mirror of
https://github.com/searxng/searxng.git
synced 2025-01-11 19:05:24 +00:00
Merge pull request #1332 from return42/searxng-install
Upgrade installation scripts and documentation
This commit is contained in:
commit
645c2a2ca1
62 changed files with 2261 additions and 4241 deletions
52
.config.sh
52
.config.sh
|
@ -1,52 +0,0 @@
|
||||||
# -*- coding: utf-8; mode: sh -*-
|
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
||||||
# shellcheck shell=bash disable=SC2034
|
|
||||||
#
|
|
||||||
# This file should be edited only ones just before the installation of any
|
|
||||||
# service is done. After the installation of the searx service a copy of this
|
|
||||||
# file is placed into the $SEARX_SRC of the instance, e.g.::
|
|
||||||
#
|
|
||||||
# /usr/local/searx/searx-src/.config.sh
|
|
||||||
#
|
|
||||||
# .. hint::
|
|
||||||
#
|
|
||||||
# Before you change a value here, You have to fully uninstall any previous
|
|
||||||
# installation of searx, morty and filtron services!
|
|
||||||
|
|
||||||
# utils/searx.sh
|
|
||||||
# --------------
|
|
||||||
|
|
||||||
# The setup of the SearXNG instance is done in the settings.yml
|
|
||||||
# (SEARXNG_SETTINGS_PATH). Read the remarks in [1] carefully and don't forget to
|
|
||||||
# rebuild instance's environment (make buildenv) if needed. The settings.yml
|
|
||||||
# file of an already installed instance is shown by::
|
|
||||||
#
|
|
||||||
# $ ./utils/searx.sh --help
|
|
||||||
# ---- SearXNG instance setup (already installed)
|
|
||||||
# SEARXNG_SETTINGS_PATH : /etc/searxng/settings.yml
|
|
||||||
# SEARX_SRC : /usr/local/searx/searx-src
|
|
||||||
#
|
|
||||||
# [1] https://docs.searxng.org/admin/engines/settings.html
|
|
||||||
|
|
||||||
# utils/filtron.sh
|
|
||||||
# ----------------
|
|
||||||
|
|
||||||
# FILTRON_API="127.0.0.1:4005"
|
|
||||||
# FILTRON_LISTEN="127.0.0.1:4004"
|
|
||||||
|
|
||||||
# utils/morty.sh
|
|
||||||
# --------------
|
|
||||||
|
|
||||||
# morty listen address
|
|
||||||
# MORTY_LISTEN="127.0.0.1:3000"
|
|
||||||
# PUBLIC_URL_PATH_MORTY="/morty/"
|
|
||||||
|
|
||||||
# system services
|
|
||||||
# ---------------
|
|
||||||
|
|
||||||
# Common $HOME folder of the service accounts
|
|
||||||
# SERVICE_HOME_BASE="/usr/local"
|
|
||||||
|
|
||||||
# **experimental**: Set SERVICE_USER to run all services by one account, but be
|
|
||||||
# aware that removing discrete components might conflict!
|
|
||||||
# SERVICE_USER=searx
|
|
2
.github/workflows/data-update.yml
vendored
2
.github/workflows/data-update.yml
vendored
|
@ -26,7 +26,7 @@ jobs:
|
||||||
|
|
||||||
- name: Install Ubuntu packages
|
- name: Install Ubuntu packages
|
||||||
run: |
|
run: |
|
||||||
sudo ./utils/searx.sh install packages
|
sudo ./utils/searxng.sh install packages
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
|
|
6
.github/workflows/integration.yml
vendored
6
.github/workflows/integration.yml
vendored
|
@ -19,7 +19,7 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
- name: Install Ubuntu packages
|
- name: Install Ubuntu packages
|
||||||
run: |
|
run: |
|
||||||
sudo ./utils/searx.sh install packages
|
sudo ./utils/searxng.sh install packages
|
||||||
sudo apt install firefox
|
sudo apt install firefox
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
|
@ -55,7 +55,7 @@ jobs:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
- name: Install Ubuntu packages
|
- name: Install Ubuntu packages
|
||||||
run: sudo ./utils/searx.sh install buildhost
|
run: sudo ./utils/searxng.sh install buildhost
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
with:
|
with:
|
||||||
|
@ -82,7 +82,7 @@ jobs:
|
||||||
fetch-depth: '0'
|
fetch-depth: '0'
|
||||||
persist-credentials: false
|
persist-credentials: false
|
||||||
- name: Install Ubuntu packages
|
- name: Install Ubuntu packages
|
||||||
run: sudo ./utils/searx.sh install buildhost
|
run: sudo ./utils/searxng.sh install buildhost
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v2
|
||||||
with:
|
with:
|
||||||
|
|
5
Makefile
5
Makefile
|
@ -59,17 +59,16 @@ test.shell:
|
||||||
utils/brand.env \
|
utils/brand.env \
|
||||||
$(MTOOLS) \
|
$(MTOOLS) \
|
||||||
utils/lib.sh \
|
utils/lib.sh \
|
||||||
utils/lib_install.sh \
|
|
||||||
utils/lib_nvm.sh \
|
utils/lib_nvm.sh \
|
||||||
utils/lib_static.sh \
|
utils/lib_static.sh \
|
||||||
utils/lib_go.sh \
|
utils/lib_go.sh \
|
||||||
utils/lib_redis.sh \
|
utils/lib_redis.sh \
|
||||||
utils/filtron.sh \
|
utils/filtron.sh \
|
||||||
utils/searx.sh \
|
utils/searx.sh \
|
||||||
|
utils/searxng.sh \
|
||||||
utils/morty.sh \
|
utils/morty.sh \
|
||||||
utils/lxc.sh \
|
utils/lxc.sh \
|
||||||
utils/lxc-searx.env \
|
utils/lxc-searxng.env
|
||||||
.config.sh
|
|
||||||
$(Q)$(MTOOLS) build_msg TEST "$@ OK"
|
$(Q)$(MTOOLS) build_msg TEST "$@ OK"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,33 +1,30 @@
|
||||||
digraph G {
|
digraph G {
|
||||||
|
|
||||||
node [style=filled, shape=box, fillcolor="#ffffcc", fontname="Sans"];
|
node [style=filled, shape=box, fillcolor="#ffffcc", fontname=Sans];
|
||||||
edge [fontname="Sans"];
|
edge [fontname="Sans"];
|
||||||
|
|
||||||
browser [label="Browser", shape=Mdiamond];
|
browser [label="browser", shape=tab, fillcolor=aliceblue];
|
||||||
rp [label="Reverse Proxy", href="https://docs.searxng.org/utils/filtron.sh.html#public-reverse-proxy"];
|
rp [label="reverse proxy"];
|
||||||
filtron [label="Filtron", href="https://docs.searxng.org/utils/filtron.sh.html"];
|
static [label="static files", shape=folder, href="url to configure static files", fillcolor=lightgray];
|
||||||
morty [label="Morty", href="https://docs.searxng.org/utils/morty.sh.html"];
|
uwsgi [label="uwsgi", shape=parallelogram href="https://docs.searxng.org/utils/searx.sh.html"]
|
||||||
static [label="Static files", href="url to configure static files"];
|
redis [label="redis DB", shape=cylinder];
|
||||||
uwsgi [label="uwsgi", href="https://docs.searxng.org/utils/searx.sh.html"]
|
searxng1 [label="SearXNG #1", fontcolor=blue3];
|
||||||
searx1 [label="Searx #1"];
|
searxng2 [label="SearXNG #2", fontcolor=blue3];
|
||||||
searx2 [label="Searx #2"];
|
searxng3 [label="SearXNG #3", fontcolor=blue3];
|
||||||
searx3 [label="Searx #3"];
|
searxng4 [label="SearXNG #4", fontcolor=blue3];
|
||||||
searx4 [label="Searx #4"];
|
|
||||||
|
|
||||||
browser -> rp [label="HTTPS"]
|
browser -> rp [label="HTTPS"]
|
||||||
|
|
||||||
subgraph cluster_searx {
|
subgraph cluster_searxng {
|
||||||
label = "Searx instance" fontname="Sans";
|
label = "SearXNG instance" fontname=Sans;
|
||||||
bgcolor="#fafafa";
|
bgcolor="#fafafa";
|
||||||
{ rank=same; static rp };
|
{ rank=same; static rp };
|
||||||
rp -> morty [label="optional: images and HTML pages proxy"];
|
rp -> static [label="optional: reverse proxy serves static files", fillcolor=slategray, fontcolor=slategray];
|
||||||
rp -> static [label="optional: reverse proxy serves directly static files"];
|
rp -> uwsgi [label="http:// (tcp) or unix:// (socket)"];
|
||||||
rp -> filtron [label="HTTP"];
|
uwsgi -> searxng1 -> redis;
|
||||||
filtron -> uwsgi [label="HTTP"];
|
uwsgi -> searxng2 -> redis;
|
||||||
uwsgi -> searx1;
|
uwsgi -> searxng3 -> redis;
|
||||||
uwsgi -> searx2;
|
uwsgi -> searxng4 -> redis;
|
||||||
uwsgi -> searx3;
|
|
||||||
uwsgi -> searx4;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,17 +8,19 @@ Architecture
|
||||||
|
|
||||||
- Reverse Proxy: :ref:`Apache <apache searxng site>` & :ref:`nginx <nginx
|
- Reverse Proxy: :ref:`Apache <apache searxng site>` & :ref:`nginx <nginx
|
||||||
searxng site>`
|
searxng site>`
|
||||||
- Filtron: :ref:`searxng filtron`
|
|
||||||
- Morty: :ref:`searxng morty`
|
|
||||||
- uWSGI: :ref:`searxng uwsgi`
|
- uWSGI: :ref:`searxng uwsgi`
|
||||||
- SearXNG: :ref:`installation basic`
|
- SearXNG: :ref:`installation basic`
|
||||||
|
|
||||||
Herein you will find some hints and suggestions about typical architectures of
|
Herein you will find some hints and suggestions about typical architectures of
|
||||||
SearXNG infrastructures.
|
SearXNG infrastructures.
|
||||||
|
|
||||||
We start with a contribution from :pull-searx:`@dalf <1776#issuecomment-567917320>`.
|
.. _architecture uWSGI:
|
||||||
It shows a *reference* setup for public SearXNG instances which can build up and
|
|
||||||
maintained by the scripts from our :ref:`toolboxing`.
|
uWSGI Setup
|
||||||
|
===========
|
||||||
|
|
||||||
|
We start with a *reference* setup for public SearXNG instances which can be build
|
||||||
|
up and maintained by the scripts from our :ref:`toolboxing`.
|
||||||
|
|
||||||
.. _arch public:
|
.. _arch public:
|
||||||
|
|
||||||
|
@ -26,3 +28,11 @@ maintained by the scripts from our :ref:`toolboxing`.
|
||||||
:alt: arch_public.dot
|
:alt: arch_public.dot
|
||||||
|
|
||||||
Reference architecture of a public SearXNG setup.
|
Reference architecture of a public SearXNG setup.
|
||||||
|
|
||||||
|
The reference installation activates ``server.limiter``, ``server.image_proxy``
|
||||||
|
and ``ui.static_use_hash`` (:origin:`/etc/searxng/settings.yml
|
||||||
|
<utils/templates/etc/searxng/settings.yml>`)
|
||||||
|
|
||||||
|
.. literalinclude:: ../../utils/templates/etc/searxng/settings.yml
|
||||||
|
:language: yaml
|
||||||
|
:end-before: # preferences:
|
||||||
|
|
|
@ -15,19 +15,19 @@ Buildhosts
|
||||||
:backlinks: entry
|
:backlinks: entry
|
||||||
|
|
||||||
To get best results from build, its recommend to install additional packages
|
To get best results from build, its recommend to install additional packages
|
||||||
on build hosts (see :ref:`searx.sh`).::
|
on build hosts (see :ref:`searxng.sh`).::
|
||||||
|
|
||||||
sudo -H ./utils/searx.sh install buildhost
|
sudo -H ./utils/searxng.sh install buildhost
|
||||||
|
|
||||||
This will install packages needed by searx:
|
This will install packages needed by searx:
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START distro-packages
|
:start-after: START distro-packages
|
||||||
:end-before: END distro-packages
|
:end-before: END distro-packages
|
||||||
|
|
||||||
and packages needed to build docuemtation and run tests:
|
and packages needed to build docuemtation and run tests:
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START build-packages
|
:start-after: START build-packages
|
||||||
:end-before: END build-packages
|
:end-before: END build-packages
|
||||||
|
|
||||||
|
|
|
@ -42,11 +42,11 @@ Extra Dependencies
|
||||||
|
|
||||||
For using :ref:`engine redis_server` or :ref:`engine mongodb` you need to
|
For using :ref:`engine redis_server` or :ref:`engine mongodb` you need to
|
||||||
install additional packages in Python's Virtual Environment of your SearXNG
|
install additional packages in Python's Virtual Environment of your SearXNG
|
||||||
instance. To switch into the environment (:ref:`searx-src`) you can use
|
instance. To switch into the environment (:ref:`searxng-src`) you can use
|
||||||
:ref:`searx.sh`::
|
:ref:`searxng.sh`::
|
||||||
|
|
||||||
$ sudo utils/searx.sh shell
|
$ sudo utils/searxng.sh instance cmd bash
|
||||||
(searx-pyenv)$ pip install ...
|
(searxng-pyenv)$ pip install ...
|
||||||
|
|
||||||
|
|
||||||
.. _engine redis_server:
|
.. _engine redis_server:
|
||||||
|
|
|
@ -207,10 +207,14 @@ Global Settings
|
||||||
``secret_key`` : ``$SEARXNG_SECRET``
|
``secret_key`` : ``$SEARXNG_SECRET``
|
||||||
Used for cryptography purpose.
|
Used for cryptography purpose.
|
||||||
|
|
||||||
|
.. _limiter:
|
||||||
|
|
||||||
``limiter`` :
|
``limiter`` :
|
||||||
Rate limit the number of request on the instance, block some bots. The
|
Rate limit the number of request on the instance, block some bots. The
|
||||||
:ref:`limiter plugin` requires a :ref:`settings redis` database.
|
:ref:`limiter plugin` requires a :ref:`settings redis` database.
|
||||||
|
|
||||||
|
.. _image_proxy:
|
||||||
|
|
||||||
``image_proxy`` :
|
``image_proxy`` :
|
||||||
Allow your instance of SearXNG of being able to proxy images. Uses memory space.
|
Allow your instance of SearXNG of being able to proxy images. Uses memory space.
|
||||||
|
|
||||||
|
@ -225,9 +229,13 @@ Global Settings
|
||||||
``ui:``
|
``ui:``
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
.. _cache busting:
|
||||||
|
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#caching_static_assets_with_cache_busting
|
||||||
|
|
||||||
.. code:: yaml
|
.. code:: yaml
|
||||||
|
|
||||||
ui:
|
ui:
|
||||||
|
static_use_hash: false
|
||||||
default_locale: ""
|
default_locale: ""
|
||||||
query_in_title: false
|
query_in_title: false
|
||||||
infinite_scroll: false
|
infinite_scroll: false
|
||||||
|
@ -236,6 +244,11 @@ Global Settings
|
||||||
theme_args:
|
theme_args:
|
||||||
simple_style: auto
|
simple_style: auto
|
||||||
|
|
||||||
|
.. _static_use_hash:
|
||||||
|
|
||||||
|
``static_use_hash`` :
|
||||||
|
Enables `cache busting`_ of static files.
|
||||||
|
|
||||||
``default_locale`` :
|
``default_locale`` :
|
||||||
SearXNG interface language. If blank, the locale is detected by using the
|
SearXNG interface language. If blank, the locale is detected by using the
|
||||||
browser language. If it doesn't work, or you are deploying a language
|
browser language. If it doesn't work, or you are deploying a language
|
||||||
|
|
|
@ -98,11 +98,11 @@ Extra Dependencies
|
||||||
|
|
||||||
For using :ref:`engine postgresql` or :ref:`engine mysql_server` you need to
|
For using :ref:`engine postgresql` or :ref:`engine mysql_server` you need to
|
||||||
install additional packages in Python's Virtual Environment of your SearXNG
|
install additional packages in Python's Virtual Environment of your SearXNG
|
||||||
instance. To switch into the environment (:ref:`searx-src`) you can use
|
instance. To switch into the environment (:ref:`searxng-src`) you can use
|
||||||
:ref:`searx.sh`::
|
:ref:`searxng.sh`::
|
||||||
|
|
||||||
$ sudo utils/searx.sh shell
|
$ sudo utils/searxng.sh instance cmd bash
|
||||||
(searx-pyenv)$ pip install ...
|
(searxng-pyenv)$ pip install ...
|
||||||
|
|
||||||
|
|
||||||
.. _engine postgresql:
|
.. _engine postgresql:
|
||||||
|
|
|
@ -1,193 +0,0 @@
|
||||||
|
|
||||||
.. _searxng filtron:
|
|
||||||
|
|
||||||
==========================
|
|
||||||
How to protect an instance
|
|
||||||
==========================
|
|
||||||
|
|
||||||
.. tip::
|
|
||||||
|
|
||||||
To protect your instance a installation of filtron (as described here) is no
|
|
||||||
longer needed, alternatively activate the :ref:`limiter plugin` in your
|
|
||||||
``settings.yml``. Note that the :ref:`limiter plugin` requires a :ref:`Redis
|
|
||||||
<settings redis>` database.
|
|
||||||
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
|
||||||
|
|
||||||
- :ref:`filtron.sh`
|
|
||||||
- :ref:`nginx searxng site`
|
|
||||||
|
|
||||||
.. _filtron: https://github.com/searxng/filtron
|
|
||||||
|
|
||||||
SearXNG depends on external search services. To avoid the abuse of these services
|
|
||||||
it is advised to limit the number of requests processed by SearXNG.
|
|
||||||
|
|
||||||
An application firewall, filtron_ solves exactly this problem. Filtron is just
|
|
||||||
a middleware between your web server (nginx, apache, ...) and searx, we describe
|
|
||||||
such infrastructures in chapter: :ref:`architecture`.
|
|
||||||
|
|
||||||
|
|
||||||
filtron & go
|
|
||||||
============
|
|
||||||
|
|
||||||
.. _Go: https://golang.org/
|
|
||||||
.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md
|
|
||||||
|
|
||||||
Filtron needs Go_ installed. If Go_ is preinstalled, filtron_ is simply
|
|
||||||
installed by ``go get`` package management (see `filtron README`_). If you use
|
|
||||||
filtron as middleware, a more isolated setup is recommended. To simplify such
|
|
||||||
an installation and the maintenance of, use our script :ref:`filtron.sh`.
|
|
||||||
|
|
||||||
.. _Sample configuration of filtron:
|
|
||||||
|
|
||||||
Sample configuration of filtron
|
|
||||||
===============================
|
|
||||||
|
|
||||||
.. sidebar:: Tooling box
|
|
||||||
|
|
||||||
- :origin:`/etc/filtron/rules.json <utils/templates/etc/filtron/rules.json>`
|
|
||||||
|
|
||||||
An example configuration can be find below. This configuration limits the access
|
|
||||||
of:
|
|
||||||
|
|
||||||
- scripts or applications (roboagent limit)
|
|
||||||
- webcrawlers (botlimit)
|
|
||||||
- IPs which send too many requests (IP limit)
|
|
||||||
- too many json, csv, etc. requests (rss/json limit)
|
|
||||||
- the same UserAgent of if too many requests (useragent limit)
|
|
||||||
|
|
||||||
.. code:: json
|
|
||||||
|
|
||||||
[
|
|
||||||
{
|
|
||||||
"name": "search request",
|
|
||||||
"filters": [
|
|
||||||
"Param:q",
|
|
||||||
"Path=^(/|/search)$"
|
|
||||||
],
|
|
||||||
"interval": "<time-interval-in-sec (int)>",
|
|
||||||
"limit": "<max-request-number-in-interval (int)>",
|
|
||||||
"subrules": [
|
|
||||||
{
|
|
||||||
"name": "missing Accept-Language",
|
|
||||||
"filters": ["!Header:Accept-Language"],
|
|
||||||
"limit": "<max-request-number-in-interval (int)>",
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{"name":"log"},
|
|
||||||
{"name": "block",
|
|
||||||
"params": {"message": "Rate limit exceeded"}}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "suspiciously Connection=close header",
|
|
||||||
"filters": ["Header:Connection=close"],
|
|
||||||
"limit": "<max-request-number-in-interval (int)>",
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{"name":"log"},
|
|
||||||
{"name": "block",
|
|
||||||
"params": {"message": "Rate limit exceeded"}}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "IP limit",
|
|
||||||
"interval": "<time-interval-in-sec (int)>",
|
|
||||||
"limit": "<max-request-number-in-interval (int)>",
|
|
||||||
"stop": true,
|
|
||||||
"aggregations": [
|
|
||||||
"Header:X-Forwarded-For"
|
|
||||||
],
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "rss/json limit",
|
|
||||||
"filters": [
|
|
||||||
"Param:format=(csv|json|rss)"
|
|
||||||
],
|
|
||||||
"interval": "<time-interval-in-sec (int)>",
|
|
||||||
"limit": "<max-request-number-in-interval (int)>",
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "useragent limit",
|
|
||||||
"interval": "<time-interval-in-sec (int)>",
|
|
||||||
"limit": "<max-request-number-in-interval (int)>",
|
|
||||||
"aggregations": [
|
|
||||||
"Header:User-Agent"
|
|
||||||
],
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
.. _filtron route request:
|
|
||||||
|
|
||||||
Route request through filtron
|
|
||||||
=============================
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
|
||||||
|
|
||||||
- :ref:`filtron.sh overview`
|
|
||||||
- :ref:`installation nginx`
|
|
||||||
- :ref:`installation apache`
|
|
||||||
|
|
||||||
Filtron can be started using the following command:
|
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
$ filtron -rules rules.json
|
|
||||||
|
|
||||||
It listens on ``127.0.0.1:4004`` and forwards filtered requests to
|
|
||||||
``127.0.0.1:8888`` by default.
