From 58d5da8b57c5aeab92f551e8d175be67537c351c Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Sat, 11 Apr 2020 13:19:11 +0200 Subject: [PATCH] nginx: normalize installation (docs and script)s over all distros This is the revision of the documentation about the varous nginx installation variants. It also implements the nginx installation scripts for morty and filtron. Signed-off-by: Markus Heiser --- docs/admin/filtron.rst | 17 +- docs/admin/installation-nginx.rst | 102 ++++++---- utils/filtron.sh | 66 ++++++- utils/lib.sh | 185 +++++++++++++++++- utils/lxc.sh | 20 +- utils/morty.sh | 69 ++++++- utils/searx.sh | 8 +- .../nginx/default.apps-available/morty.conf | 11 ++ .../default.apps-available/searx.conf:filtron | 16 ++ 9 files changed, 414 insertions(+), 80 deletions(-) create mode 100644 utils/templates/etc/nginx/default.apps-available/morty.conf create mode 100644 utils/templates/etc/nginx/default.apps-available/searx.conf:filtron diff --git a/docs/admin/filtron.rst b/docs/admin/filtron.rst index 9615cd935..8bf641649 100644 --- a/docs/admin/filtron.rst +++ b/docs/admin/filtron.rst @@ -158,6 +158,12 @@ of: Route request through filtron ============================= +.. sidebar:: further reading + + - :ref:`filtron.sh overview` + - :ref:`installation nginx` + - :ref:`installation apache` + Filtron can be started using the following command: .. code:: sh @@ -171,15 +177,24 @@ Use it along with ``nginx`` with the following example configuration. .. code:: nginx - location / { + # https://example.org/searx + + location /searx { proxy_pass http://127.0.0.1:4004/; proxy_set_header Host $http_host; + proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; } + location /searx/static { + /usr/local/searx/searx-src/searx/static; + } + + Requests are coming from port 4004 going through filtron and then forwarded to port 8888 where a searx is being run. For a complete setup see: :ref:`nginx searx site`. diff --git a/docs/admin/installation-nginx.rst b/docs/admin/installation-nginx.rst index e62c60df6..4ecc54066 100644 --- a/docs/admin/installation-nginx.rst +++ b/docs/admin/installation-nginx.rst @@ -159,14 +159,22 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location / { - proxy_pass http://127.0.0.1:4004/; + # https://example.org/searx - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - } + location /searx { + proxy_pass http://127.0.0.1:4004/; + + proxy_set_header Host $http_host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; + } + + location /searx/static { + /usr/local/searx/searx-src/searx/static; + } 2. Configure reverse proxy for :ref:`morty `, listening on @@ -174,10 +182,13 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location /morty { + # https://example.org/morty + + location /morty { proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $http_host; + proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; @@ -197,7 +208,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*. image_proxy : True - .. group-tab:: proxy or uWSGI + .. group-tab:: proxy or uWSGI Be warned, with this setup, your instance isn't :ref:`protected `. Nevertheless it is good enough for intranet usage and it is a @@ -208,15 +219,17 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location / { - proxy_pass http://127.0.0.1:8888; + # https://hostname.local/ - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - proxy_buffering off; - } + location / { + proxy_pass http://127.0.0.1:8888; + + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_buffering off; + } Alternatively you can use the `uWSGI support from nginx`_ via unix sockets. For socket communication, you have to activate ``socket = @@ -234,8 +247,8 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx server { - # replace example.org with your server's public name - server_name example.org; + # replace hostname.local with your server's name + server_name hostname.local; listen 80; listen [::]:80; @@ -245,7 +258,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*. uwsgi_pass unix:/run/uwsgi/app/searx/socket; } - root /usr/local/searx/searx-src/searx; + root /usr/local/searx/searx-src/searx; location /static { } } @@ -254,10 +267,10 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: bash - mkdir -p /run/uwsgi/app/searx/ - sudo -H chown -R searx:searx /run/uwsgi/app/searx/ + mkdir -p /run/uwsgi/app/searx/ + sudo -H chown -R searx:searx /run/uwsgi/app/searx/ - .. group-tab:: proxy at subdir URL + .. group-tab:: \.