no installation
|
||||
SEARX_SRC_INIT_FILES=()
|
||||
if [ ! -r "$SEARX_SRC" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
local fname
|
||||
local msg=""
|
||||
local _prefix=""
|
||||
if [[ -n ${SUDO_USER} ]]; then
|
||||
_prefix="sudo -u ${SUDO_USER}"
|
||||
fi
|
||||
|
||||
# Monitor local modified files from the repository, only if the local file
|
||||
# differs to the corresponding file in the instance
|
||||
|
||||
while IFS= read -r fname; do
|
||||
if [ -z "$fname" ]; then
|
||||
continue
|
||||
fi
|
||||
if [ -r "${SEARX_SRC}/${fname}" ]; then
|
||||
# diff "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"
|
||||
if ! cmp --silent "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"; then
|
||||
SEARX_SRC_INIT_FILES+=("${fname}")
|
||||
info_msg "local clone (workingtree), modified file: ./$fname"
|
||||
msg="to update use: sudo -H ./utils/searx.sh install init-src"
|
||||
fi
|
||||
fi
|
||||
done <<< "$($_prefix git diff --name-only)"
|
||||
[ -n "$msg" ] && info_msg "$msg"
|
||||
}
|
||||
|
||||
install_log_searx_instance() {
|
||||
|
||||
echo -e "---- SearXNG instance setup ${_BBlue}(status: $(install_searx_get_state))${_creset}"
|
||||
echo -e " SEARXNG_SETTINGS_PATH : ${_BBlue}${SEARXNG_SETTINGS_PATH}${_creset}"
|
||||
echo -e " SEARX_PYENV : ${_BBlue}${SEARX_PYENV}${_creset}"
|
||||
echo -e " SEARX_SRC : ${_BBlue}${SEARX_SRC:-none}${_creset}"
|
||||
echo -e " SEARXNG_URL : ${_BBlue}${SEARXNG_URL:-none}${_creset}"
|
||||
|
||||
if in_container; then
|
||||
# SearXNG is listening on 127.0.0.1 and not available from outside container
|
||||
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
|
||||
echo -e "---- container setup"
|
||||
echo -e " ${_BBlack}HINT:${_creset} SearXNG only listen on loopback device" \
|
||||
"${_BBlack}inside${_creset} the container."
|
||||
for ip in $(global_IPs) ; do
|
||||
if [[ $ip =~ .*:.* ]]; then
|
||||
echo " container (IPv6): [${ip#*|}]"
|
||||
else
|
||||
# IPv4:
|
||||
echo " container (IPv4): ${ip#*|}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
install_searx_get_state(){
|
||||
|
||||
# usage: install_searx_get_state
|
||||
#
|
||||
# Prompts a string indicating the status of the installation procedure
|
||||
#
|
||||
# missing-searx-clone:
|
||||
# There is no clone at ${SEARX_SRC}
|
||||
# missing-searx-pyenv:
|
||||
# There is no pyenv in ${SEARX_PYENV}
|
||||
# installer-modified:
|
||||
# There are files modified locally in the installer (clone),
|
||||
# see ${SEARX_SRC_INIT_FILES} description.
|
||||
# python-installed:
|
||||
# Scripts can be executed in instance's environment
|
||||
# - user: ${SERVICE_USER}
|
||||
# - pyenv: ${SEARX_PYENV}
|
||||
|
||||
if [ -f /etc/searx/settings.yml ]; then
|
||||
err_msg "settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/"
|
||||
fi
|
||||
|
||||
if ! [ -r "${SEARX_SRC}" ]; then
|
||||
echo "missing-searx-clone"
|
||||
return
|
||||
fi
|
||||
if ! [ -f "${SEARX_PYENV}/bin/activate" ]; then
|
||||
echo "missing-searx-pyenv"
|
||||
return
|
||||
fi
|
||||
if ! [ -r "${SEARXNG_SETTINGS_PATH}" ]; then
|
||||
echo "missing-settings"
|
||||
return
|
||||
fi
|
||||
if ! [ ${#SEARX_SRC_INIT_FILES[*]} -eq 0 ]; then
|
||||
echo "installer-modified"
|
||||
return
|
||||
fi
|
||||
echo "python-installed"
|
||||
}
|
||||
|
||||
# Initialization of the installation procedure
|
||||
# --------------------------------------------
|
||||
|
||||
# shellcheck source=utils/brand.env
|
||||
source "${REPO_ROOT}/utils/brand.env"