|
|
||||||
|
|
||||||
Use it along with ``nginx`` with the following example configuration.
|
|
||||||
|
|
||||||
.. code:: nginx
|
|
||||||
|
|
||||||
# https://example.org/searx
|
|
||||||
|
|
||||||
location /searx {
|
|
||||||
proxy_pass http://127.0.0.1:4004/;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header Connection $http_connection;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Scheme $scheme;
|
|
||||||
proxy_set_header X-Script-Name /searx;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /searx/static {
|
|
||||||
/usr/local/searx/searx-src/searx/static;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
Requests are coming from port 4004 going through filtron and then forwarded to
|
|
||||||
port 8888 where a SearXNG is being run. For a complete setup see: :ref:`nginx
|
|
||||||
searxng site`.
|
|
|
@ -7,17 +7,15 @@ Administrator documentation
|
||||||
:caption: Contents
|
:caption: Contents
|
||||||
|
|
||||||
installation
|
installation
|
||||||
|
installation-docker
|
||||||
|
installation-scripts
|
||||||
installation-searxng
|
installation-searxng
|
||||||
installation-uwsgi
|
installation-uwsgi
|
||||||
installation-nginx
|
installation-nginx
|
||||||
installation-apache
|
installation-apache
|
||||||
installation-docker
|
|
||||||
installation-switch2ng
|
|
||||||
update-searxng
|
update-searxng
|
||||||
engines/index
|
engines/index
|
||||||
api
|
api
|
||||||
architecture
|
architecture
|
||||||
filtron
|
|
||||||
morty
|
|
||||||
plugins
|
plugins
|
||||||
buildhosts
|
buildhosts
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
.. _installation apache:
|
.. _installation apache:
|
||||||
|
|
||||||
===================
|
======
|
||||||
Install with apache
|
Apache
|
||||||
===================
|
======
|
||||||
|
|
||||||
.. _Apache: https://httpd.apache.org/
|
.. _Apache: https://httpd.apache.org/
|
||||||
.. _Apache Debian:
|
.. _Apache Debian:
|
||||||
https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x):
|
https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x):
|
||||||
.. _README.Debian:
|
.. _apache2.README.Debian:
|
||||||
https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian
|
https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian
|
||||||
.. _Apache Arch Linux:
|
.. _Apache Arch Linux:
|
||||||
https://wiki.archlinux.org/index.php/Apache_HTTP_Server
|
https://wiki.archlinux.org/index.php/Apache_HTTP_Server
|
||||||
|
@ -23,7 +23,9 @@ Install with apache
|
||||||
https://httpd.apache.org/docs/current/en/configuring.html
|
https://httpd.apache.org/docs/current/en/configuring.html
|
||||||
.. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost
|
.. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost
|
||||||
.. _LoadModule:
|
.. _LoadModule:
|
||||||
https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule
|
https://httpd.apache.org/docs/mod/mod_so.html#loadmodule
|
||||||
|
.. _IncludeOptional:
|
||||||
|
https://httpd.apache.org/docs/mod/core.html#includeoptional
|
||||||
.. _DocumentRoot:
|
.. _DocumentRoot:
|
||||||
https://httpd.apache.org/docs/trunk/mod/core.html#documentroot
|
https://httpd.apache.org/docs/trunk/mod/core.html#documentroot
|
||||||
.. _Location:
|
.. _Location:
|
||||||
|
@ -32,11 +34,30 @@ Install with apache
|
||||||
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
|
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
|
||||||
.. _mod_proxy_uwsgi:
|
.. _mod_proxy_uwsgi:
|
||||||
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
|
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
|
||||||
|
.. _mod_proxy_http:
|
||||||
|
https://httpd.apache.org/docs/current/mod/mod_proxy_http.html
|
||||||
|
.. _mod_proxy:
|
||||||
|
https://httpd.apache.org/docs/current/mod/mod_proxy.html
|
||||||
|
|
||||||
|
|
||||||
|
This section explains how to set up a SearXNG instance using the HTTP server Apache_.
|
||||||
|
If you did use the :ref:`installation scripts` and do not have any special preferences
|
||||||
|
you can install the :ref:`SearXNG site <apache searxng site>` using
|
||||||
|
:ref:`searxng.sh <searxng.sh overview>`:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
$ sudo -H ./utils/searxng.sh install apache
|
||||||
|
|
||||||
|
If you have special interests or problems with setting up Apache, the following
|
||||||
|
section might give you some guidance.
|
||||||
|
|
||||||
|
|
||||||
.. sidebar:: further read
|
.. sidebar:: further read
|
||||||
|
|
||||||
- `Apache Arch Linux`_
|
- `Apache Arch Linux`_
|
||||||
- `Apache Debian`_ and `README.Debian`_
|
- `Apache Debian`_
|
||||||
|
- `apache2.README.Debian`_
|
||||||
- `Apache Fedora`_
|
- `Apache Fedora`_
|
||||||
- `Apache directives`_
|
- `Apache directives`_
|
||||||
|
|
||||||
|
@ -45,23 +66,8 @@ Install with apache
|
||||||
:local:
|
:local:
|
||||||
:backlinks: entry
|
:backlinks: entry
|
||||||
|
|
||||||
----
|
|
||||||
|
|
||||||
**Install** :ref:`apache searxng site` using :ref:`filtron.sh <filtron.sh overview>`
|
The Apache HTTP server
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/filtron.sh apache install
|
|
||||||
|
|
||||||
**Install** :ref:`apache searxng site` using :ref:`morty.sh <morty.sh overview>`
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/morty.sh apache install
|
|
||||||
|
|
||||||
----
|
|
||||||
|
|
||||||
The apache HTTP server
|
|
||||||
======================
|
======================
|
||||||
|
|
||||||
If Apache_ is not installed, install it now. If apache_ is new to you, the
|
If Apache_ is not installed, install it now. If apache_ is new to you, the
|
||||||
|
@ -73,13 +79,13 @@ Directives`_ documentation gives first orientation. There is also a list of
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H apt-get install apache2
|
sudo -H apt-get install apache2
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H pacman -S apache
|
sudo -H pacman -S apache
|
||||||
sudo -H systemctl enable httpd
|
sudo -H systemctl enable httpd
|
||||||
|
@ -87,21 +93,21 @@ Directives`_ documentation gives first orientation. There is also a list of
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H dnf install httpd
|
sudo -H dnf install httpd
|
||||||
sudo -H systemctl enable httpd
|
sudo -H systemctl enable httpd
|
||||||
sudo -H systemctl start httpd
|
sudo -H systemctl start httpd
|
||||||
|
|
||||||
Now at http://localhost you should see any kind of *Welcome* or *Test* page.
|
Now at http://localhost you should see some kind of *Welcome* or *Test* page.
|
||||||
How this default intro site is configured, depends on the linux distribution
|
How this default site is configured, depends on the linux distribution
|
||||||
(compare `Apache directives`_).
|
(compare `Apache directives`_).
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
less /etc/apache2/sites-enabled/000-default.conf
|
less /etc/apache2/sites-enabled/000-default.conf
|
||||||
|
|
||||||
|
@ -115,7 +121,7 @@ How this default intro site is configured, depends on the linux distribution
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
less /etc/httpd/conf/httpd.conf
|
less /etc/httpd/conf/httpd.conf
|
||||||
|
|
||||||
|
@ -130,8 +136,8 @@ How this default intro site is configured, depends on the linux distribution
|
||||||
Require all granted
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
The *welcome* page of Arch Linux is a page showing directory located at
|
The *welcome* page of Arch Linux is a page showing the directory located
|
||||||
``DocumentRoot``. This is *directory* page is generated by the Module
|
at ``DocumentRoot``. This *directory* page is generated by the Module
|
||||||
`mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_:
|
`mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_:
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
@ -142,7 +148,7 @@ How this default intro site is configured, depends on the linux distribution
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
less /etc/httpd/conf/httpd.conf
|
less /etc/httpd/conf/httpd.conf
|
||||||
|
|
||||||
|
@ -163,323 +169,204 @@ How this default intro site is configured, depends on the linux distribution
|
||||||
|
|
||||||
less /etc/httpd/conf.d/welcome.conf
|
less /etc/httpd/conf.d/welcome.conf
|
||||||
|
|
||||||
.. _apache searxng site:
|
|
||||||
|
|
||||||
Apache Reverse Proxy
|
.. _Debian's Apache layout:
|
||||||
====================
|
|
||||||
|
|
||||||
.. sidebar:: public to the internet?
|
Debian's Apache layout
|
||||||
|
----------------------
|
||||||
|
|
||||||
If your SearXNG instance is public, stop here and first install :ref:`filtron
|
Be aware, Debian's Apache layout is quite different from the standard Apache
|
||||||
reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
|
configuration. For details look at the apache2.README.Debian_
|
||||||
:ref:`installation scripts`. If already done, follow setup: *SearXNG via
|
(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
|
||||||
filtron plus morty*.
|
Debian:
|
||||||
|
|
||||||
To setup a Apache revers proxy you have to enable the *headers* and *proxy*
|
* :man:`apache2ctl`: Apache HTTP server control interface
|
||||||
modules and create a `Location`_ configuration for the SearXNG site. In most
|
* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
|
||||||
distributions you have to un-comment the lines in the main configuration file,
|
* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
|
||||||
except in :ref:`The Debian Layout`.
|
* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites
|
||||||
|
|
||||||
|
.. _apache modules:
|
||||||
|
|
||||||
|
Apache modules
|
||||||
|
--------------
|
||||||
|
|
||||||
|
To load additional modules, in most distributions you have to un-comment the
|
||||||
|
lines with the corresponding LoadModule_ directive, except in :ref:`Debian's
|
||||||
|
Apache layout`.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
In the Apache setup, enable headers and proxy modules:
|
:ref:`Debian's Apache layout` uses :man:`a2enmod` and :man:`a2dismod` to
|
||||||
|
activate or disable modules:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
|
sudo -H a2enmod ssl
|
||||||
sudo -H a2enmod headers
|
sudo -H a2enmod headers
|
||||||
sudo -H a2enmod proxy
|
sudo -H a2enmod proxy
|
||||||
sudo -H a2enmod proxy_http
|
sudo -H a2enmod proxy_http
|
||||||
|
sudo -H a2enmod proxy_uwsgi
|
||||||
|
|
||||||
In :ref:`The Debian Layout` you create a ``searxng.conf`` with the
|
.. group-tab:: Arch Linux
|
||||||
``<Location /searx >`` directive and save this file in the *sites
|
|
||||||
|
In the ``/etc/httpd/conf/httpd.conf`` file, activate LoadModule_
|
||||||
|
directives:
|
||||||
|
|
||||||
|
.. code:: apache
|
||||||
|
|
||||||
|
LoadModule ssl_module modules/mod_ssl.so
|
||||||
|
LoadModule headers_module modules/mod_headers.so
|
||||||
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
|
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||||
|
|
||||||
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
|
In the ``/etc/httpd/conf/httpd.conf`` file, activate LoadModule_
|
||||||
|
directives:
|
||||||
|
|
||||||
|
.. code:: apache
|
||||||
|
|
||||||
|
LoadModule ssl_module modules/mod_ssl.so
|
||||||
|
LoadModule headers_module modules/mod_headers.so
|
||||||
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
|
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||||
|
|
||||||
|
|
||||||
|
.. _apache sites:
|
||||||
|
|
||||||
|
Apache sites
|
||||||
|
------------
|
||||||
|
|
||||||
|
.. tabs::
|
||||||
|
|
||||||
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
|
In :ref:`Debian's Apache layout` you create a ``searxng.conf`` with the
|
||||||
|
``<Location /searxng >`` directive and save this file in the *sites
|
||||||
available* folder at ``/etc/apache2/sites-available``. To enable the
|
available* folder at ``/etc/apache2/sites-available``. To enable the
|
||||||
``searxng.conf`` use :man:`a2ensite`:
|
``searxng.conf`` use :man:`a2ensite`:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H a2ensite searxng.conf
|
sudo -H a2ensite searxng.conf
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
|
In the ``/etc/httpd/conf/httpd.conf`` file add a IncludeOptional_
|
||||||
modules (LoadModule_):
|
directive:
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
|
||||||
FIXME needs test
|
IncludeOptional sites-enabled/*.conf
|
||||||
|
|
||||||
LoadModule headers_module modules/mod_headers.so
|
Create two folders, one for the *available sites* and one for the *enabled sites*:
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
|
||||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
.. code:: bash
|
||||||
|
|
||||||
|
mkdir -p /etc/httpd/sites-available
|
||||||
|
mkdir -p /etc/httpd/sites-enabled
|
||||||
|
|
||||||
|
Create configuration at ``/etc/httpd/sites-available`` and place a
|
||||||
|
symlink to ``sites-enabled``:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
|
||||||
|
/etc/httpd/sites-enabled/searxng.conf
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
|
In the ``/etc/httpd/conf/httpd.conf`` file add a IncludeOptional_
|
||||||
modules (LoadModule_):
|
directive:
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
|
||||||
FIXME needs test
|
IncludeOptional sites-enabled/*.conf
|
||||||
|
|
||||||
LoadModule headers_module modules/mod_headers.so
|
Create two folders, one for the *available sites* and one for the *enabled sites*:
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
|
||||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
||||||
|
|
||||||
With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the
|
.. code:: bash
|
||||||
proxied host.
|
|
||||||
|
|
||||||
.. _apache searxng via filtron plus morty:
|
mkdir -p /etc/httpd/sites-available
|
||||||
|
mkdir -p /etc/httpd/sites-enabled
|
||||||
|
|
||||||
|
Create configuration at ``/etc/httpd/sites-available`` and place a
|
||||||
|
symlink to ``sites-enabled``:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
|
||||||
|
/etc/httpd/sites-enabled/searxng.conf
|
||||||
|
|
||||||
|
|
||||||
|
.. _apache searxng site:
|
||||||
|
|
||||||
|
Apache's SearXNG site
|
||||||
|
=====================
|
||||||
|
|
||||||
|
.. _mod_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi
|
||||||
|
|
||||||
|
.. sidebar:: uWSGI
|
||||||
|
|
||||||
|
Use mod_proxy_uwsgi_ / don't use the old mod_uwsgi_ anymore.
|
||||||
|
|
||||||
|
To proxy the incoming requests to the SearXNG instance Apache needs the
|
||||||
|
mod_proxy_ module (:ref:`apache modules`).
|
||||||
|
|
||||||
|
.. sidebar:: HTTP headers
|
||||||
|
|
||||||
|
With ProxyPreserveHost_ the incoming ``Host`` header is passed to the proxied
|
||||||
|
host.
|
||||||
|
|
||||||
|
Depending on what your SearXNG installation is listening on, you need a http
|
||||||
|
mod_proxy_http_) or socket (mod_proxy_uwsgi_) communication to upstream.
|
||||||
|
|
||||||
|
The :ref:`installation scripts` installs the :ref:`reference setup
|
||||||
|
<use_default_settings.yml>` and a :ref:`uwsgi setup` that listens on a socket by default.
|
||||||
|
You can install and activate your own ``searxng.conf`` like shown in
|
||||||
|
:ref:`apache sites`.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: SearXNG via filtron plus morty
|
.. group-tab:: socket
|
||||||
|
|
||||||
Use this setup, if your instance is public to the internet, compare
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
|
:start-after: START apache socket
|
||||||
|
:end-before: END apache socket
|
||||||
|
|
||||||
1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
|
.. group-tab:: http
|
||||||
*localhost 4004* (:ref:`filtron route request`):
|
|
||||||
|
|
||||||
.. code:: apache
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
|
:start-after: START apache http
|
||||||
<Location /searx >
|
:end-before: END apache http
|
||||||
|
|
||||||
# SetEnvIf Request_URI "/searx" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass http://127.0.0.1:4004
|
|
||||||
RequestHeader set X-Script-Name /searx
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
2. Configure reverse proxy for :ref:`morty <searxng morty>`, listening on
|
|
||||||
*localhost 3000*
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
|
|
||||||
<Location /morty >
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI "/morty" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPass http://127.0.0.1:3000
|
|
||||||
RequestHeader set X-Script-Name /morty
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
For a fully result proxification add :ref:`morty's <searxng morty>` **public
|
|
||||||
URL** to your :origin:`searx/settings.yml`:
|
|
||||||
|
|
||||||
.. code:: yaml
|
|
||||||
|
|
||||||
result_proxy:
|
|
||||||
# replace example.org with your server's public name
|
|
||||||
url : https://example.org/morty
|
|
||||||
key : !!binary "insert_your_morty_proxy_key_here"
|
|
||||||
|
|
||||||
server:
|
|
||||||
image_proxy : True
|
|
||||||
|
|
||||||
uWSGI support
|
|
||||||
=============
|
|
||||||
|
|
||||||
Be warned, with this setup, your instance isn't :ref:`protected <searxng
|
|
||||||
filtron>`, nevertheless it is good enough for intranet usage. In modern Linux
|
|
||||||
distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache
|
|
||||||
package and you need to install only the :ref:`uWSGI <searxng uwsgi>` package:
|
|
||||||
|
|
||||||
.. tabs::
|
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
sudo -H apt-get install uwsgi
|
|
||||||
|
|
||||||
# Ubuntu =< 18.04
|
|
||||||
sudo -H apt-get install libapache2-mod-proxy-uwsgi
|
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
sudo -H pacman -S uwsgi
|
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
sudo -H dnf install uwsgi
|
|
||||||
|
|
||||||
The next example shows a configuration using the `uWSGI Apache support`_ via
|
|
||||||
unix sockets and `mod_proxy_uwsgi`_.
|
|
||||||
|
|
||||||
For socket communication, you have to activate ``socket =
|
|
||||||
/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888``
|
|
||||||
configuration in your :ref:`uwsgi ini file <uwsgi configuration>`. If not
|
|
||||||
already exists, create a folder for the unix sockets, which can be used by the
|
|
||||||
SearXNG account (see :ref:`create searxng user`):
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
sudo -H mkdir -p /run/uwsgi/app/searx/
|
|
||||||
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
|
|
||||||
|
|
||||||
If the server is public; to limit access to your intranet replace ``Allow from
|
|
||||||
all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class.
|
|
||||||
|
|
||||||
.. tabs::
|
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
LoadModule headers_module /usr/lib/apache2/mod_headers.so
|
|
||||||
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
|
|
||||||
LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI /searx dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location /searx>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
FIXME needs test
|
|
||||||
|
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
|
||||||
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI /searx dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location /searx>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
FIXME needs test
|
|
||||||
|
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
|
||||||
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
|
||||||
<IfModule proxy_uwsgi_module>
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI /searx dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location /searx>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
.. group-tab:: old mod_wsgi
|
|
||||||
|
|
||||||
We show this only for historical reasons, DON'T USE `mod_uwsgi
|
|
||||||
<https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_.
|
|
||||||
ANYMORE!
