blob42
/
searxng
forked from Archives/searxng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1332 from return42/searxng-install

Browse Source 
Upgrade installation scripts and documentation
dependabot/pip/master/sphinx-6.1.3
Markus Heiser 2 years ago committed by GitHub
parent 0cf5310933 e5323b8aa2
commit 645c2a2ca1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
62 changed files with 2210 additions and 4190 deletions
Show Stats Download Patch File Download Diff File

52
.config.sh
Unescape Escape View File

@ -1,52 +0,0 @@
# -*- coding: utf-8; mode: sh -*-
# SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck shell=bash disable=SC2034
#
# This file should be edited only ones just before the installation of any
# service is done. After the installation of the searx service a copy of this
# file is placed into the $SEARX_SRC of the instance, e.g.::
#
# /usr/local/searx/searx-src/.config.sh
#
# .. hint::
#
# Before you change a value here, You have to fully uninstall any previous
# installation of searx, morty and filtron services!
# utils/searx.sh
# --------------
# The setup of the SearXNG instance is done in the settings.yml
# (SEARXNG_SETTINGS_PATH). Read the remarks in [1] carefully and don't forget to
# rebuild instance's environment (make buildenv) if needed. The settings.yml
# file of an already installed instance is shown by::
#
# $ ./utils/searx.sh --help
# ---- SearXNG instance setup (already installed)
# SEARXNG_SETTINGS_PATH : /etc/searxng/settings.yml
# SEARX_SRC : /usr/local/searx/searx-src
#
# [1] https://docs.searxng.org/admin/engines/settings.html
# utils/filtron.sh
# ----------------
# FILTRON_API="127.0.0.1:4005"
# FILTRON_LISTEN="127.0.0.1:4004"
# utils/morty.sh
# --------------
# morty listen address
# MORTY_LISTEN="127.0.0.1:3000"
# PUBLIC_URL_PATH_MORTY="/morty/"
# system services
# ---------------
# Common $HOME folder of the service accounts
# SERVICE_HOME_BASE="/usr/local"
# **experimental**: Set SERVICE_USER to run all services by one account, but be
# aware that removing discrete components might conflict!
# SERVICE_USER=searx

2
.github/workflows/data-update.yml vendored
Unescape Escape View File

@ -26,7 +26,7 @@ jobs:
- name: Install Ubuntu packages - name: Install Ubuntu packages
run: | run: |
sudo ./utils/searx.sh install packages sudo ./utils/searxng.sh install packages
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v2 uses: actions/setup-python@v2

6
.github/workflows/integration.yml vendored
Unescape Escape View File

@ -19,7 +19,7 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Install Ubuntu packages - name: Install Ubuntu packages
run: | run: |
sudo ./utils/searx.sh install packages sudo ./utils/searxng.sh install packages
sudo apt install firefox sudo apt install firefox
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v2 uses: actions/setup-python@v2
@ -55,7 +55,7 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Install Ubuntu packages - name: Install Ubuntu packages
run: sudo ./utils/searx.sh install buildhost run: sudo ./utils/searxng.sh install buildhost
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:
@ -82,7 +82,7 @@ jobs:
fetch-depth: '0' fetch-depth: '0'
persist-credentials: false persist-credentials: false
- name: Install Ubuntu packages - name: Install Ubuntu packages
run: sudo ./utils/searx.sh install buildhost run: sudo ./utils/searxng.sh install buildhost
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v2 uses: actions/setup-python@v2
with: with:

5
Makefile
Unescape Escape View File

@ -59,17 +59,16 @@ test.shell:
utils/brand.env \ utils/brand.env \
$(MTOOLS) \ $(MTOOLS) \
utils/lib.sh \ utils/lib.sh \
utils/lib_install.sh \
utils/lib_nvm.sh \ utils/lib_nvm.sh \
utils/lib_static.sh \ utils/lib_static.sh \
utils/lib_go.sh \ utils/lib_go.sh \
utils/lib_redis.sh \ utils/lib_redis.sh \
utils/filtron.sh \ utils/filtron.sh \
utils/searx.sh \ utils/searx.sh \
utils/searxng.sh \
utils/morty.sh \ utils/morty.sh \
utils/lxc.sh \ utils/lxc.sh \
utils/lxc-searx.env \ utils/lxc-searxng.env
.config.sh
$(Q)$(MTOOLS) build_msg TEST "$@ OK" $(Q)$(MTOOLS) build_msg TEST "$@ OK"

39
docs/admin/arch_public.dot
Unescape Escape View File

@ -1,33 +1,30 @@
digraph G { digraph G {
node [style=filled, shape=box, fillcolor="#ffffcc", fontname="Sans"]; node [style=filled, shape=box, fillcolor="#ffffcc", fontname=Sans];
edge [fontname="Sans"]; edge [fontname="Sans"];
browser [label="Browser", shape=Mdiamond]; browser [label="browser", shape=tab, fillcolor=aliceblue];
rp [label="Reverse Proxy", href="https://docs.searxng.org/utils/filtron.sh.html#public-reverse-proxy"]; rp [label="reverse proxy"];
filtron [label="Filtron", href="https://docs.searxng.org/utils/filtron.sh.html"]; static [label="static files", shape=folder, href="url to configure static files", fillcolor=lightgray];
morty [label="Morty", href="https://docs.searxng.org/utils/morty.sh.html"]; uwsgi [label="uwsgi", shape=parallelogram href="https://docs.searxng.org/utils/searx.sh.html"]
static [label="Static files", href="url to configure static files"]; redis [label="redis DB", shape=cylinder];
uwsgi [label="uwsgi", href="https://docs.searxng.org/utils/searx.sh.html"] searxng1 [label="SearXNG #1", fontcolor=blue3];
searx1 [label="Searx #1"]; searxng2 [label="SearXNG #2", fontcolor=blue3];
searx2 [label="Searx #2"]; searxng3 [label="SearXNG #3", fontcolor=blue3];
searx3 [label="Searx #3"]; searxng4 [label="SearXNG #4", fontcolor=blue3];
searx4 [label="Searx #4"];
browser -> rp [label="HTTPS"] browser -> rp [label="HTTPS"]
subgraph cluster_searx { subgraph cluster_searxng {
label = "Searx instance" fontname="Sans"; label = "SearXNG instance" fontname=Sans;
bgcolor="#fafafa"; bgcolor="#fafafa";
{ rank=same; static rp }; { rank=same; static rp };
rp -> morty [label="optional: images and HTML pages proxy"]; rp -> static [label="optional: reverse proxy serves static files", fillcolor=slategray, fontcolor=slategray];
rp -> static [label="optional: reverse proxy serves directly static files"]; rp -> uwsgi [label="http:// (tcp) or unix:// (socket)"];
rp -> filtron [label="HTTP"]; uwsgi -> searxng1 -> redis;
filtron -> uwsgi [label="HTTP"]; uwsgi -> searxng2 -> redis;
uwsgi -> searx1; uwsgi -> searxng3 -> redis;
uwsgi -> searx2; uwsgi -> searxng4 -> redis;
uwsgi -> searx3;
uwsgi -> searx4;
} }
} }

20
docs/admin/architecture.rst
Unescape Escape View File

@ -8,17 +8,19 @@ Architecture
- Reverse Proxy: :ref:`Apache <apache searxng site>` & :ref:`nginx <nginx - Reverse Proxy: :ref:`Apache <apache searxng site>` & :ref:`nginx <nginx
searxng site>` searxng site>`
- Filtron: :ref:`searxng filtron`
- Morty: :ref:`searxng morty`
- uWSGI: :ref:`searxng uwsgi` - uWSGI: :ref:`searxng uwsgi`
- SearXNG: :ref:`installation basic` - SearXNG: :ref:`installation basic`
Herein you will find some hints and suggestions about typical architectures of Herein you will find some hints and suggestions about typical architectures of
SearXNG infrastructures. SearXNG infrastructures.
We start with a contribution from :pull-searx:`@dalf <1776#issuecomment-567917320>`. .. _architecture uWSGI:
It shows a *reference* setup for public SearXNG instances which can build up and
maintained by the scripts from our :ref:`toolboxing`. uWSGI Setup
===========
We start with a *reference* setup for public SearXNG instances which can be build
up and maintained by the scripts from our :ref:`toolboxing`.
.. _arch public: .. _arch public:
@ -26,3 +28,11 @@ maintained by the scripts from our :ref:`toolboxing`.
:alt: arch_public.dot :alt: arch_public.dot
Reference architecture of a public SearXNG setup. Reference architecture of a public SearXNG setup.
The reference installation activates ``server.limiter``, ``server.image_proxy``
and ``ui.static_use_hash`` (:origin:`/etc/searxng/settings.yml
<utils/templates/etc/searxng/settings.yml>`)
.. literalinclude:: ../../utils/templates/etc/searxng/settings.yml
:language: yaml
:end-before: # preferences:

8
docs/admin/buildhosts.rst
Unescape Escape View File

@ -15,19 +15,19 @@ Buildhosts
:backlinks: entry :backlinks: entry
To get best results from build, its recommend to install additional packages To get best results from build, its recommend to install additional packages
on build hosts (see :ref:`searx.sh`).:: on build hosts (see :ref:`searxng.sh`).::
sudo -H ./utils/searx.sh install buildhost sudo -H ./utils/searxng.sh install buildhost
This will install packages needed by searx: This will install packages needed by searx:
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START distro-packages :start-after: START distro-packages
:end-before: END distro-packages :end-before: END distro-packages
and packages needed to build docuemtation and run tests: and packages needed to build docuemtation and run tests:
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START build-packages :start-after: START build-packages
:end-before: END build-packages :end-before: END build-packages

8
docs/admin/engines/nosql-engines.rst
Unescape Escape View File

@ -42,11 +42,11 @@ Extra Dependencies
For using :ref:`engine redis_server` or :ref:`engine mongodb` you need to For using :ref:`engine redis_server` or :ref:`engine mongodb` you need to
install additional packages in Python's Virtual Environment of your SearXNG install additional packages in Python's Virtual Environment of your SearXNG
instance. To switch into the environment (:ref:`searx-src`) you can use instance. To switch into the environment (:ref:`searxng-src`) you can use
:ref:`searx.sh`:: :ref:`searxng.sh`::
$ sudo utils/searx.sh shell $ sudo utils/searxng.sh instance cmd bash
(searx-pyenv)$ pip install ... (searxng-pyenv)$ pip install ...
.. _engine redis_server: .. _engine redis_server:

13
docs/admin/engines/settings.rst
Unescape Escape View File

@ -207,10 +207,14 @@ Global Settings
``secret_key`` : ``$SEARXNG_SECRET`` ``secret_key`` : ``$SEARXNG_SECRET``
Used for cryptography purpose. Used for cryptography purpose.
.. _limiter:
``limiter`` : ``limiter`` :
Rate limit the number of request on the instance, block some bots. The Rate limit the number of request on the instance, block some bots. The
:ref:`limiter plugin` requires a :ref:`settings redis` database. :ref:`limiter plugin` requires a :ref:`settings redis` database.
.. _image_proxy:
``image_proxy`` : ``image_proxy`` :
Allow your instance of SearXNG of being able to proxy images. Uses memory space. Allow your instance of SearXNG of being able to proxy images. Uses memory space.
@ -225,9 +229,13 @@ Global Settings
``ui:`` ``ui:``
------- -------
.. _cache busting:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#caching_static_assets_with_cache_busting
.. code:: yaml .. code:: yaml
ui: ui:
static_use_hash: false
default_locale: "" default_locale: ""
query_in_title: false query_in_title: false
infinite_scroll: false infinite_scroll: false
@ -236,6 +244,11 @@ Global Settings
theme_args: theme_args:
simple_style: auto simple_style: auto
.. _static_use_hash:
``static_use_hash`` :
Enables `cache busting`_ of static files.
``default_locale`` : ``default_locale`` :
SearXNG interface language. If blank, the locale is detected by using the SearXNG interface language. If blank, the locale is detected by using the
browser language. If it doesn't work, or you are deploying a language browser language. If it doesn't work, or you are deploying a language

8
docs/admin/engines/sql-engines.rst
Unescape Escape View File

@ -98,11 +98,11 @@ Extra Dependencies
For using :ref:`engine postgresql` or :ref:`engine mysql_server` you need to For using :ref:`engine postgresql` or :ref:`engine mysql_server` you need to
install additional packages in Python's Virtual Environment of your SearXNG install additional packages in Python's Virtual Environment of your SearXNG
instance. To switch into the environment (:ref:`searx-src`) you can use instance. To switch into the environment (:ref:`searxng-src`) you can use
:ref:`searx.sh`:: :ref:`searxng.sh`::
$ sudo utils/searx.sh shell $ sudo utils/searxng.sh instance cmd bash
(searx-pyenv)$ pip install ... (searxng-pyenv)$ pip install ...
.. _engine postgresql: .. _engine postgresql:

193
docs/admin/filtron.rst
Unescape Escape View File

@ -1,193 +0,0 @@
.. _searxng filtron:
==========================
How to protect an instance
==========================
.. tip::
To protect your instance a installation of filtron (as described here) is no
longer needed, alternatively activate the :ref:`limiter plugin` in your
``settings.yml``. Note that the :ref:`limiter plugin` requires a :ref:`Redis
<settings redis>` database.
.. sidebar:: further reading
- :ref:`filtron.sh`
- :ref:`nginx searxng site`
.. _filtron: https://github.com/searxng/filtron
SearXNG depends on external search services. To avoid the abuse of these services
it is advised to limit the number of requests processed by SearXNG.
An application firewall, filtron_ solves exactly this problem. Filtron is just
a middleware between your web server (nginx, apache, ...) and searx, we describe
such infrastructures in chapter: :ref:`architecture`.
filtron & go
============
.. _Go: https://golang.org/
.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md
Filtron needs Go_ installed. If Go_ is preinstalled, filtron_ is simply
installed by ``go get`` package management (see `filtron README`_). If you use
filtron as middleware, a more isolated setup is recommended. To simplify such
an installation and the maintenance of, use our script :ref:`filtron.sh`.
.. _Sample configuration of filtron:
Sample configuration of filtron
===============================
.. sidebar:: Tooling box
- :origin:`/etc/filtron/rules.json <utils/templates/etc/filtron/rules.json>`
An example configuration can be find below. This configuration limits the access
of:
- scripts or applications (roboagent limit)
- webcrawlers (botlimit)
- IPs which send too many requests (IP limit)
- too many json, csv, etc. requests (rss/json limit)
- the same UserAgent of if too many requests (useragent limit)
.. code:: json
[
{
"name": "search request",
"filters": [
"Param:q",
"Path=^(/|/search)$"
],
"interval": "<time-interval-in-sec (int)>",
"limit": "<max-request-number-in-interval (int)>",
"subrules": [
{
"name": "missing Accept-Language",
"filters": ["!Header:Accept-Language"],
"limit": "<max-request-number-in-interval (int)>",
"stop": true,
"actions": [
{"name":"log"},
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "suspiciously Connection=close header",
"filters": ["Header:Connection=close"],
"limit": "<max-request-number-in-interval (int)>",
"stop": true,
"actions": [
{"name":"log"},
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "IP limit",
"interval": "<time-interval-in-sec (int)>",
"limit": "<max-request-number-in-interval (int)>",
"stop": true,
"aggregations": [
"Header:X-Forwarded-For"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "rss/json limit",
"filters": [
"Param:format=(csv|json|rss)"
],
"interval": "<time-interval-in-sec (int)>",
"limit": "<max-request-number-in-interval (int)>",
"stop": true,
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "useragent limit",
"interval": "<time-interval-in-sec (int)>",
"limit": "<max-request-number-in-interval (int)>",
"aggregations": [
"Header:User-Agent"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
}
]
}
]
.. _filtron route request:
Route request through filtron
=============================
.. sidebar:: further reading
- :ref:`filtron.sh overview`
- :ref:`installation nginx`
- :ref:`installation apache`
Filtron can be started using the following command:
.. code:: sh
$ filtron -rules rules.json
It listens on ``127.0.0.1:4004`` and forwards filtered requests to
``127.0.0.1:8888`` by default.
Use it along with ``nginx`` with the following example configuration.
.. code:: nginx
# https://example.org/searx
location /searx {
proxy_pass http://127.0.0.1:4004/;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
}
location /searx/static {
/usr/local/searx/searx-src/searx/static;
}
Requests are coming from port 4004 going through filtron and then forwarded to
port 8888 where a SearXNG is being run. For a complete setup see: :ref:`nginx
searxng site`.

6
docs/admin/index.rst
Unescape Escape View File

@ -7,17 +7,15 @@ Administrator documentation
:caption: Contents :caption: Contents
installation installation
installation-docker
installation-scripts
installation-searxng installation-searxng
installation-uwsgi installation-uwsgi
installation-nginx installation-nginx
installation-apache installation-apache
installation-docker
installation-switch2ng
update-searxng update-searxng
engines/index engines/index
api api
architecture architecture
filtron
morty
plugins plugins
buildhosts buildhosts