|
||||
|
||||
# SEARXNG_URL aka PUBLIC_URL: the public URL of the instance (e.g.
|
||||
# "https://example.org/searx"). The value is taken from environment $SEARXNG_URL
|
||||
# in ./utils/brand.env. This variable is a empty string if server.base_url in
|
||||
# the settings.yml is set to 'false'.
|
||||
|
||||
SEARXNG_URL="${SEARXNG_URL:-http://$(uname -n)}"
|
||||
if in_container; then
|
||||
# hint: Linux containers do not have DNS entries, lets use IPs
|
||||
SEARXNG_URL="http://$(primary_ip)"
|
||||
fi
|
||||
PUBLIC_URL="${SEARXNG_URL}"
|
||||
|
||||
source_dot_config
|
||||
|
||||
# shellcheck source=utils/lxc-searx.env
|
||||
source "${REPO_ROOT}/utils/lxc-searx.env"
|
||||
in_container && lxc_set_suite_env
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,129 +0,0 @@
|
||||
[
|
||||
{
|
||||
"name": "roboagent limit",
|
||||
"filters": [
|
||||
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
|
||||
],
|
||||
"limit": 0,
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "botlimit",
|
||||
"filters": [
|
||||
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
|
||||
],
|
||||
"limit": 0,
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "suspiciously frequent IP",
|
||||
"filters": [],
|
||||
"interval": 600,
|
||||
"limit": 30,
|
||||
"aggregations": [
|
||||
"Header:X-Forwarded-For"
|
||||
],
|
||||
"actions":[
|
||||
{"name":"log"}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "search request",
|
||||
"filters": [
|
||||
"Param:q",
|
||||
"Path=^(/|/search)$"
|
||||
],
|
||||
"interval": 61,
|
||||
"limit": 999,
|
||||
"subrules": [
|
||||
{
|
||||
"name": "missing Accept-Language",
|
||||
"filters": ["!Header:Accept-Language"],
|
||||
"limit": 0,
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{"name":"log"},
|
||||
{"name": "block",
|
||||
"params": {"message": "Rate limit exceeded"}}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "suspiciously Connection=close header",
|
||||
"filters": ["Header:Connection=close"],
|
||||
"limit": 0,
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{"name":"log"},
|
||||
{"name": "block",
|
||||
"params": {"message": "Rate limit exceeded"}}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "IP limit",
|
||||
"interval": 61,
|
||||
"limit": 9,
|
||||
"stop": true,
|
||||
"aggregations": [
|
||||
"Header:X-Forwarded-For"
|
||||
],
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "rss/json limit",
|
||||
"filters": [
|
||||
"Param:format=(csv|json|rss)"
|
||||
],
|
||||
"interval": 121,
|
||||
"limit": 2,
|
||||
"stop": true,
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "useragent limit",
|
||||
"interval": 61,
|
||||
"limit": 199,
|
||||
"aggregations": [
|
||||
"Header:User-Agent"
|
||||
],
|
||||
"actions": [
|
||||
{ "name": "log"},
|
||||
{ "name": "block",
|
||||
"params": {
|
||||
"message": "Rate limit exceeded"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
@ -1,28 +0,0 @@
|
||||
# -*- coding: utf-8; mode: apache -*-
|
||||
|
||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
|
||||
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||
|
||||
# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog
|
||||
# CustomLog /dev/null combined env=dontlog
|
||||
|
||||
<Location ${PUBLIC_URL_PATH_MORTY} >
|
||||
|
||||
<IfModule mod_security2.c>
|
||||
SecRuleEngine Off
|
||||
</IfModule>
|
||||
|
||||
Require all granted
|
||||
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||
Allow from all
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyPass http://${MORTY_LISTEN}
|
||||
RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
|
||||
|
||||
</Location>
|
@ -0,0 +1,41 @@
|
||||
# -*- coding: utf-8; mode: apache -*-
|
||||
|
||||
LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so
|
||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
|
||||
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||
#
|
||||
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
|
||||
# CustomLog /dev/null combined env=dontlog
|
||||
|
||||
<Location ${SEARXNG_URL_PATH}>
|
||||
|
||||
Require all granted
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||
Allow from all
|
||||
|
||||
# add the trailing slash
|
||||
RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyPass http://${SEARXNG_INTERNAL_HTTP}
|
||||
|
||||
# see flaskfix.py
|
||||
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
|
||||
RequestHeader set X-Script-Name ${SEARXNG_URL_PATH}
|
||||
|
||||
# see limiter.py
|
||||
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
|
||||
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
|
||||
|
||||
</Location>
|
||||
|
||||
# uWSGI serves the static files and in settings.yml we use::
|
||||
#
|
||||
# ui:
|
||||
# static_use_hash: true
|
||||
#
|
||||
# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/
|
@ -1,33 +0,0 @@
|