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
<IfModule mod_uwsgi.c>
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI "/searx" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location /searx >
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Options FollowSymLinks Indexes
|
|
||||||
SetHandler uwsgi-handler
|
|
||||||
uWSGISocket /run/uwsgi/app/searx/socket
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
.. _restart apache:
|
.. _restart apache:
|
||||||
|
|
||||||
Restart service
|
Restart service:
|
||||||
===============
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H systemctl restart apache2
|
sudo -H systemctl restart apache2
|
||||||
sudo -H service uwsgi restart searx
|
sudo -H service uwsgi restart searxng
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H systemctl restart httpd
|
sudo -H systemctl restart httpd
|
||||||
sudo -H systemctl restart uwsgi@searx
|
sudo -H systemctl restart uwsgi@searxng
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H systemctl restart httpd
|
sudo -H systemctl restart httpd
|
||||||
sudo -H touch /etc/uwsgi.d/searxng.ini
|
sudo -H touch /etc/uwsgi.d/searxng.ini
|
||||||
|
@ -489,27 +376,13 @@ disable logs
|
||||||
============
|
============
|
||||||
|
|
||||||
For better privacy you can disable Apache logs. In the examples above activate
|
For better privacy you can disable Apache logs. In the examples above activate
|
||||||
one of the lines and `restart apache`_::
|
one of the lines and `restart apache`_:
|
||||||
|
|
||||||
|
.. code:: apache
|
||||||
|
|
||||||
# SetEnvIf Request_URI "/searx" dontlog
|
SetEnvIf Request_URI "/searxng" dontlog
|
||||||
# CustomLog /dev/null combined env=dontlog
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
The ``CustomLog`` directive disable logs for the whole (virtual) server, use it
|
The ``CustomLog`` directive disables logs for the entire (virtual) server, use it
|
||||||
when the URL of the service does not have a path component (``/searx``) / is
|
when the URL of the service does not have a path component (``/searxng``), so when
|
||||||
located at root (``/``).
|
SearXNG is located at root (``/``).
|
||||||
|
|
||||||
.. _The Debian Layout:
|
|
||||||
|
|
||||||
The Debian Layout
|
|
||||||
=================
|
|
||||||
|
|
||||||
Be aware that the Debian layout is quite different from the standard Apache
|
|
||||||
configuration. For details look at the README.Debian_
|
|
||||||
(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
|
|
||||||
Debian:
|
|
||||||
|
|
||||||
* :man:`apache2ctl`: Apache HTTP server control interface
|
|
||||||
* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
|
|
||||||
* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
|
|
||||||
* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites
|
|
||||||
|
|
|
@ -1,37 +1,60 @@
|
||||||
|
|
||||||
.. _installation docker:
|
.. _installation docker:
|
||||||
|
|
||||||
===================
|
================
|
||||||
Docker installation
|
Docker Container
|
||||||
===================
|
================
|
||||||
|
|
||||||
.. _ENTRYPOINT: https://docs.docker.com/engine/reference/builder/#entrypoint
|
.. _ENTRYPOINT: https://docs.docker.com/engine/reference/builder/#entrypoint
|
||||||
|
.. _searxng/searxng @dockerhub: https://hub.docker.com/r/searxng/searxng
|
||||||
.. _searxng-docker: https://github.com/searxng/searxng-docker
|
.. _searxng-docker: https://github.com/searxng/searxng-docker
|
||||||
.. _[filtron]: https://hub.docker.com/r/dalf/filtron
|
|
||||||
.. _[morty]: https://hub.docker.com/r/dalf/morty
|
|
||||||
.. _[caddy]: https://hub.docker.com/_/caddy
|
.. _[caddy]: https://hub.docker.com/_/caddy
|
||||||
|
.. _Redis: https://redis.io/
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
.. sidebar:: info
|
.. sidebar:: info
|
||||||
|
|
||||||
|
- `searxng/searxng @dockerhub`_
|
||||||
- :origin:`Dockerfile`
|
- :origin:`Dockerfile`
|
||||||
- `searxng/searxng @dockerhub <https://hub.docker.com/r/searxng/searxng>`_
|
|
||||||
- `Docker overview <https://docs.docker.com/get-started/overview>`_
|
- `Docker overview <https://docs.docker.com/get-started/overview>`_
|
||||||
- `Docker Cheat Sheet <https://www.docker.com/sites/default/files/d8/2019-09/docker-cheat-sheet.pdf>`_
|
- `Docker Cheat Sheet <https://docs.docker.com/get-started/docker_cheatsheet.pdf>`_
|
||||||
- `Alpine Linux <https://alpinelinux.org>`_ `(wiki) <https://en.wikipedia.org/wiki/Alpine_Linux>`__ `apt packages <https://pkgs.alpinelinux.org/packages>`_
|
- `Alpine Linux <https://alpinelinux.org>`_
|
||||||
|
`(wiki) <https://en.wikipedia.org/wiki/Alpine_Linux>`__
|
||||||
|
`apt packages <https://pkgs.alpinelinux.org/packages>`_
|
||||||
- Alpine's ``/bin/sh`` is :man:`dash`
|
- Alpine's ``/bin/sh`` is :man:`dash`
|
||||||
|
|
||||||
.. tip::
|
**If you intend to create a public instance using Docker, use our well maintained
|
||||||
|
docker container**
|
||||||
|
|
||||||
If you intend to create a public instance using Docker, use our well
|
- `searxng/searxng @dockerhub`_.
|
||||||
maintained searxng-docker_ image which includes
|
|
||||||
|
|
||||||
- :ref:`protection <searxng filtron>` `[filtron]`_,
|
.. sidebar:: hint
|
||||||
- a :ref:`result proxy <searxng morty>` `[morty]`_ and
|
|
||||||
- a HTTPS reverse proxy `[caddy]`_.
|
|
||||||
|
|
||||||
Make sure you have `installed Docker <https://docs.docker.com/get-docker/>`_ and
|
The rest of this article is of interest only to those who want to create and
|
||||||
on Linux, don't forget to add your user to the docker group (log out and log
|
maintain their own Docker images.
|
||||||
back in so that your group membership is re-evaluated):
|
|
||||||
|
The sources are hosted at searxng-docker_ and the container includes:
|
||||||
|
|
||||||
|
- a HTTPS reverse proxy `[caddy]`_ and
|
||||||
|
- a Redis_ DB
|
||||||
|
|
||||||
|
The `default SearXNG setup <https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml>`_
|
||||||
|
of this container:
|
||||||
|
|
||||||
|
- enables :ref:`limiter <limiter>` to protect against bots
|
||||||
|
- enables :ref:`image proxy <image_proxy>` for better privacy
|
||||||
|
- enables :ref:`cache busting <static_use_hash>` to save bandwith
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
|
|
||||||
|
Get Docker
|
||||||
|
==========
|
||||||
|
|
||||||
|
If you plan to build and maintain a docker image by yourself, make sure you have
|
||||||
|
`Docker installed <https://docs.docker.com/get-docker/>`_. On Linux don't
|
||||||
|
forget to add your user to the docker group (log out and log back in so that
|
||||||
|
your group membership is re-evaluated):
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: sh
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
.. _installation nginx:
|
.. _installation nginx:
|
||||||
|
|
||||||
==================
|
=====
|
||||||
Install with nginx
|
NGINX
|
||||||
==================
|
=====
|
||||||
|
|
||||||
.. _nginx:
|
.. _nginx:
|
||||||
https://docs.nginx.com/nginx/admin-guide/
|
https://docs.nginx.com/nginx/admin-guide/
|
||||||
|
@ -19,6 +19,19 @@ Install with nginx
|
||||||
.. _SCRIPT_NAME:
|
.. _SCRIPT_NAME:
|
||||||
https://werkzeug.palletsprojects.com/en/1.0.x/wsgi/#werkzeug.wsgi.get_script_name
|
https://werkzeug.palletsprojects.com/en/1.0.x/wsgi/#werkzeug.wsgi.get_script_name
|
||||||
|
|
||||||
|
This section explains how to set up a SearXNG instance using the HTTP server nginx_.
|
||||||
|
If you have used the :ref:`installation scripts` and do not have any special preferences
|
||||||
|
you can install the :ref:`SearXNG site <nginx searxng site>` using
|
||||||
|
:ref:`searxng.sh <searxng.sh overview>`:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
$ sudo -H ./utils/searxng.sh install nginx
|
||||||
|
|
||||||
|
If you have special interests or problems with setting up nginx, the following
|
||||||
|
section might give you some guidance.
|
||||||
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
.. sidebar:: further reading
|
||||||
|
|
||||||
- nginx_
|
- nginx_
|
||||||
|
@ -27,39 +40,23 @@ Install with nginx
|
||||||
- `Getting Started wiki`_
|
- `Getting Started wiki`_
|
||||||
- `uWSGI support from nginx`_
|
- `uWSGI support from nginx`_
|
||||||
|
|
||||||
|
|
||||||
.. contents:: Contents
|
.. contents:: Contents
|
||||||
:depth: 2
|
:depth: 2
|
||||||
:local:
|
:local:
|
||||||
:backlinks: entry
|
:backlinks: entry
|
||||||
|
|
||||||
----
|
|
||||||
|
|
||||||
**Install** :ref:`nginx searxng site` using :ref:`filtron.sh <filtron.sh overview>`
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/filtron.sh nginx install
|
|
||||||
|
|
||||||
**Install** :ref:`nginx searxng site` using :ref:`morty.sh <morty.sh overview>`
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/morty.sh nginx install
|
|
||||||
|
|
||||||
----
|
|
||||||
|
|
||||||
|
|
||||||
The nginx HTTP server
|
The nginx HTTP server
|
||||||
=====================
|
=====================
|
||||||
|
|
||||||
If nginx_ is not installed (uwsgi will not work with the package nginx-light),
|
If nginx_ is not installed, install it now.
|
||||||
install it now.
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H apt-get install nginx
|
sudo -H apt-get install nginx
|
||||||
|
|
||||||
|
@ -81,18 +78,18 @@ install it now.
|
||||||
|
|
||||||
Now at http://localhost you should see a *Welcome to nginx!* page, on Fedora you
|
Now at http://localhost you should see a *Welcome to nginx!* page, on Fedora you
|
||||||
see a *Fedora Webserver - Test Page*. The test page comes from the default
|
see a *Fedora Webserver - Test Page*. The test page comes from the default
|
||||||
`nginx server configuration`_. How this default intro site is configured,
|
`nginx server configuration`_. How this default site is configured,
|
||||||
depends on the linux distribution:
|
depends on the linux distribution:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
less /etc/nginx/nginx.conf
|
less /etc/nginx/nginx.conf
|
||||||
|
|
||||||
there is a line including site configurations from:
|
There is one line that includes site configurations from:
|
||||||
|
|
||||||
.. code:: nginx
|
.. code:: nginx
|
||||||
|
|
||||||
|
@ -104,7 +101,7 @@ depends on the linux distribution:
|
||||||
|
|
||||||
less /etc/nginx/nginx.conf
|
less /etc/nginx/nginx.conf
|
||||||
|
|
||||||
in there is a configuration section named ``server``:
|
There is a configuration section named ``server``:
|
||||||
|
|
||||||
.. code-block:: nginx
|
.. code-block:: nginx
|
||||||
|
|
||||||
|
@ -120,249 +117,121 @@ depends on the linux distribution:
|
||||||
|
|
||||||
less /etc/nginx/nginx.conf
|
less /etc/nginx/nginx.conf
|
||||||
|
|
||||||
there is a line including site configurations from:
|
There is one line that includes site configurations from:
|
||||||
|
|
||||||
.. code:: nginx
|
.. code:: nginx
|
||||||
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
|
|
||||||
.. _nginx searxng site:
|
.. _nginx searxng site:
|
||||||
|
|
||||||
A nginx SearXNG site
|
NGINX's SearXNG site
|
||||||
====================
|
====================
|
||||||
|
|
||||||
.. sidebar:: public to the internet?
|
Now you have to create a configuration file (``searxng.conf``) for the SearXNG
|
||||||
|
site. If nginx_ is new to you, the `nginx beginners guide`_ is a good starting
|
||||||
|
point and the `Getting Started wiki`_ is always a good resource *to keep in the
|
||||||
|
pocket*.
|
||||||
|
|
||||||
If your SearXNG instance is public, stop here and first install :ref:`filtron
|
Depending on what your SearXNG installation is listening on, you need a http or socket
|
||||||
reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
|
communication to upstream.
|
||||||
:ref:`installation scripts`. If already done, follow setup: *SearXNG via
|
|
||||||
filtron plus morty*.
|
|
||||||
|
|
||||||
Now you have to create a configuration for the SearXNG site. If nginx_ is new to
|
.. tabs::
|
||||||
you, the `nginx beginners guide`_ is a good starting point and the `Getting
|
|
||||||
Started wiki`_ is always a good resource *to keep in the pocket*.
|
.. group-tab:: socket
|
||||||
|
|
||||||
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
|
:start-after: START nginx socket
|
||||||
|
:end-before: END nginx socket
|
||||||
|
|
||||||
|
.. group-tab:: http
|
||||||
|
|
||||||
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
|
:start-after: START nginx http
|
||||||
|
:end-before: END nginx http
|
||||||
|
|
||||||
|
The :ref:`installation scripts` installs the :ref:`reference setup
|
||||||
|
<use_default_settings.yml>` and a :ref:`uwsgi setup` that listens on a socket by default.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
Create configuration at ``/etc/nginx/sites-available/searxng`` and place a
|
Create configuration at ``/etc/nginx/sites-available/`` and place a
|
||||||
symlink to sites-enabled:
|
symlink to ``sites-enabled``:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/searxng
|
sudo -H ln -s /etc/nginx/sites-available/searxng.conf \
|
||||||
|
/etc/nginx/sites-enabled/searxng.conf
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
In the ``/etc/nginx/nginx.conf`` file, replace the configuration section
|
In the ``/etc/nginx/nginx.conf`` file, in the ``server`` section add a
|
||||||
named ``server``.
|
`include <https://nginx.org/en/docs/ngx_core_module.html#include>`_
|
||||||
|
directive:
|
||||||
.. group-tab:: Fedora / RHEL
|
|
||||||
|
|
||||||
Create configuration at ``/etc/nginx/conf.d/searxng`` and place a
|
|
||||||
symlink to sites-enabled:
|
|
||||||
|
|
||||||
.. _nginx searxng via filtron plus morty:
|
|
||||||
|
|
||||||
.. tabs::
|
|
||||||
|
|
||||||
.. group-tab:: SearXNG via filtron plus morty
|
|
||||||
|
|
||||||
Use this setup, if your instance is public to the internet, compare
|
|
||||||
figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
|
|
||||||
|
|
||||||
1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
|
|
||||||
*localhost 4004* (:ref:`filtron route request`):
|
|
||||||
|
|
||||||
.. code:: nginx
|
|
||||||
|
|
||||||
# https://example.org/searx
|
|
||||||
|
|
||||||
location /searx {
|
|
||||||
proxy_pass http://127.0.0.1:4004/;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header Connection $http_connection;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Scheme $scheme;
|
|
||||||
proxy_set_header X-Script-Name /searx;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /searx/static/ {
|
|
||||||
alias /usr/local/searx/searx-src/searx/static/;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
2. Configure reverse proxy for :ref:`morty <searxng morty>`, listening on
|
|
||||||
*localhost 3000*:
|
|
||||||
|
|
||||||
.. code:: nginx
|
|
||||||
|
|
||||||
# https://example.org/morty
|
|
||||||
|
|
||||||
location /morty {
|
|
||||||
proxy_pass http://127.0.0.1:3000/;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header Connection $http_connection;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Scheme $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
For a fully result proxification add :ref:`morty's <searxng morty>` **public
|
|
||||||
URL** to your :origin:`searx/settings.yml`:
|
|
||||||
|
|
||||||
.. code:: yaml
|
|
||||||
|
|
||||||
result_proxy:
|
|
||||||
# replace example.org with your server's public name
|
|
||||||
url : https://example.org/morty
|
|
||||||
key : !!binary "insert_your_morty_proxy_key_here"
|
|
||||||
|
|
||||||
server:
|
|
||||||
image_proxy : True
|
|
||||||
|
|
||||||
|
|
||||||
.. group-tab:: proxy or uWSGI
|
|
||||||
|
|
||||||
Be warned, with this setup, your instance isn't :ref:`protected <searxng
|
|
||||||
filtron>`. Nevertheless it is good enough for intranet usage and it is a
|
|
||||||
excellent example of; *how different services can be set up*. The next
|
|
||||||
example shows a reverse proxy configuration wrapping the :ref:`searx-uWSGI
|
|
||||||
application <uwsgi configuration>`, listening on ``http =
|
|
||||||
127.0.0.1:8888``.
|
|
||||||
|
|
||||||
.. code:: nginx
|
|
||||||
|
|
||||||
# https://hostname.local/
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8888;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header Connection $http_connection;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Scheme $scheme;
|
|
||||||
proxy_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
Alternatively you can use the `uWSGI support from nginx`_ via unix
|
|
||||||
sockets. For socket communication, you have to activate ``socket =
|
|
||||||
/run/uwsgi/app/searx/socket`` and comment out the ``http =
|
|
||||||
127.0.0.1:8888`` configuration in your :ref:`uwsgi ini file <uwsgi
|
|
||||||
configuration>`.
|
|
||||||
|
|
||||||
The example shows a nginx virtual ``server`` configuration, listening on
|
|
||||||
port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at
|
|
||||||
location ``/`` by importing the `uwsgi_params`_ and passing requests to
|
|
||||||
the uWSGI socket (``uwsgi_pass``). The ``server``\'s root points to the
|
|
||||||
:ref:`searx-src clone <searx-src>` and wraps directly the
|
|
||||||
:origin:`searx/static/` content at ``location /static``.
|
|
||||||
|
|
||||||
.. code:: nginx
|
.. code:: nginx
|
||||||
|
|
||||||
server {
|
server {
|
||||||
# replace hostname.local with your server's name
|
# ...
|
||||||
server_name hostname.local;
|
include /etc/nginx/default.d/*.conf;
|
||||||
|
# ...
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
|
|
||||||
}
|
|
||||||
|
|
||||||
root /usr/local/searx/searx-src/searx;
|
|
||||||
location /static { }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
If not already exists, create a folder for the unix sockets, which can be
|
Create two folders, one for the *available sites* and one for the *enabled sites*:
|
||||||
used by the SearXNG account:
|
|
||||||
|
|
||||||
.. code:: bash
|
.. code:: bash
|
||||||
|
|
||||||
mkdir -p /run/uwsgi/app/searx/
|
mkdir -p /etc/nginx/default.d
|
||||||
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
|
mkdir -p /etc/nginx/default.apps-available
|
||||||
|
|
||||||
.. group-tab:: \.\. at subdir URL
|
Create configuration at ``/etc/nginx/default.apps-available`` and place a
|
||||||
|
symlink to ``default.d``:
|
||||||
|
|
||||||
Be warned, with these setups, your instance isn't :ref:`protected <searxng
|
.. code:: bash
|
||||||
filtron>`. The examples are just here to demonstrate how to export the
|
|
||||||
SearXNG application from a subdirectory URL ``https://example.org/searx/``.
|
|
||||||
|
|
||||||
.. code:: nginx
|
sudo -H ln -s /etc/nginx/default.apps-available/searxng.conf \
|
||||||
|
/etc/nginx/default.d/searxng.conf
|
||||||
|
|
||||||
# https://hostname.local/searx
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
location /searx {
|
Create a folder for the *available sites*:
|
||||||
proxy_pass http://127.0.0.1:8888;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
.. code:: bash
|
||||||
proxy_set_header Connection $http_connection;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Scheme $scheme;
|
|
||||||
proxy_set_header X-Script-Name /searx;
|
|
||||||
proxy_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /searx/static/ {
|
mkdir -p /etc/nginx/default.apps-available
|
||||||
alias /usr/local/searx/searx-src/searx/static/;
|
|
||||||
}
|
|
||||||
|
|
||||||
The ``X-Script-Name /searx`` is needed by the SearXNG implementation to
|
Create configuration at ``/etc/nginx/default.apps-available`` and place a
|
||||||
calculate relative URLs correct. The next example shows a uWSGI
|
symlink to ``conf.d``:
|
||||||
configuration. Since there are no HTTP headers in a (u)WSGI protocol, the
|
|
||||||
value is shipped via the SCRIPT_NAME_ in the WSGI environment.
|
|
||||||
|
|
||||||
.. code:: nginx
|
.. code:: bash
|
||||||
|
|
||||||
# https://hostname.local/searx
|
sudo -H ln -s /etc/nginx/default.apps-available/searxng.conf \
|
||||||
|
/etc/nginx/conf.d/searxng.conf
|
||||||
|
|
||||||
location /searx {
|
Restart services:
|
||||||
uwsgi_param SCRIPT_NAME /searx;
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /searx/static/ {
|
|
||||||
alias /usr/local/searx/searx-src/searx/;
|
|
||||||
}
|
|
||||||
|
|
||||||
For SearXNG to work correctly the ``base_url`` must be set in the
|
|
||||||
:origin:`searx/settings.yml`.
|
|
||||||
|
|
||||||
.. code:: yaml
|
|
||||||
|
|
||||||
server:
|
|
||||||
# replace example.org with your server's public name
|
|
||||||
base_url : https://example.org/searx/
|
|
||||||
|
|
||||||
|
|
||||||
Restart service:
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H systemctl restart nginx
|
sudo -H systemctl restart nginx
|
||||||
sudo -H service uwsgi restart searx
|
sudo -H service uwsgi restart searxng
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H systemctl restart nginx
|
sudo -H systemctl restart nginx
|
||||||
sudo -H systemctl restart uwsgi@searx
|
sudo -H systemctl restart uwsgi@searxng
|
||||||
|
|
||||||
.. group-tab:: Fedora
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H systemctl restart nginx
|
sudo -H systemctl restart nginx
|
||||||
sudo -H touch /etc/uwsgi.d/searxng.ini
|
sudo -H touch /etc/uwsgi.d/searxng.ini
|
||||||
|
|
62
docs/admin/installation-scripts.rst
Normal file
62
docs/admin/installation-scripts.rst
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
.. _installation scripts:
|
||||||
|
|
||||||
|
===================
|
||||||
|
Installation Script
|
||||||
|
===================
|
||||||
|
|
||||||
|
.. sidebar:: Update the OS first!
|
||||||
|
|
||||||
|
To avoid unwanted side effects, update your OS before installing SearXNG.
|
||||||
|
|
||||||
|
The following will install a setup as shown in :ref:`the reference architecture
|
||||||
|
<arch public>`. First you need to get a clone of the repository. The clone is only needed for
|
||||||
|
the installation procedure and some maintenance tasks.
|
||||||
|
|
||||||
|
.. sidebar:: further read
|
||||||
|
|
||||||
|
- :ref:`toolboxing`
|
||||||
|
|
||||||
|
Jump to a folder that is readable by *others* and start to clone SearXNG,
|
||||||
|
alternatively you can create your own fork and clone from there.