429
docs/admin/installation-apache.rst
Unescape Escape View File

@ -1,13 +1,13 @@
.. _installation apache: .. _installation apache:
=================== ======
Install with apache Apache
=================== ======
.. _Apache: https://httpd.apache.org/ .. _Apache: https://httpd.apache.org/
.. _Apache Debian: .. _Apache Debian:
https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x): https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x):
.. _README.Debian: .. _apache2.README.Debian:
https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian
.. _Apache Arch Linux: .. _Apache Arch Linux:
https://wiki.archlinux.org/index.php/Apache_HTTP_Server https://wiki.archlinux.org/index.php/Apache_HTTP_Server
@ -23,7 +23,9 @@ Install with apache
https://httpd.apache.org/docs/current/en/configuring.html https://httpd.apache.org/docs/current/en/configuring.html
.. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost .. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost
.. _LoadModule: .. _LoadModule:
https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule https://httpd.apache.org/docs/mod/mod_so.html#loadmodule
.. _IncludeOptional:
https://httpd.apache.org/docs/mod/core.html#includeoptional
.. _DocumentRoot: .. _DocumentRoot:
https://httpd.apache.org/docs/trunk/mod/core.html#documentroot https://httpd.apache.org/docs/trunk/mod/core.html#documentroot
.. _Location: .. _Location:
@ -32,11 +34,30 @@ Install with apache
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
.. _mod_proxy_uwsgi: .. _mod_proxy_uwsgi:
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
.. _mod_proxy_http:
https://httpd.apache.org/docs/current/mod/mod_proxy_http.html
.. _mod_proxy:
https://httpd.apache.org/docs/current/mod/mod_proxy.html
This section explains how to set up a SearXNG instance using the HTTP server Apache_.
If you did use the :ref:`installation scripts` and do not have any special preferences
you can install the :ref:`SearXNG site <apache searxng site>` using
:ref:`searxng.sh <searxng.sh overview>`:
.. code:: bash
$ sudo -H ./utils/searxng.sh install apache
If you have special interests or problems with setting up Apache, the following
section might give you some guidance.
.. sidebar:: further read .. sidebar:: further read
- `Apache Arch Linux`_ - `Apache Arch Linux`_
- `Apache Debian`_ and `README.Debian`_ - `Apache Debian`_
- `apache2.README.Debian`_
- `Apache Fedora`_ - `Apache Fedora`_
- `Apache directives`_ - `Apache directives`_
@ -45,23 +66,8 @@ Install with apache
:local: :local:
:backlinks: entry :backlinks: entry
----
**Install** :ref:`apache searxng site` using :ref:`filtron.sh <filtron.sh overview>`
.. code:: bash
$ sudo -H ./utils/filtron.sh apache install
**Install** :ref:`apache searxng site` using :ref:`morty.sh <morty.sh overview>`
.. code:: bash
$ sudo -H ./utils/morty.sh apache install The Apache HTTP server
----
The apache HTTP server
====================== ======================
If Apache_ is not installed, install it now. If apache_ is new to you, the If Apache_ is not installed, install it now. If apache_ is new to you, the
@ -73,13 +79,13 @@ Directives`_ documentation gives first orientation. There is also a list of
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh .. code:: bash
sudo -H apt-get install apache2 sudo -H apt-get install apache2
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. code:: sh .. code:: bash
sudo -H pacman -S apache sudo -H pacman -S apache
sudo -H systemctl enable httpd sudo -H systemctl enable httpd
@ -87,21 +93,21 @@ Directives`_ documentation gives first orientation. There is also a list of
.. group-tab:: Fedora / RHEL .. group-tab:: Fedora / RHEL
.. code:: sh .. code:: bash
sudo -H dnf install httpd sudo -H dnf install httpd
sudo -H systemctl enable httpd sudo -H systemctl enable httpd
sudo -H systemctl start httpd sudo -H systemctl start httpd
Now at http://localhost you should see any kind of *Welcome* or *Test* page. Now at http://localhost you should see some kind of *Welcome* or *Test* page.
How this default intro site is configured, depends on the linux distribution How this default site is configured, depends on the linux distribution
(compare `Apache directives`_). (compare `Apache directives`_).
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh .. code:: bash
less /etc/apache2/sites-enabled/000-default.conf less /etc/apache2/sites-enabled/000-default.conf
@ -115,7 +121,7 @@ How this default intro site is configured, depends on the linux distribution
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. code:: sh .. code:: bash
less /etc/httpd/conf/httpd.conf less /etc/httpd/conf/httpd.conf
@ -130,8 +136,8 @@ How this default intro site is configured, depends on the linux distribution
Require all granted Require all granted
</Directory> </Directory>
The *welcome* page of Arch Linux is a page showing directory located at The *welcome* page of Arch Linux is a page showing the directory located
``DocumentRoot``. This is *directory* page is generated by the Module at ``DocumentRoot``. This *directory* page is generated by the Module
`mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_: `mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_:
.. code:: apache .. code:: apache
@ -142,7 +148,7 @@ How this default intro site is configured, depends on the linux distribution
.. group-tab:: Fedora / RHEL .. group-tab:: Fedora / RHEL
.. code:: sh .. code:: bash
less /etc/httpd/conf/httpd.conf less /etc/httpd/conf/httpd.conf
@ -163,323 +169,204 @@ How this default intro site is configured, depends on the linux distribution
less /etc/httpd/conf.d/welcome.conf less /etc/httpd/conf.d/welcome.conf
.. _apache searxng site:
Apache Reverse Proxy .. _Debian's Apache layout:
====================
.. sidebar:: public to the internet? Debian's Apache layout
----------------------
If your SearXNG instance is public, stop here and first install :ref:`filtron Be aware, Debian's Apache layout is quite different from the standard Apache
reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see configuration. For details look at the apache2.README.Debian_
:ref:`installation scripts`. If already done, follow setup: *SearXNG via (``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
filtron plus morty*. Debian:
To setup a Apache revers proxy you have to enable the *headers* and *proxy* * :man:`apache2ctl`: Apache HTTP server control interface
modules and create a `Location`_ configuration for the SearXNG site. In most * :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
distributions you have to un-comment the lines in the main configuration file, * :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
except in :ref:`The Debian Layout`. * :man:`a2ensite`, :man:`a2dissite`: switch on/off sites
.. _apache modules:
Apache modules
--------------
To load additional modules, in most distributions you have to un-comment the
lines with the corresponding LoadModule_ directive, except in :ref:`Debian's
Apache layout`.
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
In the Apache setup, enable headers and proxy modules: :ref:`Debian's Apache layout` uses :man:`a2enmod` and :man:`a2dismod` to
activate or disable modules:
.. code:: sh .. code:: bash
sudo -H a2enmod ssl
sudo -H a2enmod headers sudo -H a2enmod headers
sudo -H a2enmod proxy sudo -H a2enmod proxy
sudo -H a2enmod proxy_http sudo -H a2enmod proxy_http
sudo -H a2enmod proxy_uwsgi
In :ref:`The Debian Layout` you create a ``searxng.conf`` with the
``<Location /searx >`` directive and save this file in the *sites
available* folder at ``/etc/apache2/sites-available``. To enable the
``searxng.conf`` use :man:`a2ensite`:
.. code:: sh
sudo -H a2ensite searxng.conf
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy In the ``/etc/httpd/conf/httpd.conf`` file, activate LoadModule_
modules (LoadModule_): directives:
.. code:: apache .. code:: apache
FIXME needs test LoadModule ssl_module modules/mod_ssl.so
LoadModule headers_module modules/mod_headers.so
LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
.. group-tab:: Fedora / RHEL .. group-tab:: Fedora / RHEL
In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy In the ``/etc/httpd/conf/httpd.conf`` file, activate LoadModule_
modules (LoadModule_): directives:
.. code:: apache .. code:: apache
FIXME needs test LoadModule ssl_module modules/mod_ssl.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the .. _apache sites:
proxied host.
.. _apache searxng via filtron plus morty: Apache sites
------------
.. tabs::
.. group-tab:: SearXNG via filtron plus morty
Use this setup, if your instance is public to the internet, compare
figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
*localhost 4004* (:ref:`filtron route request`):
.. code:: apache
<Location /searx >
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
Require all granted
Order deny,allow
Deny from all
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass http://127.0.0.1:4004
RequestHeader set X-Script-Name /searx
</Location>
2. Configure reverse proxy for :ref:`morty <searxng morty>`, listening on
*localhost 3000*
.. code:: apache
ProxyPreserveHost On
<Location /morty >
# SetEnvIf Request_URI "/morty" dontlog
# CustomLog /dev/null combined env=dontlog
Require all granted
Order deny,allow
Deny from all
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPass http://127.0.0.1:3000
RequestHeader set X-Script-Name /morty
</Location>
For a fully result proxification add :ref:`morty's <searxng morty>` **public
URL** to your :origin:`searx/settings.yml`:
.. code:: yaml
result_proxy:
# replace example.org with your server's public name
url : https://example.org/morty
key : !!binary "insert_your_morty_proxy_key_here"
server:
image_proxy : True
uWSGI support
=============
Be warned, with this setup, your instance isn't :ref:`protected <searxng
filtron>`, nevertheless it is good enough for intranet usage. In modern Linux
distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache
package and you need to install only the :ref:`uWSGI <searxng uwsgi>` package:
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh In :ref:`Debian's Apache layout` you create a ``searxng.conf`` with the
``<Location /searxng >`` directive and save this file in the *sites
available* folder at ``/etc/apache2/sites-available``. To enable the
``searxng.conf`` use :man:`a2ensite`:
sudo -H apt-get install uwsgi .. code:: bash
# Ubuntu =< 18.04 sudo -H a2ensite searxng.conf
sudo -H apt-get install libapache2-mod-proxy-uwsgi
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. code:: sh In the ``/etc/httpd/conf/httpd.conf`` file add a IncludeOptional_
directive:
sudo -H pacman -S uwsgi
.. group-tab:: Fedora / RHEL
.. code:: sh
sudo -H dnf install uwsgi
The next example shows a configuration using the `uWSGI Apache support`_ via
unix sockets and `mod_proxy_uwsgi`_.
For socket communication, you have to activate ``socket =
/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888``
configuration in your :ref:`uwsgi ini file <uwsgi configuration>`. If not
already exists, create a folder for the unix sockets, which can be used by the
SearXNG account (see :ref:`create searxng user`):
.. code:: bash
sudo -H mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
If the server is public; to limit access to your intranet replace ``Allow from
all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class.
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: apache .. code:: apache
LoadModule headers_module /usr/lib/apache2/mod_headers.so IncludeOptional sites-enabled/*.conf
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx> Create two folders, one for the *available sites* and one for the *enabled sites*:
Require all granted .. code:: bash
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On mkdir -p /etc/httpd/sites-available
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ mkdir -p /etc/httpd/sites-enabled
</Location> Create configuration at ``/etc/httpd/sites-available`` and place a
symlink to ``sites-enabled``:
.. group-tab:: Arch Linux .. code:: bash
.. code:: apache
FIXME needs test sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
/etc/httpd/sites-enabled/searxng.conf
LoadModule proxy_module modules/mod_proxy.so .. group-tab:: Fedora / RHEL
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx> In the ``/etc/httpd/conf/httpd.conf`` file add a IncludeOptional_
directive:
Require all granted .. code:: apache
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On IncludeOptional sites-enabled/*.conf
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
</Location> Create two folders, one for the *available sites* and one for the *enabled sites*:
.. group-tab:: Fedora / RHEL .. code:: bash
.. code:: apache mkdir -p /etc/httpd/sites-available
mkdir -p /etc/httpd/sites-enabled
FIXME needs test Create configuration at ``/etc/httpd/sites-available`` and place a
symlink to ``sites-enabled``:
LoadModule proxy_module modules/mod_proxy.so .. code:: bash
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
<IfModule proxy_uwsgi_module>
# SetEnvIf Request_URI /searx dontlog sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
# CustomLog /dev/null combined env=dontlog /etc/httpd/sites-enabled/searxng.conf
<Location /searx>
Require all granted .. _apache searxng site:
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On Apache's SearXNG site
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ =====================
</Location> .. _mod_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi
</IfModule> .. sidebar:: uWSGI
.. group-tab:: old mod_wsgi Use mod_proxy_uwsgi_ / don't use the old mod_uwsgi_ anymore.
We show this only for historical reasons, DON'T USE `mod_uwsgi To proxy the incoming requests to the SearXNG instance Apache needs the
<https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_. mod_proxy_ module (:ref:`apache modules`).
ANYMORE!
.. code:: apache .. sidebar:: HTTP headers
<IfModule mod_uwsgi.c> With ProxyPreserveHost_ the incoming ``Host`` header is passed to the proxied
host.
# SetEnvIf Request_URI "/searx" dontlog Depending on what your SearXNG installation is listening on, you need a http
# CustomLog /dev/null combined env=dontlog mod_proxy_http_) or socket (mod_proxy_uwsgi_) communication to upstream.
<Location /searx > The :ref:`installation scripts` installs the :ref:`reference setup
<use_default_settings.yml>` and a :ref:`uwsgi setup` that listens on a socket by default.
You can install and activate your own ``searxng.conf`` like shown in
:ref:`apache sites`.
Require all granted .. tabs::
Options FollowSymLinks Indexes .. group-tab:: socket
SetHandler uwsgi-handler
uWSGISocket /run/uwsgi/app/searx/socket
Order deny,allow .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
Deny from all :start-after: START apache socket
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 :end-before: END apache socket
Allow from all
</Location> .. group-tab:: http
</IfModule> .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START apache http
:end-before: END apache http
.. _restart apache: .. _restart apache:
Restart service Restart service:
===============
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh .. code:: bash
sudo -H systemctl restart apache2 sudo -H systemctl restart apache2
sudo -H service uwsgi restart searx sudo -H service uwsgi restart searxng
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. code:: sh .. code:: bash
sudo -H systemctl restart httpd sudo -H systemctl restart httpd
sudo -H systemctl restart uwsgi@searx sudo -H systemctl restart uwsgi@searxng
.. group-tab:: Fedora / RHEL .. group-tab:: Fedora / RHEL
.. code:: sh .. code:: bash
sudo -H systemctl restart httpd sudo -H systemctl restart httpd
sudo -H touch /etc/uwsgi.d/searxng.ini sudo -H touch /etc/uwsgi.d/searxng.ini
@ -489,27 +376,13 @@ disable logs
============ ============
For better privacy you can disable Apache logs. In the examples above activate For better privacy you can disable Apache logs. In the examples above activate
one of the lines and `restart apache`_:: one of the lines and `restart apache`_:
# SetEnvIf Request_URI "/searx" dontlog .. code:: apache
# CustomLog /dev/null combined env=dontlog
The ``CustomLog`` directive disable logs for the whole (virtual) server, use it SetEnvIf Request_URI "/searxng" dontlog
when the URL of the service does not have a path component (``/searx``) / is # CustomLog /dev/null combined env=dontlog
located at root (``/``).
.. _The Debian Layout: The ``CustomLog`` directive disables logs for the entire (virtual) server, use it
when the URL of the service does not have a path component (``/searxng``), so when
The Debian Layout SearXNG is located at root (``/``).
=================
Be aware that the Debian layout is quite different from the standard Apache
configuration. For details look at the README.Debian_
(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
Debian:
* :man:`apache2ctl`: Apache HTTP server control interface
* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites

59
docs/admin/installation-docker.rst
Unescape Escape View File

@ -1,37 +1,60 @@
.. _installation docker: .. _installation docker:
=================== ================
Docker installation Docker Container
=================== ================
.. _ENTRYPOINT: https://docs.docker.com/engine/reference/builder/#entrypoint .. _ENTRYPOINT: https://docs.docker.com/engine/reference/builder/#entrypoint
.. _searxng/searxng @dockerhub: https://hub.docker.com/r/searxng/searxng
.. _searxng-docker: https://github.com/searxng/searxng-docker .. _searxng-docker: https://github.com/searxng/searxng-docker
.. _[filtron]: https://hub.docker.com/r/dalf/filtron
.. _[morty]: https://hub.docker.com/r/dalf/morty
.. _[caddy]: https://hub.docker.com/_/caddy .. _[caddy]: https://hub.docker.com/_/caddy
.. _Redis: https://redis.io/
----
.. sidebar:: info .. sidebar:: info
- `searxng/searxng @dockerhub`_
- :origin:`Dockerfile` - :origin:`Dockerfile`
- `searxng/searxng @dockerhub <https://hub.docker.com/r/searxng/searxng>`_
- `Docker overview <https://docs.docker.com/get-started/overview>`_ - `Docker overview <https://docs.docker.com/get-started/overview>`_
- `Docker Cheat Sheet <https://www.docker.com/sites/default/files/d8/2019-09/docker-cheat-sheet.pdf>`_ - `Docker Cheat Sheet <https://docs.docker.com/get-started/docker_cheatsheet.pdf>`_
- `Alpine Linux <https://alpinelinux.org>`_ `(wiki) <https://en.wikipedia.org/wiki/Alpine_Linux>`__ `apt packages <https://pkgs.alpinelinux.org/packages>`_ - `Alpine Linux <https://alpinelinux.org>`_
`(wiki) <https://en.wikipedia.org/wiki/Alpine_Linux>`__
`apt packages <https://pkgs.alpinelinux.org/packages>`_
- Alpine's ``/bin/sh`` is :man:`dash` - Alpine's ``/bin/sh`` is :man:`dash`
.. tip:: **If you intend to create a public instance using Docker, use our well maintained
docker container**
- `searxng/searxng @dockerhub`_.
.. sidebar:: hint
The rest of this article is of interest only to those who want to create and
maintain their own Docker images.
The sources are hosted at searxng-docker_ and the container includes:
- a HTTPS reverse proxy `[caddy]`_ and
- a Redis_ DB
The `default SearXNG setup <https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml>`_
of this container:
- enables :ref:`limiter <limiter>` to protect against bots
- enables :ref:`image proxy <image_proxy>` for better privacy
- enables :ref:`cache busting <static_use_hash>` to save bandwith
----
If you intend to create a public instance using Docker, use our well
maintained searxng-docker_ image which includes
- :ref:`protection <searxng filtron>` `[filtron]`_, Get Docker
- a :ref:`result proxy <searxng morty>` `[morty]`_ and ==========
- a HTTPS reverse proxy `[caddy]`_.
Make sure you have `installed Docker <https://docs.docker.com/get-docker/>`_ and If you plan to build and maintain a docker image by yourself, make sure you have
on Linux, don't forget to add your user to the docker group (log out and log `Docker installed <https://docs.docker.com/get-docker/>`_. On Linux don't
back in so that your group membership is re-evaluated): forget to add your user to the docker group (log out and log back in so that
your group membership is re-evaluated):
.. code:: sh .. code:: sh

289
docs/admin/installation-nginx.rst
Unescape Escape View File

@ -1,8 +1,8 @@
.. _installation nginx: .. _installation nginx:
================== =====
Install with nginx NGINX
================== =====
.. _nginx: .. _nginx:
https://docs.nginx.com/nginx/admin-guide/ https://docs.nginx.com/nginx/admin-guide/
@ -19,6 +19,19 @@ Install with nginx
.. _SCRIPT_NAME: .. _SCRIPT_NAME:
https://werkzeug.palletsprojects.com/en/1.0.x/wsgi/#werkzeug.wsgi.get_script_name https://werkzeug.palletsprojects.com/en/1.0.x/wsgi/#werkzeug.wsgi.get_script_name
This section explains how to set up a SearXNG instance using the HTTP server nginx_.
If you have used the :ref:`installation scripts` and do not have any special preferences
you can install the :ref:`SearXNG site <nginx searxng site>` using
:ref:`searxng.sh <searxng.sh overview>`:
.. code:: bash
$ sudo -H ./utils/searxng.sh install nginx
If you have special interests or problems with setting up nginx, the following
section might give you some guidance.
.. sidebar:: further reading .. sidebar:: further reading
- nginx_ - nginx_
@ -27,39 +40,23 @@ Install with nginx
- `Getting Started wiki`_ - `Getting Started wiki`_
- `uWSGI support from nginx`_ - `uWSGI support from nginx`_
.. contents:: Contents .. contents:: Contents
:depth: 2 :depth: 2
:local: :local:
:backlinks: entry :backlinks: entry
----
**Install** :ref:`nginx searxng site` using :ref:`filtron.sh <filtron.sh overview>`
.. code:: bash
$ sudo -H ./utils/filtron.sh nginx install
**Install** :ref:`nginx searxng site` using :ref:`morty.sh <morty.sh overview>`
.. code:: bash
$ sudo -H ./utils/morty.sh nginx install
----
The nginx HTTP server The nginx HTTP server
===================== =====================
If nginx_ is not installed (uwsgi will not work with the package nginx-light), If nginx_ is not installed, install it now.
install it now.
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh .. code:: bash
sudo -H apt-get install nginx sudo -H apt-get install nginx
@ -81,18 +78,18 @@ install it now.
Now at http://localhost you should see a *Welcome to nginx!* page, on Fedora you Now at http://localhost you should see a *Welcome to nginx!* page, on Fedora you
see a *Fedora Webserver - Test Page*. The test page comes from the default see a *Fedora Webserver - Test Page*. The test page comes from the default
`nginx server configuration`_. How this default intro site is configured, `nginx server configuration`_. How this default site is configured,
depends on the linux distribution: depends on the linux distribution:
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh .. code:: bash
less /etc/nginx/nginx.conf less /etc/nginx/nginx.conf
there is a line including site configurations from: There is one line that includes site configurations from:
.. code:: nginx .. code:: nginx
@ -104,7 +101,7 @@ depends on the linux distribution:
less /etc/nginx/nginx.conf less /etc/nginx/nginx.conf
in there is a configuration section named ``server``: There is a configuration section named ``server``:
.. code-block:: nginx .. code-block:: nginx
@ -120,249 +117,121 @@ depends on the linux distribution:
less /etc/nginx/nginx.conf less /etc/nginx/nginx.conf
there is a line including site configurations from: There is one line that includes site configurations from:
.. code:: nginx .. code:: nginx
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
.. _nginx searxng site: .. _nginx searxng site:
A nginx SearXNG site NGINX's SearXNG site
==================== ====================
.. sidebar:: public to the internet? Now you have to create a configuration file (``searxng.conf``) for the SearXNG
site. If nginx_ is new to you, the `nginx beginners guide`_ is a good starting
If your SearXNG instance is public, stop here and first install :ref:`filtron point and the `Getting Started wiki`_ is always a good resource *to keep in the
reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see pocket*.
:ref:`installation scripts`. If already done, follow setup: *SearXNG via
filtron plus morty*.
Now you have to create a configuration for the SearXNG site. If nginx_ is new to Depending on what your SearXNG installation is listening on, you need a http or socket
you, the `nginx beginners guide`_ is a good starting point and the `Getting communication to upstream.
Started wiki`_ is always a good resource *to keep in the pocket*.
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: socket
Create configuration at ``/etc/nginx/sites-available/searxng`` and place a
symlink to sites-enabled:
.. code:: sh
sudo -H ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/searxng
.. group-tab:: Arch Linux
In the ``/etc/nginx/nginx.conf`` file, replace the configuration section .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
named ``server``. :start-after: START nginx socket
:end-before: END nginx socket
.. group-tab:: Fedora / RHEL .. group-tab:: http
Create configuration at ``/etc/nginx/conf.d/searxng`` and place a .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
symlink to sites-enabled: :start-after: START nginx http
:end-before: END nginx http
.. _nginx searxng via filtron plus morty: The :ref:`installation scripts` installs the :ref:`reference setup
<use_default_settings.yml>` and a :ref:`uwsgi setup` that listens on a socket by default.
.. tabs:: .. tabs::
.. group-tab:: SearXNG via filtron plus morty .. group-tab:: Ubuntu / debian
Use this setup, if your instance is public to the internet, compare
figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
*localhost 4004* (:ref:`filtron route request`):
.. code:: nginx
# https://example.org/searx
location /searx {
proxy_pass http://127.0.0.1:4004/;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
}
location /searx/static/ {
alias /usr/local/searx/searx-src/searx/static/;
}
2. Configure reverse proxy for :ref:`morty <searxng morty>`, listening on
*localhost 3000*:
.. code:: nginx
# https://example.org/morty
location /morty {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
}
For a fully result proxification add :ref:`morty's <searxng morty>` **public
URL** to your :origin:`searx/settings.yml`:
.. code:: yaml
result_proxy:
# replace example.org with your server's public name
url : https://example.org/morty
key : !!binary "insert_your_morty_proxy_key_here"
server:
image_proxy : True
.. group-tab:: proxy or uWSGI
Be warned, with this setup, your instance isn't :ref:`protected <searxng
filtron>`. Nevertheless it is good enough for intranet usage and it is a
excellent example of; *how different services can be set up*. The next
example shows a reverse proxy configuration wrapping the :ref:`searx-uWSGI
application <uwsgi configuration>`, listening on ``http =
127.0.0.1:8888``.
.. code:: nginx
# https://hostname.local/ Create configuration at ``/etc/nginx/sites-available/`` and place a
symlink to ``sites-enabled``:
location / { .. code:: bash
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host; sudo -H ln -s /etc/nginx/sites-available/searxng.conf \
proxy_set_header Connection $http_connection; /etc/nginx/sites-enabled/searxng.conf
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_buffering off;
}
Alternatively you can use the `uWSGI support from nginx`_ via unix .. group-tab:: Arch Linux
sockets. For socket communication, you have to activate ``socket =
/run/uwsgi/app/searx/socket`` and comment out the ``http =
127.0.0.1:8888`` configuration in your :ref:`uwsgi ini file <uwsgi
configuration>`.
The example shows a nginx virtual ``server`` configuration, listening on In the ``/etc/nginx/nginx.conf`` file, in the ``server`` section add a
port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at `include <https://nginx.org/en/docs/ngx_core_module.html#include>`_
location ``/`` by importing the `uwsgi_params`_ and passing requests to directive:
the uWSGI socket (``uwsgi_pass``). The ``server``\'s root points to the
:ref:`searx-src clone <searx-src>` and wraps directly the
:origin:`searx/static/` content at ``location /static``.
.. code:: nginx .. code:: nginx
server { server {
# replace hostname.local with your server's name # ...
server_name hostname.local; include /etc/nginx/default.d/*.conf;
# ...
listen 80;
listen [::]:80;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
root /usr/local/searx/searx-src/searx;
location /static { }
} }
If not already exists, create a folder for the unix sockets, which can be Create two folders, one for the *available sites* and one for the *enabled sites*:
used by the SearXNG account:
.. code:: bash .. code:: bash
mkdir -p /run/uwsgi/app/searx/ mkdir -p /etc/nginx/default.d
sudo -H chown -R searx:searx /run/uwsgi/app/searx/ mkdir -p /etc/nginx/default.apps-available
.. group-tab:: \.\. at subdir URL
Be warned, with these setups, your instance isn't :ref:`protected <searxng
filtron>`. The examples are just here to demonstrate how to export the
SearXNG application from a subdirectory URL ``https://example.org/searx/``.
.. code:: nginx
# https://hostname.local/searx
location /searx {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host; Create configuration at ``/etc/nginx/default.apps-available`` and place a
proxy_set_header Connection $http_connection; symlink to ``default.d``:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
proxy_buffering off;
}
location /searx/static/ {
alias /usr/local/searx/searx-src/searx/static/;
}
The ``X-Script-Name /searx`` is needed by the SearXNG implementation to .. code:: bash
calculate relative URLs correct. The next example shows a uWSGI
configuration. Since there are no HTTP headers in a (u)WSGI protocol, the
value is shipped via the SCRIPT_NAME_ in the WSGI environment.
.. code:: nginx sudo -H ln -s /etc/nginx/default.apps-available/searxng.conf \
/etc/nginx/default.d/searxng.conf
# https://hostname.local/searx .. group-tab:: Fedora / RHEL
location /searx { Create a folder for the *available sites*:
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
location /searx/static/ { .. code:: bash
alias /usr/local/searx/searx-src/searx/;
}
For SearXNG to work correctly the ``base_url`` must be set in the mkdir -p /etc/nginx/default.apps-available
:origin:`searx/settings.yml`.
.. code:: yaml Create configuration at ``/etc/nginx/default.apps-available`` and place a
symlink to ``conf.d``:
server: .. code:: bash
# replace example.org with your server's public name
base_url : https://example.org/searx/
sudo -H ln -s /etc/nginx/default.apps-available/searxng.conf \
/etc/nginx/conf.d/searxng.conf
Restart service: Restart services:
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. code:: sh .. code:: bash
sudo -H systemctl restart nginx sudo -H systemctl restart nginx
sudo -H service uwsgi restart searx sudo -H service uwsgi restart searxng
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. code:: sh .. code:: bash
sudo -H systemctl restart nginx sudo -H systemctl restart nginx
sudo -H systemctl restart uwsgi@searx sudo -H systemctl restart uwsgi@searxng
.. group-tab:: Fedora .. group-tab:: Fedora / RHEL
.. code:: sh .. code:: bash
sudo -H systemctl restart nginx sudo -H systemctl restart nginx
sudo -H touch /etc/uwsgi.d/searxng.ini sudo -H touch /etc/uwsgi.d/searxng.ini

62
docs/admin/installation-scripts.rst
Unescape Escape View File

@ -0,0 +1,62 @@
.. _installation scripts:
===================
Installation Script
===================
.. sidebar:: Update the OS first!
To avoid unwanted side effects, update your OS before installing SearXNG.
The following will install a setup as shown in :ref:`the reference architecture
<arch public>`. First you need to get a clone of the repository. The clone is only needed for
the installation procedure and some maintenance tasks.
.. sidebar:: further read
- :ref:`toolboxing`
Jump to a folder that is readable by *others* and start to clone SearXNG,
alternatively you can create your own fork and clone from there.
.. code:: bash
$ cd ~/Downloads
$ git clone https://github.com/searxng/searxng.git searxng
$ cd searxng
.. sidebar:: further read
- :ref:`inspect searxng`
To install a SearXNG :ref:`reference setup <use_default_settings.yml>`
including a :ref:`uWSGI setup <architecture uWSGI>` as described in the
:ref:`installation basic` and in the :ref:`searxng uwsgi` section type:
.. code:: bash
$ sudo -H ./utils/searxng.sh install all
.. attention::
For the installation procedure, use a *sudoer* login to run the scripts. If
you install from ``root``, take into account that the scripts are creating a
``searxng`` user. In the installation procedure this new created user does
need read access to the cloned SearXNG repository, which is not the case if you clone
it into a folder below ``/root``!
.. sidebar:: further read
- :ref:`update searxng`
.. _caddy: https://hub.docker.com/_/caddy
When all services are installed and running fine, you can add SearXNG to your
HTTP server. We do not have any preferences for the HTTP server, you can use
whatever you prefer.
We use caddy in our :ref:`docker image <installation docker>` and we have
implemented installation procedures for:
- :ref:`installation nginx`
- :ref:`installation apache`