||||
# -*- coding: utf-8; mode: apache -*-
|
||||
|
||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
|
||||
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||
|
||||
# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog
|
||||
# CustomLog /dev/null combined env=dontlog
|
||||
|
||||
# SecRuleRemoveById 981054
|
||||
# SecRuleRemoveById 981059
|
||||
# SecRuleRemoveById 981060
|
||||
# SecRuleRemoveById 950907
|
||||
|
||||
<Location ${FILTRON_URL_PATH} >
|
||||
|
||||
<IfModule mod_security2.c>
|
||||
SecRuleEngine Off
|
||||
</IfModule>
|
||||
|
||||
Require all granted
|
||||
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||
Allow from all
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyPass http://${FILTRON_LISTEN}
|
||||
RequestHeader set X-Script-Name ${FILTRON_URL_PATH}
|
||||
|
||||
</Location>
|
@ -0,0 +1,41 @@
|
||||
# -*- coding: utf-8; mode: apache -*-
|
||||
|
||||
LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so
|
||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
|
||||
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||
#
|
||||
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
|
||||
# CustomLog /dev/null combined env=dontlog
|
||||
|
||||
<Location ${SEARXNG_URL_PATH}>
|
||||
|
||||
Require all granted
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||
Allow from all
|
||||
|
||||
# add the trailing slash
|
||||
RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyPass unix:${SEARXNG_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searxng/
|
||||
|
||||
# see flaskfix.py
|
||||
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
|
||||
RequestHeader set X-Script-Name ${SEARXNG_URL_PATH}
|
||||
|
||||
# see limiter.py
|
||||
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
|
||||
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
|
||||
|
||||
</Location>
|
||||
|
||||
# uWSGI serves the static files and in settings.yml we use::
|
||||
#
|
||||
# ui:
|
||||
# static_use_hash: true
|
||||
#
|
||||
# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/
|
@ -1,27 +0,0 @@
|
||||
# -*- coding: utf-8; mode: apache -*-
|
||||
|
||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
|
||||
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||
|
||||
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
|
||||
# CustomLog /dev/null combined env=dontlog
|
||||
|
||||
<Location ${SEARXNG_URL_PATH}>
|
||||
|
||||
<IfModule mod_security2.c>
|
||||
SecRuleEngine Off
|
||||
</IfModule>
|
||||
|
||||
Require all granted
|
||||
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||
Allow from all
|
||||
|
||||
ProxyPreserveHost On
|
||||
ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/
|
||||
|
||||
</Location>
|
@ -1,11 +0,0 @@
|
||||
# https://example.org/morty
|
||||
|
||||
location /morty {
|
||||
proxy_pass http://127.0.0.1:3000/;
|
||||
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header Connection \$http_connection;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme \$scheme;
|
||||
}
|
@ -1,16 +1,29 @@
|
||||
# https://example.org/searx
|
||||
|
||||
location ${SEARXNG_URL_PATH} {
|
||||
proxy_pass http://127.0.0.1:4004/;
|
||||
|
||||
proxy_pass http://${SEARXNG_INTERNAL_HTTP};
|
||||
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header Connection \$http_connection;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
|
||||
# see flaskfix.py
|
||||
proxy_set_header X-Scheme \$scheme;
|
||||
proxy_set_header X-Script-Name ${SEARXNG_URL_PATH};
|
||||
}
|
||||
|
||||
location ${SEARXNG_URL_PATH}/static/ {
|
||||
alias ${SEARX_SRC}/searx/static/;
|
||||
# see limiter.py
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
|
||||
# proxy_buffering off;
|
||||
# proxy_request_buffering off;
|
||||
# proxy_buffer_size 8k;
|
||||
|
||||
}
|
||||
|
||||
# uWSGI serves the static files and in settings.yml we use::
|
||||
#
|
||||
# ui:
|
||||
# static_use_hash: true
|
||||
#
|
||||
# location ${SEARXNG_URL_PATH}/static/ {
|
||||
# alias ${SEARXNG_STATIC}/;
|
||||
# }
|
@ -0,0 +1,26 @@
|
||||
location ${SEARXNG_URL_PATH} {
|
||||
|
||||
uwsgi_pass unix://${SEARXNG_UWSGI_SOCKET};
|
||||
|
||||
include uwsgi_params;
|
||||
|
||||
uwsgi_param HTTP_HOST \$host;
|
||||
uwsgi_param HTTP_CONNECTION \$http_connection;
|
||||
|
||||
# see flaskfix.py
|
||||
uwsgi_param HTTP_X_SCHEME \$scheme;
|
||||
uwsgi_param HTTP_X_SCRIPT_NAME ${SEARXNG_URL_PATH};
|
||||
|
||||
# see limiter.py
|
||||
uwsgi_param HTTP_X_REAL_IP \$remote_addr;
|
||||
uwsgi_param HTTP_X_FORWARDED_FOR \$proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
# uWSGI serves the static files and in settings.yml we use::
|
||||
#
|
||||
# ui:
|
||||
# static_use_hash: true
|
||||
#
|
||||
# location ${SEARXNG_URL_PATH}/static/ {
|
||||
# alias ${SEARXNG_STATIC}/;
|
||||
# }
|
Loading…
Reference in New Issue