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
$ cd ~/Downloads
|
||||||
|
$ git clone https://github.com/searxng/searxng.git searxng
|
||||||
|
$ cd searxng
|
||||||
|
|
||||||
|
.. sidebar:: further read
|
||||||
|
|
||||||
|
- :ref:`inspect searxng`
|
||||||
|
|
||||||
|
To install a SearXNG :ref:`reference setup <use_default_settings.yml>`
|
||||||
|
including a :ref:`uWSGI setup <architecture uWSGI>` as described in the
|
||||||
|
:ref:`installation basic` and in the :ref:`searxng uwsgi` section type:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
$ sudo -H ./utils/searxng.sh install all
|
||||||
|
|
||||||
|
.. attention::
|
||||||
|
|
||||||
|
For the installation procedure, use a *sudoer* login to run the scripts. If
|
||||||
|
you install from ``root``, take into account that the scripts are creating a
|
||||||
|
``searxng`` user. In the installation procedure this new created user does
|
||||||
|
need read access to the cloned SearXNG repository, which is not the case if you clone
|
||||||
|
it into a folder below ``/root``!
|
||||||
|
|
||||||
|
.. sidebar:: further read
|
||||||
|
|
||||||
|
- :ref:`update searxng`
|
||||||
|
|
||||||
|
.. _caddy: https://hub.docker.com/_/caddy
|
||||||
|
|
||||||
|
When all services are installed and running fine, you can add SearXNG to your
|
||||||
|
HTTP server. We do not have any preferences for the HTTP server, you can use
|
||||||
|
whatever you prefer.
|
||||||
|
|
||||||
|
We use caddy in our :ref:`docker image <installation docker>` and we have
|
||||||
|
implemented installation procedures for:
|
||||||
|
|
||||||
|
- :ref:`installation nginx`
|
||||||
|
- :ref:`installation apache`
|
|
@ -9,15 +9,16 @@ Step by step installation
|
||||||
:local:
|
:local:
|
||||||
:backlinks: entry
|
:backlinks: entry
|
||||||
|
|
||||||
Step by step installation with virtualenv. For Ubuntu, be sure to have enable
|
|
||||||
universe repository.
|
In this section we show the setup of a SearXNG instance that will be installed
|
||||||
|
by the :ref:`installation scripts`.
|
||||||
|
|
||||||
.. _install packages:
|
.. _install packages:
|
||||||
|
|
||||||
Install packages
|
Install packages
|
||||||
================
|
================
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START distro-packages
|
:start-after: START distro-packages
|
||||||
:end-before: END distro-packages
|
:end-before: END distro-packages
|
||||||
|
|
||||||
|
@ -30,32 +31,32 @@ Install packages
|
||||||
Create user
|
Create user
|
||||||
===========
|
===========
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START create user
|
:start-after: START create user
|
||||||
:end-before: END create user
|
:end-before: END create user
|
||||||
|
|
||||||
.. _searx-src:
|
.. _searxng-src:
|
||||||
|
|
||||||
Install SearXNG & dependencies
|
Install SearXNG & dependencies
|
||||||
==============================
|
==============================
|
||||||
|
|
||||||
Start a interactive shell from new created user and clone searx:
|
Start a interactive shell from new created user and clone SearXNG:
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START clone searxng
|
:start-after: START clone searxng
|
||||||
:end-before: END clone searxng
|
:end-before: END clone searxng
|
||||||
|
|
||||||
In the same shell create *virtualenv*:
|
In the same shell create *virtualenv*:
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START create virtualenv
|
:start-after: START create virtualenv
|
||||||
:end-before: END create virtualenv
|
:end-before: END create virtualenv
|
||||||
|
|
||||||
To install searx's dependencies, exit the SearXNG *bash* session you opened above
|
To install SearXNG's dependencies, exit the SearXNG *bash* session you opened above
|
||||||
and restart a new. Before install, first check if your *virtualenv* was sourced
|
and start a new one. Before installing, check if your *virtualenv* was sourced
|
||||||
from the login (*~/.profile*):
|
from the login (*~/.profile*):
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START manage.sh update_packages
|
:start-after: START manage.sh update_packages
|
||||||
:end-before: END manage.sh update_packages
|
:end-before: END manage.sh update_packages
|
||||||
|
|
||||||
|
@ -77,30 +78,41 @@ Configuration
|
||||||
- :ref:`settings use_default_settings`
|
- :ref:`settings use_default_settings`
|
||||||
- :origin:`/etc/searxng/settings.yml <utils/templates/etc/searxng/settings.yml>`
|
- :origin:`/etc/searxng/settings.yml <utils/templates/etc/searxng/settings.yml>`
|
||||||
|
|
||||||
To create a initial ``/etc/searxng/settings.yml`` you can start with a copy of
|
To create a initial ``/etc/searxng/settings.yml`` we recommend to start with a
|
||||||
the file :origin:`utils/templates/etc/searxng/settings.yml`. This setup
|
copy of the file :origin:`utils/templates/etc/searxng/settings.yml`. This setup
|
||||||
:ref:`use default settings <settings use_default_settings>` from
|
:ref:`use default settings <settings use_default_settings>` from
|
||||||
:origin:`searx/settings.yml`.
|
:origin:`searx/settings.yml` and is shown in the tab *"Use default settings"*
|
||||||
|
below. This setup:
|
||||||
|
|
||||||
For a *minimal setup*, configure like shown below – replace ``searx@$(uname
|
- enables :ref:`limiter <limiter>` to protect against bots
|
||||||
-n)`` with a name of your choice, set ``ultrasecretkey`` -- *and/or* edit
|
- enables :ref:`image proxy <image_proxy>` for better privacy
|
||||||
``/etc/searxng/settings.yml`` to your needs.
|
- enables :ref:`cache busting <static_use_hash>` to save bandwith
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
Modify the ``/etc/searxng/settings.yml`` to your needs:
|
||||||
:start-after: START searxng config
|
|
||||||
:end-before: END searxng config
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Use default settings
|
.. group-tab:: Use default settings
|
||||||
|
|
||||||
.. literalinclude:: ../../utils/templates/etc/searxng/settings.yml
|
.. literalinclude:: ../../utils/templates/etc/searxng/settings.yml
|
||||||
:language: yaml
|
:language: yaml
|
||||||
|
:end-before: # hostname_replace:
|
||||||
|
|
||||||
|
To see the entire file jump to :origin:`utils/templates/etc/searxng/settings.yml`
|
||||||
|
|
||||||
.. group-tab:: searx/settings.yml
|
.. group-tab:: searx/settings.yml
|
||||||
|
|
||||||
.. literalinclude:: ../../searx/settings.yml
|
.. literalinclude:: ../../searx/settings.yml
|
||||||
:language: yaml
|
:language: yaml
|
||||||
|
:end-before: # hostname_replace:
|
||||||
|
|
||||||
|
To see the entire file jump to :origin:`searx/settings.yml`
|
||||||
|
|
||||||
|
For a *minimal setup* you need to set ``server:secret_key``.
|
||||||
|
|
||||||
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
|
:start-after: START searxng config
|
||||||
|
:end-before: END searxng config
|
||||||
|
|
||||||
|
|
||||||
Check
|
Check
|
||||||
|
@ -110,11 +122,11 @@ To check your SearXNG setup, optional enable debugging and start the *webapp*.
|
||||||
SearXNG looks at the exported environment ``$SEARXNG_SETTINGS_PATH`` for a
|
SearXNG looks at the exported environment ``$SEARXNG_SETTINGS_PATH`` for a
|
||||||
configuration file.
|
configuration file.
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START check searxng installation
|
:start-after: START check searxng installation
|
||||||
:end-before: END check searxng installation
|
:end-before: END check searxng installation
|
||||||
|
|
||||||
If everything works fine, hit ``[CTRL-C]`` to stop the *webapp* and disable the
|
If everything works fine, hit ``[CTRL-C]`` to stop the *webapp* and disable the
|
||||||
debug option in ``settings.yml``. You can now exit SearXNG user bash (enter exit
|
debug option in ``settings.yml``. You can now exit SearXNG user bash session (enter exit
|
||||||
command twice). At this point SearXNG is not demonized; uwsgi allows this.
|
command twice). At this point SearXNG is not demonized; uwsgi allows this.
|
||||||
|
|
||||||
|
|
|
@ -1,75 +0,0 @@
|
||||||
.. _installation switch2ng:
|
|
||||||
|
|
||||||
============================
|
|
||||||
Switch from searx to SearXNG
|
|
||||||
============================
|
|
||||||
|
|
||||||
.. sidebar:: info
|
|
||||||
|
|
||||||
- :pull:`456`
|
|
||||||
- :pull:`A comment about rolling release <446#issuecomment-954730358>`
|
|
||||||
|
|
||||||
.. contents:: Contents
|
|
||||||
:depth: 2
|
|
||||||
:local:
|
|
||||||
:backlinks: entry
|
|
||||||
|
|
||||||
If you have a searx installation on your sever and want to switch to SearXNG,
|
|
||||||
you need to uninstall searx first. If you have an old searx docker installation
|
|
||||||
replace your docker image / see :ref:`installation docker`.
|
|
||||||
|
|
||||||
If your searx instance was installed *"Step by step"* or by the *"Installation
|
|
||||||
scripts"*, you need to undo the installation procedure completely. If you have
|
|
||||||
morty & filtron installed, it is recommended to uninstall these services also.
|
|
||||||
In case of scripts, to uninstall use the scripts from the origin you installed
|
|
||||||
searx from.
|
|
||||||
|
|
||||||
If you have removed the old searx installation, clone from SearXNG and and start
|
|
||||||
with your installation procedure (e.g. :ref:`installation scripts`):
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ cd ~/Downloads
|
|
||||||
$ git clone https://github.com/searxng/searxng.git searxng
|
|
||||||
$ cd searxng
|
|
||||||
$ ...
|
|
||||||
|
|
||||||
``.config.sh``
|
|
||||||
==============
|
|
||||||
|
|
||||||
Please take into account; SearXNG has normalized ``.config.sh`` with
|
|
||||||
``settings.yml`` and some of the environment settings has been removed from or
|
|
||||||
renamed in the ``.config.sh``:
|
|
||||||
|
|
||||||
- :patch:`[mod] normalize .config.sh with settings.yml <f61c918d>`
|
|
||||||
- :patch:`[fix] ./utils/filtron.sh - FILTRON_TARGET from YAML settings <7196a9b5>`
|
|
||||||
- :patch:`SearXNG: SEARXNG_SETTINGS_PATH <253b8503>`
|
|
||||||
|
|
||||||
|
|
||||||
Check after Installation
|
|
||||||
========================
|
|
||||||
|
|
||||||
Once you have done your installation, you can run a SearXNG *check* procedure,
|
|
||||||
to see if there are some left overs. In this example there exists a *old*
|
|
||||||
``/etc/searx/settings.yml``::
|
|
||||||
|
|
||||||
$ sudo -H ./utils/searx.sh install check
|
|
||||||
|
|
||||||
============================
|
|
||||||
SearXNG (check installation)
|
|
||||||
============================
|
|
||||||
ERROR: settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/
|
|
||||||
INFO: SearXNG instance already installed at: /usr/local/searx/searx-src
|
|
||||||
...
|
|
||||||
INFO: Service account searx exists.
|
|
||||||
INFO: ~searx: python environment is available.
|
|
||||||
INFO: ~searx: SearXNG software is installed.
|
|
||||||
INFO: uWSGI app searxng.ini is enabled.
|
|
||||||
INFO searx : merge the default settings ( /usr/local/searx/searx-src/searx/settings.yml ) and the user setttings ( /etc/searxng/settings.yml )
|
|
||||||
INFO searx : max_request_timeout=None
|
|
||||||
|
|
||||||
|
|
||||||
To *check* the filtron & morty installations, use similar commands::
|
|
||||||
|
|
||||||
$ sudo -H /utils/filtron.sh install check
|
|
||||||
$ sudo -H /utils/morty.sh install check
|
|
|
@ -1,7 +1,7 @@
|
||||||
.. _searxng uwsgi:
|
.. _searxng uwsgi:
|
||||||
|
|
||||||
=====
|
=====
|
||||||
uwsgi
|
uWSGI
|
||||||
=====
|
=====
|
||||||
|
|
||||||
.. sidebar:: further reading
|
.. sidebar:: further reading
|
||||||
|
@ -29,51 +29,77 @@ uwsgi
|
||||||
Origin uWSGI
|
Origin uWSGI
|
||||||
============
|
============
|
||||||
|
|
||||||
How uWSGI is implemented by distributors is different. uWSGI itself
|
.. _Tyrant mode:
|
||||||
recommend two methods
|
https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
|
||||||
|
|
||||||
`systemd.unit`_ template files as described here `One service per app in systemd`_.
|
How uWSGI is implemented by distributors varies. The uWSGI project itself
|
||||||
|
recommends two methods:
|
||||||
|
|
||||||
There is one `systemd unit template`_ and one `uwsgi ini file`_ per uWSGI-app
|
1. `systemd.unit`_ template file as described here `One service per app in systemd`_:
|
||||||
placed at dedicated locations. Take archlinux and a searxng.ini as example::
|
|
||||||
|
|
||||||
unit template --> /usr/lib/systemd/system/uwsgi@.service
|
There is one `systemd unit template`_ on the system installed and one `uwsgi
|
||||||
uwsgi ini files --> /etc/uwsgi/searxng.ini
|
ini file`_ per uWSGI-app placed at dedicated locations. Take archlinux and a
|
||||||
|
``searxng.ini`` as example::
|
||||||
|
|
||||||
The SearXNG app can be maintained as know from common systemd units::
|
systemd template unit: /usr/lib/systemd/system/uwsgi@.service
|
||||||
|
contains: [Service]
|
||||||
|
ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/%I.ini
|
||||||
|
|
||||||
systemctl enable uwsgi@searx
|
SearXNG application: /etc/uwsgi/searxng.ini
|
||||||
systemctl start uwsgi@searx
|
links to: /etc/uwsgi/apps-available/searxng.ini
|
||||||
systemctl restart uwsgi@searx
|
|
||||||
systemctl stop uwsgi@searx
|
|
||||||
|
|
||||||
The `uWSGI Emperor`_ mode which fits for maintaining a large range of uwsgi apps.
|
The SearXNG app (template ``/etc/uwsgi/%I.ini``) can be maintained as known
|
||||||
|
from common systemd units:
|
||||||
|
|
||||||
|
.. code:: sh
|
||||||
|
|
||||||
|
$ systemctl enable uwsgi@searxng
|
||||||
|
$ systemctl start uwsgi@searxng
|
||||||
|
$ systemctl restart uwsgi@searxng
|
||||||
|
$ systemctl stop uwsgi@searxng
|
||||||
|
|
||||||
|
2. The `uWSGI Emperor`_ which fits for maintaining a large range of uwsgi
|
||||||
|
apps and there is a `Tyrant mode`_ to secure multi-user hosting.
|
||||||
|
|
||||||
The Emperor mode is a special uWSGI instance that will monitor specific
|
The Emperor mode is a special uWSGI instance that will monitor specific
|
||||||
events. The Emperor mode (service) is started by a (common, not template)
|
events. The Emperor mode (the service) is started by a (common, not template)
|
||||||
systemd unit. The Emperor service will scan specific directories for `uwsgi
|
systemd unit.
|
||||||
ini file`_\s (also know as *vassals*). If a *vassal* is added, removed or the
|
|
||||||
timestamp is modified, a corresponding action takes place: a new uWSGI
|
The Emperor service will scan specific directories for `uwsgi ini file`_\s
|
||||||
instance is started, reload or stopped. Take Fedora and a searxng.ini as
|
(also know as *vassals*). If a *vassal* is added, removed or the timestamp is
|
||||||
example::
|
modified, a corresponding action takes place: a new uWSGI instance is started,
|
||||||
|
reload or stopped. Take Fedora and a ``searxng.ini`` as example::
|
||||||
|
|
||||||
|
to install & start SearXNG instance create --> /etc/uwsgi.d/searxng.ini
|
||||||
|
to reload the instance edit timestamp --> touch /etc/uwsgi.d/searxng.ini
|
||||||
|
to stop instance remove ini --> rm /etc/uwsgi.d/searxng.ini
|
||||||
|
|
||||||
to start a new SearXNG instance create --> /etc/uwsgi.d/searxng.ini
|
|
||||||
to reload the instance edit timestamp --> touch /etc/uwsgi.d/searxng.ini
|
|
||||||
to stop instance remove ini --> rm /etc/uwsgi.d/searxng.ini
|
|
||||||
|
|
||||||
Distributors
|
Distributors
|
||||||
============
|
============
|
||||||
|
|
||||||
The `uWSGI Emperor`_ mode and `systemd unit template`_ is what the distributors
|
The `uWSGI Emperor`_ mode and `systemd unit template`_ is what the distributors
|
||||||
mostly offer their users, even if they differ in the way they implement both
|
mostly offer their users, even if they differ in the way they implement both
|
||||||
modes and their defaults. Another point they might differ is the packaging of
|
modes and their defaults. Another point they might differ in is the packaging of
|
||||||
plugins (if so, compare :ref:`install packages`) and what the default python
|
plugins (if so, compare :ref:`install packages`) and what the default python
|
||||||
interpreter is (python2 vs. python3).
|
interpreter is (python2 vs. python3).
|
||||||
|
|
||||||
Fedora starts a Emperor by default, while archlinux does not start any uwsgi
|
While archlinux does not start a uWSGI service by default, Fedora (RHEL) starts
|
||||||
service by default. Worth to know; debian (ubuntu) follow a complete different
|
a Emperor in `Tyrant mode`_ by default (you should have read :ref:`uWSGI Tyrant
|
||||||
approach. *debian*: your are familiar with the apache infrastructure? .. they
|
mode pitfalls`). Worth to know; debian (ubuntu) follow a complete different
|
||||||
do similar for the uWSGI infrastructure (with less comfort), the folders are::
|
approach, read see :ref:`Debian's uWSGI layout`.
|
||||||
|
|
||||||
|
.. _Debian's uWSGI layout:
|
||||||
|
|
||||||
|
Debian's uWSGI layout
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
.. _uwsgi.README.Debian:
|
||||||
|
https://salsa.debian.org/uwsgi-team/uwsgi/-/raw/debian/latest/debian/uwsgi.README.Debian
|
||||||
|
|
||||||
|
Be aware, Debian's uWSGI layout is quite different from the standard uWSGI
|
||||||
|
configuration. Your are familiar with :ref:`Debian's Apache layout`? .. they do a
|
||||||
|
similar thing for the uWSGI infrastructure. The folders are::
|
||||||
|
|
||||||
/etc/uwsgi/apps-available/
|
/etc/uwsgi/apps-available/
|
||||||
/etc/uwsgi/apps-enabled/
|
/etc/uwsgi/apps-enabled/
|
||||||
|
@ -82,29 +108,52 @@ The `uwsgi ini file`_ is enabled by a symbolic link::
|
||||||
|
|
||||||
ln -s /etc/uwsgi/apps-available/searxng.ini /etc/uwsgi/apps-enabled/
|
ln -s /etc/uwsgi/apps-available/searxng.ini /etc/uwsgi/apps-enabled/
|
||||||
|
|
||||||
From debian's documentation (``/usr/share/doc/uwsgi/README.Debian.gz``): You
|
More details can be found in the uwsgi.README.Debian_
|
||||||
could control specific instance(s) by issuing::
|
(``/usr/share/doc/uwsgi/README.Debian.gz``). Some commands you should know on
|
||||||
|
Debian:
|
||||||
|
|
||||||
service uwsgi <command> <confname> <confname> ...
|
.. code:: none
|
||||||
|
|
||||||
sudo -H service uwsgi start searx
|
Commands recognized by init.d script
|
||||||
sudo -H service uwsgi stop searx
|
====================================
|
||||||
|
|
||||||
My experience is, that this command is a bit buggy.
|
You can issue to init.d script following commands:
|
||||||
|
* start | starts daemon
|
||||||
|
* stop | stops daemon
|
||||||
|
* reload | sends to daemon SIGHUP signal
|
||||||
|
* force-reload | sends to daemon SIGTERM signal
|
||||||
|
* restart | issues 'stop', then 'start' commands
|
||||||
|
* status | shows status of daemon instance (running/not running)
|
||||||
|
|
||||||
.. _uwsgi configuration:
|
'status' command must be issued with exactly one argument: '<confname>'.
|
||||||
|
|
||||||
Alltogether
|
Controlling specific instances of uWSGI
|
||||||
===========
|
=======================================
|
||||||
|
|
||||||
Create the configuration ini-file according to your distribution (see below) and
|
You could control specific instance(s) by issuing:
|
||||||
restart the uwsgi application.
|
|
||||||
|
SYSTEMCTL_SKIP_REDIRECT=1 service uwsgi <command> <confname> <confname>...
|
||||||
|
|
||||||
|
where:
|
||||||
|
* <command> is one of 'start', 'stop' etc.
|
||||||
|
* <confname> is the name of configuration file (without extension)
|
||||||
|
|
||||||
|
For example, this is how instance for /etc/uwsgi/apps-enabled/hello.xml is
|
||||||
|
started:
|
||||||
|
|
||||||
|
SYSTEMCTL_SKIP_REDIRECT=1 service uwsgi start hello
|
||||||
|
|
||||||
|
|
||||||
|
.. _uWSGI maintenance:
|
||||||
|
|
||||||
|
uWSGI maintenance
|
||||||
|
=================
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START searxng uwsgi-description ubuntu-20.04
|
:start-after: START searxng uwsgi-description ubuntu-20.04
|
||||||
:end-before: END searxng uwsgi-description ubuntu-20.04
|
:end-before: END searxng uwsgi-description ubuntu-20.04
|
||||||
|
|
||||||
|
@ -112,7 +161,7 @@ restart the uwsgi application.