64
docs/admin/installation-searxng.rst
Unescape Escape View File

@ -9,15 +9,16 @@ Step by step installation
:local: :local:
:backlinks: entry :backlinks: entry
Step by step installation with virtualenv. For Ubuntu, be sure to have enable
universe repository. In this section we show the setup of a SearXNG instance that will be installed
by the :ref:`installation scripts`.
.. _install packages: .. _install packages:
Install packages Install packages
================ ================
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START distro-packages :start-after: START distro-packages
:end-before: END distro-packages :end-before: END distro-packages
@ -30,32 +31,32 @@ Install packages
Create user Create user
=========== ===========
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START create user :start-after: START create user
:end-before: END create user :end-before: END create user
.. _searx-src: .. _searxng-src:
Install SearXNG & dependencies Install SearXNG & dependencies
============================== ==============================
Start a interactive shell from new created user and clone searx: Start a interactive shell from new created user and clone SearXNG:
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START clone searxng :start-after: START clone searxng
:end-before: END clone searxng :end-before: END clone searxng
In the same shell create *virtualenv*: In the same shell create *virtualenv*:
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START create virtualenv :start-after: START create virtualenv
:end-before: END create virtualenv :end-before: END create virtualenv
To install searx's dependencies, exit the SearXNG *bash* session you opened above To install SearXNG's dependencies, exit the SearXNG *bash* session you opened above
and restart a new. Before install, first check if your *virtualenv* was sourced and start a new one. Before installing, check if your *virtualenv* was sourced
from the login (*~/.profile*): from the login (*~/.profile*):
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START manage.sh update_packages :start-after: START manage.sh update_packages
:end-before: END manage.sh update_packages :end-before: END manage.sh update_packages
@ -77,30 +78,41 @@ Configuration
- :ref:`settings use_default_settings` - :ref:`settings use_default_settings`
- :origin:`/etc/searxng/settings.yml <utils/templates/etc/searxng/settings.yml>` - :origin:`/etc/searxng/settings.yml <utils/templates/etc/searxng/settings.yml>`
To create a initial ``/etc/searxng/settings.yml`` you can start with a copy of To create a initial ``/etc/searxng/settings.yml`` we recommend to start with a
the file :origin:`utils/templates/etc/searxng/settings.yml`. This setup copy of the file :origin:`utils/templates/etc/searxng/settings.yml`. This setup
:ref:`use default settings <settings use_default_settings>` from :ref:`use default settings <settings use_default_settings>` from
:origin:`searx/settings.yml`. :origin:`searx/settings.yml` and is shown in the tab *"Use default settings"*
below. This setup:
For a *minimal setup*, configure like shown below replace ``searx@$(uname - enables :ref:`limiter <limiter>` to protect against bots
-n)`` with a name of your choice, set ``ultrasecretkey`` -- *and/or* edit - enables :ref:`image proxy <image_proxy>` for better privacy
``/etc/searxng/settings.yml`` to your needs. - enables :ref:`cache busting <static_use_hash>` to save bandwith
.. kernel-include:: $DOCS_BUILD/includes/searx.rst Modify the ``/etc/searxng/settings.yml`` to your needs:
:start-after: START searxng config
:end-before: END searxng config
.. tabs:: .. tabs::
.. group-tab:: Use default settings .. group-tab:: Use default settings
.. literalinclude:: ../../utils/templates/etc/searxng/settings.yml .. literalinclude:: ../../utils/templates/etc/searxng/settings.yml
:language: yaml :language: yaml
:end-before: # hostname_replace:
To see the entire file jump to :origin:`utils/templates/etc/searxng/settings.yml`
.. group-tab:: searx/settings.yml .. group-tab:: searx/settings.yml
.. literalinclude:: ../../searx/settings.yml .. literalinclude:: ../../searx/settings.yml
:language: yaml :language: yaml
:end-before: # hostname_replace:
To see the entire file jump to :origin:`searx/settings.yml`
For a *minimal setup* you need to set ``server:secret_key``.
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng config
:end-before: END searxng config
Check Check
@ -110,11 +122,11 @@ To check your SearXNG setup, optional enable debugging and start the *webapp*.
SearXNG looks at the exported environment ``$SEARXNG_SETTINGS_PATH`` for a SearXNG looks at the exported environment ``$SEARXNG_SETTINGS_PATH`` for a
configuration file. configuration file.
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START check searxng installation :start-after: START check searxng installation
:end-before: END check searxng installation :end-before: END check searxng installation
If everything works fine, hit ``[CTRL-C]`` to stop the *webapp* and disable the If everything works fine, hit ``[CTRL-C]`` to stop the *webapp* and disable the
debug option in ``settings.yml``. You can now exit SearXNG user bash (enter exit debug option in ``settings.yml``. You can now exit SearXNG user bash session (enter exit
command twice). At this point SearXNG is not demonized; uwsgi allows this. command twice). At this point SearXNG is not demonized; uwsgi allows this.

75
docs/admin/installation-switch2ng.rst
Unescape Escape View File

@ -1,75 +0,0 @@
.. _installation switch2ng:
============================
Switch from searx to SearXNG
============================
.. sidebar:: info
- :pull:`456`
- :pull:`A comment about rolling release <446#issuecomment-954730358>`
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
If you have a searx installation on your sever and want to switch to SearXNG,
you need to uninstall searx first. If you have an old searx docker installation
replace your docker image / see :ref:`installation docker`.
If your searx instance was installed *"Step by step"* or by the *"Installation
scripts"*, you need to undo the installation procedure completely. If you have
morty & filtron installed, it is recommended to uninstall these services also.
In case of scripts, to uninstall use the scripts from the origin you installed
searx from.
If you have removed the old searx installation, clone from SearXNG and and start
with your installation procedure (e.g. :ref:`installation scripts`):
.. code:: bash
$ cd ~/Downloads
$ git clone https://github.com/searxng/searxng.git searxng
$ cd searxng
$ ...
``.config.sh``
==============
Please take into account; SearXNG has normalized ``.config.sh`` with
``settings.yml`` and some of the environment settings has been removed from or
renamed in the ``.config.sh``:
- :patch:`[mod] normalize .config.sh with settings.yml <f61c918d>`
- :patch:`[fix] ./utils/filtron.sh - FILTRON_TARGET from YAML settings <7196a9b5>`
- :patch:`SearXNG: SEARXNG_SETTINGS_PATH <253b8503>`
Check after Installation
========================
Once you have done your installation, you can run a SearXNG *check* procedure,
to see if there are some left overs. In this example there exists a *old*
``/etc/searx/settings.yml``::
$ sudo -H ./utils/searx.sh install check
============================
SearXNG (check installation)
============================
ERROR: settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/
INFO: SearXNG instance already installed at: /usr/local/searx/searx-src
...
INFO: Service account searx exists.
INFO: ~searx: python environment is available.
INFO: ~searx: SearXNG software is installed.
INFO: uWSGI app searxng.ini is enabled.
INFO searx : merge the default settings ( /usr/local/searx/searx-src/searx/settings.yml ) and the user setttings ( /etc/searxng/settings.yml )
INFO searx : max_request_timeout=None
To *check* the filtron & morty installations, use similar commands::
$ sudo -H /utils/filtron.sh install check
$ sudo -H /utils/morty.sh install check

208
docs/admin/installation-uwsgi.rst
Unescape Escape View File

@ -1,7 +1,7 @@
.. _searxng uwsgi: .. _searxng uwsgi:
===== =====
uwsgi uWSGI
===== =====
.. sidebar:: further reading .. sidebar:: further reading
@ -29,51 +29,77 @@ uwsgi
Origin uWSGI Origin uWSGI
============ ============
How uWSGI is implemented by distributors is different. uWSGI itself .. _Tyrant mode:
recommend two methods https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
`systemd.unit`_ template files as described here `One service per app in systemd`_. How uWSGI is implemented by distributors varies. The uWSGI project itself
recommends two methods:
There is one `systemd unit template`_ and one `uwsgi ini file`_ per uWSGI-app 1. `systemd.unit`_ template file as described here `One service per app in systemd`_:
placed at dedicated locations. Take archlinux and a searxng.ini as example::
unit template --> /usr/lib/systemd/system/uwsgi@.service There is one `systemd unit template`_ on the system installed and one `uwsgi
uwsgi ini files --> /etc/uwsgi/searxng.ini ini file`_ per uWSGI-app placed at dedicated locations. Take archlinux and a
``searxng.ini`` as example::
The SearXNG app can be maintained as know from common systemd units:: systemd template unit: /usr/lib/systemd/system/uwsgi@.service
contains: [Service]
ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/%I.ini
systemctl enable uwsgi@searx SearXNG application: /etc/uwsgi/searxng.ini
systemctl start uwsgi@searx links to: /etc/uwsgi/apps-available/searxng.ini
systemctl restart uwsgi@searx
systemctl stop uwsgi@searx
The `uWSGI Emperor`_ mode which fits for maintaining a large range of uwsgi apps. The SearXNG app (template ``/etc/uwsgi/%I.ini``) can be maintained as known
from common systemd units:
.. code:: sh
$ systemctl enable uwsgi@searxng
$ systemctl start uwsgi@searxng
$ systemctl restart uwsgi@searxng
$ systemctl stop uwsgi@searxng
2. The `uWSGI Emperor`_ which fits for maintaining a large range of uwsgi
apps and there is a `Tyrant mode`_ to secure multi-user hosting.
The Emperor mode is a special uWSGI instance that will monitor specific The Emperor mode is a special uWSGI instance that will monitor specific
events. The Emperor mode (service) is started by a (common, not template) events. The Emperor mode (the service) is started by a (common, not template)
systemd unit. The Emperor service will scan specific directories for `uwsgi systemd unit.
ini file`_\s (also know as *vassals*). If a *vassal* is added, removed or the
timestamp is modified, a corresponding action takes place: a new uWSGI The Emperor service will scan specific directories for `uwsgi ini file`_\s
instance is started, reload or stopped. Take Fedora and a searxng.ini as (also know as *vassals*). If a *vassal* is added, removed or the timestamp is
example:: modified, a corresponding action takes place: a new uWSGI instance is started,
reload or stopped. Take Fedora and a ``searxng.ini`` as example::
to install & start SearXNG instance create --> /etc/uwsgi.d/searxng.ini
to reload the instance edit timestamp --> touch /etc/uwsgi.d/searxng.ini
to stop instance remove ini --> rm /etc/uwsgi.d/searxng.ini
to start a new SearXNG instance create --> /etc/uwsgi.d/searxng.ini
to reload the instance edit timestamp --> touch /etc/uwsgi.d/searxng.ini
to stop instance remove ini --> rm /etc/uwsgi.d/searxng.ini
Distributors Distributors
============ ============
The `uWSGI Emperor`_ mode and `systemd unit template`_ is what the distributors The `uWSGI Emperor`_ mode and `systemd unit template`_ is what the distributors
mostly offer their users, even if they differ in the way they implement both mostly offer their users, even if they differ in the way they implement both
modes and their defaults. Another point they might differ is the packaging of modes and their defaults. Another point they might differ in is the packaging of
plugins (if so, compare :ref:`install packages`) and what the default python plugins (if so, compare :ref:`install packages`) and what the default python
interpreter is (python2 vs. python3). interpreter is (python2 vs. python3).
Fedora starts a Emperor by default, while archlinux does not start any uwsgi While archlinux does not start a uWSGI service by default, Fedora (RHEL) starts
service by default. Worth to know; debian (ubuntu) follow a complete different a Emperor in `Tyrant mode`_ by default (you should have read :ref:`uWSGI Tyrant
approach. *debian*: your are familiar with the apache infrastructure? .. they mode pitfalls`). Worth to know; debian (ubuntu) follow a complete different
do similar for the uWSGI infrastructure (with less comfort), the folders are:: approach, read see :ref:`Debian's uWSGI layout`.
.. _Debian's uWSGI layout:
Debian's uWSGI layout
---------------------
.. _uwsgi.README.Debian:
https://salsa.debian.org/uwsgi-team/uwsgi/-/raw/debian/latest/debian/uwsgi.README.Debian
Be aware, Debian's uWSGI layout is quite different from the standard uWSGI
configuration. Your are familiar with :ref:`Debian's Apache layout`? .. they do a
similar thing for the uWSGI infrastructure. The folders are::
/etc/uwsgi/apps-available/ /etc/uwsgi/apps-available/
/etc/uwsgi/apps-enabled/ /etc/uwsgi/apps-enabled/
@ -82,29 +108,52 @@ The `uwsgi ini file`_ is enabled by a symbolic link::
ln -s /etc/uwsgi/apps-available/searxng.ini /etc/uwsgi/apps-enabled/ ln -s /etc/uwsgi/apps-available/searxng.ini /etc/uwsgi/apps-enabled/
From debian's documentation (``/usr/share/doc/uwsgi/README.Debian.gz``): You More details can be found in the uwsgi.README.Debian_
could control specific instance(s) by issuing:: (``/usr/share/doc/uwsgi/README.Debian.gz``). Some commands you should know on
Debian:
service uwsgi <command> <confname> <confname> ... .. code:: none
sudo -H service uwsgi start searx Commands recognized by init.d script
sudo -H service uwsgi stop searx ====================================
My experience is, that this command is a bit buggy. You can issue to init.d script following commands:
* start | starts daemon
* stop | stops daemon
* reload | sends to daemon SIGHUP signal
* force-reload | sends to daemon SIGTERM signal
* restart | issues 'stop', then 'start' commands
* status | shows status of daemon instance (running/not running)
.. _uwsgi configuration: 'status' command must be issued with exactly one argument: '<confname>'.
Alltogether Controlling specific instances of uWSGI
=========== =======================================
Create the configuration ini-file according to your distribution (see below) and You could control specific instance(s) by issuing:
restart the uwsgi application.
SYSTEMCTL_SKIP_REDIRECT=1 service uwsgi <command> <confname> <confname>...
where:
* <command> is one of 'start', 'stop' etc.
* <confname> is the name of configuration file (without extension)
For example, this is how instance for /etc/uwsgi/apps-enabled/hello.xml is
started:
SYSTEMCTL_SKIP_REDIRECT=1 service uwsgi start hello
.. _uWSGI maintenance:
uWSGI maintenance
=================
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng uwsgi-description ubuntu-20.04 :start-after: START searxng uwsgi-description ubuntu-20.04
:end-before: END searxng uwsgi-description ubuntu-20.04 :end-before: END searxng uwsgi-description ubuntu-20.04
@ -112,7 +161,7 @@ restart the uwsgi application.
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng uwsgi-description arch :start-after: START searxng uwsgi-description arch
:end-before: END searxng uwsgi-description arch :end-before: END searxng uwsgi-description arch
@ -120,16 +169,28 @@ restart the uwsgi application.
.. group-tab:: Fedora / RHEL .. group-tab:: Fedora / RHEL
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng uwsgi-description fedora :start-after: START searxng uwsgi-description fedora
:end-before: END searxng uwsgi-description fedora :end-before: END searxng uwsgi-description fedora
.. _uwsgi setup:
uWSGI setup
===========
Create the configuration ini-file according to your distribution and restart the
uwsgi application. As shown below, the :ref:`installation scripts` installs by
default:
- a uWSGI setup that listens on a socket and
- enables :ref:`cache busting <static_use_hash>`.
.. tabs:: .. tabs::
.. group-tab:: Ubuntu / debian .. group-tab:: Ubuntu / debian
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng uwsgi-appini ubuntu-20.04 :start-after: START searxng uwsgi-appini ubuntu-20.04
:end-before: END searxng uwsgi-appini ubuntu-20.04 :end-before: END searxng uwsgi-appini ubuntu-20.04
@ -137,7 +198,7 @@ restart the uwsgi application.
.. group-tab:: Arch Linux .. group-tab:: Arch Linux
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng uwsgi-appini arch :start-after: START searxng uwsgi-appini arch
:end-before: END searxng uwsgi-appini arch :end-before: END searxng uwsgi-appini arch
@ -145,6 +206,63 @@ restart the uwsgi application.
.. group-tab:: Fedora / RHEL .. group-tab:: Fedora / RHEL
.. kernel-include:: $DOCS_BUILD/includes/searx.rst .. kernel-include:: $DOCS_BUILD/includes/searxng.rst
:start-after: START searxng uwsgi-appini fedora :start-after: START searxng uwsgi-appini fedora
:end-before: END searxng uwsgi-appini fedora :end-before: END searxng uwsgi-appini fedora
.. _uWSGI Tyrant mode pitfalls:
Pitfalls of the Tyrant mode
===========================
The implementation of the process owners and groups in the `Tyrant mode`_ is
somewhat unusual and requires special consideration. In `Tyrant mode`_ mode the
Emperor will run the vassal using the UID/GID of the vassal configuration file
(user and group of the app ``.ini`` file).
.. _#2099@uWSGI: https://github.com/unbit/uwsgi/issues/2099
.. _#752@uWSGI: https://github.com/unbit/uwsgi/pull/752
.. _#2425uWSGI: https://github.com/unbit/uwsgi/issues/2425
Without option ``emperor-tyrant-initgroups=true`` in ``/etc/uwsgi.ini`` the
process won't get the additional groups, but this option is not available in
2.0.x branch (see `#2099@uWSGI`_) the feature `#752@uWSGI`_ has been merged (on
Oct. 2014) to the master branch of uWSGI but had never been released; the last
major release is from Dec. 2013, since the there had been only bugfix releases
(see `#2425uWSGI`_). To shorten up:
**In Tyrant mode, there is no way to get additional groups, and the uWSGI
process misses additional permissions that may be needed.**
For example on Fedora (RHEL): If you try to install a redis DB with socket
communication and you want to connect to it from the SearXNG uWSGI, you will see a
*Permission denied* in the log of your instance::
ERROR:searx.shared.redis: [searxng (993)] can't connect redis DB ...
ERROR:searx.shared.redis: Error 13 connecting to unix socket: /usr/local/searxng-redis/run/redis.sock. Permission denied.
ERROR:searx.plugins.limiter: init limiter DB failed!!!
Even if your *searxng* user of the uWSGI process is added to additional groups
to give access to the socket from the redis DB::
$ groups searxng
searxng : searxng searxng-redis
To see the effective groups of the uwsgi process, you have to look at the status
of the process, by example::
$ ps -aef | grep '/usr/sbin/uwsgi --ini searxng.ini'
searxng 93 92 0 12:43 ? 00:00:00 /usr/sbin/uwsgi --ini searxng.ini
searxng 186 93 0 12:44 ? 00:00:01 /usr/sbin/uwsgi --ini searxng.ini
Here you can see that the additional "Groups" of PID 186 are unset (missing gid
of ``searxng-redis``)::
$ cat /proc/186/task/186/status
...
Uid: 993 993 993 993
Gid: 993 993 993 993
FDSize: 128
Groups:
...

106
docs/admin/installation.rst
Unescape Escape View File

@ -4,109 +4,19 @@
Installation Installation
============ ============
.. sidebar:: info
:ref:`installation switch2ng`
*You're spoilt for choice*, choose your preferred method of installation. *You're spoilt for choice*, choose your preferred method of installation.
- :ref:`installation docker` - :ref:`installation docker`
- :ref:`installation scripts` - :ref:`installation scripts`
- :ref:`installation basic` - :ref:`installation basic`
The :ref:`installation basic` is good enough for intranet usage and it is a The :ref:`installation basic` is an excellent illustration of *how a SearXNG
excellent illustration of *how a SearXNG instance is build up*. If you place your instance is build up* (see :ref:`architecture uWSGI`). If you do not have any
instance public to the internet you should really consider to install a special preferences, its recommend to use the :ref:`installation docker` or the
:ref:`filtron reverse proxy <filtron.sh>` and for privacy a :ref:`result proxy :ref:`installation scripts`.
<morty.sh>` is mandatory.
Therefore, if you do not have any special preferences, its recommend to use the
:ref:`installation docker` or the `Installation scripts`_ from our :ref:`tooling
box <toolboxing>` as described below.
.. _installation scripts:
Installation scripts
====================
.. sidebar:: Update OS first!
To avoid unwanted side effects, update your OS before installing SearXNG.
The following will install a setup as shown in :ref:`architecture`. First you
need to get a clone. The clone is only needed for the installation procedure
and some maintenance tasks (alternatively you can create your own fork).
For the installation procedure, use a *sudoer* login to run the scripts. If you
install from ``root``, take into account that the scripts are creating a
``searx``, a ``filtron`` and a ``morty`` user. In the installation procedure
these new created users do need read access to the clone of searx, which is not
the case if you clone into a folder below ``/root``.
.. code:: bash
$ cd ~/Downloads
$ git clone https://github.com/searxng/searxng.git searxng
$ cd searxng
.. sidebar:: further read
- :ref:`toolboxing`
- :ref:`update searxng`
- :ref:`inspect searxng`
**Install** :ref:`SearXNG service <searx.sh>`
This installs SearXNG as described in :ref:`installation basic`.
.. code:: bash
$ sudo -H ./utils/searx.sh install all
**Install** :ref:`filtron reverse proxy <filtron.sh>`
.. code:: bash
$ sudo -H ./utils/filtron.sh install all
**Install** :ref:`result proxy <morty.sh>`
.. code:: bash
$ sudo -H ./utils/morty.sh install all
If all services are running fine, you can add it to your HTTP server:
**Install** HTTP
- :ref:`installation apache`
- :ref:`installation nginx`
**Install** :ref:`external plugins <dev plugin>`
Use SearXNG's ``shell`` to install external plugins. In the example below we
install the SearXNG plugins from **The Green Web Foundation** `[ref]
<https://www.thegreenwebfoundation.org/news/searching-the-green-web-with-searx/>`__:
.. code:: bash
$ sudo -H ./utils/searx.sh shell
// exit with [CTRL-D]
(searx-pyenv) searx@ryzen:~$ pip install git+https://github.com/return42/tgwf-searx-plugins
In the :ref:`settings.yml` activate the ``plugins:`` section and add module
``only_show_green_results`` from tgwf-searx-plugins.
.. code:: yaml
plugins:
- only_show_green_results
.. _git stash: https://git-scm.com/docs/git-stash
.. tip:: .. attention::
About script's installation options have a look at chapter :ref:`toolboxing SearXNG is growing rapidly, you should regularly read our :ref:`migrate and
setup`. How to brand your instance see chapter :ref:`settings global`. To stay tuned` section. If you want to upgrade an existing instance or migrate
*stash* your instance's setup, `git stash`_ your clone's :origin:`.config.sh` from searx to SearXNG, you should read this section first!
file .

40
docs/admin/morty.rst
Unescape Escape View File

@ -1,40 +0,0 @@
.. _searxng morty:
=========================
How to setup result proxy
=========================
.. sidebar:: further reading
- :ref:`morty.sh`
.. _morty: https://github.com/asciimoo/morty
.. _morty's README: https://github.com/asciimoo/morty
By default SearXNG can only act as an image proxy for result images, but it is
possible to proxify all the result URLs with an external service, morty_.
To use this feature, morty has to be installed and activated in SearXNG's
``settings.yml``. Add the following snippet to your ``settings.yml`` and
restart searx:
.. code:: yaml
result_proxy:
url : http://127.0.0.1:3000/
key : !!binary "insert_your_morty_proxy_key_here"
Note that the example above (``http://127.0.0.1:3000``) is only for single-user
instances without a HTTP proxy. If your morty service is public, the url is the
address of the reverse proxy (e.g ``https://example.org/morty``).
For more information about *result proxy* have a look at *"SearXNG via filtron
plus morty"* in the :ref:`nginx <nginx searxng via filtron plus morty>` and
:ref:`apache <apache searxng via filtron plus morty>` sections.
``url``
Is the address of the running morty service.
``key``
Is an optional argument, see `morty's README`_ for more information.