\. at subdir URL Be warned, with these setups, your instance isn't :ref:`protected `. The examples are just here to demonstrate how to export the @@ -265,19 +278,22 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location /searx { - proxy_pass http://127.0.0.1:8888; + # https://hostname.local/searx - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - proxy_buffering off; - } + location /searx { + proxy_pass http://127.0.0.1:8888; - location /searx/static { - alias /usr/local/searx/searx-src/searx/static; - } + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; + proxy_buffering off; + } + + location /searx/static { + alias /usr/local/searx/searx-src/searx/static; + } The ``X-Script-Name /searx`` is needed by the searx implementation to calculate relative URLs correct. The next example shows a uWSGI @@ -286,15 +302,17 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location /searx/static { - alias /usr/local/searx/searx-src/searx; - } + # https://hostname.local/searx - location /searx { - uwsgi_param SCRIPT_NAME /searx; - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/app/searx/socket; - } + location /searx { + uwsgi_param SCRIPT_NAME /searx; + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/app/searx/socket; + } + + location /searx/static { + alias /usr/local/searx/searx-src/searx; + } For searx to work correctly the ``base_url`` must be set in the :origin:`searx/settings.yml`. diff --git a/utils/filtron.sh b/utils/filtron.sh index d24b6c39e..c82c2d0a3 100755 --- a/utils/filtron.sh +++ b/utils/filtron.sh @@ -44,9 +44,8 @@ GO_ENV="${SERVICE_HOME}/.go_env" GO_PKG_URL="https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz" GO_TAR=$(basename "$GO_PKG_URL") -# Apache Settings - APACHE_FILTRON_SITE="searx.conf" +NGINX_FILTRON_SITE="searx.conf" # shellcheck disable=SC2034 CONFIG_FILES=( @@ -60,9 +59,7 @@ usage() { # shellcheck disable=SC1117 cat <&2; + exit "${1-1}" +} + +die_caller() { + echo -e "${_BRed}ERROR:${_creset} ${BASH_SOURCE[2]}: line ${BASH_LINENO[1]}: ${FUNCNAME[1]}(): ${2-died ${1-1}}" >&2; + exit "${1-1}" +} + err_msg() { echo -e "${_BRed}ERROR:${_creset} $*" >&2; } warn_msg() { echo -e "${_BBlue}WARN:${_creset} $*" >&2; } info_msg() { echo -e "${_BYellow}INFO:${_creset} $*" >&2; } @@ -471,11 +481,7 @@ service_is_available() { # usage: service_is_available - local URL="$1" - if [[ -z $URL ]]; then - err_msg "service_is_available: missing arguments" - return 42 - fi + [[ -z $1 ]] && die_caller 42 "missing argument " http_code=$(curl -H 'Cache-Control: no-cache' \ --silent -o /dev/null --head --write-out '%{http_code}' --insecure \ @@ -624,6 +630,175 @@ EOF } +# nginx +# ----- + +nginx_distro_setup() { + # shellcheck disable=SC2034 + + NGINX_DEFAULT_SERVER=/etc/nginx/nginx.conf + + # Including *location* directives from a dedicated config-folder into the + # server directive is, what what fedora (already) does. + NGINX_APPS_ENABLED="/etc/nginx/default.d" + + # We add a apps-available folder and linking configurations into the + # NGINX_APPS_ENABLED folder. See also nginx_include_apps_enabled(). + NGINX_APPS_AVAILABLE="/etc/nginx/default.apps-available" + + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + NGINX_PACKAGES="nginx" + NGINX_DEFAULT_SERVER=/etc/nginx/sites-available/default + ;; + arch-*) + NGINX_PACKAGES="nginx-mainline" + ;; + fedora-*) + NGINX_PACKAGES="nginx" + ;; + *) + err_msg "$DIST_ID-$DIST_VERS: nginx not yet implemented" + ;; + esac +} +nginx_distro_setup + +install_nginx(){ + info_msg "installing nginx ..." + pkg_install "${NGINX_PACKAGES}" + case $DIST_ID-$DIST_VERS in + arch-*|fedora-*) + systemctl enable nginx + systemctl start nginx + ;; + esac +} + +nginx_is_installed() { + command -v nginx &>/dev/null +} + +nginx_reload() { + + info_msg "reload nginx .." + echo + if ! nginx -t; then + err_msg "testing nginx configuration failed" + return 42 + fi + systemctl restart nginx +} + +nginx_install_app() { + + # usage: nginx_install_app [