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START searxng uwsgi-description arch
|
:start-after: START searxng uwsgi-description arch
|
||||||
:end-before: END searxng uwsgi-description arch
|
:end-before: END searxng uwsgi-description arch
|
||||||
|
|
||||||
|
@ -120,16 +169,28 @@ restart the uwsgi application.
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START searxng uwsgi-description fedora
|
:start-after: START searxng uwsgi-description fedora
|
||||||
:end-before: END searxng uwsgi-description fedora
|
:end-before: END searxng uwsgi-description fedora
|
||||||
|
|
||||||
|
|
||||||
|
.. _uwsgi setup:
|
||||||
|
|
||||||
|
uWSGI setup
|
||||||
|
===========
|
||||||
|
|
||||||
|
Create the configuration ini-file according to your distribution and restart the
|
||||||
|
uwsgi application. As shown below, the :ref:`installation scripts` installs by
|
||||||
|
default:
|
||||||
|
|
||||||
|
- a uWSGI setup that listens on a socket and
|
||||||
|
- enables :ref:`cache busting <static_use_hash>`.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START searxng uwsgi-appini ubuntu-20.04
|
:start-after: START searxng uwsgi-appini ubuntu-20.04
|
||||||
:end-before: END searxng uwsgi-appini ubuntu-20.04
|
:end-before: END searxng uwsgi-appini ubuntu-20.04
|
||||||
|
|
||||||
|
@ -137,7 +198,7 @@ restart the uwsgi application.
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START searxng uwsgi-appini arch
|
:start-after: START searxng uwsgi-appini arch
|
||||||
:end-before: END searxng uwsgi-appini arch
|
:end-before: END searxng uwsgi-appini arch
|
||||||
|
|
||||||
|
@ -145,6 +206,63 @@ restart the uwsgi application.
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/searx.rst
|
.. kernel-include:: $DOCS_BUILD/includes/searxng.rst
|
||||||
:start-after: START searxng uwsgi-appini fedora
|
:start-after: START searxng uwsgi-appini fedora
|
||||||
:end-before: END searxng uwsgi-appini fedora
|
:end-before: END searxng uwsgi-appini fedora
|
||||||
|
|
||||||
|
|
||||||
|
.. _uWSGI Tyrant mode pitfalls:
|
||||||
|
|
||||||
|
Pitfalls of the Tyrant mode
|
||||||
|
===========================
|
||||||
|
|
||||||
|
The implementation of the process owners and groups in the `Tyrant mode`_ is
|
||||||
|
somewhat unusual and requires special consideration. In `Tyrant mode`_ mode the
|
||||||
|
Emperor will run the vassal using the UID/GID of the vassal configuration file
|
||||||
|
(user and group of the app ``.ini`` file).
|
||||||
|
|
||||||
|
.. _#2099@uWSGI: https://github.com/unbit/uwsgi/issues/2099
|
||||||
|
.. _#752@uWSGI: https://github.com/unbit/uwsgi/pull/752
|
||||||
|
.. _#2425uWSGI: https://github.com/unbit/uwsgi/issues/2425
|
||||||
|
|
||||||
|
Without option ``emperor-tyrant-initgroups=true`` in ``/etc/uwsgi.ini`` the
|
||||||
|
process won't get the additional groups, but this option is not available in
|
||||||
|
2.0.x branch (see `#2099@uWSGI`_) the feature `#752@uWSGI`_ has been merged (on
|
||||||
|
Oct. 2014) to the master branch of uWSGI but had never been released; the last
|
||||||
|
major release is from Dec. 2013, since the there had been only bugfix releases
|
||||||
|
(see `#2425uWSGI`_). To shorten up:
|
||||||
|
|
||||||
|
**In Tyrant mode, there is no way to get additional groups, and the uWSGI
|
||||||
|
process misses additional permissions that may be needed.**
|
||||||
|
|
||||||
|
For example on Fedora (RHEL): If you try to install a redis DB with socket
|
||||||
|
communication and you want to connect to it from the SearXNG uWSGI, you will see a
|
||||||
|
*Permission denied* in the log of your instance::
|
||||||
|
|
||||||
|
ERROR:searx.shared.redis: [searxng (993)] can't connect redis DB ...
|
||||||
|
ERROR:searx.shared.redis: Error 13 connecting to unix socket: /usr/local/searxng-redis/run/redis.sock. Permission denied.
|
||||||
|
ERROR:searx.plugins.limiter: init limiter DB failed!!!
|
||||||
|
|
||||||
|
Even if your *searxng* user of the uWSGI process is added to additional groups
|
||||||
|
to give access to the socket from the redis DB::
|
||||||
|
|
||||||
|
$ groups searxng
|
||||||
|
searxng : searxng searxng-redis
|
||||||
|
|
||||||
|
To see the effective groups of the uwsgi process, you have to look at the status
|
||||||
|
of the process, by example::
|
||||||
|
|
||||||
|
$ ps -aef | grep '/usr/sbin/uwsgi --ini searxng.ini'
|
||||||
|
searxng 93 92 0 12:43 ? 00:00:00 /usr/sbin/uwsgi --ini searxng.ini
|
||||||
|
searxng 186 93 0 12:44 ? 00:00:01 /usr/sbin/uwsgi --ini searxng.ini
|
||||||
|
|
||||||
|
Here you can see that the additional "Groups" of PID 186 are unset (missing gid
|
||||||
|
of ``searxng-redis``)::
|
||||||
|
|
||||||
|
$ cat /proc/186/task/186/status
|
||||||
|
...
|
||||||
|
Uid: 993 993 993 993
|
||||||
|
Gid: 993 993 993 993
|
||||||
|
FDSize: 128
|
||||||
|
Groups:
|
||||||
|
...
|
||||||
|
|
|
@ -4,109 +4,19 @@
|
||||||
Installation
|
Installation
|
||||||
============
|
============
|
||||||
|
|
||||||
.. sidebar:: info
|
|
||||||
|
|
||||||
:ref:`installation switch2ng`
|
|
||||||
|
|
||||||
*You're spoilt for choice*, choose your preferred method of installation.
|
*You're spoilt for choice*, choose your preferred method of installation.
|
||||||
|
|
||||||
- :ref:`installation docker`
|
- :ref:`installation docker`
|
||||||
- :ref:`installation scripts`
|
- :ref:`installation scripts`
|
||||||
- :ref:`installation basic`
|
- :ref:`installation basic`
|
||||||
|
|
||||||
The :ref:`installation basic` is good enough for intranet usage and it is a
|
The :ref:`installation basic` is an excellent illustration of *how a SearXNG
|
||||||
excellent illustration of *how a SearXNG instance is build up*. If you place your
|
instance is build up* (see :ref:`architecture uWSGI`). If you do not have any
|
||||||
instance public to the internet you should really consider to install a
|
special preferences, its recommend to use the :ref:`installation docker` or the
|
||||||
:ref:`filtron reverse proxy <filtron.sh>` and for privacy a :ref:`result proxy
|
:ref:`installation scripts`.
|
||||||
<morty.sh>` is mandatory.
|
|
||||||
|
|
||||||
Therefore, if you do not have any special preferences, its recommend to use the
|
.. attention::
|
||||||
:ref:`installation docker` or the `Installation scripts`_ from our :ref:`tooling
|
|
||||||
box <toolboxing>` as described below.
|
|
||||||
|
|
||||||
.. _installation scripts:
|
SearXNG is growing rapidly, you should regularly read our :ref:`migrate and
|
||||||
|
stay tuned` section. If you want to upgrade an existing instance or migrate
|
||||||
Installation scripts
|
from searx to SearXNG, you should read this section first!
|
||||||
====================
|
|
||||||
|
|
||||||
.. sidebar:: Update OS first!
|
|
||||||
|
|
||||||
To avoid unwanted side effects, update your OS before installing SearXNG.
|
|
||||||
|
|
||||||
The following will install a setup as shown in :ref:`architecture`. First you
|
|
||||||
need to get a clone. The clone is only needed for the installation procedure
|
|
||||||
and some maintenance tasks (alternatively you can create your own fork).
|
|
||||||
|
|
||||||
For the installation procedure, use a *sudoer* login to run the scripts. If you
|
|
||||||
install from ``root``, take into account that the scripts are creating a
|
|
||||||
``searx``, a ``filtron`` and a ``morty`` user. In the installation procedure
|
|
||||||
these new created users do need read access to the clone of searx, which is not
|
|
||||||
the case if you clone into a folder below ``/root``.
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ cd ~/Downloads
|
|
||||||
$ git clone https://github.com/searxng/searxng.git searxng
|
|
||||||
$ cd searxng
|
|
||||||
|
|
||||||
.. sidebar:: further read
|
|
||||||
|
|
||||||
- :ref:`toolboxing`
|
|
||||||
- :ref:`update searxng`
|
|
||||||
- :ref:`inspect searxng`
|
|
||||||
|
|
||||||
**Install** :ref:`SearXNG service <searx.sh>`
|
|
||||||
|
|
||||||
This installs SearXNG as described in :ref:`installation basic`.
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/searx.sh install all
|
|
||||||
|
|
||||||
**Install** :ref:`filtron reverse proxy <filtron.sh>`
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/filtron.sh install all
|
|
||||||
|
|
||||||
**Install** :ref:`result proxy <morty.sh>`
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/morty.sh install all
|
|
||||||
|
|
||||||
If all services are running fine, you can add it to your HTTP server:
|
|
||||||
|
|
||||||
**Install** HTTP
|
|
||||||
|
|
||||||
- :ref:`installation apache`
|
|
||||||
- :ref:`installation nginx`
|
|
||||||
|
|
||||||
**Install** :ref:`external plugins <dev plugin>`
|
|
||||||
|
|
||||||
Use SearXNG's ``shell`` to install external plugins. In the example below we
|
|
||||||
install the SearXNG plugins from **The Green Web Foundation** `[ref]
|
|
||||||
<https://www.thegreenwebfoundation.org/news/searching-the-green-web-with-searx/>`__:
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/searx.sh shell
|
|
||||||
// exit with [CTRL-D]
|
|
||||||
(searx-pyenv) searx@ryzen:~$ pip install git+https://github.com/return42/tgwf-searx-plugins
|
|
||||||
|
|
||||||
In the :ref:`settings.yml` activate the ``plugins:`` section and add module
|
|
||||||
``only_show_green_results`` from tgwf-searx-plugins.
|
|
||||||
|
|
||||||
.. code:: yaml
|
|
||||||
|
|
||||||
plugins:
|
|
||||||
- only_show_green_results
|
|
||||||
|
|
||||||
.. _git stash: https://git-scm.com/docs/git-stash
|
|
||||||
|
|
||||||
.. tip::
|
|
||||||
|
|
||||||
About script's installation options have a look at chapter :ref:`toolboxing
|
|
||||||
setup`. How to brand your instance see chapter :ref:`settings global`. To
|
|
||||||
*stash* your instance's setup, `git stash`_ your clone's :origin:`.config.sh`
|
|
||||||
file .
|
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
|
|
||||||
.. _searxng morty:
|
|
||||||
|
|
||||||
=========================
|
|
||||||
How to setup result proxy
|
|
||||||
=========================
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
|
||||||
|
|
||||||
- :ref:`morty.sh`
|
|
||||||
|
|
||||||
.. _morty: https://github.com/asciimoo/morty
|
|
||||||
.. _morty's README: https://github.com/asciimoo/morty
|
|
||||||
|
|
||||||
By default SearXNG can only act as an image proxy for result images, but it is
|
|
||||||
possible to proxify all the result URLs with an external service, morty_.
|
|
||||||
|
|
||||||
To use this feature, morty has to be installed and activated in SearXNG's
|
|
||||||
``settings.yml``. Add the following snippet to your ``settings.yml`` and
|
|
||||||
restart searx:
|
|
||||||
|
|
||||||
.. code:: yaml
|
|
||||||
|
|
||||||
result_proxy:
|
|
||||||
url : http://127.0.0.1:3000/
|
|
||||||
key : !!binary "insert_your_morty_proxy_key_here"
|
|
||||||
|
|
||||||
Note that the example above (``http://127.0.0.1:3000``) is only for single-user
|
|
||||||
instances without a HTTP proxy. If your morty service is public, the url is the
|
|
||||||
address of the reverse proxy (e.g ``https://example.org/morty``).
|
|
||||||
|
|
||||||
For more information about *result proxy* have a look at *"SearXNG via filtron
|
|
||||||
plus morty"* in the :ref:`nginx <nginx searxng via filtron plus morty>` and
|
|
||||||
:ref:`apache <apache searxng via filtron plus morty>` sections.
|
|
||||||
|
|
||||||
``url``
|
|
||||||
Is the address of the running morty service.
|
|
||||||
|
|
||||||
``key``
|
|
||||||
Is an optional argument, see `morty's README`_ for more information.
|
|
|
@ -1,59 +1,115 @@
|
||||||
.. _update searxng:
|
===================
|
||||||
|
SearXNG maintenance
|
||||||
=============
|
===================
|
||||||
How to update
|
|
||||||
=============
|
|
||||||
|
|
||||||
How to update depends on the :ref:`installation` method. If you have used the
|
|
||||||
:ref:`installation scripts`, use ``update`` command from the scripts.
|
|
||||||
|
|
||||||
**Update** :ref:`SearXNG service <searx.sh>`
|
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
sudo -H ./utils/searx.sh update searx
|
|
||||||
|
|
||||||
**Update** :ref:`filtron reverse proxy <filtron.sh>`
|
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
sudo -H ./utils/filtron.sh update filtron
|
|
||||||
|
|
||||||
**Update** :ref:`result proxy <morty.sh>`
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
$ sudo -H ./utils/morty.sh update morty
|
|
||||||
|
|
||||||
.. _inspect searxng:
|
|
||||||
|
|
||||||
======================
|
|
||||||
How to inspect & debug
|
|
||||||
======================
|
|
||||||
|
|
||||||
.. sidebar:: further read
|
.. sidebar:: further read
|
||||||
|
|
||||||
- :ref:`toolboxing`
|
- :ref:`toolboxing`
|
||||||
- :ref:`Makefile`
|
- :ref:`uWSGI maintenance`
|
||||||
|
|
||||||
|
.. contents:: Contents
|
||||||
|
:depth: 2
|
||||||
|
:local:
|
||||||
|
:backlinks: entry
|
||||||
|
|
||||||
|
.. _update searxng:
|
||||||
|
|
||||||
|
How to update
|
||||||
|
=============
|
||||||
|
|
||||||
|
How to update depends on the :ref:`installation` method. If you have used the
|
||||||
|
:ref:`installation scripts`, use the ``update`` command from the :ref:`searxng.sh`
|
||||||
|
script.
|
||||||
|
|
||||||
|
.. code:: sh
|
||||||
|
|
||||||
|
sudo -H ./utils/searxng.sh instance update
|
||||||
|
|
||||||
|
.. _inspect searxng:
|
||||||
|
|
||||||
|
How to inspect & debug
|
||||||
|
======================
|
||||||
|
|
||||||
How to debug depends on the :ref:`installation` method. If you have used the
|
How to debug depends on the :ref:`installation` method. If you have used the
|
||||||
:ref:`installation scripts`, use ``inspect`` command from the scripts.
|
:ref:`installation scripts`, use the ``inspect`` command from the :ref:`searxng.sh`
|
||||||
|
script.
|
||||||
**Inspect** :ref:`SearXNG service <searx.sh>`
|
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: sh
|
||||||
|
|
||||||
sudo -H ./utils/searx.sh inspect service
|
sudo -H ./utils/searxng.sh instance inspect
|
||||||
|
|
||||||
**Inspect** :ref:`filtron reverse proxy <filtron.sh>`
|
.. _migrate and stay tuned:
|
||||||
|
|
||||||
.. code:: sh
|
Migrate and stay tuned!
|
||||||
|
=======================
|
||||||
|
|
||||||
sudo -H ./utils/filtron.sh inspect service
|
.. sidebar:: info
|
||||||
|
|
||||||
**Inspect** :ref:`result proxy <morty.sh>`
|
- :pull:`1332`
|
||||||
|
- :pull:`456`
|
||||||
|
- :pull:`A comment about rolling release <446#issuecomment-954730358>`
|
||||||
|
|
||||||
.. code:: bash
|
SearXNG is a *rolling release*; each commit to the master branch is a release.
|
||||||
|
SearXNG is growing rapidly, the services and opportunities are change every now
|
||||||
|
and then, to name just a few:
|
||||||
|
|
||||||
$ sudo -H ./utils/morty.sh inspect service
|
- Bot protection has been switched from filtron to SearXNG's :ref:`limiter
|
||||||
|
<limiter>`, this requires a :ref:`Redis <settings redis>` database.
|
||||||
|
|
||||||
|
- The image proxy morty is no longer needed, it has been replaced by the
|
||||||
|
:ref:`image proxy <image_proxy>` from SearXNG.
|
||||||
|
|
||||||
|
- To save bandwith :ref:`cache busting <static_use_hash>` has been implemented.
|
||||||
|
To get in use, the ``static-expires`` needs to be set in the :ref:`uwsgi
|
||||||
|
setup`.
|
||||||
|
|
||||||
|
To stay tuned and get in use of the new features, instance maintainers have to
|
||||||
|
update the SearXNG code regularly (see :ref:`update searxng`). As the above
|
||||||
|
examples show, this is not always enough, sometimes services have to be set up
|
||||||
|
or reconfigured and sometimes services that are no longer needed should be
|
||||||
|
uninstalled.
|
||||||
|
|
||||||
|
.. hint::
|
||||||
|
|
||||||
|
First of all: SearXNG is installed by the script :ref:`searxng.sh`. If you
|
||||||
|
have old filtron, morty or searx setup you should consider complete
|
||||||
|
uninstall/reinstall.
|
||||||
|
|
||||||
|
|
||||||
|
remove obsolete services
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
If your searx instance was installed *"Step by step"* or by the *"Installation
|
||||||
|
scripts"*, you need to undo the installation procedure completely. If you have
|
||||||
|
morty & filtron installed, it is recommended to uninstall these services also.
|
||||||
|
In case of scripts, to uninstall use the scripts from the origin you installed
|
||||||
|
searx from or try::
|
||||||
|
|
||||||
|
$ sudo -H ./utils/filtron.sh remove all
|
||||||
|
$ sudo -H ./utils/morty.sh remove all
|
||||||
|
$ sudo -H ./utils/searx.sh remove all
|
||||||
|
|
||||||
|
.. hint::
|
||||||
|
|
||||||
|
If you are migrate from searx take into account that the ``.config.sh`` is no
|
||||||
|
longer used.