112
docs/admin/update-searxng.rst
Unescape Escape View File

@ -1,59 +1,115 @@
===================
SearXNG maintenance
===================
.. sidebar:: further read
- :ref:`toolboxing`
- :ref:`uWSGI maintenance`
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
.. _update searxng: .. _update searxng:
=============
How to update How to update
============= =============
How to update depends on the :ref:`installation` method. If you have used the How to update depends on the :ref:`installation` method. If you have used the
:ref:`installation scripts`, use ``update`` command from the scripts. :ref:`installation scripts`, use the ``update`` command from the :ref:`searxng.sh`
script.
**Update** :ref:`SearXNG service <searx.sh>`
.. code:: sh .. code:: sh
sudo -H ./utils/searx.sh update searx sudo -H ./utils/searxng.sh instance update
.. _inspect searxng:
**Update** :ref:`filtron reverse proxy <filtron.sh>` How to inspect & debug
======================
How to debug depends on the :ref:`installation` method. If you have used the
:ref:`installation scripts`, use the ``inspect`` command from the :ref:`searxng.sh`
script.
.. code:: sh .. code:: sh
sudo -H ./utils/filtron.sh update filtron sudo -H ./utils/searxng.sh instance inspect
**Update** :ref:`result proxy <morty.sh>` .. _migrate and stay tuned:
.. code:: bash Migrate and stay tuned!
=======================
$ sudo -H ./utils/morty.sh update morty .. sidebar:: info
.. _inspect searxng: - :pull:`1332`
- :pull:`456`
- :pull:`A comment about rolling release <446#issuecomment-954730358>`
====================== SearXNG is a *rolling release*; each commit to the master branch is a release.
How to inspect & debug SearXNG is growing rapidly, the services and opportunities are change every now
====================== and then, to name just a few:
.. sidebar:: further read - Bot protection has been switched from filtron to SearXNG's :ref:`limiter
<limiter>`, this requires a :ref:`Redis <settings redis>` database.
- :ref:`toolboxing` - The image proxy morty is no longer needed, it has been replaced by the
- :ref:`Makefile` :ref:`image proxy <image_proxy>` from SearXNG.
How to debug depends on the :ref:`installation` method. If you have used the - To save bandwith :ref:`cache busting <static_use_hash>` has been implemented.
:ref:`installation scripts`, use ``inspect`` command from the scripts. To get in use, the ``static-expires`` needs to be set in the :ref:`uwsgi
setup`.
**Inspect** :ref:`SearXNG service <searx.sh>` To stay tuned and get in use of the new features, instance maintainers have to
update the SearXNG code regularly (see :ref:`update searxng`). As the above
examples show, this is not always enough, sometimes services have to be set up
or reconfigured and sometimes services that are no longer needed should be
uninstalled.
.. code:: sh .. hint::
sudo -H ./utils/searx.sh inspect service First of all: SearXNG is installed by the script :ref:`searxng.sh`. If you
have old filtron, morty or searx setup you should consider complete
uninstall/reinstall.
**Inspect** :ref:`filtron reverse proxy <filtron.sh>`
.. code:: sh remove obsolete services
------------------------
If your searx instance was installed *"Step by step"* or by the *"Installation
scripts"*, you need to undo the installation procedure completely. If you have
morty & filtron installed, it is recommended to uninstall these services also.
In case of scripts, to uninstall use the scripts from the origin you installed
searx from or try::
$ sudo -H ./utils/filtron.sh remove all
$ sudo -H ./utils/morty.sh remove all
$ sudo -H ./utils/searx.sh remove all
.. hint::
If you are migrate from searx take into account that the ``.config.sh`` is no
longer used.
sudo -H ./utils/filtron.sh inspect service
**Inspect** :ref:`result proxy <morty.sh>` Check after Installation
------------------------
.. code:: bash Once you have done your installation, you can run a SearXNG *check* procedure,
to see if there are some left overs. In this example there exists a *old*
``/etc/searx/settings.yml``::
$ sudo -H ./utils/morty.sh inspect service $ sudo -H ./utils/searxng.sh instance check
SearXNG checks
--------------
ERROR: settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/
INFO: [OK] (old) account 'searx' does not exists
INFO: [OK] (old) account 'filtron' does not exists
INFO: [OK] (old) account 'morty' does not exists
...
INFO searx.shared : Use shared_simple implementation
INFO searx.shared.redis : connected redis DB --> default

40
docs/build-templates/searx.rst → docs/build-templates/searxng.rst
Unescape Escape View File

@ -1,4 +1,4 @@
.. template evaluated by: ./utils/searx.sh docs .. template evaluated by: ./utils/searxng.sh searxng.doc.rst
.. hint: all dollar-names are variables, dollar sign itself is quoted by: \\$ .. hint: all dollar-names are variables, dollar sign itself is quoted by: \\$
.. START distro-packages .. START distro-packages
@ -65,7 +65,8 @@ ${fedora_build}
$ sudo -H useradd --shell /bin/bash --system \\ $ sudo -H useradd --shell /bin/bash --system \\
--home-dir \"$SERVICE_HOME\" \\ --home-dir \"$SERVICE_HOME\" \\
--comment 'Privacy-respecting metasearch engine' $SERVICE_USER --comment 'Privacy-respecting metasearch engine' \\
$SERVICE_USER
$ sudo -H mkdir \"$SERVICE_HOME\" $ sudo -H mkdir \"$SERVICE_HOME\"
$ sudo -H chown -R \"$SERVICE_GROUP:$SERVICE_GROUP\" \"$SERVICE_HOME\" $ sudo -H chown -R \"$SERVICE_GROUP:$SERVICE_GROUP\" \"$SERVICE_HOME\"
@ -81,7 +82,8 @@ ${fedora_build}
.. code-block:: sh .. code-block:: sh
$ sudo -H -u ${SERVICE_USER} -i $ sudo -H -u ${SERVICE_USER} -i
(${SERVICE_USER})$ git clone \"$GIT_URL\" \"$SEARX_SRC\" (${SERVICE_USER})$ git clone \"$GIT_URL\" \\
\"$SEARXNG_SRC\"
.. END clone searxng .. END clone searxng
@ -93,8 +95,9 @@ ${fedora_build}
.. code-block:: sh .. code-block:: sh
(${SERVICE_USER})$ python3 -m venv \"${SEARX_PYENV}\" (${SERVICE_USER})$ python3 -m venv \"${SEARXNG_PYENV}\"
(${SERVICE_USER})$ echo \". ${SEARX_PYENV}/bin/activate\" >> \"$SERVICE_HOME/.profile\" (${SERVICE_USER})$ echo \". ${SEARXNG_PYENV}/bin/activate\" \\
>> \"$SERVICE_HOME/.profile\"
.. END create virtualenv .. END create virtualenv
@ -109,7 +112,7 @@ ${fedora_build}
$ sudo -H -u ${SERVICE_USER} -i $ sudo -H -u ${SERVICE_USER} -i
(${SERVICE_USER})$ command -v python && python --version (${SERVICE_USER})$ command -v python && python --version
$SEARX_PYENV/bin/python $SEARXNG_PYENV/bin/python
Python 3.8.1 Python 3.8.1
# update pip's boilerplate .. # update pip's boilerplate ..
@ -119,7 +122,7 @@ ${fedora_build}
pip install -U pyyaml pip install -U pyyaml
# jump to SearXNG's working tree and install SearXNG into virtualenv # jump to SearXNG's working tree and install SearXNG into virtualenv
(${SERVICE_USER})$ cd \"$SEARX_SRC\" (${SERVICE_USER})$ cd \"$SEARXNG_SRC\"
(${SERVICE_USER})$ pip install -e . (${SERVICE_USER})$ pip install -e .
@ -134,24 +137,15 @@ ${fedora_build}
.. code-block:: sh .. code-block:: sh
$ sudo -H mkdir -p \"$(dirname ${SEARXNG_SETTINGS_PATH})\" $ sudo -H mkdir -p \"$(dirname ${SEARXNG_SETTINGS_PATH})\"
$ sudo -H cp \"$SEARX_SRC/utils/templates/etc/searxng/settings.yml\" \\ $ sudo -H cp \"$SEARXNG_SRC/utils/templates/etc/searxng/settings.yml\" \\
\"${SEARXNG_SETTINGS_PATH}\" \"${SEARXNG_SETTINGS_PATH}\"
.. group-tab:: searx/settings.yml
.. code-block:: sh
$ sudo -H mkdir -p \"$(dirname ${SEARXNG_SETTINGS_PATH})\"
$ sudo -H cp \"$SEARX_SRC/searx/settings.yml\" \\
\"${SEARXNG_SETTINGS_PATH}\"
.. tabs::
.. group-tab:: minimal setup .. group-tab:: minimal setup
.. code-block:: sh .. code-block:: sh
$ sudo -H sed -i -e \"s/ultrasecretkey/\$(openssl rand -hex 16)/g\" \"$SEARXNG_SETTINGS_PATH\" $ sudo -H sed -i -e \"s/ultrasecretkey/\$(openssl rand -hex 16)/g\" \\
\"$SEARXNG_SETTINGS_PATH\"
.. END searxng config .. END searxng config
@ -168,14 +162,14 @@ ${fedora_build}
# start webapp # start webapp
$ sudo -H -u ${SERVICE_USER} -i $ sudo -H -u ${SERVICE_USER} -i
(${SERVICE_USER})$ cd ${SEARX_SRC} (${SERVICE_USER})$ cd ${SEARXNG_SRC}
(${SERVICE_USER})$ export SEARXNG_SETTINGS_PATH=\"${SEARXNG_SETTINGS_PATH}\" (${SERVICE_USER})$ export SEARXNG_SETTINGS_PATH=\"${SEARXNG_SETTINGS_PATH}\"
(${SERVICE_USER})$ python searx/webapp.py (${SERVICE_USER})$ python searx/webapp.py
# disable debug # disable debug
$ sudo -H sed -i -e \"s/debug : True/debug : False/g\" \"$SEARXNG_SETTINGS_PATH\" $ sudo -H sed -i -e \"s/debug : True/debug : False/g\" \"$SEARXNG_SETTINGS_PATH\"
Open WEB browser and visit http://$SEARX_INTERNAL_HTTP . If you are inside a Open WEB browser and visit http://$SEARXNG_INTERNAL_HTTP . If you are inside a
container or in a script, test with curl: container or in a script, test with curl:
.. tabs:: .. tabs::
@ -184,13 +178,13 @@ container or in a script, test with curl:
.. code-block:: sh .. code-block:: sh
$ xdg-open http://$SEARX_INTERNAL_HTTP $ xdg-open http://$SEARXNG_INTERNAL_HTTP
.. group-tab:: curl .. group-tab:: curl
.. code-block:: none .. code-block:: none
$ curl --location --verbose --head --insecure $SEARX_INTERNAL_HTTP $ curl --location --verbose --head --insecure $SEARXNG_INTERNAL_HTTP
* Trying 127.0.0.1:8888... * Trying 127.0.0.1:8888...
* TCP_NODELAY set * TCP_NODELAY set

2
docs/conf.py
Unescape Escape View File

@ -195,5 +195,5 @@ html_show_sourcelink = True
# LaTeX ---------------------------------------------------------------- # LaTeX ----------------------------------------------------------------
latex_documents = [ latex_documents = [
(master_doc, "searx-{}.tex".format(VERSION_STRING), html_title, author, "manual") (master_doc, "searxng-{}.tex".format(VERSION_STRING), html_title, author, "manual")
] ]

8
docs/dev/engine_overview.rst
Unescape Escape View File

@ -66,11 +66,11 @@ For a more detailed description, see :ref:`settings engine` in the :ref:`settin
.. table:: Common options in the engine setup (``settings.yml``) .. table:: Common options in the engine setup (``settings.yml``)
:width: 100% :width: 100%
======================= =========== =============================================== ======================= =========== ==================================================
argument type information argument type information
======================= =========== =============================================== ======================= =========== ==================================================
name string name of search-engine name string name of search-engine
engine string name of searx-engine (filename without ``.py``) engine string name of searxng-engine (file name without ``.py``)
enable_http bool enable HTTP (by default only HTTPS is enabled). enable_http bool enable HTTP (by default only HTTPS is enabled).
shortcut string shortcut of search-engine shortcut string shortcut of search-engine
timeout string specific timeout for search-engine timeout string specific timeout for search-engine
@ -78,7 +78,7 @@ For a more detailed description, see :ref:`settings engine` in the :ref:`settin
proxies dict set proxies for a specific engine proxies dict set proxies for a specific engine
(e.g. ``proxies : {http: socks5://proxy:port, (e.g. ``proxies : {http: socks5://proxy:port,
https: socks5://proxy:port}``) https: socks5://proxy:port}``)
======================= =========== =============================================== ======================= =========== ==================================================
.. _engine overrides: .. _engine overrides:

189
docs/dev/lxcdev.rst
Unescape Escape View File

@ -45,9 +45,7 @@ be set on a *production* system.
The scripts from :ref:`searx_utils` can divide in those to install and maintain The scripts from :ref:`searx_utils` can divide in those to install and maintain
software: software:
- :ref:`searx.sh` - :ref:`searxng.sh`
- :ref:`filtron.sh`
- :ref:`morty.sh`
and the script :ref:`lxc.sh`, with we can scale our installation, maintenance or and the script :ref:`lxc.sh`, with we can scale our installation, maintenance or
even development tasks over a stack of isolated containers / what we call the: even development tasks over a stack of isolated containers / what we call the:
@ -73,7 +71,7 @@ once:
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ snap install lxd $ snap install lxd
$ lxd init --auto $ lxd init --auto
@ -85,28 +83,28 @@ fork:
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ cd ~/Downloads $ cd ~/Downloads
$ git clone https://github.com/searxng/searxng.git searxng $ git clone https://github.com/searxng/searxng.git searxng
$ cd searxng $ cd searxng
The :ref:`lxc-searx.env` consists of several images, see ``export The :ref:`lxc-searxng.env` consists of several images, see ``export
LXC_SUITE=(...`` near by :origin:`utils/lxc-searx.env#L19`. For this blog post LXC_SUITE=(...`` near by :origin:`utils/lxc-searxng.env#L19`. For this blog post
we exercise on a archlinux_ image. The container of this image is named we exercise on a archlinux_ image. The container of this image is named
``searx-archlinux``. Lets build the container, but be sure that this container ``searxng-archlinux``. Lets build the container, but be sure that this container
does not already exists, so first lets remove possible old one: does not already exists, so first lets remove possible old one:
.. tabs:: .. tabs::
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh remove searx-archlinux $ sudo -H ./utils/lxc.sh remove searxng-archlinux
$ sudo -H ./utils/lxc.sh build searx-archlinux $ sudo -H ./utils/lxc.sh build searxng-archlinux
.. sidebar:: The ``searx-archlinux`` container .. sidebar:: The ``searxng-archlinux`` container
is the base of all our exercises here. is the base of all our exercises here.
@ -117,9 +115,9 @@ In this container we install all services :ref:`including searx, morty & filtron
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh install suite searx-archlinux $ sudo -H ./utils/lxc.sh install suite searxng-archlinux
To proxy HTTP from filtron and morty in the container to the outside of the To proxy HTTP from filtron and morty in the container to the outside of the
container, install nginx into the container. Once for the bot blocker filtron: container, install nginx into the container. Once for the bot blocker filtron:
@ -128,9 +126,9 @@ container, install nginx into the container. Once for the bot blocker filtron:
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
./utils/filtron.sh nginx install ./utils/filtron.sh nginx install
... ...
INFO: got 429 from http://10.174.184.156/searx INFO: got 429 from http://10.174.184.156/searx
@ -141,9 +139,9 @@ and once for the content sanitizer (content proxy morty):
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
./utils/morty.sh nginx install ./utils/morty.sh nginx install
... ...
INFO: got 200 from http://10.174.184.156/morty/ INFO: got 200 from http://10.174.184.156/morty/
@ -154,7 +152,7 @@ and once for the content sanitizer (content proxy morty):
blocker (filtron) and WEB content sanitizer (content proxy morty), both are blocker (filtron) and WEB content sanitizer (content proxy morty), both are
needed for a *privacy protecting* search engine. needed for a *privacy protecting* search engine.
On your system, the IP of your ``searx-archlinux`` container differs from On your system, the IP of your ``searxng-archlinux`` container differs from
http://10.174.184.156/searx, just open the URL reported in your installation http://10.174.184.156/searx, just open the URL reported in your installation
protocol in your WEB browser from the desktop to test the instance from outside protocol in your WEB browser from the desktop to test the instance from outside
of the container. of the container.
@ -169,27 +167,27 @@ In containers, work as usual
Usually you open a root-bash using ``sudo -H bash``. In case of LXC containers Usually you open a root-bash using ``sudo -H bash``. In case of LXC containers
open the root-bash in the container using ``./utils/lxc.sh cmd open the root-bash in the container using ``./utils/lxc.sh cmd
searx-archlinux``: searxng-archlinux``:
.. tabs:: .. tabs::
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux bash $ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash
INFO: [searx-archlinux] bash INFO: [searxng-archlinux] bash
[root@searx-archlinux searx]# pwd [root@searxng-archlinux searx]# pwd
/share/searxng /share/searxng
The prompt ``[root@searx-archlinux ...]`` signals, that you are the root user in The prompt ``[root@searxng-archlinux ...]`` signals, that you are the root user in
the searx-container. To debug the running SearXNG instance use: the searxng-container. To debug the running SearXNG instance use:
.. tabs:: .. tabs::
.. group-tab:: root@searx-archlinux .. group-tab:: root@searxng-archlinux
.. code:: sh .. code:: bash
$ ./utils/searx.sh inspect service $ ./utils/searx.sh inspect service
... ...
@ -202,56 +200,42 @@ above. You can stop monitoring using ``CTRL-C``, this also disables the *"debug
option"* in SearXNG's settings file and restarts the SearXNG uwsgi application. option"* in SearXNG's settings file and restarts the SearXNG uwsgi application.
To debug services from filtron and morty analogous use: To debug services from filtron and morty analogous use:
.. tabs:: Another point we have to notice is that the service (:ref:`SearXNG <searxng.sh>`
runs under dedicated system user account with the same name (compare
.. group-tab:: root@searx-archlinux :ref:`create searxng user`). To get a shell from theses accounts, simply call:
.. code:: sh
$ ./utils/filtron.sh inspect service
$ ./utils/morty.sh inspect service
Another point we have to notice is that each service (:ref:`SearXNG <searx.sh>`,
:ref:`filtron <filtron.sh>` and :ref:`morty <morty.sh>`) runs under dedicated
system user account with the same name (compare :ref:`create searxng user`). To
get a shell from theses accounts, simply call one of the scripts:
.. tabs:: .. tabs::
.. group-tab:: root@searx-archlinux .. group-tab:: root@searxng-archlinux
.. code:: sh .. code:: bash
$ ./utils/searx.sh shell $ ./utils/searxng.sh instance cmd bash
$ ./utils/filtron.sh shell
$ ./utils/morty.sh shell
To get in touch, open a shell from the service user (searx@searx-archlinux): To get in touch, open a shell from the service user (searxng@searxng-archlinux):
.. tabs:: .. tabs::
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh instance cmd bash
./utils/searx.sh shell INFO: [searxng-archlinux] ./utils/searxng.sh instance cmd bash
// exit with [CTRL-D] [searxng@searxng-archlinux ~]$
(searx-pyenv) [searx@searx-archlinux ~]$ ...
The prompt ``[searx@searx-archlinux]`` signals that you are logged in as system The prompt ``[searxng@searxng-archlinux]`` signals that you are logged in as system
user ``searx`` in the ``searx-archlinux`` container and the python *virtualenv* user ``searx`` in the ``searxng-archlinux`` container and the python *virtualenv*
``(searx-pyenv)`` environment is activated. ``(searxng-pyenv)`` environment is activated.
.. tabs:: .. tabs::
.. group-tab:: searx@searx-archlinux .. group-tab:: searxng@searxng-archlinux
.. code:: sh
(searx-pyenv) [searx@searx-archlinux ~]$ pwd .. code:: bash
/usr/local/searx
(searxng-pyenv) [searxng@searxng-archlinux ~]$ pwd
/usr/local/searxng
Wrap production into developer suite Wrap production into developer suite
@ -262,23 +246,22 @@ from a LXC container (which is quite ready for production) into a developer
suite. For this, we have to keep an eye on the :ref:`installation basic`: suite. For this, we have to keep an eye on the :ref:`installation basic`:
- SearXNG setup in: ``/etc/searxng/settings.yml`` - SearXNG setup in: ``/etc/searxng/settings.yml``
- SearXNG user's home: ``/usr/local/searx`` - SearXNG user's home: ``/usr/local/searxng``
- virtualenv in: ``/usr/local/searx/searx-pyenv`` - virtualenv in: ``/usr/local/searxng/searxng-pyenv``
- SearXNG software in: ``/usr/local/searx/searx-src`` - SearXNG software in: ``/usr/local/searxng/searxng-src``
With the use of the :ref:`searx.sh` the SearXNG service was installed as With the use of the :ref:`searxng.sh` the SearXNG service was installed as
:ref:`uWSGI application <searxng uwsgi>`. To maintain this service, we can use :ref:`uWSGI application <searxng uwsgi>`. To maintain this service, we can use
``systemctl`` (compare :ref:`service architectures on distributions <uwsgi ``systemctl`` (compare :ref:`uWSGI maintenance`).
configuration>`).
.. tabs:: .. tabs::
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
systemctl stop uwsgi@searx systemctl stop uwsgi@searxng
With the command above, we stopped the SearXNG uWSGI-App in the archlinux With the command above, we stopped the SearXNG uWSGI-App in the archlinux
container. container.
@ -291,29 +274,29 @@ least you should attend the settings of ``uid``, ``chdir``, ``env`` and
env = SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml env = SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml
http = 127.0.0.1:8888 http = 127.0.0.1:8888
chdir = /usr/local/searx/searx-src/searx chdir = /usr/local/searxng/searxng-src/searx
virtualenv = /usr/local/searx/searx-pyenv virtualenv = /usr/local/searxng/searxng-pyenv
pythonpath = /usr/local/searx/searx-src pythonpath = /usr/local/searxng/searxng-src
If you have read the :ref:`"Good to know section" <lxc.sh>` you remember, that If you have read the :ref:`"Good to know section" <lxc.sh>` you remember, that
each container shares the root folder of the repository and the command each container shares the root folder of the repository and the command
``utils/lxc.sh cmd`` handles relative path names **transparent**. To wrap the ``utils/lxc.sh cmd`` handles relative path names **transparent**. To wrap the
SearXNG installation into a developer one, we simple have to create a smylink to SearXNG installation into a developer one, we simple have to create a smylink to
the **transparent** reposetory from the desktop. Now lets replace the the **transparent** reposetory from the desktop. Now lets replace the
repository at ``searx-src`` in the container with the working tree from outside repository at ``searxng-src`` in the container with the working tree from outside
of the container: of the container:
.. tabs:: .. tabs::
.. group-tab:: container becomes a developer suite .. group-tab:: container becomes a developer suite
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
mv /usr/local/searx/searx-src /usr/local/searx/searx-src.old mv /usr/local/searxng/searxng-src /usr/local/searxng/searxng-src.old
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
ln -s /share/searx/ /usr/local/searx/searx-src ln -s /share/searx/ /usr/local/searxng/searxng-src
Now we can develop as usual in the working tree of our desktop system. Every Now we can develop as usual in the working tree of our desktop system. Every
time the software was changed, you have to restart the SearXNG service (in the time the software was changed, you have to restart the SearXNG service (in the
@ -323,9 +306,9 @@ conatiner):
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
systemctl restart uwsgi@searx systemctl restart uwsgi@searx
@ -338,30 +321,30 @@ daily usage:
To *inspect* the SearXNG instance (already described above): To *inspect* the SearXNG instance (already described above):
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
./utils/searx.sh inspect service ./utils/searx.sh inspect service
Run :ref:`makefile`, e.g. to test inside the container: Run :ref:`makefile`, e.g. to test inside the container:
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
make test make test
To install all prerequisites needed for a :ref:`buildhosts`: To install all prerequisites needed for a :ref:`buildhosts`:
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
./utils/searx.sh install buildhost ./utils/searxng.sh install buildhost
To build the docs on a buildhost :ref:`buildhosts`: To build the docs on a buildhost :ref:`buildhosts`:
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \ $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
make docs.html make docs.html
.. _lxcdev summary: .. _lxcdev summary:
@ -371,18 +354,18 @@ Summary
We build up a fully functional SearXNG suite in a archlinux container: We build up a fully functional SearXNG suite in a archlinux container:
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh install suite searx-archlinux $ sudo -H ./utils/lxc.sh install suite searxng-archlinux
To access HTTP from the desktop we installed nginx for the services inside the To access HTTP from the desktop we installed nginx for the services inside the
conatiner: conatiner:
.. tabs:: .. tabs::
.. group-tab:: [root@searx-archlinux] .. group-tab:: [root@searxng-archlinux]
.. code:: sh .. code:: bash
$ ./utils/filtron.sh nginx install $ ./utils/filtron.sh nginx install
$ ./utils/morty.sh nginx install $ ./utils/morty.sh nginx install
@ -393,12 +376,12 @@ the container :
.. tabs:: .. tabs::
.. group-tab:: [root@searx-archlinux] .. group-tab:: [root@searxng-archlinux]
.. code:: sh .. code:: bash
$ mv /usr/local/searx/searx-src /usr/local/searx/searx-src.old $ mv /usr/local/searxng/searxng-src /usr/local/searxng/searxng-src.old
$ ln -s /share/searx/ /usr/local/searx/searx-src $ ln -s /share/searx/ /usr/local/searxng/searxng-src
$ systemctl restart uwsgi@searx $ systemctl restart uwsgi@searx
To get information about the searxNG suite in the archlinux container we can To get information about the searxNG suite in the archlinux container we can
@ -408,13 +391,13 @@ use:
.. group-tab:: desktop .. group-tab:: desktop
.. code:: sh .. code:: bash
$ sudo -H ./utils/lxc.sh show suite searx-archlinux $ sudo -H ./utils/lxc.sh show suite searxng-archlinux
... ...
[searx-archlinux] INFO: (eth0) filtron: http://10.174.184.156:4004/ http://10.174.184.156/searx [searxng-archlinux] INFO: (eth0) filtron: http://10.174.184.156:4004/ http://10.174.184.156/searx
[searx-archlinux] INFO: (eth0) morty: http://10.174.184.156:3000/ [searxng-archlinux] INFO: (eth0) morty: http://10.174.184.156:3000/
[searx-archlinux] INFO: (eth0) docs.live: http://10.174.184.156:8080/ [searxng-archlinux] INFO: (eth0) docs.live: http://10.174.184.156:8080/
[searx-archlinux] INFO: (eth0) IPv6: http://[fd42:573b:e0b3:e97e:216:3eff:fea5:9b65] [searxng-archlinux] INFO: (eth0) IPv6: http://[fd42:573b:e0b3:e97e:216:3eff:fea5:9b65]
... ...

26
docs/dev/makefile.rst
Unescape Escape View File

@ -40,7 +40,7 @@ We do no longer need to build up the virtualenv manually. Jump into your git
working tree and release a ``make install`` to get a virtualenv with a working tree and release a ``make install`` to get a virtualenv with a
*developer install* of SearXNG (:origin:`setup.py`). :: *developer install* of SearXNG (:origin:`setup.py`). ::
$ cd ~/searx-clone $ cd ~/searxng-clone
$ make install $ make install
PYENV [virtualenv] installing ./requirements*.txt into local/py3 PYENV [virtualenv] installing ./requirements*.txt into local/py3
... ...
@ -288,27 +288,3 @@ To filter out HTTP redirects (3xx_)::
https://news.google.com:443 "GET /search?q=computer&hl=en&lr=lang_en&ie=utf8&oe=utf8&ceid=US%3Aen&gl=US HTTP/1.1" 302 0 https://news.google.com:443 "GET /search?q=computer&hl=en&lr=lang_en&ie=utf8&oe=utf8&ceid=US%3Aen&gl=US HTTP/1.1" 302 0
https://news.google.com:443 "GET /search?q=computer&hl=en-US&lr=lang_en&ie=utf8&oe=utf8&ceid=US:en&gl=US HTTP/1.1" 200 None https://news.google.com:443 "GET /search?q=computer&hl=en-US&lr=lang_en&ie=utf8&oe=utf8&ceid=US:en&gl=US HTTP/1.1" 200 None
-- --
``make pybuild``
================
.. _PyPi: https://pypi.org/
.. _twine: https://twine.readthedocs.io/en/latest/
Build Python packages in ``./dist/py``::
$ make pybuild
...
BUILD pybuild
running sdist
running egg_info
...
running bdist_wheel
$ ls ./dist
searx-0.18.0-py3-none-any.whl searx-0.18.0.tar.gz
To upload packages to PyPi_, there is also a ``pypi.upload`` target (to test use
``pypi.upload.test``). Since you are not the owner of :pypi:`searx` you will
never need to upload.

6
docs/dev/offline_engines.rst
Unescape Escape View File

@ -55,10 +55,10 @@ admins can install packages in advance.
If there is a need to install additional packages in *Python's Virtual If there is a need to install additional packages in *Python's Virtual
Environment* of your SearXNG instance you need to switch into the environment Environment* of your SearXNG instance you need to switch into the environment
(:ref:`searx-src`) first, for this you can use :ref:`searx.sh`:: (:ref:`searxng-src`) first, for this you can use :ref:`searxng.sh`::
$ sudo utils/searx.sh shell $ sudo utils/searxng.sh instance cmd bash
(searx-pyenv)$ pip install ... (searxng-pyenv)$ pip install ...
Private engines (Security) Private engines (Security)

27
docs/dev/plugins.rst
Unescape Escape View File

@ -33,17 +33,26 @@ Example plugin
External plugins External plugins
================ ================
External plugins are standard python modules implementing all the requirements of the standard plugins. SearXNG supports *external plugins* / there is no need to install one, SearXNG
Plugins can be enabled by adding them to :ref:`settings.yml`'s ``plugins`` section. runs out of the box. But to demonstrate; in the example below we install the
Example external plugin can be found `here <https://github.com/asciimoo/searx_external_plugin_example>`_. SearXNG plugins from *The Green Web Foundation* `[ref]
<https://www.thegreenwebfoundation.org/news/searching-the-green-web-with-searx/>`__:
Register your plugin .. code:: bash
====================
$ sudo utils/searxng.sh instance cmd bash
(searxng-pyenv)$ pip install git+https://github.com/return42/tgwf-searx-plugins
In the :ref:`settings.yml` activate the ``plugins:`` section and add module
``only_show_green_results`` from ``tgwf-searx-plugins``.
.. code:: yaml
plugins:
...
- only_show_green_results
...
To enable your plugin register your plugin in
searx > plugin > __init__.py.
And at the bottom of the file add your plugin like.
``plugins.register(name_of_python_file)``
Plugin entry points Plugin entry points
=================== ===================

14
docs/dev/quickstart.rst
Unescape Escape View File

@ -10,7 +10,7 @@ Development Quickstart
SearXNG loves developers, just clone and start hacking. All the rest is done for SearXNG loves developers, just clone and start hacking. All the rest is done for
you simply by using :ref:`make <makefile>`. you simply by using :ref:`make <makefile>`.
.. code:: sh .. code:: bash
git clone https://github.com/searxng/searxng.git searxng git clone https://github.com/searxng/searxng.git searxng
@ -27,21 +27,21 @@ to our ":ref:`how to contribute`" guideline.
If you implement themes, you will need to setup a :ref:`make node.env` once: If you implement themes, you will need to setup a :ref:`make node.env` once:
.. code:: sh .. code:: bash
make node.env make node.env
Before you call *make run* (2.), you need to compile the modified styles and Before you call *make run* (2.), you need to compile the modified styles and
JavaScript: JavaScript:
.. code:: sh .. code:: bash
make themes.all make themes.all
Alternatively you can also compile selective the theme you have modified, Alternatively you can also compile selective the theme you have modified,
e.g. the *simple* theme. e.g. the *simple* theme.
.. code:: sh .. code:: bash
make themes.simple make themes.simple
@ -52,7 +52,7 @@ e.g. the *simple* theme.
If you finished your *tests* you can start to commit your changes. To separate If you finished your *tests* you can start to commit your changes. To separate
the modified source code from the build products first run: the modified source code from the build products first run:
.. code:: sh .. code:: bash
make static.build.restore make static.build.restore
@ -60,13 +60,13 @@ This will restore the old build products and only your changes of the code
remain in the working tree which can now be added & commited. When all sources remain in the working tree which can now be added & commited. When all sources
are commited, you can commit the build products simply by: are commited, you can commit the build products simply by:
.. code:: sh .. code:: bash
make static.build.commit make static.build.commit
Commiting the build products should be the last step, just before you send us Commiting the build products should be the last step, just before you send us
your PR. There is also a make target to rewind this last build commit: your PR. There is also a make target to rewind this last build commit:
.. code:: sh .. code:: bash
make static.build.drop make static.build.drop

80
docs/utils/filtron.sh.rst
Unescape Escape View File

@ -1,80 +0,0 @@
.. _filtron.sh:
====================
``utils/filtron.sh``
====================
.. sidebar:: further reading
- :ref:`searxng filtron`
- :ref:`architecture`
- :ref:`installation` (:ref:`nginx <installation nginx>` & :ref:`apache
<installation apache>`)
.. _Go: https://golang.org/
.. _filtron: https://github.com/searxng/filtron
.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md
To simplify installation and maintenance of a filtron instance you can use the
script :origin:`utils/filtron.sh`. In most cases you will install filtron_
simply by running the command:
.. code:: bash
sudo -H ./utils/filtron.sh install all
The script adds a ``${SERVICE_USER}`` (default:``filtron``) and installs filtron_
into this user account:
#. Create a separated user account (``filtron``).
#. Download and install Go_ binary in user's $HOME (``~filtron``).
#. Install filtron with the package management from Go_ (``go get -v -u
github.com/searxng/filtron``)
#. Setup a proper rule configuration :origin:`[ref]
<utils/templates/etc/filtron/rules.json>` (``/etc/filtron/rules.json``).
#. Setup a systemd service unit :origin:`[ref]
<utils/templates/lib/systemd/system/filtron.service>`
(``/lib/systemd/system/filtron.service``).
Create user
===========
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
:start-after: START create user
:end-before: END create user
Install go
==========
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
:start-after: START install go
:end-before: END install go
Install filtron
===============
Install :origin:`rules.json <utils/templates/etc/filtron/rules.json>` at
``/etc/filtron/rules.json`` (see :ref:`Sample configuration of filtron`) and
install filtron software and systemd unit:
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
:start-after: START install filtron
:end-before: END install filtron
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
:start-after: START install systemd unit
:end-before: END install systemd unit
.. _filtron.sh overview:
Overview
========
The ``--help`` output of the script is largely self-explanatory
(:ref:`toolboxing common`):
.. program-output:: ../utils/filtron.sh --help

48
docs/utils/index.rst
Unescape Escape View File

@ -1,52 +1,30 @@
.. _searx_utils: .. _searx_utils:
.. _toolboxing: .. _toolboxing:
=================== ==================
Admin's tooling box DevOps tooling box
=================== ==================
In the folder :origin:`utils/` we maintain some tools useful for administrators. In the folder :origin:`utils/` we maintain some tools useful for administrators
and developers.
.. toctree:: .. toctree::
:maxdepth: 2 :maxdepth: 2
:caption: Contents :caption: Contents
searx.sh searxng.sh
filtron.sh
morty.sh
lxc.sh lxc.sh
.. _toolboxing common: Common command environments
===========================
Common commands & environment The scripts in our tooling box often dispose of common environments:
=============================
Scripts to maintain services often dispose of common commands and environments.
``shell`` : command
Opens a shell from the service user ``${SERVICE_USSR}``, very helpful for
troubleshooting.
``inspect service`` : command
Shows status and log of the service, most often you have a option to enable
more verbose debug logs. Very helpful for debugging, but be careful not to
enable debugging in a production environment!
``FORCE_TIMEOUT`` : environment ``FORCE_TIMEOUT`` : environment
Sets timeout for interactive prompts. If you want to run a script in batch Sets timeout for interactive prompts. If you want to run a script in batch
job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a
reverse proxy for filtron on all containers of the :ref:`SearXNG suite SearXNG server and nginx proxy on all containers of the :ref:`SearXNG suite
<lxc-searx.env>` use :: <lxc-searxng.env>` use::
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh apache install
.. _toolboxing setup:
Tooling box setup
=================
The main setup is done in the :origin:`.config.sh` (read also :ref:`settings
global`).
.. literalinclude:: ../../.config.sh sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install all
:language: bash sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx

52
docs/utils/lxc.sh.rst
Unescape Escape View File

@ -23,7 +23,7 @@
With the use of *Linux Containers* (LXC_) we can scale our tasks over a stack of With the use of *Linux Containers* (LXC_) we can scale our tasks over a stack of
containers, what we call the: *lxc suite*. The *SearXNG suite* containers, what we call the: *lxc suite*. The *SearXNG suite*
(:origin:`lxc-searx.env <utils/lxc-searx.env>`) is loaded by default, every time (:origin:`lxc-searxng.env <utils/lxc-searxng.env>`) is loaded by default, every time
you start the ``lxc.sh`` script (*you do not need to care about*). you start the ``lxc.sh`` script (*you do not need to care about*).
Before you can start with containers, you need to install and initiate LXD_ Before you can start with containers, you need to install and initiate LXD_
@ -49,7 +49,7 @@ help>`.
If you do not want to build all containers, **you can build just one**:: If you do not want to build all containers, **you can build just one**::
$ sudo -H ./utils/lxc.sh build searx-ubu1804 $ sudo -H ./utils/lxc.sh build searxng-archlinux
*Good to know ...* *Good to know ...*
@ -62,9 +62,9 @@ of::
In the containers, you can run what ever you want, e.g. to start a bash use:: In the containers, you can run what ever you want, e.g. to start a bash use::
$ sudo -H ./utils/lxc.sh cmd searx-ubu1804 bash $ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash
INFO: [searx-ubu1804] bash INFO: [searxng-archlinux] bash
root@searx-ubu1804:/share/searx# [root@searxng-archlinux SearXNG]#
If there comes the time you want to **get rid off all** the containers and If there comes the time you want to **get rid off all** the containers and
**clean up local images** just type:: **clean up local images** just type::
@ -121,28 +121,26 @@ Install suite
============= =============
To install the complete :ref:`SearXNG suite (includes searx, morty & filtron) To install the complete :ref:`SearXNG suite (includes searx, morty & filtron)
<lxc-searx.env>` into all LXC_ use:: <lxc-searxng.env>` into all LXC_ use::
$ sudo -H ./utils/lxc.sh install suite $ sudo -H ./utils/lxc.sh install suite
The command above installs a SearXNG suite (see :ref:`installation scripts`). To The command above installs a SearXNG suite (see :ref:`installation scripts`).
get the IP (URL) of the filtron service in the containers use ``show suite`` To :ref:`install a nginx <installation nginx>` reverse proxy (or alternatively
use :ref:`apache <installation apache>`)::
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx
To get the IP (URL) of the SearXNG service in the containers use ``show suite``
command. To test instances from containers just open the URLs in your command. To test instances from containers just open the URLs in your
WEB-Browser:: WEB-Browser::
$ sudo ./utils/lxc.sh show suite | grep filtron $ sudo ./utils/lxc.sh show suite | grep SEARXNG_URL
[searx-ubu1604] INFO: (eth0) filtron: http://n.n.n.246:4004/ http://n.n.n.246/searx
[searx-ubu1804] INFO: (eth0) filtron: http://n.n.n.147:4004/ http://n.n.n.147/searx
[searx-ubu1910] INFO: (eth0) filtron: http://n.n.n.140:4004/ http://n.n.n.140/searx
[searx-ubu2004] INFO: (eth0) filtron: http://n.n.n.18:4004/ http://n.n.n.18/searx
[searx-fedora31] INFO: (eth0) filtron: http://n.n.n.46:4004/ http://n.n.n.46/searx
[searx-archlinux] INFO: (eth0) filtron: http://n.n.n.32:4004/ http://n.n.n.32/searx
To :ref:`install a nginx <installation nginx>` reverse proxy for filtron and
morty use (or alternatively use :ref:`apache <installation apache>`)::
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh nginx install [searxng-ubu2110] SEARXNG_URL : http://n.n.n.147/searxng
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/morty.sh nginx install [searxng-ubu2004] SEARXNG_URL : http://n.n.n.246/searxng
[searxnggfedora35] SEARXNG_URL : http://n.n.n.140/searxng
[searxng-archlinux] SEARXNG_URL : http://n.n.n.165/searxng
Running commands Running commands
@ -152,8 +150,8 @@ Running commands
:ref:`toolboxing`. By example: to setup a :ref:`buildhosts` and run the :ref:`toolboxing`. By example: to setup a :ref:`buildhosts` and run the
Makefile target ``test`` in the archlinux_ container:: Makefile target ``test`` in the archlinux_ container::
sudo -H ./utils/lxc.sh cmd searx-archlinux ./utils/searx.sh install buildhost sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh install buildhost
sudo -H ./utils/lxc.sh cmd searx-archlinux make test sudo -H ./utils/lxc.sh cmd searxng-archlinux make test
Setup SearXNG buildhost Setup SearXNG buildhost
@ -164,11 +162,11 @@ The installation procedure to set up a :ref:`build host<buildhosts>` takes its
time. Installation in all containers will take more time (time for another cup time. Installation in all containers will take more time (time for another cup
of coffee).:: of coffee).::
sudo -H ./utils/lxc.sh cmd -- ./utils/searx.sh install buildhost sudo -H ./utils/lxc.sh cmd -- ./utils/searxng.sh install buildhost
To build (live) documentation inside a archlinux_ container:: To build (live) documentation inside a archlinux_ container::
sudo -H ./utils/lxc.sh cmd searx-archlinux make docs.clean docs.live sudo -H ./utils/lxc.sh cmd searxng-archlinux make docs.clean docs.live
... ...
[I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080 [I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080
@ -176,7 +174,7 @@ To get IP of the container and the port number *live docs* is listening::
$ sudo ./utils/lxc.sh show suite | grep docs.live $ sudo ./utils/lxc.sh show suite | grep docs.live
... ...
[searx-archlinux] INFO: (eth0) docs.live: http://n.n.n.12:8080/ [searxng-archlinux] INFO: (eth0) docs.live: http://n.n.n.12:8080/
.. _lxc.sh help: .. _lxc.sh help:
@ -189,10 +187,10 @@ The ``--help`` output of the script is largely self-explanatory:
.. program-output:: ../utils/lxc.sh --help .. program-output:: ../utils/lxc.sh --help
.. _lxc-searx.env: .. _lxc-searxng.env:
SearXNG suite SearXNG suite
============= =============
.. literalinclude:: ../../utils/lxc-searx.env .. literalinclude:: ../../utils/lxc-searxng.env
:language: bash :language: bash

80
docs/utils/morty.sh.rst
Unescape Escape View File

@ -1,80 +0,0 @@
.. _morty: https://github.com/asciimoo/morty
.. _morty's README: https://github.com/asciimoo/morty
.. _Go: https://golang.org/
.. _morty.sh:
==================
``utils/morty.sh``
==================
.. sidebar:: further reading
- :ref:`architecture`
- :ref:`installation` (:ref:`nginx <installation nginx>` & :ref:`apache
<installation apache>`)
- :ref:`searxng morty`
To simplify installation and maintenance of a morty_ instance you can use the
script :origin:`utils/morty.sh`. In most cases you will install morty_ simply by
running the command:
.. code:: bash
sudo -H ./utils/morty.sh install all
The script adds a ``${SERVICE_USER}`` (default:``morty``) and installs morty_
into this user account:
#. Create a separated user account (``morty``).
#. Download and install Go_ binary in user's $HOME (``~morty``).
#. Install morty_ with the package management from Go_ (``go get -v -u
github.com/asciimoo/morty``)
#. Setup a systemd service unit :origin:`[ref]
<utils/templates/lib/systemd/system/morty.service>`
(``/lib/systemd/system/morty.service``).
.. hint::
To add morty to your SearXNG instance read chapter :ref:`searxng morty`.
Create user
===========
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
:start-after: START create user
:end-before: END create user
Install go
==========
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
:start-after: START install go
:end-before: END install go
Install morty
=============
Install morty software and systemd unit:
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
:start-after: START install morty
:end-before: END install morty
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
:start-after: START install systemd unit
:end-before: END install systemd unit
.. _morty.sh overview:
Overview
========
The ``--help`` output of the script is largely self-explanatory
(:ref:`toolboxing common`):
.. program-output:: ../utils/morty.sh --help

39
docs/utils/searx.sh.rst
Unescape Escape View File

@ -1,39 +0,0 @@
.. _searx.sh:
==================
``utils/searx.sh``
==================
.. sidebar:: further reading
- :ref:`architecture`
- :ref:`installation`
- :ref:`installation nginx`
- :ref:`installation apache`
To simplify installation and maintenance of a SearXNG instance you can use the
script :origin:`utils/searx.sh`.
Install
=======
In most cases you will install SearXNG simply by running the command:
.. code:: bash
sudo -H ./utils/searx.sh install all
The script adds a ``${SERVICE_USER}`` (default:``searx``) and installs SearXNG
into this user account. The installation is described in chapter
:ref:`installation basic`.
.. _intranet reverse proxy:
Overview
========
The ``--help`` output of the script is largely self-explanatory
(:ref:`toolboxing common`):
.. program-output:: ../utils/searx.sh --help

36
docs/utils/searxng.sh.rst
Unescape Escape View File

@ -0,0 +1,36 @@
.. _searxng.sh:
====================
``utils/searxng.sh``
====================
.. sidebar:: further reading
- :ref:`architecture`
- :ref:`installation`
- :ref:`installation nginx`
- :ref:`installation apache`
To simplify the installation and maintenance of a SearXNG instance you can use the
script :origin:`utils/searxng.sh`.
Install
=======
In most cases you will install SearXNG simply by running the command:
.. code:: bash
sudo -H ./utils/searx.sh install all
The installation is described in chapter :ref:`installation basic`.
.. _searxng.sh overview:
Overview
========
The ``--help`` output of the script is largely self-explanatory:
.. program-output:: ../utils/searxng.sh --help

4
manage
Unescape Escape View File

@ -416,9 +416,7 @@ docs.prebuild() {
set -e set -e
[ "$VERBOSE" = "1" ] && set -x [ "$VERBOSE" = "1" ] && set -x
mkdir -p "${DOCS_BUILD}/includes" mkdir -p "${DOCS_BUILD}/includes"
./utils/searx.sh doc | cat > "${DOCS_BUILD}/includes/searx.rst" ./utils/searxng.sh searxng.doc.rst > "${DOCS_BUILD}/includes/searxng.rst"
./utils/filtron.sh doc | cat > "${DOCS_BUILD}/includes/filtron.rst"
./utils/morty.sh doc | cat > "${DOCS_BUILD}/includes/morty.rst"
pyenv.cmd searxng_extra/docs_prebuild pyenv.cmd searxng_extra/docs_prebuild
) )
dump_return $? dump_return $?