|
||||||
|
|
||||||
|
|
||||||
|
Check after Installation
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
Once you have done your installation, you can run a SearXNG *check* procedure,
|
||||||
|
to see if there are some left overs. In this example there exists a *old*
|
||||||
|
``/etc/searx/settings.yml``::
|
||||||
|
|
||||||
|
$ sudo -H ./utils/searxng.sh instance check
|
||||||
|
|
||||||
|
SearXNG checks
|
||||||
|
--------------
|
||||||
|
ERROR: settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/
|
||||||
|
INFO: [OK] (old) account 'searx' does not exists
|
||||||
|
INFO: [OK] (old) account 'filtron' does not exists
|
||||||
|
INFO: [OK] (old) account 'morty' does not exists
|
||||||
|
...
|
||||||
|
INFO searx.shared : Use shared_simple implementation
|
||||||
|
INFO searx.shared.redis : connected redis DB --> default
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.. template evaluated by: ./utils/searx.sh docs
|
.. template evaluated by: ./utils/searxng.sh searxng.doc.rst
|
||||||
.. hint: all dollar-names are variables, dollar sign itself is quoted by: \\$
|
.. hint: all dollar-names are variables, dollar sign itself is quoted by: \\$
|
||||||
|
|
||||||
.. START distro-packages
|
.. START distro-packages
|
||||||
|
@ -65,7 +65,8 @@ ${fedora_build}
|
||||||
|
|
||||||
$ sudo -H useradd --shell /bin/bash --system \\
|
$ sudo -H useradd --shell /bin/bash --system \\
|
||||||
--home-dir \"$SERVICE_HOME\" \\
|
--home-dir \"$SERVICE_HOME\" \\
|
||||||
--comment 'Privacy-respecting metasearch engine' $SERVICE_USER
|
--comment 'Privacy-respecting metasearch engine' \\
|
||||||
|
$SERVICE_USER
|
||||||
|
|
||||||
$ sudo -H mkdir \"$SERVICE_HOME\"
|
$ sudo -H mkdir \"$SERVICE_HOME\"
|
||||||
$ sudo -H chown -R \"$SERVICE_GROUP:$SERVICE_GROUP\" \"$SERVICE_HOME\"
|
$ sudo -H chown -R \"$SERVICE_GROUP:$SERVICE_GROUP\" \"$SERVICE_HOME\"
|
||||||
|
@ -81,7 +82,8 @@ ${fedora_build}
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
$ sudo -H -u ${SERVICE_USER} -i
|
$ sudo -H -u ${SERVICE_USER} -i
|
||||||
(${SERVICE_USER})$ git clone \"$GIT_URL\" \"$SEARX_SRC\"
|
(${SERVICE_USER})$ git clone \"$GIT_URL\" \\
|
||||||
|
\"$SEARXNG_SRC\"
|
||||||
|
|
||||||
.. END clone searxng
|
.. END clone searxng
|
||||||
|
|
||||||
|
@ -93,8 +95,9 @@ ${fedora_build}
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
(${SERVICE_USER})$ python3 -m venv \"${SEARX_PYENV}\"
|
(${SERVICE_USER})$ python3 -m venv \"${SEARXNG_PYENV}\"
|
||||||
(${SERVICE_USER})$ echo \". ${SEARX_PYENV}/bin/activate\" >> \"$SERVICE_HOME/.profile\"
|
(${SERVICE_USER})$ echo \". ${SEARXNG_PYENV}/bin/activate\" \\
|
||||||
|
>> \"$SERVICE_HOME/.profile\"
|
||||||
|
|
||||||
.. END create virtualenv
|
.. END create virtualenv
|
||||||
|
|
||||||
|
@ -109,7 +112,7 @@ ${fedora_build}
|
||||||
$ sudo -H -u ${SERVICE_USER} -i
|
$ sudo -H -u ${SERVICE_USER} -i
|
||||||
|
|
||||||
(${SERVICE_USER})$ command -v python && python --version
|
(${SERVICE_USER})$ command -v python && python --version
|
||||||
$SEARX_PYENV/bin/python
|
$SEARXNG_PYENV/bin/python
|
||||||
Python 3.8.1
|
Python 3.8.1
|
||||||
|
|
||||||
# update pip's boilerplate ..
|
# update pip's boilerplate ..
|
||||||
|
@ -119,7 +122,7 @@ ${fedora_build}
|
||||||
pip install -U pyyaml
|
pip install -U pyyaml
|
||||||
|
|
||||||
# jump to SearXNG's working tree and install SearXNG into virtualenv
|
# jump to SearXNG's working tree and install SearXNG into virtualenv
|
||||||
(${SERVICE_USER})$ cd \"$SEARX_SRC\"
|
(${SERVICE_USER})$ cd \"$SEARXNG_SRC\"
|
||||||
(${SERVICE_USER})$ pip install -e .
|
(${SERVICE_USER})$ pip install -e .
|
||||||
|
|
||||||
|
|
||||||
|
@ -134,24 +137,15 @@ ${fedora_build}
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
$ sudo -H mkdir -p \"$(dirname ${SEARXNG_SETTINGS_PATH})\"
|
$ sudo -H mkdir -p \"$(dirname ${SEARXNG_SETTINGS_PATH})\"
|
||||||
$ sudo -H cp \"$SEARX_SRC/utils/templates/etc/searxng/settings.yml\" \\
|
$ sudo -H cp \"$SEARXNG_SRC/utils/templates/etc/searxng/settings.yml\" \\
|
||||||
\"${SEARXNG_SETTINGS_PATH}\"
|
\"${SEARXNG_SETTINGS_PATH}\"
|
||||||
|
|
||||||
.. group-tab:: searx/settings.yml
|
|
||||||
|
|
||||||
.. code-block:: sh
|
|
||||||
|
|
||||||
$ sudo -H mkdir -p \"$(dirname ${SEARXNG_SETTINGS_PATH})\"
|
|
||||||
$ sudo -H cp \"$SEARX_SRC/searx/settings.yml\" \\
|
|
||||||
\"${SEARXNG_SETTINGS_PATH}\"
|
|
||||||
|
|
||||||
.. tabs::
|
|
||||||
|
|
||||||
.. group-tab:: minimal setup
|
.. group-tab:: minimal setup
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
$ sudo -H sed -i -e \"s/ultrasecretkey/\$(openssl rand -hex 16)/g\" \"$SEARXNG_SETTINGS_PATH\"
|
$ sudo -H sed -i -e \"s/ultrasecretkey/\$(openssl rand -hex 16)/g\" \\
|
||||||
|
\"$SEARXNG_SETTINGS_PATH\"
|
||||||
|
|
||||||
.. END searxng config
|
.. END searxng config
|
||||||
|
|
||||||
|
@ -168,14 +162,14 @@ ${fedora_build}
|
||||||
|
|
||||||
# start webapp
|
# start webapp
|
||||||
$ sudo -H -u ${SERVICE_USER} -i
|
$ sudo -H -u ${SERVICE_USER} -i
|
||||||
(${SERVICE_USER})$ cd ${SEARX_SRC}
|
(${SERVICE_USER})$ cd ${SEARXNG_SRC}
|
||||||
(${SERVICE_USER})$ export SEARXNG_SETTINGS_PATH=\"${SEARXNG_SETTINGS_PATH}\"
|
(${SERVICE_USER})$ export SEARXNG_SETTINGS_PATH=\"${SEARXNG_SETTINGS_PATH}\"
|
||||||
(${SERVICE_USER})$ python searx/webapp.py
|
(${SERVICE_USER})$ python searx/webapp.py
|
||||||
|
|
||||||
# disable debug
|
# disable debug
|
||||||
$ sudo -H sed -i -e \"s/debug : True/debug : False/g\" \"$SEARXNG_SETTINGS_PATH\"
|
$ sudo -H sed -i -e \"s/debug : True/debug : False/g\" \"$SEARXNG_SETTINGS_PATH\"
|
||||||
|
|
||||||
Open WEB browser and visit http://$SEARX_INTERNAL_HTTP . If you are inside a
|
Open WEB browser and visit http://$SEARXNG_INTERNAL_HTTP . If you are inside a
|
||||||
container or in a script, test with curl:
|
container or in a script, test with curl:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
@ -184,13 +178,13 @@ container or in a script, test with curl:
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
$ xdg-open http://$SEARX_INTERNAL_HTTP
|
$ xdg-open http://$SEARXNG_INTERNAL_HTTP
|
||||||
|
|
||||||
.. group-tab:: curl
|
.. group-tab:: curl
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
$ curl --location --verbose --head --insecure $SEARX_INTERNAL_HTTP
|
$ curl --location --verbose --head --insecure $SEARXNG_INTERNAL_HTTP
|
||||||
|
|
||||||
* Trying 127.0.0.1:8888...
|
* Trying 127.0.0.1:8888...
|
||||||
* TCP_NODELAY set
|
* TCP_NODELAY set
|
|
@ -195,5 +195,5 @@ html_show_sourcelink = True
|
||||||
# LaTeX ----------------------------------------------------------------
|
# LaTeX ----------------------------------------------------------------
|
||||||
|
|
||||||
latex_documents = [
|
latex_documents = [
|
||||||
(master_doc, "searx-{}.tex".format(VERSION_STRING), html_title, author, "manual")
|
(master_doc, "searxng-{}.tex".format(VERSION_STRING), html_title, author, "manual")
|
||||||
]
|
]
|
||||||
|
|
|
@ -66,11 +66,11 @@ For a more detailed description, see :ref:`settings engine` in the :ref:`settin
|
||||||
.. table:: Common options in the engine setup (``settings.yml``)
|
.. table:: Common options in the engine setup (``settings.yml``)
|
||||||
:width: 100%
|
:width: 100%
|
||||||
|
|
||||||
======================= =========== ===============================================
|
======================= =========== ==================================================
|
||||||
argument type information
|
argument type information
|
||||||
======================= =========== ===============================================
|
======================= =========== ==================================================
|
||||||
name string name of search-engine
|
name string name of search-engine
|
||||||
engine string name of searx-engine (filename without ``.py``)
|
engine string name of searxng-engine (file name without ``.py``)
|
||||||
enable_http bool enable HTTP (by default only HTTPS is enabled).
|
enable_http bool enable HTTP (by default only HTTPS is enabled).
|
||||||
shortcut string shortcut of search-engine
|
shortcut string shortcut of search-engine
|
||||||
timeout string specific timeout for search-engine
|
timeout string specific timeout for search-engine
|
||||||
|
@ -78,7 +78,7 @@ For a more detailed description, see :ref:`settings engine` in the :ref:`settin
|
||||||
proxies dict set proxies for a specific engine
|
proxies dict set proxies for a specific engine
|
||||||
(e.g. ``proxies : {http: socks5://proxy:port,
|
(e.g. ``proxies : {http: socks5://proxy:port,
|
||||||
https: socks5://proxy:port}``)
|
https: socks5://proxy:port}``)
|
||||||
======================= =========== ===============================================
|
======================= =========== ==================================================
|
||||||
|
|
||||||
.. _engine overrides:
|
.. _engine overrides:
|
||||||
|
|
||||||
|
|
|
@ -45,9 +45,7 @@ be set on a *production* system.
|
||||||
The scripts from :ref:`searx_utils` can divide in those to install and maintain
|
The scripts from :ref:`searx_utils` can divide in those to install and maintain
|
||||||
software:
|
software:
|
||||||
|
|
||||||
- :ref:`searx.sh`
|
- :ref:`searxng.sh`
|
||||||
- :ref:`filtron.sh`
|
|
||||||
- :ref:`morty.sh`
|
|
||||||
|
|
||||||
and the script :ref:`lxc.sh`, with we can scale our installation, maintenance or
|
and the script :ref:`lxc.sh`, with we can scale our installation, maintenance or
|
||||||
even development tasks over a stack of isolated containers / what we call the:
|
even development tasks over a stack of isolated containers / what we call the:
|
||||||
|
@ -73,7 +71,7 @@ once:
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ snap install lxd
|
$ snap install lxd
|
||||||
$ lxd init --auto
|
$ lxd init --auto
|
||||||
|
@ -85,28 +83,28 @@ fork:
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ cd ~/Downloads
|
$ cd ~/Downloads
|
||||||
$ git clone https://github.com/searxng/searxng.git searxng
|
$ git clone https://github.com/searxng/searxng.git searxng
|
||||||
$ cd searxng
|
$ cd searxng
|
||||||
|
|
||||||
The :ref:`lxc-searx.env` consists of several images, see ``export
|
The :ref:`lxc-searxng.env` consists of several images, see ``export
|
||||||
LXC_SUITE=(...`` near by :origin:`utils/lxc-searx.env#L19`. For this blog post
|
LXC_SUITE=(...`` near by :origin:`utils/lxc-searxng.env#L19`. For this blog post
|
||||||
we exercise on a archlinux_ image. The container of this image is named
|
we exercise on a archlinux_ image. The container of this image is named
|
||||||
``searx-archlinux``. Lets build the container, but be sure that this container
|
``searxng-archlinux``. Lets build the container, but be sure that this container
|
||||||
does not already exists, so first lets remove possible old one:
|
does not already exists, so first lets remove possible old one:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh remove searx-archlinux
|
$ sudo -H ./utils/lxc.sh remove searxng-archlinux
|
||||||
$ sudo -H ./utils/lxc.sh build searx-archlinux
|
$ sudo -H ./utils/lxc.sh build searxng-archlinux
|
||||||
|
|
||||||
.. sidebar:: The ``searx-archlinux`` container
|
.. sidebar:: The ``searxng-archlinux`` container
|
||||||
|
|
||||||
is the base of all our exercises here.
|
is the base of all our exercises here.
|
||||||
|
|
||||||
|
@ -117,9 +115,9 @@ In this container we install all services :ref:`including searx, morty & filtron
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh install suite searx-archlinux
|
$ sudo -H ./utils/lxc.sh install suite searxng-archlinux
|
||||||
|
|
||||||
To proxy HTTP from filtron and morty in the container to the outside of the
|
To proxy HTTP from filtron and morty in the container to the outside of the
|
||||||
container, install nginx into the container. Once for the bot blocker filtron:
|
container, install nginx into the container. Once for the bot blocker filtron:
|
||||||
|
@ -128,9 +126,9 @@ container, install nginx into the container. Once for the bot blocker filtron:
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
./utils/filtron.sh nginx install
|
./utils/filtron.sh nginx install
|
||||||
...
|
...
|
||||||
INFO: got 429 from http://10.174.184.156/searx
|
INFO: got 429 from http://10.174.184.156/searx
|
||||||
|
@ -141,9 +139,9 @@ and once for the content sanitizer (content proxy morty):
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
./utils/morty.sh nginx install
|
./utils/morty.sh nginx install
|
||||||
...
|
...
|
||||||
INFO: got 200 from http://10.174.184.156/morty/
|
INFO: got 200 from http://10.174.184.156/morty/
|
||||||
|
@ -154,7 +152,7 @@ and once for the content sanitizer (content proxy morty):
|
||||||
blocker (filtron) and WEB content sanitizer (content proxy morty), both are
|
blocker (filtron) and WEB content sanitizer (content proxy morty), both are
|
||||||
needed for a *privacy protecting* search engine.
|
needed for a *privacy protecting* search engine.
|
||||||
|
|
||||||
On your system, the IP of your ``searx-archlinux`` container differs from
|
On your system, the IP of your ``searxng-archlinux`` container differs from
|
||||||
http://10.174.184.156/searx, just open the URL reported in your installation
|
http://10.174.184.156/searx, just open the URL reported in your installation
|
||||||
protocol in your WEB browser from the desktop to test the instance from outside
|
protocol in your WEB browser from the desktop to test the instance from outside
|
||||||
of the container.
|
of the container.
|
||||||
|
@ -169,27 +167,27 @@ In containers, work as usual
|
||||||
|
|
||||||
Usually you open a root-bash using ``sudo -H bash``. In case of LXC containers
|
Usually you open a root-bash using ``sudo -H bash``. In case of LXC containers
|
||||||
open the root-bash in the container using ``./utils/lxc.sh cmd
|
open the root-bash in the container using ``./utils/lxc.sh cmd
|
||||||
searx-archlinux``:
|
searxng-archlinux``:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux bash
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash
|
||||||
INFO: [searx-archlinux] bash
|
INFO: [searxng-archlinux] bash
|
||||||
[root@searx-archlinux searx]# pwd
|
[root@searxng-archlinux searx]# pwd
|
||||||
/share/searxng
|
/share/searxng
|
||||||
|
|
||||||
The prompt ``[root@searx-archlinux ...]`` signals, that you are the root user in
|
The prompt ``[root@searxng-archlinux ...]`` signals, that you are the root user in
|
||||||
the searx-container. To debug the running SearXNG instance use:
|
the searxng-container. To debug the running SearXNG instance use:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: root@searx-archlinux
|
.. group-tab:: root@searxng-archlinux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ ./utils/searx.sh inspect service
|
$ ./utils/searx.sh inspect service
|
||||||
...
|
...
|
||||||
|
@ -202,56 +200,42 @@ above. You can stop monitoring using ``CTRL-C``, this also disables the *"debug
|
||||||
option"* in SearXNG's settings file and restarts the SearXNG uwsgi application.
|
option"* in SearXNG's settings file and restarts the SearXNG uwsgi application.
|
||||||
To debug services from filtron and morty analogous use:
|
To debug services from filtron and morty analogous use:
|
||||||
|
|
||||||
.. tabs::
|
Another point we have to notice is that the service (:ref:`SearXNG <searxng.sh>`
|
||||||
|
runs under dedicated system user account with the same name (compare
|
||||||
.. group-tab:: root@searx-archlinux
|
:ref:`create searxng user`). To get a shell from theses accounts, simply call:
|
||||||
|
|
||||||
.. code:: sh
|
|
||||||
|
|
||||||
$ ./utils/filtron.sh inspect service
|
|
||||||
$ ./utils/morty.sh inspect service
|
|
||||||
|
|
||||||
Another point we have to notice is that each service (:ref:`SearXNG <searx.sh>`,
|
|
||||||
:ref:`filtron <filtron.sh>` and :ref:`morty <morty.sh>`) runs under dedicated
|
|
||||||
system user account with the same name (compare :ref:`create searxng user`). To
|
|
||||||
get a shell from theses accounts, simply call one of the scripts:
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: root@searx-archlinux
|
.. group-tab:: root@searxng-archlinux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ ./utils/searx.sh shell
|
$ ./utils/searxng.sh instance cmd bash
|
||||||
$ ./utils/filtron.sh shell
|
|
||||||
$ ./utils/morty.sh shell
|
|
||||||
|
|
||||||
To get in touch, open a shell from the service user (searx@searx-archlinux):
|
To get in touch, open a shell from the service user (searxng@searxng-archlinux):
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh instance cmd bash
|
||||||
./utils/searx.sh shell
|
INFO: [searxng-archlinux] ./utils/searxng.sh instance cmd bash
|
||||||
// exit with [CTRL-D]
|
[searxng@searxng-archlinux ~]$
|
||||||
(searx-pyenv) [searx@searx-archlinux ~]$ ...
|
|
||||||
|
|
||||||
The prompt ``[searx@searx-archlinux]`` signals that you are logged in as system
|
The prompt ``[searxng@searxng-archlinux]`` signals that you are logged in as system
|
||||||
user ``searx`` in the ``searx-archlinux`` container and the python *virtualenv*
|
user ``searx`` in the ``searxng-archlinux`` container and the python *virtualenv*
|
||||||
``(searx-pyenv)`` environment is activated.
|
``(searxng-pyenv)`` environment is activated.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: searx@searx-archlinux
|
.. group-tab:: searxng@searxng-archlinux
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
(searx-pyenv) [searx@searx-archlinux ~]$ pwd
|
|
||||||
/usr/local/searx
|
|
||||||
|
|
||||||
|
(searxng-pyenv) [searxng@searxng-archlinux ~]$ pwd
|
||||||
|
/usr/local/searxng
|
||||||
|
|
||||||
|
|
||||||
Wrap production into developer suite
|
Wrap production into developer suite
|
||||||
|
@ -262,23 +246,22 @@ from a LXC container (which is quite ready for production) into a developer
|
||||||
suite. For this, we have to keep an eye on the :ref:`installation basic`:
|
suite. For this, we have to keep an eye on the :ref:`installation basic`:
|
||||||
|
|
||||||
- SearXNG setup in: ``/etc/searxng/settings.yml``
|
- SearXNG setup in: ``/etc/searxng/settings.yml``
|
||||||
- SearXNG user's home: ``/usr/local/searx``
|
- SearXNG user's home: ``/usr/local/searxng``
|
||||||
- virtualenv in: ``/usr/local/searx/searx-pyenv``
|
- virtualenv in: ``/usr/local/searxng/searxng-pyenv``
|
||||||
- SearXNG software in: ``/usr/local/searx/searx-src``
|
- SearXNG software in: ``/usr/local/searxng/searxng-src``
|
||||||
|
|
||||||
With the use of the :ref:`searx.sh` the SearXNG service was installed as
|
With the use of the :ref:`searxng.sh` the SearXNG service was installed as
|
||||||
:ref:`uWSGI application <searxng uwsgi>`. To maintain this service, we can use
|
:ref:`uWSGI application <searxng uwsgi>`. To maintain this service, we can use
|
||||||
``systemctl`` (compare :ref:`service architectures on distributions <uwsgi
|
``systemctl`` (compare :ref:`uWSGI maintenance`).
|
||||||
configuration>`).
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
systemctl stop uwsgi@searx
|
systemctl stop uwsgi@searxng
|
||||||
|
|
||||||
With the command above, we stopped the SearXNG uWSGI-App in the archlinux
|
With the command above, we stopped the SearXNG uWSGI-App in the archlinux
|
||||||
container.
|
container.
|
||||||
|
@ -291,29 +274,29 @@ least you should attend the settings of ``uid``, ``chdir``, ``env`` and
|
||||||
env = SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml
|
env = SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml
|
||||||
http = 127.0.0.1:8888
|
http = 127.0.0.1:8888
|
||||||
|
|
||||||
chdir = /usr/local/searx/searx-src/searx
|
chdir = /usr/local/searxng/searxng-src/searx
|
||||||
virtualenv = /usr/local/searx/searx-pyenv
|
virtualenv = /usr/local/searxng/searxng-pyenv
|
||||||
pythonpath = /usr/local/searx/searx-src
|
pythonpath = /usr/local/searxng/searxng-src
|
||||||
|
|
||||||
If you have read the :ref:`"Good to know section" <lxc.sh>` you remember, that
|
If you have read the :ref:`"Good to know section" <lxc.sh>` you remember, that
|
||||||
each container shares the root folder of the repository and the command
|
each container shares the root folder of the repository and the command
|
||||||
``utils/lxc.sh cmd`` handles relative path names **transparent**. To wrap the
|
``utils/lxc.sh cmd`` handles relative path names **transparent**. To wrap the
|
||||||
SearXNG installation into a developer one, we simple have to create a smylink to
|
SearXNG installation into a developer one, we simple have to create a smylink to
|
||||||
the **transparent** reposetory from the desktop. Now lets replace the
|
the **transparent** reposetory from the desktop. Now lets replace the
|
||||||
repository at ``searx-src`` in the container with the working tree from outside
|
repository at ``searxng-src`` in the container with the working tree from outside
|
||||||
of the container:
|
of the container:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: container becomes a developer suite
|
.. group-tab:: container becomes a developer suite
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
mv /usr/local/searx/searx-src /usr/local/searx/searx-src.old
|
mv /usr/local/searxng/searxng-src /usr/local/searxng/searxng-src.old
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
ln -s /share/searx/ /usr/local/searx/searx-src
|
ln -s /share/searx/ /usr/local/searxng/searxng-src
|
||||||
|
|
||||||
Now we can develop as usual in the working tree of our desktop system. Every
|
Now we can develop as usual in the working tree of our desktop system. Every
|
||||||
time the software was changed, you have to restart the SearXNG service (in the
|
time the software was changed, you have to restart the SearXNG service (in the
|
||||||
|
@ -323,9 +306,9 @@ conatiner):
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
systemctl restart uwsgi@searx
|
systemctl restart uwsgi@searx
|
||||||
|
|
||||||
|
|
||||||
|
@ -338,30 +321,30 @@ daily usage:
|
||||||
|
|
||||||
To *inspect* the SearXNG instance (already described above):
|
To *inspect* the SearXNG instance (already described above):
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
./utils/searx.sh inspect service
|
./utils/searx.sh inspect service
|
||||||
|
|
||||||
Run :ref:`makefile`, e.g. to test inside the container:
|
Run :ref:`makefile`, e.g. to test inside the container:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
make test
|
make test
|
||||||
|
|
||||||
To install all prerequisites needed for a :ref:`buildhosts`:
|
To install all prerequisites needed for a :ref:`buildhosts`:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
./utils/searx.sh install buildhost
|
./utils/searxng.sh install buildhost
|
||||||
|
|
||||||
To build the docs on a buildhost :ref:`buildhosts`:
|
To build the docs on a buildhost :ref:`buildhosts`:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-archlinux \
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux \
|
||||||
make docs.html
|
make docs.html
|
||||||
|
|
||||||
.. _lxcdev summary:
|
.. _lxcdev summary:
|
||||||
|
@ -371,18 +354,18 @@ Summary
|
||||||
|
|
||||||
We build up a fully functional SearXNG suite in a archlinux container:
|
We build up a fully functional SearXNG suite in a archlinux container:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh install suite searx-archlinux
|
$ sudo -H ./utils/lxc.sh install suite searxng-archlinux
|
||||||
|
|
||||||
To access HTTP from the desktop we installed nginx for the services inside the
|
To access HTTP from the desktop we installed nginx for the services inside the
|
||||||
conatiner:
|
conatiner:
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: [root@searx-archlinux]
|
.. group-tab:: [root@searxng-archlinux]
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ ./utils/filtron.sh nginx install
|
$ ./utils/filtron.sh nginx install
|
||||||
$ ./utils/morty.sh nginx install
|
$ ./utils/morty.sh nginx install
|
||||||
|
@ -393,12 +376,12 @@ the container :
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: [root@searx-archlinux]
|
.. group-tab:: [root@searxng-archlinux]
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ mv /usr/local/searx/searx-src /usr/local/searx/searx-src.old
|
$ mv /usr/local/searxng/searxng-src /usr/local/searxng/searxng-src.old
|
||||||
$ ln -s /share/searx/ /usr/local/searx/searx-src
|
$ ln -s /share/searx/ /usr/local/searxng/searxng-src
|
||||||
$ systemctl restart uwsgi@searx
|
$ systemctl restart uwsgi@searx
|
||||||
|
|
||||||
To get information about the searxNG suite in the archlinux container we can
|
To get information about the searxNG suite in the archlinux container we can
|
||||||
|
@ -408,13 +391,13 @@ use:
|
||||||
|
|
||||||
.. group-tab:: desktop
|
.. group-tab:: desktop
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh show suite searx-archlinux
|
$ sudo -H ./utils/lxc.sh show suite searxng-archlinux
|
||||||
...
|
...
|
||||||
[searx-archlinux] INFO: (eth0) filtron: http://10.174.184.156:4004/ http://10.174.184.156/searx
|
[searxng-archlinux] INFO: (eth0) filtron: http://10.174.184.156:4004/ http://10.174.184.156/searx
|
||||||
[searx-archlinux] INFO: (eth0) morty: http://10.174.184.156:3000/
|
[searxng-archlinux] INFO: (eth0) morty: http://10.174.184.156:3000/
|
||||||
[searx-archlinux] INFO: (eth0) docs.live: http://10.174.184.156:8080/
|
[searxng-archlinux] INFO: (eth0) docs.live: http://10.174.184.156:8080/
|
||||||
[searx-archlinux] INFO: (eth0) IPv6: http://[fd42:573b:e0b3:e97e:216:3eff:fea5:9b65]
|
[searxng-archlinux] INFO: (eth0) IPv6: http://[fd42:573b:e0b3:e97e:216:3eff:fea5:9b65]
|
||||||
...
|
...
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@ We do no longer need to build up the virtualenv manually. Jump into your git
|
||||||
working tree and release a ``make install`` to get a virtualenv with a
|
working tree and release a ``make install`` to get a virtualenv with a
|
||||||
*developer install* of SearXNG (:origin:`setup.py`). ::
|
*developer install* of SearXNG (:origin:`setup.py`). ::
|
||||||
|
|
||||||
$ cd ~/searx-clone
|
$ cd ~/searxng-clone
|
||||||
$ make install
|
$ make install
|
||||||
PYENV [virtualenv] installing ./requirements*.txt into local/py3
|
PYENV [virtualenv] installing ./requirements*.txt into local/py3
|
||||||
...
|
...
|
||||||
|
@ -288,27 +288,3 @@ To filter out HTTP redirects (3xx_)::
|
||||||
https://news.google.com:443 "GET /search?q=computer&hl=en&lr=lang_en&ie=utf8&oe=utf8&ceid=US%3Aen&gl=US HTTP/1.1" 302 0
|
https://news.google.com:443 "GET /search?q=computer&hl=en&lr=lang_en&ie=utf8&oe=utf8&ceid=US%3Aen&gl=US HTTP/1.1" 302 0
|
||||||
https://news.google.com:443 "GET /search?q=computer&hl=en-US&lr=lang_en&ie=utf8&oe=utf8&ceid=US:en&gl=US HTTP/1.1" 200 None
|
https://news.google.com:443 "GET /search?q=computer&hl=en-US&lr=lang_en&ie=utf8&oe=utf8&ceid=US:en&gl=US HTTP/1.1" 200 None
|
||||||
--
|
--
|
||||||
|
|
||||||
|
|
||||||
``make pybuild``
|
|
||||||
================
|
|
||||||
|
|
||||||
.. _PyPi: https://pypi.org/
|
|
||||||
.. _twine: https://twine.readthedocs.io/en/latest/
|
|
||||||
|
|
||||||
Build Python packages in ``./dist/py``::
|
|
||||||
|
|
||||||
$ make pybuild
|
|
||||||
...
|
|
||||||
BUILD pybuild
|
|
||||||
running sdist
|
|
||||||
running egg_info
|
|
||||||
...
|
|
||||||
running bdist_wheel
|
|
||||||
|
|
||||||
$ ls ./dist
|
|
||||||
searx-0.18.0-py3-none-any.whl searx-0.18.0.tar.gz
|
|
||||||
|
|
||||||
To upload packages to PyPi_, there is also a ``pypi.upload`` target (to test use
|
|
||||||
``pypi.upload.test``). Since you are not the owner of :pypi:`searx` you will
|
|
||||||
never need to upload.
|
|
||||||
|
|
|
@ -55,10 +55,10 @@ admins can install packages in advance.
|
||||||
|
|
||||||
If there is a need to install additional packages in *Python's Virtual
|
If there is a need to install additional packages in *Python's Virtual
|
||||||
Environment* of your SearXNG instance you need to switch into the environment
|
Environment* of your SearXNG instance you need to switch into the environment
|
||||||
(:ref:`searx-src`) first, for this you can use :ref:`searx.sh`::
|
(:ref:`searxng-src`) first, for this you can use :ref:`searxng.sh`::
|
||||||
|
|
||||||
$ sudo utils/searx.sh shell
|
$ sudo utils/searxng.sh instance cmd bash
|
||||||
(searx-pyenv)$ pip install ...
|
(searxng-pyenv)$ pip install ...
|
||||||
|
|
||||||
|
|
||||||
Private engines (Security)
|
Private engines (Security)
|
||||||
|
|
|
@ -33,17 +33,26 @@ Example plugin
|
||||||
External plugins
|
External plugins
|
||||||
================
|
================
|
||||||
|
|
||||||
External plugins are standard python modules implementing all the requirements of the standard plugins.
|
SearXNG supports *external plugins* / there is no need to install one, SearXNG
|
||||||
Plugins can be enabled by adding them to :ref:`settings.yml`'s ``plugins`` section.
|
runs out of the box. But to demonstrate; in the example below we install the
|
||||||
Example external plugin can be found `here <https://github.com/asciimoo/searx_external_plugin_example>`_.
|
SearXNG plugins from *The Green Web Foundation* `[ref]
|
||||||
|
<https://www.thegreenwebfoundation.org/news/searching-the-green-web-with-searx/>`__:
|
||||||
|
|
||||||
Register your plugin
|
.. code:: bash
|
||||||
====================
|
|
||||||
|
$ sudo utils/searxng.sh instance cmd bash
|
||||||
|
(searxng-pyenv)$ pip install git+https://github.com/return42/tgwf-searx-plugins
|
||||||
|
|
||||||
|
In the :ref:`settings.yml` activate the ``plugins:`` section and add module
|
||||||
|
``only_show_green_results`` from ``tgwf-searx-plugins``.
|
||||||
|
|
||||||
|
.. code:: yaml
|
||||||
|
|
||||||
|
plugins:
|
||||||
|
...
|
||||||
|
- only_show_green_results
|
||||||
|
...
|
||||||
|
|
||||||
To enable your plugin register your plugin in
|
|
||||||
searx > plugin > __init__.py.
|
|
||||||
And at the bottom of the file add your plugin like.
|
|
||||||
``plugins.register(name_of_python_file)``
|
|
||||||
|
|
||||||
Plugin entry points
|
Plugin entry points
|
||||||
===================
|
===================
|
||||||
|
|
|
@ -10,7 +10,7 @@ Development Quickstart
|
||||||
SearXNG loves developers, just clone and start hacking. All the rest is done for
|
SearXNG loves developers, just clone and start hacking. All the rest is done for
|
||||||
you simply by using :ref:`make <makefile>`.
|
you simply by using :ref:`make <makefile>`.
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
git clone https://github.com/searxng/searxng.git searxng
|
git clone https://github.com/searxng/searxng.git searxng
|
||||||
|
|
||||||
|
@ -27,21 +27,21 @@ to our ":ref:`how to contribute`" guideline.
|
||||||
|
|
||||||
If you implement themes, you will need to setup a :ref:`make node.env` once:
|
If you implement themes, you will need to setup a :ref:`make node.env` once:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
make node.env
|
make node.env
|
||||||
|
|
||||||
Before you call *make run* (2.), you need to compile the modified styles and
|
Before you call *make run* (2.), you need to compile the modified styles and
|
||||||
JavaScript:
|
JavaScript:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
make themes.all
|
make themes.all
|
||||||
|
|
||||||
Alternatively you can also compile selective the theme you have modified,
|
Alternatively you can also compile selective the theme you have modified,
|
||||||
e.g. the *simple* theme.
|
e.g. the *simple* theme.
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
make themes.simple
|
make themes.simple
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ e.g. the *simple* theme.
|
||||||
If you finished your *tests* you can start to commit your changes. To separate
|
If you finished your *tests* you can start to commit your changes. To separate
|
||||||
the modified source code from the build products first run:
|
the modified source code from the build products first run:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
make static.build.restore
|
make static.build.restore
|
||||||
|
|
||||||
|
@ -60,13 +60,13 @@ This will restore the old build products and only your changes of the code
|
||||||
remain in the working tree which can now be added & commited. When all sources
|
remain in the working tree which can now be added & commited. When all sources
|
||||||
are commited, you can commit the build products simply by:
|
are commited, you can commit the build products simply by:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
make static.build.commit
|
make static.build.commit
|
||||||
|
|
||||||
Commiting the build products should be the last step, just before you send us
|
Commiting the build products should be the last step, just before you send us
|
||||||
your PR. There is also a make target to rewind this last build commit:
|
your PR. There is also a make target to rewind this last build commit:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: bash
|
||||||
|
|
||||||
make static.build.drop
|
make static.build.drop
|
||||||
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
.. _filtron.sh:
|
|
||||||
|
|
||||||
====================
|
|
||||||
``utils/filtron.sh``
|
|
||||||
====================
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
|
||||||
|
|
||||||
- :ref:`searxng filtron`
|
|
||||||
- :ref:`architecture`
|
|
||||||
- :ref:`installation` (:ref:`nginx <installation nginx>` & :ref:`apache
|
|
||||||
<installation apache>`)
|
|
||||||
|
|
||||||
.. _Go: https://golang.org/
|
|
||||||
.. _filtron: https://github.com/searxng/filtron
|
|
||||||
.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md
|
|
||||||
|
|
||||||
To simplify installation and maintenance of a filtron instance you can use the
|
|
||||||
script :origin:`utils/filtron.sh`. In most cases you will install filtron_
|
|
||||||
simply by running the command:
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
sudo -H ./utils/filtron.sh install all
|
|
||||||
|
|
||||||
The script adds a ``${SERVICE_USER}`` (default:``filtron``) and installs filtron_
|
|
||||||
into this user account:
|
|
||||||
|
|
||||||
#. Create a separated user account (``filtron``).
|
|
||||||
#. Download and install Go_ binary in user's $HOME (``~filtron``).
|
|
||||||
#. Install filtron with the package management from Go_ (``go get -v -u
|
|
||||||
github.com/searxng/filtron``)
|
|
||||||
#. Setup a proper rule configuration :origin:`[ref]
|
|
||||||
<utils/templates/etc/filtron/rules.json>` (``/etc/filtron/rules.json``).
|
|
||||||
#. Setup a systemd service unit :origin:`[ref]
|
|
||||||
<utils/templates/lib/systemd/system/filtron.service>`
|
|
||||||
(``/lib/systemd/system/filtron.service``).
|
|
||||||
|
|
||||||
|
|
||||||
Create user
|
|
||||||
===========
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
|
||||||
:start-after: START create user
|
|
||||||
:end-before: END create user
|
|
||||||
|
|
||||||
|
|
||||||
Install go
|
|
||||||
==========
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
|
||||||
:start-after: START install go
|
|
||||||
:end-before: END install go
|
|
||||||
|
|
||||||
|
|
||||||
Install filtron
|
|
||||||
===============
|
|
||||||
|
|
||||||
Install :origin:`rules.json <utils/templates/etc/filtron/rules.json>` at
|
|
||||||
``/etc/filtron/rules.json`` (see :ref:`Sample configuration of filtron`) and
|
|
||||||
install filtron software and systemd unit:
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
|
||||||
:start-after: START install filtron
|
|
||||||
:end-before: END install filtron
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/filtron.rst
|
|
||||||
:start-after: START install systemd unit
|
|
||||||
:end-before: END install systemd unit
|
|
||||||
|
|
||||||
.. _filtron.sh overview:
|
|
||||||
|
|
||||||
Overview
|
|
||||||
========
|
|
||||||
|
|
||||||
The ``--help`` output of the script is largely self-explanatory
|
|
||||||
(:ref:`toolboxing common`):
|
|
||||||
|
|
||||||
.. program-output:: ../utils/filtron.sh --help
|
|
|
@ -1,52 +1,30 @@
|
||||||
.. _searx_utils:
|
.. _searx_utils:
|
||||||
.. _toolboxing:
|
.. _toolboxing:
|
||||||
|
|
||||||
===================
|
==================
|
||||||
Admin's tooling box
|
DevOps tooling box
|
||||||
===================
|
==================
|
||||||
|
|
||||||
In the folder :origin:`utils/` we maintain some tools useful for administrators.
|
In the folder :origin:`utils/` we maintain some tools useful for administrators
|
||||||
|
and developers.
|
||||||
|
|
||||||
.. toctree::
|
.. toctree::
|
||||||
:maxdepth: 2
|
:maxdepth: 2
|
||||||
:caption: Contents
|
:caption: Contents
|
||||||
|
|
||||||
searx.sh
|
searxng.sh
|
||||||
filtron.sh
|
|
||||||
morty.sh
|
|
||||||
lxc.sh
|
lxc.sh
|
||||||
|
|
||||||
.. _toolboxing common:
|
Common command environments
|
||||||
|
===========================
|
||||||
|
|
||||||
Common commands & environment
|
The scripts in our tooling box often dispose of common environments:
|
||||||
=============================
|
|
||||||
|
|
||||||
Scripts to maintain services often dispose of common commands and environments.
|
|
||||||
|
|
||||||
``shell`` : command
|
|
||||||
Opens a shell from the service user ``${SERVICE_USSR}``, very helpful for
|
|
||||||
troubleshooting.
|
|
||||||
|
|
||||||
``inspect service`` : command
|
|
||||||
Shows status and log of the service, most often you have a option to enable
|
|
||||||
more verbose debug logs. Very helpful for debugging, but be careful not to
|
|
||||||
enable debugging in a production environment!
|
|
||||||
|
|
||||||
``FORCE_TIMEOUT`` : environment
|
``FORCE_TIMEOUT`` : environment
|
||||||
Sets timeout for interactive prompts. If you want to run a script in batch
|
Sets timeout for interactive prompts. If you want to run a script in batch
|
||||||
job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a
|
job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a
|
||||||
reverse proxy for filtron on all containers of the :ref:`SearXNG suite
|
SearXNG server and nginx proxy on all containers of the :ref:`SearXNG suite
|
||||||
<lxc-searx.env>` use ::
|
<lxc-searxng.env>` use::
|
||||||
|
|
||||||
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh apache install
|
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install all
|
||||||
|
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx
|
||||||
.. _toolboxing setup:
|
|
||||||
|
|
||||||
Tooling box setup
|
|
||||||
=================
|
|
||||||
|
|
||||||
The main setup is done in the :origin:`.config.sh` (read also :ref:`settings
|
|
||||||
global`).