6
searx/shared/redisdb.py
Unescape Escape View File

@ -19,10 +19,13 @@ A redis DB connect can be tested by::
""" """
import os
import pwd
import logging import logging
import redis import redis
from searx import get_setting from searx import get_setting
logger = logging.getLogger('searx.shared.redis') logger = logging.getLogger('searx.shared.redis')
_client = None _client = None
@ -42,6 +45,7 @@ def init():
logger.info("connected redis DB --> %s", c.acl_whoami()) logger.info("connected redis DB --> %s", c.acl_whoami())
return True return True
except redis.exceptions.ConnectionError as exc: except redis.exceptions.ConnectionError as exc:
logger.error("can't connet redis DB ...") _pw = pwd.getpwuid(os.getuid())
logger.error("[%s (%s)] can't connect redis DB ...", _pw.pw_name, _pw.pw_uid)
logger.error(" %s", exc) logger.error(" %s", exc)
return False return False

527
utils/filtron.sh
Unescape Escape View File

@ -4,56 +4,19 @@
# shellcheck source=utils/lib.sh # shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# shellcheck source=utils/lib_go.sh
source "${REPO_ROOT}/utils/lib_go.sh"
# shellcheck source=utils/lib_install.sh
source "${REPO_ROOT}/utils/lib_install.sh"
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# config # config
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}"
FILTRON_URL_PATH="${FILTRON_URL_PATH:-$(echo "${PUBLIC_URL}" \
| sed -e 's,^.*://[^/]*\(/.*\),\1,g')}"
[[ "${FILTRON_URL_PATH}" == "${PUBLIC_URL}" ]] && FILTRON_URL_PATH=/
FILTRON_ETC="/etc/filtron" FILTRON_ETC="/etc/filtron"
FILTRON_RULES="$FILTRON_ETC/rules.json"
FILTRON_RULES_TEMPLATE="${FILTRON_RULES_TEMPLATE:-${REPO_ROOT}/utils/templates/etc/filtron/rules.json}"
FILTRON_API="${FILTRON_API:-127.0.0.1:4005}"
FILTRON_LISTEN="${FILTRON_LISTEN:-127.0.0.1:4004}"
# The filtron target is the SearXNG installation, listenning on server.port at
# server.bind_address. The default of FILTRON_TARGET is taken from the YAML
# configuration, do not change this value without reinstalling the entire
# SearXNG suite including filtron & morty.
FILTRON_TARGET="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}"
SERVICE_NAME="filtron" SERVICE_NAME="filtron"
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}" SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
SERVICE_HOME_BASE="${SERVICE_HOME_BASE:-/usr/local}"
SERVICE_HOME="${SERVICE_HOME_BASE}/${SERVICE_USER}"
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service" SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
# shellcheck disable=SC2034
SERVICE_GROUP="${SERVICE_USER}"
# shellcheck disable=SC2034
SERVICE_GROUP="${SERVICE_USER}"
GO_ENV="${SERVICE_HOME}/.go_env" APACHE_FILTRON_SITE="searx.conf"
GO_VERSION="go1.17.2" NGINX_FILTRON_SITE="searx.conf"
APACHE_FILTRON_SITE="searxng.conf"
NGINX_FILTRON_SITE="searxng.conf"
# shellcheck disable=SC2034
CONFIG_FILES=(
"${FILTRON_RULES}"
"${SERVICE_SYSTEMD_UNIT}"
)
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
usage() { usage() {
@ -62,248 +25,45 @@ usage() {
# shellcheck disable=SC1117 # shellcheck disable=SC1117
cat <<EOF cat <<EOF
usage:: usage::
$(basename "$0") shell $(basename "$0") remove all]
$(basename "$0") install [all|user|rules] $(basename "$0") apache remove
$(basename "$0") reinstall all $(basename "$0") nginx remove
$(basename "$0") update [filtron]
$(basename "$0") remove [all]
$(basename "$0") activate [service]
$(basename "$0") deactivate [service]
$(basename "$0") inspect [service]
$(basename "$0") option [debug-on|debug-off]
$(basename "$0") apache [install|remove]
$(basename "$0") nginx [install|remove]
shell remove all : drop all components of the filtron service
start interactive shell from user ${SERVICE_USER} apache remove : drop apache site ${APACHE_FILTRON_SITE}
install / remove nginx remove : drop nginx site ${NGINX_FILTRON_SITE}
:all: complete setup of filtron service
:user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME)
:rules: reinstall filtron rules $FILTRON_RULES
install
:check: check the filtron installation
reinstall:
:all: runs 'install/remove all'
update filtron
Update filtron installation ($SERVICE_HOME)
activate service
activate and start service daemon (systemd unit)
deactivate service
stop and deactivate service daemon (systemd unit)
inspect service
show service status and log
option
set one of the available options
apache (${PUBLIC_URL})
:install: apache site with a reverse proxy (ProxyPass)
:remove: apache site ${APACHE_FILTRON_SITE}
nginx (${PUBLIC_URL})
:install: nginx site with a reverse proxy (ProxyPass)
:remove: nginx site ${NGINX_FILTRON_SITE}
filtron rules: ${FILTRON_RULES_TEMPLATE}
---- sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
SERVICE_HOME : ${SERVICE_HOME}
FILTRON_TARGET : ${FILTRON_TARGET}
FILTRON_API : ${FILTRON_API}
FILTRON_LISTEN : ${FILTRON_LISTEN}
FILTRON_URL_PATH : ${FILTRON_URL_PATH}
EOF EOF
install_log_searx_instance
[[ -n ${1} ]] && err_msg "$1" [[ -n ${1} ]] && err_msg "$1"
} }
main() { main() {
required_commands \
sudo install git wget curl \
|| exit
local _usage="unknown or missing $1 command $2" local _usage="unknown or missing $1 command $2"
case $1 in case $1 in
--getenv) var="$2"; echo "${!var}"; exit 0;;
-h|--help) usage; exit 0;; -h|--help) usage; exit 0;;
shell)
sudo_or_exit
interactive_shell "${SERVICE_USER}"
;;
inspect)
case $2 in
service)
sudo_or_exit
inspect_service
;;
*) usage "$_usage"; exit 42;;
esac ;;
reinstall)
rst_title "re-install $SERVICE_NAME" part
sudo_or_exit
case $2 in
all)
remove_all
install_all
;;
*) usage "$_usage"; exit 42;;
esac ;;
install)
rst_title "$SERVICE_NAME" part
sudo_or_exit
case $2 in
check)
rst_title "Check filtron installation" part
install_check
;;
all) install_all ;;
user) assert_user ;;
rules)
install_rules
systemd_restart_service "${SERVICE_NAME}"
;;
*) usage "$_usage"; exit 42;;
esac ;;
update)
sudo_or_exit
case $2 in
filtron) update_filtron ;;
*) usage "$_usage"; exit 42;;
esac ;;
remove) remove)
sudo_or_exit sudo_or_exit
case $2 in case $2 in
all) remove_all;; all) remove_all;;
user) drop_service_account "${SERVICE_USER}" ;;
*) usage "$_usage"; exit 42;;
esac ;;
activate)
sudo_or_exit
case $2 in
service) systemd_activate_service "${SERVICE_NAME}" ;;
*) usage "$_usage"; exit 42;;
esac ;;
deactivate)
sudo_or_exit
case $2 in
service) systemd_deactivate_service "${SERVICE_NAME}" ;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
apache) apache)
sudo_or_exit sudo_or_exit
case $2 in case $2 in
install) install_apache_site ;;
remove) remove_apache_site ;; remove) remove_apache_site ;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
nginx) nginx)
sudo_or_exit sudo_or_exit
case $2 in case $2 in
install) install_nginx_site ;;
remove) remove_nginx_site ;; remove) remove_nginx_site ;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
option)
sudo_or_exit
case $2 in
debug-on) echo; enable_debug ;;
debug-off) echo; disable_debug ;;
*) usage "$_usage"; exit 42;;
esac ;;
doc) rst-doc ;;
*) usage "unknown or missing command $1"; exit 42;; *) usage "unknown or missing command $1"; exit 42;;
esac esac
} }
install_all() {
rst_title "Install $SERVICE_NAME (service)"
assert_user
wait_key
go.golang "${GO_VERSION}" "${SERVICE_USER}"
wait_key
install_filtron
install_rules
wait_key
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
wait_key
echo
if ! service_is_available "http://${FILTRON_LISTEN}" ; then
err_msg "Filtron is not listening on: http://${FILTRON_LISTEN}"
fi
if apache_is_installed; then
info_msg "Apache is installed on this host."
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
install_apache_site
fi
elif nginx_is_installed; then
info_msg "nginx is installed on this host."
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
install_nginx_site
fi
fi
if ask_yn "Do you want to inspect the installation?" Ny; then
inspect_service
fi
}
install_check() {
if service_account_is_available "$SERVICE_USER"; then
info_msg "service account $SERVICE_USER available."
else
err_msg "service account $SERVICE_USER not available!"
fi
if go_is_available "$SERVICE_USER"; then
info_msg "~$SERVICE_USER: go is installed"
else
err_msg "~$SERVICE_USER: go is not installed"
fi
if filtron_is_installed; then
info_msg "~$SERVICE_USER: filtron app is installed"
else
err_msg "~$SERVICE_USER: filtron app is not installed!"
fi
if ! service_is_available "http://${FILTRON_API}"; then
err_msg "API not available at: http://${FILTRON_API}"
fi
if ! service_is_available "http://${FILTRON_LISTEN}" ; then
err_msg "Filtron is not listening on: http://${FILTRON_LISTEN}"
fi
if service_is_available "http://${FILTRON_TARGET}" ; then
info_msg "Filtron's target is available at: http://${FILTRON_TARGET}"
fi
if ! service_is_available "${PUBLIC_URL}"; then
warn_msg "Public service at ${PUBLIC_URL} is not available!"
if ! in_container; then
warn_msg "Check if public name is correct and routed or use the public IP from above."
fi
fi
if [[ "${GO_VERSION}" > "$(go_version)" ]]; then
warn_msg "golang ($(go_version)) needs to be $GO_VERSION at least"
warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all"
else
info_msg "golang $(go_version) is installed (min needed is: $GO_VERSION)"
fi
if [ -f "${APACHE_SITES_AVAILABLE}/searx.conf" ]; then
warn_msg "old searx.conf apache site exists"
fi
if [ -f "${NGINX_APPS_AVAILABLE}/searx.conf" ]; then
warn_msg "old searx.conf nginx site exists"
fi
}
go_version(){
go.version "${SERVICE_USER}"
}
remove_all() { remove_all() {
rst_title "De-Install $SERVICE_NAME (service)" rst_title "De-Install $SERVICE_NAME (service)"
@ -321,219 +81,6 @@ installations that were installed with this script."
fi fi
} }
assert_user() {
rst_title "user $SERVICE_USER" section
echo
tee_stderr 1 <<EOF | bash | prefix_stdout
useradd --shell /bin/bash --system \
--home-dir "$SERVICE_HOME" \
--comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER
EOF
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
export SERVICE_HOME
echo "export SERVICE_HOME=$SERVICE_HOME"
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER"
touch "$GO_ENV"
grep -qFs -- 'source "$GO_ENV"' ~/.profile || echo 'source "$GO_ENV"' >> ~/.profile
EOF
}
filtron_is_installed() {
[[ -f $SERVICE_HOME/go-apps/bin/filtron ]]
}
install_filtron() {
rst_title "Install filtron in user's ~/go-apps" section
echo
go.install github.com/searxng/filtron@latest "${SERVICE_USER}"
}
update_filtron() {
rst_title "Update filtron" section
echo
go.install github.com/searxng/filtron@latest "${SERVICE_USER}"
}
install_rules() {
rst_title "Install filtron rules"
echo
if [[ ! -f "${FILTRON_RULES}" ]]; then
info_msg "install rules ${FILTRON_RULES_TEMPLATE}"
info_msg " --> ${FILTRON_RULES}"
mkdir -p "$(dirname "${FILTRON_RULES}")"
cp "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}"
return
fi
if cmp --silent "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"; then
info_msg "${FILTRON_RULES} is up to date with"
info_msg "${FILTRON_RULES_TEMPLATE}"
return
fi
rst_para "Diff between origin's rules file (+) and current (-):"
echo "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"
$DIFF_CMD "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"
local action
choose_one action "What should happen to the rules file? " \
"keep configuration unchanged" \
"use origin rules" \
"start interactive shell"
case $action in
"keep configuration unchanged")
info_msg "leave rules file unchanged"
;;
"use origin rules")
backup_file "${FILTRON_RULES}"
info_msg "install origin rules"
cp "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}"
;;
"start interactive shell")
backup_file "${FILTRON_RULES}"
echo -e "// exit with [${_BCyan}CTRL-D${_creset}]"
sudo -H -i
rst_para 'Diff between new rules file (-) and current (+):'
echo
$DIFF_CMD "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}"
wait_key
;;
esac
}
inspect_service() {
rst_title "service status & log"
cat <<EOF
sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
SERVICE_HOME : ${SERVICE_HOME}
FILTRON_TARGET : ${FILTRON_TARGET}
FILTRON_API : ${FILTRON_API}
FILTRON_LISTEN : ${FILTRON_LISTEN}
FILTRON_URL_PATH : ${FILTRON_URL_PATH}
EOF
install_log_searx_instance
install_check
if in_container; then
lxc_suite_info
else
info_msg "public URL --> ${PUBLIC_URL}"
info_msg "internal URL --> http://${FILTRON_LISTEN}"
fi
local _debug_on
if ask_yn "Enable filtron debug mode?"; then
enable_debug
_debug_on=1
fi
echo
systemctl --no-pager -l status "${SERVICE_NAME}"
echo
info_msg "public URL --> ${PUBLIC_URL}"
# shellcheck disable=SC2059
printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log"
read -r -s -n1 -t 5
echo
while true; do
trap break 2
journalctl -f -u "${SERVICE_NAME}"
done
if [[ $_debug_on == 1 ]]; then
disable_debug
fi
return 0
}
enable_debug() {
info_msg "try to enable debug mode ..."
python <<EOF
import sys, json
debug = {
u'name': u'debug request'
, u'filters': []
, u'interval': 0
, u'limit': 0
, u'actions': [{u'name': u'log'}]
}
with open('$FILTRON_RULES') as rules:
j = json.load(rules)
pos = None
for i in range(len(j)):
if j[i].get('name') == 'debug request':
pos = i
break
if pos is not None:
j[pos] = debug
else:
j.append(debug)
with open('$FILTRON_RULES', 'w') as rules:
json.dump(j, rules, indent=2, sort_keys=True)
EOF
systemctl restart "${SERVICE_NAME}.service"
}
disable_debug() {
info_msg "try to disable debug mode ..."
python <<EOF
import sys, json
with open('$FILTRON_RULES') as rules:
j = json.load(rules)
pos = None
for i in range(len(j)):
if j[i].get('name') == 'debug request':
pos = i
break
if pos is not None:
del j[pos]
with open('$FILTRON_RULES', 'w') as rules:
json.dump(j, rules, indent=2, sort_keys=True)
EOF
systemctl restart "${SERVICE_NAME}.service"
}
install_apache_site() {
rst_title "Install Apache site $APACHE_FILTRON_SITE"
rst_para "\
This installs a reverse proxy (ProxyPass) into apache site (${APACHE_FILTRON_SITE})"
! apache_is_installed && info_msg "Apache is not installed."
if ! ask_yn "Do you really want to continue?" Yn; then
return
else
install_apache
fi
"${REPO_ROOT}/utils/searx.sh" install uwsgi
apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}"
info_msg "testing public url .."
if ! service_is_available "${PUBLIC_URL}"; then
err_msg "Public service at ${PUBLIC_URL} is not available!"
fi
}
remove_apache_site() { remove_apache_site() {
rst_title "Remove Apache site $APACHE_FILTRON_SITE" rst_title "Remove Apache site $APACHE_FILTRON_SITE"
@ -551,35 +98,6 @@ This removes apache site ${APACHE_FILTRON_SITE}."
} }
install_nginx_site() {
rst_title "Install nginx site $NGINX_FILTRON_SITE"
rst_para "\
This installs a reverse proxy (ProxyPass) into nginx site (${NGINX_FILTRON_SITE})"
! nginx_is_installed && info_msg "nginx is not installed."
if ! ask_yn "Do you really want to continue?" Yn; then
return
else
install_nginx
fi
"${REPO_ROOT}/utils/searx.sh" install uwsgi
# shellcheck disable=SC2034
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
# shellcheck disable=SC2034
SEARXNG_URL_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_URL_PATH)
nginx_install_app --variant=filtron "${NGINX_FILTRON_SITE}"
info_msg "testing public url .."
if ! service_is_available "${PUBLIC_URL}"; then
err_msg "Public service at ${PUBLIC_URL} is not available!"
fi
}
remove_nginx_site() { remove_nginx_site() {
rst_title "Remove nginx site $NGINX_FILTRON_SITE" rst_title "Remove nginx site $NGINX_FILTRON_SITE"
@ -593,35 +111,8 @@ This removes nginx site ${NGINX_FILTRON_SITE}."
return return
fi fi
nginx_remove_site "$FILTRON_FILTRON_SITE" nginx_remove_app "$FILTRON_FILTRON_SITE"
}
rst-doc() {
eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/filtron.rst")\""
echo -e "\n.. START install systemd unit"
cat <<EOF
.. tabs::
.. group-tab:: systemd
.. code:: bash
EOF
eval "echo \"$(< "${TEMPLATES}/${SERVICE_SYSTEMD_UNIT}")\"" | prefix_stdout " "
echo -e "\n.. END install systemd unit"
# for DIST_NAME in ubuntu-20.04 arch fedora centos; do
# (
# DIST_ID=${DIST_NAME%-*}
# DIST_VERS=${DIST_NAME#*-}
# [[ $DIST_VERS =~ $DIST_ID ]] && DIST_VERS=
# # ...
# )
# done
} }
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------

47
utils/lib.sh
Unescape Escape View File

@ -195,7 +195,7 @@ wait_key(){
[[ -n $_t ]] && _t="-t $_t" [[ -n $_t ]] && _t="-t $_t"
printf "$msg" printf "$msg"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
read -r -s -n1 $_t read -r -s -n1 $_t || true
echo echo
clean_stdin clean_stdin
} }
@ -1027,7 +1027,7 @@ nginx_include_apps_enabled() {
local include_directive="include ${NGINX_APPS_ENABLED}/*.conf;" local include_directive="include ${NGINX_APPS_ENABLED}/*.conf;"
local include_directive_re="^\s*include ${NGINX_APPS_ENABLED}/\*\.conf;" local include_directive_re="^\s*include ${NGINX_APPS_ENABLED}/\*\.conf;"
info_msg "checking existence: '${include_directive}' in file ${server_conf}" info_msg "checking existence: '${include_directive}' in file ${server_conf}"
if grep "${include_directive_re}" "${server_conf}"; then if grep "${include_directive_re}" "${server_conf}"; then
info_msg "OK, already exists." info_msg "OK, already exists."
return return
@ -1117,7 +1117,7 @@ apache_distro_setup() {
APACHE_SITES_AVAILABLE="/etc/httpd/sites-available" APACHE_SITES_AVAILABLE="/etc/httpd/sites-available"
APACHE_SITES_ENABLED="/etc/httpd/sites-enabled" APACHE_SITES_ENABLED="/etc/httpd/sites-enabled"
APACHE_MODULES="modules" APACHE_MODULES="modules"
APACHE_PACKAGES="httpd" APACHE_PACKAGES="httpd mod_ssl"
;; ;;
*) *)
err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented" err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented"
@ -1249,8 +1249,6 @@ apache_dissable_site() {
# ----- # -----
uWSGI_SETUP="${uWSGI_SETUP:=/etc/uwsgi}" uWSGI_SETUP="${uWSGI_SETUP:=/etc/uwsgi}"
uWSGI_USER=
uWSGI_GROUP=
# How distros manage uWSGI apps is very different. From uWSGI POV read: # How distros manage uWSGI apps is very different. From uWSGI POV read:
# - https://uwsgi-docs.readthedocs.io/en/latest/Management.html # - https://uwsgi-docs.readthedocs.io/en/latest/Management.html
@ -1276,13 +1274,14 @@ uWSGI_distro_setup() {
;; ;;
fedora-*|centos-7) fedora-*|centos-7)
# systemd --> /usr/lib/systemd/system/uwsgi.service # systemd --> /usr/lib/systemd/system/uwsgi.service
# The unit file starts uWSGI in emperor mode (/etc/uwsgi.ini), see # Fedora runs uWSGI in emperor-tyrant mode: in Tyrant mode the
# - https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html # Emperor will run the vassal using the UID/GID of the vassal
# configuration file [1] (user and group of the app .ini file).
# There are some quirks abbout additional POSIX groups in uWSGI
# 2.0.x, read at least: https://github.com/unbit/uwsgi/issues/2099
uWSGI_APPS_AVAILABLE="${uWSGI_SETUP}/apps-available" uWSGI_APPS_AVAILABLE="${uWSGI_SETUP}/apps-available"
uWSGI_APPS_ENABLED="${uWSGI_SETUP}.d" uWSGI_APPS_ENABLED="${uWSGI_SETUP}.d"
uWSGI_PACKAGES="uwsgi" uWSGI_PACKAGES="uwsgi"
uWSGI_USER="uwsgi"
uWSGI_GROUP="uwsgi"
;; ;;
*) *)
err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented" err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented"
@ -1344,30 +1343,6 @@ uWSGI_restart() {
esac esac
} }
uWSGI_prepare_app() {
# usage: uWSGI_prepare_app <myapp.ini>
[[ -z $1 ]] && die_caller 42 "missing argument <myapp.ini>"
local APP="${1%.*}"
case $DIST_ID-$DIST_VERS in
fedora-*|centos-7)
# in emperor mode, the uwsgi user is the owner of the sockets
info_msg "prepare (uwsgi:uwsgi) /run/uwsgi/app/${APP}"
mkdir -p "/run/uwsgi/app/${APP}"
chown -R "uwsgi:uwsgi" "/run/uwsgi/app/${APP}"
;;
*)
info_msg "prepare (${SERVICE_USER}:${SERVICE_GROUP}) /run/uwsgi/app/${APP}"
mkdir -p "/run/uwsgi/app/${APP}"
chown -R "${SERVICE_USER}:${SERVICE_GROUP}" "/run/uwsgi/app/${APP}"
;;
esac
}
uWSGI_app_available() { uWSGI_app_available() {
# usage: uWSGI_app_available <myapp.ini> # usage: uWSGI_app_available <myapp.ini>
local CONF="$1" local CONF="$1"
@ -1378,7 +1353,7 @@ uWSGI_app_available() {
uWSGI_install_app() { uWSGI_install_app() {
# usage: uWSGI_install_app [<template option> ...] <myapp.ini> # usage: uWSGI_install_app [<template option> ...] <myapp.ini> [{owner} [{group} [{chmod}]]]
# #
# <template option>: see install_template # <template option>: see install_template
@ -1390,11 +1365,10 @@ uWSGI_install_app() {
*) pos_args+=("$i");; *) pos_args+=("$i");;
esac esac
done done
uWSGI_prepare_app "${pos_args[1]}"
mkdir -p "${uWSGI_APPS_AVAILABLE}" mkdir -p "${uWSGI_APPS_AVAILABLE}"
install_template "${template_opts[@]}" \ install_template "${template_opts[@]}" \
"${uWSGI_APPS_AVAILABLE}/${pos_args[1]}" \ "${uWSGI_APPS_AVAILABLE}/${pos_args[1]}" \
root root 644 "${pos_args[2]:-root}" "${pos_args[3]:-root}" "${pos_args[4]:-644}"
uWSGI_enable_app "${pos_args[1]}" uWSGI_enable_app "${pos_args[1]}"
uWSGI_restart "${pos_args[1]}" uWSGI_restart "${pos_args[1]}"
info_msg "uWSGI app: ${pos_args[1]} is installed" info_msg "uWSGI app: ${pos_args[1]} is installed"
@ -1468,7 +1442,6 @@ uWSGI_enable_app() {
mkdir -p "${uWSGI_APPS_ENABLED}" mkdir -p "${uWSGI_APPS_ENABLED}"
rm -f "${uWSGI_APPS_ENABLED}/${CONF}" rm -f "${uWSGI_APPS_ENABLED}/${CONF}"
ln -s "${uWSGI_APPS_AVAILABLE}/${CONF}" "${uWSGI_APPS_ENABLED}/${CONF}" ln -s "${uWSGI_APPS_AVAILABLE}/${CONF}" "${uWSGI_APPS_ENABLED}/${CONF}"
chown "${uWSGI_USER}:${uWSGI_GROUP}" "${uWSGI_APPS_ENABLED}/${CONF}"
info_msg "enabled uWSGI app: ${CONF}" info_msg "enabled uWSGI app: ${CONF}"
;; ;;
*) *)

207
utils/lib_install.sh
Unescape Escape View File

@ -1,207 +0,0 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: AGPL-3.0-or-later
# https://github.com/koalaman/shellcheck/issues/356#issuecomment-853515285
# shellcheck source=utils/lib.sh
. /dev/null
# Initialize installation procedures:
#
# - Modified source_dot_config function that
# - loads .config.sh from an existing installation (at SEARX_SRC).
# - initialize **SEARX_SRC_INIT_FILES**
# - functions like:
# - install_log_searx_instance()
# - install_searx_get_state()
#
# usage:
# source lib_install.sh
#
# **Installation scripts**
#
# The utils/lib_install.sh is sourced by the installations scripts:
#
# - utils/searx.sh
# - utils/morty.sh
# - utils/filtron.sh
#
# If '${SEARX_SRC}/.config.sh' exists, the modified source_dot_config() function
# loads this configuration (instead of './.config.sh').
# **SEARX_SRC_INIT_FILES**
#
# Array of file names to sync into a installation at $SEARX_SRC. The file names
# are relative to the $REPO_ROOT. Set by function init_SEARX_SRC_INIT_FILES().
# Most often theses are files like:
# - .config.sh
# - searx/settings.yml
# - utils/brand.env
# - ...
SEARX_SRC_INIT_FILES=()
eval orig_"$(declare -f source_dot_config)"
source_dot_config() {
# Modified source_dot_config function that
# - loads .config.sh from an existing installation (at SEARX_SRC).
# - initialize SEARX_SRC_INIT_FILES
if [ -z "$eval_SEARX_SRC" ]; then
export eval_SEARX_SRC='true'
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
SEARX_PYENV=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_PYENV)
SEARXNG_SETTINGS_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_SETTINGS_PATH)
if [ ! -r "${SEARX_SRC}" ]; then
info_msg "not yet cloned: ${SEARX_SRC}"
orig_source_dot_config
return 0
fi
info_msg "using instance at: ${SEARX_SRC}"
# set and log DOT_CONFIG
if [ -r "${SEARX_SRC}/.config.sh" ]; then
info_msg "switching to ${SEARX_SRC}/.config.sh"
DOT_CONFIG="${SEARX_SRC}/.config.sh"
else
info_msg "using local config: ${DOT_CONFIG}"
fi
init_SEARX_SRC_INIT_FILES
fi
}
init_SEARX_SRC_INIT_FILES(){
# init environment SEARX_SRC_INIT_FILES
# Monitor modified files in the working-tree from the local repository, only
# if the local file differs to the corresponding file in the instance. Most
# often theses are files like:
#
# - .config.sh
# - searx/settings.yml
# - utils/brand.env
# - ...
# keep list empty if there is no installation
SEARX_SRC_INIT_FILES=()
if [ ! -r "$SEARX_SRC" ]; then
return 0
fi
local fname
local msg=""
local _prefix=""
if [[ -n ${SUDO_USER} ]]; then
_prefix="sudo -u ${SUDO_USER}"
fi
# Monitor local modified files from the repository, only if the local file
# differs to the corresponding file in the instance
while IFS= read -r fname; do
if [ -z "$fname" ]; then
continue
fi
if [ -r "${SEARX_SRC}/${fname}" ]; then
# diff "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"
if ! cmp --silent "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"; then
SEARX_SRC_INIT_FILES+=("${fname}")
info_msg "local clone (workingtree), modified file: ./$fname"
msg="to update use: sudo -H ./utils/searx.sh install init-src"
fi
fi
done <<< "$($_prefix git diff --name-only)"
[ -n "$msg" ] && info_msg "$msg"
}
install_log_searx_instance() {
echo -e "---- SearXNG instance setup ${_BBlue}(status: $(install_searx_get_state))${_creset}"
echo -e " SEARXNG_SETTINGS_PATH : ${_BBlue}${SEARXNG_SETTINGS_PATH}${_creset}"
echo -e " SEARX_PYENV : ${_BBlue}${SEARX_PYENV}${_creset}"
echo -e " SEARX_SRC : ${_BBlue}${SEARX_SRC:-none}${_creset}"
echo -e " SEARXNG_URL : ${_BBlue}${SEARXNG_URL:-none}${_creset}"
if in_container; then
# SearXNG is listening on 127.0.0.1 and not available from outside container
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
echo -e "---- container setup"
echo -e " ${_BBlack}HINT:${_creset} SearXNG only listen on loopback device" \
"${_BBlack}inside${_creset} the container."
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
echo " container (IPv6): [${ip#*|}]"
else
# IPv4:
echo " container (IPv4): ${ip#*|}"
fi
done
fi
}
install_searx_get_state(){
# usage: install_searx_get_state
#
# Prompts a string indicating the status of the installation procedure
#
# missing-searx-clone:
# There is no clone at ${SEARX_SRC}
# missing-searx-pyenv:
# There is no pyenv in ${SEARX_PYENV}
# installer-modified:
# There are files modified locally in the installer (clone),
# see ${SEARX_SRC_INIT_FILES} description.
# python-installed:
# Scripts can be executed in instance's environment
# - user: ${SERVICE_USER}
# - pyenv: ${SEARX_PYENV}
if [ -f /etc/searx/settings.yml ]; then
err_msg "settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/"
fi
if ! [ -r "${SEARX_SRC}" ]; then
echo "missing-searx-clone"
return
fi
if ! [ -f "${SEARX_PYENV}/bin/activate" ]; then
echo "missing-searx-pyenv"
return
fi
if ! [ -r "${SEARXNG_SETTINGS_PATH}" ]; then
echo "missing-settings"
return
fi
if ! [ ${#SEARX_SRC_INIT_FILES[*]} -eq 0 ]; then
echo "installer-modified"
return
fi
echo "python-installed"
}
# Initialization of the installation procedure
# --------------------------------------------
# shellcheck source=utils/brand.env
source "${REPO_ROOT}/utils/brand.env"
# SEARXNG_URL aka PUBLIC_URL: the public URL of the instance (e.g.
# "https://example.org/searx"). The value is taken from environment $SEARXNG_URL
# in ./utils/brand.env. This variable is a empty string if server.base_url in
# the settings.yml is set to 'false'.
SEARXNG_URL="${SEARXNG_URL:-http://$(uname -n)}"
if in_container; then
# hint: Linux containers do not have DNS entries, lets use IPs
SEARXNG_URL="http://$(primary_ip)"
fi
PUBLIC_URL="${SEARXNG_URL}"
source_dot_config
# shellcheck source=utils/lxc-searx.env
source "${REPO_ROOT}/utils/lxc-searx.env"
in_container && lxc_set_suite_env

27
utils/lib_redis.sh
Unescape Escape View File

@ -42,6 +42,8 @@ REDIS_GIT_URL="https://github.com/redis/redis.git"
REDIS_GIT_TAG="${REDIS_GIT_TAG:-6.2.6}" REDIS_GIT_TAG="${REDIS_GIT_TAG:-6.2.6}"
REDIS_USER="searxng-redis" REDIS_USER="searxng-redis"
REDIS_GROUP="searxng-redis"
REDIS_HOME="/usr/local/${REDIS_USER}" REDIS_HOME="/usr/local/${REDIS_USER}"
REDIS_HOME_BIN="${REDIS_HOME}/.local/bin" REDIS_HOME_BIN="${REDIS_HOME}/.local/bin"
REDIS_ENV="${REDIS_HOME}/.redis_env" REDIS_ENV="${REDIS_HOME}/.redis_env"
@ -113,7 +115,7 @@ redis.devpkg() {
case ${DIST_ID} in case ${DIST_ID} in
ubuntu|debian) ubuntu|debian)
pkg_install git build-essential pkg_install git build-essential gawk
;; ;;
arch) arch)
pkg_install git base-devel pkg_install git base-devel
@ -139,15 +141,20 @@ redis.build() {
rst_title "get redis sources" section rst_title "get redis sources" section
redis.src "${CACHE}/redis" redis.src "${CACHE}/redis"
if ! required_commands gcc nm make gawk; then if ! required_commands gcc nm make gawk ; then
sudo -H "$0" redis.devpkg info_msg "install development tools to get missing command(s) .."
if [[ -n ${SUDO_USER} ]]; then
sudo -H "$0" redis.devpkg
else
redis.devpkg
fi
fi fi
rst_title "compile redis sources" section rst_title "compile redis sources" section
pushd "${CACHE}/redis" &>/dev/null pushd "${CACHE}/redis" &>/dev/null
if ask_yn "Do you run 'make distclean' first'?" Ny; then if ask_yn "Do you run 'make distclean' first'?" Yn; then
$(bash.cmd) -c "make distclean" 2>&1 | prefix_stdout $(bash.cmd) -c "make distclean" 2>&1 | prefix_stdout
fi fi
@ -158,7 +165,7 @@ redis.build() {
popd &>/dev/null popd &>/dev/null
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
mkdir -p "$(redis._get_dist)" mkdir -p "$(redis._get_dist)"
cd "${CACHE}/redis/src" cd "${CACHE}/redis/src"
cp ${REDIS_INSTALL_EXE[@]} "$(redis._get_dist)" cp ${REDIS_INSTALL_EXE[@]} "$(redis._get_dist)"
@ -233,7 +240,7 @@ useradd --shell /bin/bash --system \
--home-dir "${REDIS_HOME}" \ --home-dir "${REDIS_HOME}" \
--comment 'user that runs a redis instance' "${REDIS_USER}" --comment 'user that runs a redis instance' "${REDIS_USER}"
mkdir -p "${REDIS_HOME}" mkdir -p "${REDIS_HOME}"
chown -R "${REDIS_USER}:${REDIS_USER}" "${REDIS_HOME}" chown -R "${REDIS_USER}:${REDIS_GROUP}" "${REDIS_HOME}"
groups "${REDIS_USER}" groups "${REDIS_USER}"
EOF EOF
@ -248,7 +255,7 @@ EOF
redis.userdel() { redis.userdel() {
sudo_or_exit sudo_or_exit
drop_service_account "${REDIS_USER}" drop_service_account "${REDIS_USER}"
groupdel "${REDIS_USER}" 2>&1 | prefix_stdout || true groupdel "${REDIS_GROUP}" 2>&1 | prefix_stdout || true
} }
redis.addgrp() { redis.addgrp() {
@ -256,7 +263,7 @@ redis.addgrp() {
# usage: redis.addgrp <user> # usage: redis.addgrp <user>
[[ -z $1 ]] && die_caller 42 "missing argument <user>" [[ -z $1 ]] && die_caller 42 "missing argument <user>"
sudo -H gpasswd -a "$1" "${REDIS_USER}" sudo -H gpasswd -a "$1" "${REDIS_GROUP}"
} }
redis.rmgrp() { redis.rmgrp() {
@ -264,7 +271,7 @@ redis.rmgrp() {
# usage: redis.rmgrp <user> # usage: redis.rmgrp <user>
[[ -z $1 ]] && die_caller 42 "missing argument <user>" [[ -z $1 ]] && die_caller 42 "missing argument <user>"
sudo -H gpasswd -d "$1" "${REDIS_USER}" sudo -H gpasswd -d "$1" "${REDIS_GROUP}"
} }
@ -278,7 +285,7 @@ redis._install_bin() {
( (
set -e set -e
for redis_exe in "${REDIS_INSTALL_EXE[@]}"; do for redis_exe in "${REDIS_INSTALL_EXE[@]}"; do
install -v -o "${REDIS_USER}" -g "${REDIS_USER}" \ install -v -o "${REDIS_USER}" -g "${REDIS_GROUP}" \
"${src}/${redis_exe}" "${REDIS_HOME_BIN}" "${src}/${redis_exe}" "${REDIS_HOME_BIN}"
done done

51
utils/lxc-searx.env → utils/lxc-searxng.env
Unescape Escape View File

@ -4,24 +4,18 @@
# This file is a setup of a LXC suite. It is sourced from different context, do # This file is a setup of a LXC suite. It is sourced from different context, do
# not manipulate the environment directly, implement functions and manipulate # not manipulate the environment directly, implement functions and manipulate
# environment only is subshells! # environment only in subshells.
# ----------------------------------------------------------------------------
# config
# ----------------------------------------------------------------------------
# shellcheck disable=SC2034
LXC_SUITE_NAME="searx"
lxc_set_suite_env() { lxc_set_suite_env() {
export LXC_SUITE_NAME="searxng"
# name of https://images.linuxcontainers.org # name of https://images.linuxcontainers.org
export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}" export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}"
export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}" export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}"
export LXC_SUITE=( export LXC_SUITE=(
# to disable containers, comment out lines ..
# end of standard support see https://wiki.ubuntu.com/Releases # end of standard support see https://wiki.ubuntu.com/Releases
"$LINUXCONTAINERS_ORG_NAME:ubuntu/18.04" "ubu1804" # April 2023
"$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # April 2025 "$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # April 2025
"$LINUXCONTAINERS_ORG_NAME:ubuntu/21.10" "ubu2110" # July 2027 "$LINUXCONTAINERS_ORG_NAME:ubuntu/21.10" "ubu2110" # July 2027
@ -30,49 +24,27 @@ lxc_set_suite_env() {
# rolling releases see https://www.archlinux.org/releng/releases/ # rolling releases see https://www.archlinux.org/releng/releases/
"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux" "$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux"
# EOL 30 June 2024
"$LINUXCONTAINERS_ORG_NAME:centos/7" "centos7"
) )
PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
if in_container; then
# container hostnames do not have a DNS entry: use primary IP!
PUBLIC_URL="http://$(primary_ip)/searx"
# make GUEST's services public to the HOST
FILTRON_API="0.0.0.0:4005"
FILTRON_LISTEN="0.0.0.0:4004"
MORTY_LISTEN="0.0.0.0:3000"
# export LXC specific environment
export PUBLIC_URL FILTRON_API FILTRON_LISTEN MORTY_LISTEN
fi
} }
lxc_suite_install_info() { lxc_suite_install_info() {
( (
lxc_set_suite_env lxc_set_suite_env
cat <<EOF cat <<EOF
LXC suite: ${LXC_SUITE_NAME} --> ${PUBLIC_URL} LXC suite: ${LXC_SUITE_NAME}
suite includes searx, morty & filtron Suite includes installation of SearXNG
suite images: images: ${LOCAL_IMAGES[*]}
$(echo " ${LOCAL_IMAGES[*]}" | $FMT) containers: ${CONTAINERS[*]}
suite containers:
$(echo " ${CONTAINERS[*]}" | $FMT)
EOF EOF
) )
} }
lxc_suite_install() { lxc_suite_install() {
( (
lxc_set_suite_env lxc_set_suite_env
FORCE_TIMEOUT=0 FORCE_TIMEOUT=0
export FORCE_TIMEOUT export FORCE_TIMEOUT
"${LXC_REPO_ROOT}/utils/searx.sh" install all "${LXC_REPO_ROOT}/utils/searxng.sh" install all
"${LXC_REPO_ROOT}/utils/morty.sh" install all
"${LXC_REPO_ROOT}/utils/filtron.sh" install all
rst_title "suite installation finished ($(hostname))" part rst_title "suite installation finished ($(hostname))" part
lxc_suite_info lxc_suite_info
echo echo
@ -88,10 +60,9 @@ lxc_suite_info() {
else else
# IPv4: # IPv4:
# shellcheck disable=SC2034,SC2031 # shellcheck disable=SC2034,SC2031
info_msg "(${ip%|*}) filtron: http://${ip#*|}:4004/ $PUBLIC_URL"
info_msg "(${ip%|*}) morty: http://${ip#*|}:3000/ $PUBLIC_URL_MORTY"
info_msg "(${ip%|*}) docs-live: http://${ip#*|}:8080/" info_msg "(${ip%|*}) docs-live: http://${ip#*|}:8080/"
fi fi
done done
"${LXC_REPO_ROOT}/utils/searxng.sh" searxng.instance.env
) )
} }

3
utils/lxc.sh
Unescape Escape View File

@ -4,12 +4,11 @@
# shellcheck source=utils/lib.sh # shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
source_dot_config
# shellcheck source=utils/brand.env # shellcheck source=utils/brand.env
source "${REPO_ROOT}/utils/brand.env" source "${REPO_ROOT}/utils/brand.env"
# load environment of the LXC suite # load environment of the LXC suite
LXC_ENV="${LXC_ENV:-${REPO_ROOT}/utils/lxc-searx.env}" LXC_ENV="${LXC_ENV:-${REPO_ROOT}/utils/lxc-searxng.env}"
source "$LXC_ENV" source "$LXC_ENV"
lxc_set_suite_env lxc_set_suite_env

457
utils/morty.sh
Unescape Escape View File

@ -3,10 +3,6 @@
# shellcheck source=utils/lib.sh # shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
# shellcheck source=utils/lib_go.sh
source "${REPO_ROOT}/utils/lib_go.sh"
# shellcheck source=utils/lib_install.sh
source "${REPO_ROOT}/utils/lib_install.sh"
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# config # config
@ -16,24 +12,9 @@ MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}"
PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty/}" PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty/}"
PUBLIC_URL_MORTY="${PUBLIC_URL_MORTY:-$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}}" PUBLIC_URL_MORTY="${PUBLIC_URL_MORTY:-$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}}"
# shellcheck disable=SC2034
MORTY_TIMEOUT=5
SERVICE_NAME="morty" SERVICE_NAME="morty"
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}" SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
SERVICE_HOME_BASE="${SERVICE_HOME_BASE:-/usr/local}"
SERVICE_HOME="${SERVICE_HOME_BASE}/${SERVICE_USER}"
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service" SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
# shellcheck disable=SC2034
SERVICE_GROUP="${SERVICE_USER}"
# shellcheck disable=SC2034
SERVICE_ENV_DEBUG=false
GO_ENV="${SERVICE_HOME}/.go_env"
GO_VERSION="go1.17.2"
# shellcheck disable=SC2034
CONFIG_FILES=()
# Apache Settings # Apache Settings
@ -47,267 +28,45 @@ usage() {
# shellcheck disable=SC1117 # shellcheck disable=SC1117
cat <<EOF cat <<EOF
usage:: usage::
$(basename "$0") shell $(basename "$0") remove all
$(basename "$0") install [all|check|user] $(basename "$0") apache remove
$(basename "$0") reinstall all $(basename "$0") nginx remove
$(basename "$0") update [morty]
$(basename "$0") remove [all]
$(basename "$0") activate [service]
$(basename "$0") deactivate [service]
$(basename "$0") inspect [service]
$(basename "$0") option [debug-on|debug-off|new-key]
$(basename "$0") apache [install|remove]
$(basename "$0") nginx [install|remove]
$(basename "$0") info [searx]
shell remove all : drop all components of the morty service
start interactive shell from user ${SERVICE_USER} apache remove : drop apache site ${APACHE_MORTY_SITE}
install / remove nginx remove : drop nginx site ${NGINX_MORTY_SITE}
:all: complete setup of morty service
:user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME)
install
:check: check the morty installation
reinstall:
:all: runs 'install/remove all'
update morty
Update morty installation ($SERVICE_HOME)
activate service
activate and start service daemon (systemd unit)
deactivate service
stop and deactivate service daemon (systemd unit)
inspect service
show service status and log
option
set one of the available options
:new-key: set new morty key
apache : ${PUBLIC_URL_MORTY}
:install: apache site with a reverse proxy (ProxyPass)
:remove: apache site ${APACHE_MORTY_SITE}
nginx (${PUBLIC_URL_MORTY})
:install: nginx site with a reverse proxy (ProxyPass)
:remove: nginx site ${NGINX_MORTY_SITE}
----
sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
SERVICE_HOME : ${SERVICE_HOME}
PUBLIC_URL_MORTY: : ${PUBLIC_URL_MORTY}
MORTY_LISTEN: : ${MORTY_LISTEN}
EOF EOF
install_log_searx_instance
if in_container; then
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
echo " container URL (IPv6): http://[${ip#*|}]:3000/"
else
# IPv4:
echo " container URL (IPv4): http://${ip#*|}:3000/"
fi
done
fi
echo
info_searx
[[ -n ${1} ]] && err_msg "$1" [[ -n ${1} ]] && err_msg "$1"
} }
info_searx() {
# shellcheck disable=SC1117
cat <<EOF
To activate result and image proxy in SearXNG read:
https://docs.searxng.org/admin/morty.html
Check settings in file ${SEARXNG_SETTINGS_PATH} ...
result_proxy:
url : ${PUBLIC_URL_MORTY}
server:
image_proxy : True
EOF
}
main() { main() {
required_commands \
sudo install git wget curl \
|| exit
local _usage="ERROR: unknown or missing $1 command $2" local _usage="ERROR: unknown or missing $1 command $2"
case $1 in case $1 in
--getenv) var="$2"; echo "${!var}"; exit 0;;
-h|--help) usage; exit 0;; -h|--help) usage; exit 0;;
shell)
sudo_or_exit
interactive_shell "${SERVICE_USER}"
;;
inspect)
case $2 in
service)
sudo_or_exit
inspect_service
;;
*) usage "$_usage"; exit 42;;
esac ;;
reinstall)
rst_title "re-install $SERVICE_NAME" part
sudo_or_exit
case $2 in
all)
remove_all
install_all
;;
*) usage "$_usage"; exit 42;;
esac ;;
install)
rst_title "$SERVICE_NAME" part
sudo_or_exit
case $2 in
all) install_all ;;
check)
rst_title "Check morty installation" part
install_check
;;
user) assert_user ;;
*) usage "$_usage"; exit 42;;
esac ;;
update)
sudo_or_exit
case $2 in
morty) update_morty ;;
*) usage "$_usage"; exit 42;;
esac ;;
remove) remove)
sudo_or_exit sudo_or_exit
case $2 in case $2 in
all) remove_all;; all) remove_all;;
user) drop_service_account "${SERVICE_USER}" ;;
*) usage "$_usage"; exit 42;;
esac ;;
activate)
sudo_or_exit
case $2 in
service) systemd_activate_service "${SERVICE_NAME}" ;;
*) usage "$_usage"; exit 42;;
esac ;;
deactivate)
sudo_or_exit
case $2 in
service) systemd_deactivate_service "${SERVICE_NAME}" ;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
apache) apache)
sudo_or_exit sudo_or_exit
case $2 in case $2 in
install) install_apache_site ;;
remove) remove_apache_site ;; remove) remove_apache_site ;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
nginx) nginx)
sudo_or_exit sudo_or_exit
case $2 in case $2 in
install) install_nginx_site ;;
remove) remove_nginx_site ;; remove) remove_nginx_site ;;
*) usage "$_usage"; exit 42;; *) usage "$_usage"; exit 42;;
esac ;; esac ;;
info)
case $2 in
searx) info_searx ;;
*) usage "$_usage"; exit 42;;
esac ;;
option)
sudo_or_exit
case $2 in
new-key) set_new_key ;;
debug-on) enable_debug ;;
debug-off) disable_debug ;;
*) usage "$_usage"; exit 42;;
esac ;;
doc) rst-doc ;;
*) usage "ERROR: unknown or missing command $1"; exit 42;; *) usage "ERROR: unknown or missing command $1"; exit 42;;
esac esac
} }
install_all() {
MORTY_KEY="$(head -c 32 /dev/urandom | base64)"
rst_title "Install $SERVICE_NAME (service)"
assert_user
wait_key
go.golang "${GO_VERSION}" "${SERVICE_USER}"
wait_key
install_morty
wait_key
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
wait_key
if ! service_is_available "http://${MORTY_LISTEN}" ; then
err_msg "Morty is not listening on: http://${MORTY_LISTEN}"
fi
if apache_is_installed; then
info_msg "Apache is installed on this host."
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
install_apache_site
fi
elif nginx_is_installed; then
info_msg "nginx is installed on this host."
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
install_nginx_site
fi
fi
info_searx
if ask_yn "Add image and result proxy to SearXNG settings.yml?" Yn; then
"${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}"
"${REPO_ROOT}/utils/searx.sh" option image-proxy-on
fi
if ask_yn "Do you want to inspect the installation?" Ny; then
inspect_service
fi
}
install_check() {
if service_account_is_available "$SERVICE_USER"; then
info_msg "service account $SERVICE_USER available."
else
err_msg "service account $SERVICE_USER not available!"
fi
if go_is_available "$SERVICE_USER"; then
info_msg "~$SERVICE_USER: go is installed"
else
err_msg "~$SERVICE_USER: go is not installed"
fi
if morty_is_installed; then
info_msg "~$SERVICE_USER: morty app is installed"
else
err_msg "~$SERVICE_USER: morty app is not installed!"
fi
if ! service_is_available "http://${MORTY_LISTEN}" ; then
err_msg "Morty is not listening on: http://${MORTY_LISTEN}"
echo -e "${_Green}stop with [${_BCyan}CTRL-C${_Green}] or .."
wait_key
fi
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
warn_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
if ! in_container; then
warn_msg "Check if public name is correct and routed or use the public IP from above."
fi
fi
if [[ "${GO_VERSION}" > "$(go_version)" ]]; then
warn_msg "golang ($(go_version)) needs to be $GO_VERSION at least"
warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all"
else
info_msg "golang $(go_version) is installed (min needed is: $GO_VERSION)"
fi
}
go_version(){
go.version "${SERVICE_USER}"
}
remove_all() { remove_all() {
rst_title "De-Install $SERVICE_NAME (service)" rst_title "De-Install $SERVICE_NAME (service)"
@ -321,152 +80,6 @@ installations that were installed with this script."
fi fi
} }
assert_user() {
rst_title "user $SERVICE_USER" section
echo
tee_stderr 1 <<EOF | bash | prefix_stdout
useradd --shell /bin/bash --system \
--home-dir "$SERVICE_HOME" \
--comment 'Web content sanitizer proxy' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER
EOF
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
export SERVICE_HOME
echo "export SERVICE_HOME=$SERVICE_HOME"
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER"
touch $GO_ENV
grep -qFs -- 'source "$GO_ENV"' ~/.profile || echo 'source "$GO_ENV"' >> ~/.profile
EOF
}
morty_is_installed() {
[[ -f $SERVICE_HOME/go-apps/bin/morty ]]
}
install_morty() {
rst_title "Install morty in user's ~/go-apps" section
echo
go.install github.com/asciimoo/morty@latest "${SERVICE_USER}"
}
update_morty() {
rst_title "Update morty" section
echo
go.install github.com/asciimoo/morty@latest "${SERVICE_USER}"
}
set_service_env_debug() {
# usage: set_service_env_debug [false|true]
# shellcheck disable=SC2034
local SERVICE_ENV_DEBUG="${1:-false}"
if systemd_remove_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"; then
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
fi
}
inspect_service() {
rst_title "service status & log"
cat <<EOF
sourced ${DOT_CONFIG} :
SERVICE_USER : ${SERVICE_USER}
SERVICE_HOME : ${SERVICE_HOME}
PUBLIC_URL_MORTY: : ${PUBLIC_URL_MORTY}
MORTY_LISTEN: : ${MORTY_LISTEN}
EOF
install_log_searx_instance
install_check
if in_container; then
lxc_suite_info
else
info_msg "public URL --> ${PUBLIC_URL_MORTY}"
info_msg "morty URL --> http://${MORTY_LISTEN}"
fi
local _debug_on
if ask_yn "Enable morty debug mode (needs reinstall of systemd service)?"; then
enable_debug
_debug_on=1
else
systemctl --no-pager -l status "${SERVICE_NAME}"
fi
echo
# shellcheck disable=SC2059
printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log"
read -r -s -n1 -t 5
echo
while true; do
trap break 2
journalctl -f -u "${SERVICE_NAME}"
done
if [[ $_debug_on == 1 ]]; then
FORCE_SELECTION=Y disable_debug
fi
return 0
}
enable_debug() {
warn_msg "Do not enable debug in production environments!!"
info_msg "Enabling debug option needs to reinstall systemd service!"
set_service_env_debug true
}
disable_debug() {
info_msg "Disabling debug option needs to reinstall systemd service!"
set_service_env_debug false
}
set_new_key() {
rst_title "Set morty key"
echo
MORTY_KEY="$(head -c 32 /dev/urandom | base64)"
info_msg "morty key: '${MORTY_KEY}'"
warn_msg "this will need to reinstall services .."
MSG="${_Green}press any [${_BCyan}KEY${_Green}] to continue // stop with [${_BCyan}CTRL-C${_creset}]" wait_key
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
"${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}"
"${REPO_ROOT}/utils/searx.sh" option image-proxy-on
}
install_apache_site() {
rst_title "Install Apache site $APACHE_MORTY_SITE"
rst_para "\
This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE})"
! apache_is_installed && err_msg "Apache is not installed."
if ! ask_yn "Do you really want to continue?" Yn; then
return
else
install_apache
fi
apache_install_site "${APACHE_MORTY_SITE}"
info_msg "testing public url .."
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
fi
}
remove_apache_site() { remove_apache_site() {
@ -484,35 +97,6 @@ This removes apache site ${APACHE_MORTY_SITE}."
apache_remove_site "$APACHE_MORTY_SITE" apache_remove_site "$APACHE_MORTY_SITE"
} }
install_nginx_site() {
rst_title "Install nginx site $NGINX_MORTY_SITE"
rst_para "\
This installs a reverse proxy (ProxyPass) into nginx site (${NGINX_MORTY_SITE})"
! nginx_is_installed && err_msg "nginx is not installed."
if ! ask_yn "Do you really want to continue?" Yn; then
return
else
install_nginx
fi
"${REPO_ROOT}/utils/searx.sh" install uwsgi
# shellcheck disable=SC2034
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
# shellcheck disable=SC2034
SEARXNG_URL_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_URL_PATH)
nginx_install_app "${NGINX_MORTY_SITE}"
info_msg "testing public url .."
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
fi
}
remove_nginx_site() { remove_nginx_site() {
rst_title "Remove nginx site $NGINX_MORTY_SITE" rst_title "Remove nginx site $NGINX_MORTY_SITE"
@ -526,37 +110,10 @@ This removes nginx site ${NGINX_MORTY_SITE}."
return return
fi fi
nginx_remove_site "$NGINX_MORTY_SITE" nginx_remove_app "$NGINX_MORTY_SITE"
}
rst-doc() {
eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/morty.rst")\""
echo -e "\n.. START install systemd unit"
cat <<EOF
.. tabs::
.. group-tab:: systemd
.. code:: bash
EOF
eval "echo \"$(< "${TEMPLATES}/${SERVICE_SYSTEMD_UNIT}")\"" | prefix_stdout " "
echo -e "\n.. END install systemd unit"
# for DIST_NAME in ubuntu-20.04 arch fedora centos; do
# (
# DIST_ID=${DIST_NAME%-*}
# DIST_VERS=${DIST_NAME#*-}
# [[ $DIST_VERS =~ $DIST_ID ]] && DIST_VERS=
# # ...
# )
# done
} }
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
main "$@" main "$@"
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------

1031
utils/searx.sh
View File

File diff suppressed because it is too large Load Diff

1017
utils/searxng.sh
View File

File diff suppressed because it is too large Load Diff

7
utils/searxng_check.py
Unescape Escape View File

@ -25,3 +25,10 @@ if os.path.isfile(OLD_SETTING):
os.environ.get('SEARXNG_SETTINGS_PATH', '/etc/searxng/settings.yml') os.environ.get('SEARXNG_SETTINGS_PATH', '/etc/searxng/settings.yml')
)) ))
warnings.warn(msg, DeprecationWarning) warnings.warn(msg, DeprecationWarning)
from searx.shared import redisdb
from searx import get_setting
if not redisdb.init():
warnings.warn("can't connect to redis DB at: %s" % get_setting('redis.url'), RuntimeWarning, stacklevel=2)
warnings.warn("--> no bot protection without redis DB", RuntimeWarning, stacklevel=2)

129
utils/templates/etc/filtron/rules.json
Unescape Escape View File

@ -1,129 +0,0 @@
[
{
"name": "roboagent limit",
"filters": [
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
],
"limit": 0,
"stop": true,
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "botlimit",
"filters": [
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
],
"limit": 0,
"stop": true,
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "suspiciously frequent IP",
"filters": [],
"interval": 600,
"limit": 30,
"aggregations": [
"Header:X-Forwarded-For"
],
"actions":[
{"name":"log"}
]
},
{
"name": "search request",
"filters": [
"Param:q",
"Path=^(/|/search)$"
],
"interval": 61,
"limit": 999,
"subrules": [
{
"name": "missing Accept-Language",
"filters": ["!Header:Accept-Language"],
"limit": 0,
"stop": true,
"actions": [
{"name":"log"},
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "suspiciously Connection=close header",
"filters": ["Header:Connection=close"],
"limit": 0,
"stop": true,
"actions": [
{"name":"log"},
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "IP limit",
"interval": 61,
"limit": 9,
"stop": true,
"aggregations": [
"Header:X-Forwarded-For"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "rss/json limit",
"filters": [
"Param:format=(csv|json|rss)"
],
"interval": 121,
"limit": 2,
"stop": true,
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
},
{
"name": "useragent limit",
"interval": 61,
"limit": 199,
"aggregations": [
"Header:User-Agent"
],
"actions": [
{ "name": "log"},
{ "name": "block",
"params": {
"message": "Rate limit exceeded"
}
}
]
}
]
}
]

28
utils/templates/etc/httpd/sites-available/morty.conf
Unescape Escape View File

@ -1,28 +0,0 @@
# -*- coding: utf-8; mode: apache -*-
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog
# CustomLog /dev/null combined env=dontlog
<Location ${PUBLIC_URL_PATH_MORTY} >
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Require all granted
Order deny,allow
Deny from all
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass http://${MORTY_LISTEN}
RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
</Location>

41
utils/templates/etc/httpd/sites-available/searxng.conf
Unescape Escape View File

@ -0,0 +1,41 @@
# -*- coding: utf-8; mode: apache -*-
LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
#
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
# CustomLog /dev/null combined env=dontlog
<Location ${SEARXNG_URL_PATH}>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
# add the trailing slash
RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/
ProxyPreserveHost On
ProxyPass http://${SEARXNG_INTERNAL_HTTP}
# see flaskfix.py
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
RequestHeader set X-Script-Name ${SEARXNG_URL_PATH}
# see limiter.py
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
</Location>
# uWSGI serves the static files and in settings.yml we use::
#
# ui:
# static_use_hash: true
#
# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/

33
utils/templates/etc/httpd/sites-available/searxng.conf:filtron
Unescape Escape View File

@ -1,33 +0,0 @@
# -*- coding: utf-8; mode: apache -*-
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog
# CustomLog /dev/null combined env=dontlog
# SecRuleRemoveById 981054
# SecRuleRemoveById 981059
# SecRuleRemoveById 981060
# SecRuleRemoveById 950907
<Location ${FILTRON_URL_PATH} >
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Require all granted
Order deny,allow
Deny from all
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass http://${FILTRON_LISTEN}
RequestHeader set X-Script-Name ${FILTRON_URL_PATH}
</Location>

41
utils/templates/etc/httpd/sites-available/searxng.conf:socket
Unescape Escape View File

@ -0,0 +1,41 @@
# -*- coding: utf-8; mode: apache -*-
LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
#
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
# CustomLog /dev/null combined env=dontlog
<Location ${SEARXNG_URL_PATH}>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
# add the trailing slash
RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/
ProxyPreserveHost On
ProxyPass unix:${SEARXNG_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searxng/
# see flaskfix.py
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
RequestHeader set X-Script-Name ${SEARXNG_URL_PATH}
# see limiter.py
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
</Location>
# uWSGI serves the static files and in settings.yml we use::
#
# ui:
# static_use_hash: true
#
# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/

27
utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi
Unescape Escape View File

@ -1,27 +0,0 @@
# -*- coding: utf-8; mode: apache -*-
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
# CustomLog /dev/null combined env=dontlog
<Location ${SEARXNG_URL_PATH}>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/
</Location>

11
utils/templates/etc/nginx/default.apps-available/morty.conf
Unescape Escape View File

@ -1,11 +0,0 @@
# https://example.org/morty
location /morty {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host \$host;
proxy_set_header Connection \$http_connection;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Scheme \$scheme;
}

29
utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron → utils/templates/etc/nginx/default.apps-available/searxng.conf
Unescape Escape View File

@ -1,16 +1,29 @@
# https://example.org/searx
location ${SEARXNG_URL_PATH} { location ${SEARXNG_URL_PATH} {
proxy_pass http://127.0.0.1:4004/;
proxy_pass http://${SEARXNG_INTERNAL_HTTP};
proxy_set_header Host \$host; proxy_set_header Host \$host;
proxy_set_header Connection \$http_connection; proxy_set_header Connection \$http_connection;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; # see flaskfix.py
proxy_set_header X-Scheme \$scheme; proxy_set_header X-Scheme \$scheme;
proxy_set_header X-Script-Name ${SEARXNG_URL_PATH}; proxy_set_header X-Script-Name ${SEARXNG_URL_PATH};
}
location ${SEARXNG_URL_PATH}/static/ { # see limiter.py
alias ${SEARX_SRC}/searx/static/; proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_buffering off;
# proxy_request_buffering off;
# proxy_buffer_size 8k;
} }
# uWSGI serves the static files and in settings.yml we use::
#
# ui:
# static_use_hash: true
#
# location ${SEARXNG_URL_PATH}/static/ {
# alias ${SEARXNG_STATIC}/;
# }

26
utils/templates/etc/nginx/default.apps-available/searxng.conf:socket
Unescape Escape View File

@ -0,0 +1,26 @@
location ${SEARXNG_URL_PATH} {
uwsgi_pass unix://${SEARXNG_UWSGI_SOCKET};
include uwsgi_params;
uwsgi_param HTTP_HOST \$host;
uwsgi_param HTTP_CONNECTION \$http_connection;
# see flaskfix.py
uwsgi_param HTTP_X_SCHEME \$scheme;
uwsgi_param HTTP_X_SCRIPT_NAME ${SEARXNG_URL_PATH};
# see limiter.py
uwsgi_param HTTP_X_REAL_IP \$remote_addr;
uwsgi_param HTTP_X_FORWARDED_FOR \$proxy_add_x_forwarded_for;
}
# uWSGI serves the static files and in settings.yml we use::
#
# ui:
# static_use_hash: true
#
# location ${SEARXNG_URL_PATH}/static/ {
# alias ${SEARXNG_STATIC}/;
# }

78
utils/templates/etc/searxng/settings.yml
Unescape Escape View File

@ -1,46 +1,55 @@
# SearXNG settings, before editing this file read: # SearXNG settings
#
# https://docs.searxng.org/admin/engines/settings.html
use_default_settings: true use_default_settings: true
general: general:
# Debug mode, only for development
debug: false debug: false
# change displayed name instance_name: "SearXNG"
# instance_name: "SearXNG"
search: search:
# Filter results. 0: None, 1: Moderate, 2: Strict safe_search: 2
safe_search: 0 autocomplete: 'duckduckgo'
# Existing autocomplete backends: "dbpedia", "duckduckgo", "google",
# "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
# by default.
autocomplete: ''
# Default search language - leave blank to detect from browser information or
# use codes from 'languages.py'
default_lang: ''
# remove format to deny access, use lower case.
formats:
- html
server: server:
secret_key: "ultrasecretkey" # change this! secret_key: "ultrasecretkey"
# Proxying image results through SearXNG limiter: true
image_proxy: false image_proxy: true
redis:
url: unix:///usr/local/searxng-redis/run/redis.sock?db=0
ui:
static_use_hash: true
# result_proxy: # preferences:
# url: http://127.0.0.1:3000/ # lock:
# key: !!binary "your_morty_proxy_key" # - autocomplete
# - method
enabled_plugins:
- 'Hash plugin'
- 'Search on category select'
- 'Self Informations'
- 'Tracker URL remover'
- 'Ahmia blacklist'
# - 'Hostname replace' # see hostname_replace configuration below
# - 'Infinite scroll'
# - 'Open Access DOI rewrite'
# - 'Vim-like hotkeys'
# plugins: # plugins:
# - only_show_green_results # - only_show_green_results
# engines: # hostname_replace:
#
# - name: duckduckgo
# disabled: false
# #
# # twitter --> nitter
# '(www\.)?twitter\.com$': 'nitter.net'
engines:
- name: google
use_mobile_ui: true
# - name: fdroid # - name: fdroid
# disabled: false # disabled: false
# #
@ -48,6 +57,13 @@ server:
# disabled: false # disabled: false
# #
# - name: mediathekviewweb # - name: mediathekviewweb
# engine: mediathekviewweb # categories: TV
# shortcut: mvw # disabled: false
# categories: general #
# - name: invidious
# disabled: false
# base_url:
# - https://invidious.snopyta.org
# - https://invidious.tiekoetter.com
# - https://invidio.xamh.de
# - https://inv.riverside.rocks

26
utils/templates/etc/uwsgi/apps-archlinux/searxng.ini
Unescape Escape View File

@ -16,7 +16,7 @@ env = LANGUAGE=C.UTF-8
env = LC_ALL=C.UTF-8 env = LC_ALL=C.UTF-8
# chdir to specified directory before apps loading # chdir to specified directory before apps loading
chdir = ${SEARX_SRC}/searx chdir = ${SEARXNG_SRC}/searx
# SearXNG configuration (settings.yml) # SearXNG configuration (settings.yml)
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
@ -57,37 +57,27 @@ enable-threads = true
module = searx.webapp module = searx.webapp
# set PYTHONHOME/virtualenv # set PYTHONHOME/virtualenv
virtualenv = ${SEARX_PYENV} virtualenv = ${SEARXNG_PYENV}
# add directory (or glob) to pythonpath # add directory (or glob) to pythonpath
pythonpath = ${SEARX_SRC} pythonpath = ${SEARXNG_SRC}
# speak to upstream # speak to upstream
# ----------------- # -----------------
#
# Activate the 'http' configuration for filtron or activate the 'socket'
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
# using IP:
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html # Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
http = ${SEARX_INTERNAL_HTTP} http = ${SEARXNG_INTERNAL_HTTP}
# using unix-sockets: # uWSGI serves the static files and in settings.yml we use::
# #
# On some distributions you need to create the app folder for the sockets:: # ui:
# static_use_hash: true
# #
# mkdir -p ${SEARX_UWSGI_SOCKET} static-map = /static=${SEARXNG_STATIC}
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET}
#
# socket = ${SEARX_UWSGI_SOCKET}
# uwsgi serves the static files
# expires set to one year since there are hashes # expires set to one year since there are hashes
static-map = /static=${SEARX_SRC}/searx/static
static-expires = /* 31557600 static-expires = /* 31557600
static-gzip-all = True static-gzip-all = True
offload-threads = %k offload-threads = %k

29
utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket
Unescape Escape View File

@ -16,7 +16,7 @@ env = LANGUAGE=C.UTF-8
env = LC_ALL=C.UTF-8 env = LC_ALL=C.UTF-8
# chdir to specified directory before apps loading # chdir to specified directory before apps loading
chdir = ${SEARX_SRC}/searx chdir = ${SEARXNG_SRC}/searx
# SearXNG configuration (settings.yml) # SearXNG configuration (settings.yml)
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
@ -57,37 +57,24 @@ enable-threads = true
module = searx.webapp module = searx.webapp
# set PYTHONHOME/virtualenv # set PYTHONHOME/virtualenv
virtualenv = ${SEARX_PYENV} virtualenv = ${SEARXNG_PYENV}
# add directory (or glob) to pythonpath # add directory (or glob) to pythonpath
pythonpath = ${SEARX_SRC} pythonpath = ${SEARXNG_SRC}
# speak to upstream # speak to upstream
# ----------------- # -----------------
#
# Activate the 'http' configuration for filtron or activate the 'socket'
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
# using IP:
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
# http = ${SEARX_INTERNAL_HTTP} socket = ${SEARXNG_UWSGI_SOCKET}
# using unix-sockets: # uWSGI serves the static files and in settings.yml we use::
# #
# On some distributions you need to create the app folder for the sockets:: # ui:
# static_use_hash: true
# #
# mkdir -p ${SEARX_UWSGI_SOCKET} static-map = /static=${SEARXNG_STATIC}
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET}
#
socket = ${SEARX_UWSGI_SOCKET}
# uwsgi serves the static files
# expires set to one year since there are hashes # expires set to one year since there are hashes
static-map = /static=${SEARX_SRC}/searx/static
static-expires = /* 31557600 static-expires = /* 31557600
static-gzip-all = True static-gzip-all = True
offload-threads = %k offload-threads = %k

32
utils/templates/etc/uwsgi/apps-available/searxng.ini
Unescape Escape View File

@ -6,7 +6,11 @@
# #
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
# Who will run the code # Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be
# ignored [1]. Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini).
#
# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
#
uid = ${SERVICE_USER} uid = ${SERVICE_USER}
gid = ${SERVICE_GROUP} gid = ${SERVICE_GROUP}
@ -16,7 +20,7 @@ env = LANGUAGE=C.UTF-8
env = LC_ALL=C.UTF-8 env = LC_ALL=C.UTF-8
# chdir to specified directory before apps loading # chdir to specified directory before apps loading
chdir = ${SEARX_SRC}/searx chdir = ${SEARXNG_SRC}/searx
# SearXNG configuration (settings.yml) # SearXNG configuration (settings.yml)
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
@ -56,37 +60,27 @@ enable-threads = true
module = searx.webapp module = searx.webapp
# set PYTHONHOME/virtualenv # set PYTHONHOME/virtualenv
virtualenv = ${SEARX_PYENV} virtualenv = ${SEARXNG_PYENV}
# add directory (or glob) to pythonpath # add directory (or glob) to pythonpath
pythonpath = ${SEARX_SRC} pythonpath = ${SEARXNG_SRC}
# speak to upstream # speak to upstream
# ----------------- # -----------------
#
# Activate the 'http' configuration for filtron or activate the 'socket'
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
# using IP:
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html # Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
http = ${SEARX_INTERNAL_HTTP} http = ${SEARXNG_INTERNAL_HTTP}
# using unix-sockets: # uWSGI serves the static files and in settings.yml we use::
#
# On some distributions you need to create the app folder for the sockets::
# #
# mkdir -p /run/uwsgi/app/searxng # ui:
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET} # static_use_hash: true
# #
# socket = ${SEARX_UWSGI_SOCKET} static-map = /static=${SEARXNG_STATIC}
# uwsgi serves the static files
# expires set to one year since there are hashes # expires set to one year since there are hashes
static-map = /static=${SEARX_SRC}/searx/static
static-expires = /* 31557600 static-expires = /* 31557600
static-gzip-all = True static-gzip-all = True
offload-threads = %k offload-threads = %k

35
utils/templates/etc/uwsgi/apps-available/searxng.ini:socket
Unescape Escape View File

@ -6,7 +6,11 @@
# #
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
# Who will run the code # Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be
# ignored [1]. Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini).
#
# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
#
uid = ${SERVICE_USER} uid = ${SERVICE_USER}
gid = ${SERVICE_GROUP} gid = ${SERVICE_GROUP}
@ -16,7 +20,7 @@ env = LANGUAGE=C.UTF-8
env = LC_ALL=C.UTF-8 env = LC_ALL=C.UTF-8
# chdir to specified directory before apps loading # chdir to specified directory before apps loading
chdir = ${SEARX_SRC}/searx chdir = ${SEARXNG_SRC}/searx
# SearXNG configuration (settings.yml) # SearXNG configuration (settings.yml)
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
@ -56,37 +60,24 @@ enable-threads = true
module = searx.webapp module = searx.webapp
# set PYTHONHOME/virtualenv # set PYTHONHOME/virtualenv
virtualenv = ${SEARX_PYENV} virtualenv = ${SEARXNG_PYENV}
# add directory (or glob) to pythonpath # add directory (or glob) to pythonpath
pythonpath = ${SEARX_SRC} pythonpath = ${SEARXNG_SRC}
# speak to upstream # speak to upstream
# ----------------- # -----------------
#
# Activate the 'http' configuration for filtron or activate the 'socket'
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
# using IP: socket = ${SEARXNG_UWSGI_SOCKET}
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
# http = ${SEARX_INTERNAL_HTTP} # uWSGI serves the static files and in settings.yml we use::
# using unix-sockets:
#
# On some distributions you need to create the app folder for the sockets::
# #
# mkdir -p ${SEARX_UWSGI_SOCKET} # ui:
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET} # static_use_hash: true
# #
socket = ${SEARX_UWSGI_SOCKET} static-map = /static=${SEARXNG_STATIC}
# uwsgi serves the static files
# expires set to one year since there are hashes # expires set to one year since there are hashes
static-map = /static=${SEARX_SRC}/searx/static
static-expires = /* 31557600 static-expires = /* 31557600
static-gzip-all = True static-gzip-all = True
offload-threads = %k offload-threads = %k

Write Preview
Loading…
Cancel
Save