|
|
||||||
|
|
||||||
.. literalinclude:: ../../.config.sh
|
|
||||||
:language: bash
|
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
|
|
||||||
With the use of *Linux Containers* (LXC_) we can scale our tasks over a stack of
|
With the use of *Linux Containers* (LXC_) we can scale our tasks over a stack of
|
||||||
containers, what we call the: *lxc suite*. The *SearXNG suite*
|
containers, what we call the: *lxc suite*. The *SearXNG suite*
|
||||||
(:origin:`lxc-searx.env <utils/lxc-searx.env>`) is loaded by default, every time
|
(:origin:`lxc-searxng.env <utils/lxc-searxng.env>`) is loaded by default, every time
|
||||||
you start the ``lxc.sh`` script (*you do not need to care about*).
|
you start the ``lxc.sh`` script (*you do not need to care about*).
|
||||||
|
|
||||||
Before you can start with containers, you need to install and initiate LXD_
|
Before you can start with containers, you need to install and initiate LXD_
|
||||||
|
@ -49,7 +49,7 @@ help>`.
|
||||||
|
|
||||||
If you do not want to build all containers, **you can build just one**::
|
If you do not want to build all containers, **you can build just one**::
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh build searx-ubu1804
|
$ sudo -H ./utils/lxc.sh build searxng-archlinux
|
||||||
|
|
||||||
*Good to know ...*
|
*Good to know ...*
|
||||||
|
|
||||||
|
@ -62,9 +62,9 @@ of::
|
||||||
|
|
||||||
In the containers, you can run what ever you want, e.g. to start a bash use::
|
In the containers, you can run what ever you want, e.g. to start a bash use::
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh cmd searx-ubu1804 bash
|
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash
|
||||||
INFO: [searx-ubu1804] bash
|
INFO: [searxng-archlinux] bash
|
||||||
root@searx-ubu1804:/share/searx#
|
[root@searxng-archlinux SearXNG]#
|
||||||
|
|
||||||
If there comes the time you want to **get rid off all** the containers and
|
If there comes the time you want to **get rid off all** the containers and
|
||||||
**clean up local images** just type::
|
**clean up local images** just type::
|
||||||
|
@ -121,28 +121,26 @@ Install suite
|
||||||
=============
|
=============
|
||||||
|
|
||||||
To install the complete :ref:`SearXNG suite (includes searx, morty & filtron)
|
To install the complete :ref:`SearXNG suite (includes searx, morty & filtron)
|
||||||
<lxc-searx.env>` into all LXC_ use::
|
<lxc-searxng.env>` into all LXC_ use::
|
||||||
|
|
||||||
$ sudo -H ./utils/lxc.sh install suite
|
$ sudo -H ./utils/lxc.sh install suite
|
||||||
|
|
||||||
The command above installs a SearXNG suite (see :ref:`installation scripts`). To
|
The command above installs a SearXNG suite (see :ref:`installation scripts`).
|
||||||
get the IP (URL) of the filtron service in the containers use ``show suite``
|
To :ref:`install a nginx <installation nginx>` reverse proxy (or alternatively
|
||||||
|
use :ref:`apache <installation apache>`)::
|
||||||
|
|
||||||
|
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx
|
||||||
|
|
||||||
|
To get the IP (URL) of the SearXNG service in the containers use ``show suite``
|
||||||
command. To test instances from containers just open the URLs in your
|
command. To test instances from containers just open the URLs in your
|
||||||
WEB-Browser::
|
WEB-Browser::
|
||||||
|
|
||||||
$ sudo ./utils/lxc.sh show suite | grep filtron
|
$ sudo ./utils/lxc.sh show suite | grep SEARXNG_URL
|
||||||
[searx-ubu1604] INFO: (eth0) filtron: http://n.n.n.246:4004/ http://n.n.n.246/searx
|
|
||||||
[searx-ubu1804] INFO: (eth0) filtron: http://n.n.n.147:4004/ http://n.n.n.147/searx
|
|
||||||
[searx-ubu1910] INFO: (eth0) filtron: http://n.n.n.140:4004/ http://n.n.n.140/searx
|
|
||||||
[searx-ubu2004] INFO: (eth0) filtron: http://n.n.n.18:4004/ http://n.n.n.18/searx
|
|
||||||
[searx-fedora31] INFO: (eth0) filtron: http://n.n.n.46:4004/ http://n.n.n.46/searx
|
|
||||||
[searx-archlinux] INFO: (eth0) filtron: http://n.n.n.32:4004/ http://n.n.n.32/searx
|
|
||||||
|
|
||||||
To :ref:`install a nginx <installation nginx>` reverse proxy for filtron and
|
[searxng-ubu2110] SEARXNG_URL : http://n.n.n.147/searxng
|
||||||
morty use (or alternatively use :ref:`apache <installation apache>`)::
|
[searxng-ubu2004] SEARXNG_URL : http://n.n.n.246/searxng
|
||||||
|
[searxnggfedora35] SEARXNG_URL : http://n.n.n.140/searxng
|
||||||
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh nginx install
|
[searxng-archlinux] SEARXNG_URL : http://n.n.n.165/searxng
|
||||||
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/morty.sh nginx install
|
|
||||||
|
|
||||||
|
|
||||||
Running commands
|
Running commands
|
||||||
|
@ -152,8 +150,8 @@ Running commands
|
||||||
:ref:`toolboxing`. By example: to setup a :ref:`buildhosts` and run the
|
:ref:`toolboxing`. By example: to setup a :ref:`buildhosts` and run the
|
||||||
Makefile target ``test`` in the archlinux_ container::
|
Makefile target ``test`` in the archlinux_ container::
|
||||||
|
|
||||||
sudo -H ./utils/lxc.sh cmd searx-archlinux ./utils/searx.sh install buildhost
|
sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh install buildhost
|
||||||
sudo -H ./utils/lxc.sh cmd searx-archlinux make test
|
sudo -H ./utils/lxc.sh cmd searxng-archlinux make test
|
||||||
|
|
||||||
|
|
||||||
Setup SearXNG buildhost
|
Setup SearXNG buildhost
|
||||||
|
@ -164,11 +162,11 @@ The installation procedure to set up a :ref:`build host<buildhosts>` takes its
|
||||||
time. Installation in all containers will take more time (time for another cup
|
time. Installation in all containers will take more time (time for another cup
|
||||||
of coffee).::
|
of coffee).::
|
||||||
|
|
||||||
sudo -H ./utils/lxc.sh cmd -- ./utils/searx.sh install buildhost
|
sudo -H ./utils/lxc.sh cmd -- ./utils/searxng.sh install buildhost
|
||||||
|
|
||||||
To build (live) documentation inside a archlinux_ container::
|
To build (live) documentation inside a archlinux_ container::
|
||||||
|
|
||||||
sudo -H ./utils/lxc.sh cmd searx-archlinux make docs.clean docs.live
|
sudo -H ./utils/lxc.sh cmd searxng-archlinux make docs.clean docs.live
|
||||||
...
|
...
|
||||||
[I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080
|
[I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080
|
||||||
|
|
||||||
|
@ -176,7 +174,7 @@ To get IP of the container and the port number *live docs* is listening::
|
||||||
|
|
||||||
$ sudo ./utils/lxc.sh show suite | grep docs.live
|
$ sudo ./utils/lxc.sh show suite | grep docs.live
|
||||||
...
|
...
|
||||||
[searx-archlinux] INFO: (eth0) docs.live: http://n.n.n.12:8080/
|
[searxng-archlinux] INFO: (eth0) docs.live: http://n.n.n.12:8080/
|
||||||
|
|
||||||
|
|
||||||
.. _lxc.sh help:
|
.. _lxc.sh help:
|
||||||
|
@ -189,10 +187,10 @@ The ``--help`` output of the script is largely self-explanatory:
|
||||||
.. program-output:: ../utils/lxc.sh --help
|
.. program-output:: ../utils/lxc.sh --help
|
||||||
|
|
||||||
|
|
||||||
.. _lxc-searx.env:
|
.. _lxc-searxng.env:
|
||||||
|
|
||||||
SearXNG suite
|
SearXNG suite
|
||||||
=============
|
=============
|
||||||
|
|
||||||
.. literalinclude:: ../../utils/lxc-searx.env
|
.. literalinclude:: ../../utils/lxc-searxng.env
|
||||||
:language: bash
|
:language: bash
|
||||||
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
.. _morty: https://github.com/asciimoo/morty
|
|
||||||
.. _morty's README: https://github.com/asciimoo/morty
|
|
||||||
.. _Go: https://golang.org/
|
|
||||||
|
|
||||||
.. _morty.sh:
|
|
||||||
|
|
||||||
==================
|
|
||||||
``utils/morty.sh``
|
|
||||||
==================
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
|
||||||
|
|
||||||
- :ref:`architecture`
|
|
||||||
- :ref:`installation` (:ref:`nginx <installation nginx>` & :ref:`apache
|
|
||||||
<installation apache>`)
|
|
||||||
- :ref:`searxng morty`
|
|
||||||
|
|
||||||
To simplify installation and maintenance of a morty_ instance you can use the
|
|
||||||
script :origin:`utils/morty.sh`. In most cases you will install morty_ simply by
|
|
||||||
running the command:
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
sudo -H ./utils/morty.sh install all
|
|
||||||
|
|
||||||
The script adds a ``${SERVICE_USER}`` (default:``morty``) and installs morty_
|
|
||||||
into this user account:
|
|
||||||
|
|
||||||
#. Create a separated user account (``morty``).
|
|
||||||
#. Download and install Go_ binary in user's $HOME (``~morty``).
|
|
||||||
#. Install morty_ with the package management from Go_ (``go get -v -u
|
|
||||||
github.com/asciimoo/morty``)
|
|
||||||
#. Setup a systemd service unit :origin:`[ref]
|
|
||||||
<utils/templates/lib/systemd/system/morty.service>`
|
|
||||||
(``/lib/systemd/system/morty.service``).
|
|
||||||
|
|
||||||
.. hint::
|
|
||||||
|
|
||||||
To add morty to your SearXNG instance read chapter :ref:`searxng morty`.
|
|
||||||
|
|
||||||
Create user
|
|
||||||
===========
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
|
||||||
:start-after: START create user
|
|
||||||
:end-before: END create user
|
|
||||||
|
|
||||||
|
|
||||||
Install go
|
|
||||||
==========
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
|
||||||
:start-after: START install go
|
|
||||||
:end-before: END install go
|
|
||||||
|
|
||||||
|
|
||||||
Install morty
|
|
||||||
=============
|
|
||||||
|
|
||||||
Install morty software and systemd unit:
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
|
||||||
:start-after: START install morty
|
|
||||||
:end-before: END install morty
|
|
||||||
|
|
||||||
.. kernel-include:: $DOCS_BUILD/includes/morty.rst
|
|
||||||
:start-after: START install systemd unit
|
|
||||||
:end-before: END install systemd unit
|
|
||||||
|
|
||||||
.. _morty.sh overview:
|
|
||||||
|
|
||||||
Overview
|
|
||||||
========
|
|
||||||
|
|
||||||
The ``--help`` output of the script is largely self-explanatory
|
|
||||||
(:ref:`toolboxing common`):
|
|
||||||
|
|
||||||
.. program-output:: ../utils/morty.sh --help
|
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
|
|
||||||
.. _searx.sh:
|
|
||||||
|
|
||||||
==================
|
|
||||||
``utils/searx.sh``
|
|
||||||
==================
|
|
||||||
|
|
||||||
.. sidebar:: further reading
|
|
||||||
|
|
||||||
- :ref:`architecture`
|
|
||||||
- :ref:`installation`
|
|
||||||
- :ref:`installation nginx`
|
|
||||||
- :ref:`installation apache`
|
|
||||||
|
|
||||||
To simplify installation and maintenance of a SearXNG instance you can use the
|
|
||||||
script :origin:`utils/searx.sh`.
|
|
||||||
|
|
||||||
Install
|
|
||||||
=======
|
|
||||||
|
|
||||||
In most cases you will install SearXNG simply by running the command:
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
sudo -H ./utils/searx.sh install all
|
|
||||||
|
|
||||||
The script adds a ``${SERVICE_USER}`` (default:``searx``) and installs SearXNG
|
|
||||||
into this user account. The installation is described in chapter
|
|
||||||
:ref:`installation basic`.
|
|
||||||
|
|
||||||
.. _intranet reverse proxy:
|
|
||||||
|
|
||||||
Overview
|
|
||||||
========
|
|
||||||
|
|
||||||
The ``--help`` output of the script is largely self-explanatory
|
|
||||||
(:ref:`toolboxing common`):
|
|
||||||
|
|
||||||
.. program-output:: ../utils/searx.sh --help
|
|
36
docs/utils/searxng.sh.rst
Normal file
36
docs/utils/searxng.sh.rst
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
|
||||||
|
.. _searxng.sh:
|
||||||
|
|
||||||
|
====================
|
||||||
|
``utils/searxng.sh``
|
||||||
|
====================
|
||||||
|
|
||||||
|
.. sidebar:: further reading
|
||||||
|
|
||||||
|
- :ref:`architecture`
|
||||||
|
- :ref:`installation`
|
||||||
|
- :ref:`installation nginx`
|
||||||
|
- :ref:`installation apache`
|
||||||
|
|
||||||
|
To simplify the installation and maintenance of a SearXNG instance you can use the
|
||||||
|
script :origin:`utils/searxng.sh`.
|
||||||
|
|
||||||
|
Install
|
||||||
|
=======
|
||||||
|
|
||||||
|
In most cases you will install SearXNG simply by running the command:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
sudo -H ./utils/searx.sh install all
|
||||||
|
|
||||||
|
The installation is described in chapter :ref:`installation basic`.
|
||||||
|
|
||||||
|
.. _searxng.sh overview:
|
||||||
|
|
||||||
|
Overview
|
||||||
|
========
|
||||||
|
|
||||||
|
The ``--help`` output of the script is largely self-explanatory:
|
||||||
|
|
||||||
|
.. program-output:: ../utils/searxng.sh --help
|
4
manage
4
manage
|
@ -416,9 +416,7 @@ docs.prebuild() {
|
||||||
set -e
|
set -e
|
||||||
[ "$VERBOSE" = "1" ] && set -x
|
[ "$VERBOSE" = "1" ] && set -x
|
||||||
mkdir -p "${DOCS_BUILD}/includes"
|
mkdir -p "${DOCS_BUILD}/includes"
|
||||||
./utils/searx.sh doc | cat > "${DOCS_BUILD}/includes/searx.rst"
|
./utils/searxng.sh searxng.doc.rst > "${DOCS_BUILD}/includes/searxng.rst"
|
||||||
./utils/filtron.sh doc | cat > "${DOCS_BUILD}/includes/filtron.rst"
|
|
||||||
./utils/morty.sh doc | cat > "${DOCS_BUILD}/includes/morty.rst"
|
|
||||||
pyenv.cmd searxng_extra/docs_prebuild
|
pyenv.cmd searxng_extra/docs_prebuild
|
||||||
)
|
)
|
||||||
dump_return $?
|
dump_return $?
|
||||||
|
|
|
@ -19,10 +19,13 @@ A redis DB connect can be tested by::
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
import pwd
|
||||||
import logging
|
import logging
|
||||||
import redis
|
import redis
|
||||||
from searx import get_setting
|
from searx import get_setting
|
||||||
|
|
||||||
|
|
||||||
logger = logging.getLogger('searx.shared.redis')
|
logger = logging.getLogger('searx.shared.redis')
|
||||||
_client = None
|
_client = None
|
||||||
|
|
||||||
|
@ -42,6 +45,7 @@ def init():
|
||||||
logger.info("connected redis DB --> %s", c.acl_whoami())
|
logger.info("connected redis DB --> %s", c.acl_whoami())
|
||||||
return True
|
return True
|
||||||
except redis.exceptions.ConnectionError as exc:
|
except redis.exceptions.ConnectionError as exc:
|
||||||
logger.error("can't connet redis DB ...")
|
_pw = pwd.getpwuid(os.getuid())
|
||||||
|
logger.error("[%s (%s)] can't connect redis DB ...", _pw.pw_name, _pw.pw_uid)
|
||||||
logger.error(" %s", exc)
|
logger.error(" %s", exc)
|
||||||
return False
|
return False
|
||||||
|
|
527
utils/filtron.sh
527
utils/filtron.sh
|
@ -4,56 +4,19 @@
|
||||||
|
|
||||||
# shellcheck source=utils/lib.sh
|
# shellcheck source=utils/lib.sh
|
||||||
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
||||||
# shellcheck source=utils/lib_go.sh
|
|
||||||
source "${REPO_ROOT}/utils/lib_go.sh"
|
|
||||||
# shellcheck source=utils/lib_install.sh
|
|
||||||
source "${REPO_ROOT}/utils/lib_install.sh"
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
# config
|
# config
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
|
|
||||||
PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}"
|
|
||||||
|
|
||||||
FILTRON_URL_PATH="${FILTRON_URL_PATH:-$(echo "${PUBLIC_URL}" \
|
|
||||||
| sed -e 's,^.*://[^/]*\(/.*\),\1,g')}"
|
|
||||||
[[ "${FILTRON_URL_PATH}" == "${PUBLIC_URL}" ]] && FILTRON_URL_PATH=/
|
|
||||||
|
|
||||||
FILTRON_ETC="/etc/filtron"
|
FILTRON_ETC="/etc/filtron"
|
||||||
FILTRON_RULES="$FILTRON_ETC/rules.json"
|
|
||||||
FILTRON_RULES_TEMPLATE="${FILTRON_RULES_TEMPLATE:-${REPO_ROOT}/utils/templates/etc/filtron/rules.json}"
|
|
||||||
|
|
||||||
FILTRON_API="${FILTRON_API:-127.0.0.1:4005}"
|
|
||||||
FILTRON_LISTEN="${FILTRON_LISTEN:-127.0.0.1:4004}"
|
|
||||||
|
|
||||||
# The filtron target is the SearXNG installation, listenning on server.port at
|
|
||||||
# server.bind_address. The default of FILTRON_TARGET is taken from the YAML
|
|
||||||
# configuration, do not change this value without reinstalling the entire
|
|
||||||
# SearXNG suite including filtron & morty.
|
|
||||||
FILTRON_TARGET="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}"
|
|
||||||
|
|
||||||
SERVICE_NAME="filtron"
|
SERVICE_NAME="filtron"
|
||||||
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
|
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
|
||||||
SERVICE_HOME_BASE="${SERVICE_HOME_BASE:-/usr/local}"
|
|
||||||
SERVICE_HOME="${SERVICE_HOME_BASE}/${SERVICE_USER}"
|
|
||||||
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
|
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SERVICE_GROUP="${SERVICE_USER}"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
APACHE_FILTRON_SITE="searx.conf"
|
||||||
SERVICE_GROUP="${SERVICE_USER}"
|
NGINX_FILTRON_SITE="searx.conf"
|
||||||
|
|
||||||
GO_ENV="${SERVICE_HOME}/.go_env"
|
|
||||||
GO_VERSION="go1.17.2"
|
|
||||||
|
|
||||||
APACHE_FILTRON_SITE="searxng.conf"
|
|
||||||
NGINX_FILTRON_SITE="searxng.conf"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
CONFIG_FILES=(
|
|
||||||
"${FILTRON_RULES}"
|
|
||||||
"${SERVICE_SYSTEMD_UNIT}"
|
|
||||||
)
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
usage() {
|
usage() {
|
||||||
|
@ -62,248 +25,45 @@ usage() {
|
||||||
# shellcheck disable=SC1117
|
# shellcheck disable=SC1117
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
usage::
|
usage::
|
||||||
$(basename "$0") shell
|
$(basename "$0") remove all]
|
||||||
$(basename "$0") install [all|user|rules]
|
$(basename "$0") apache remove
|
||||||
$(basename "$0") reinstall all
|
$(basename "$0") nginx remove
|
||||||
$(basename "$0") update [filtron]
|
|
||||||
$(basename "$0") remove [all]
|
|
||||||
$(basename "$0") activate [service]
|
|
||||||
$(basename "$0") deactivate [service]
|
|
||||||
$(basename "$0") inspect [service]
|
|
||||||
$(basename "$0") option [debug-on|debug-off]
|
|
||||||
$(basename "$0") apache [install|remove]
|
|
||||||
$(basename "$0") nginx [install|remove]
|
|
||||||
|
|
||||||
shell
|
remove all : drop all components of the filtron service
|
||||||
start interactive shell from user ${SERVICE_USER}
|
apache remove : drop apache site ${APACHE_FILTRON_SITE}
|
||||||
install / remove
|
nginx remove : drop nginx site ${NGINX_FILTRON_SITE}
|
||||||
:all: complete setup of filtron service
|
|
||||||
:user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME)
|
|
||||||
:rules: reinstall filtron rules $FILTRON_RULES
|
|
||||||
install
|
|
||||||
:check: check the filtron installation
|
|
||||||
reinstall:
|
|
||||||
:all: runs 'install/remove all'
|
|
||||||
update filtron
|
|
||||||
Update filtron installation ($SERVICE_HOME)
|
|
||||||
activate service
|
|
||||||
activate and start service daemon (systemd unit)
|
|
||||||
deactivate service
|
|
||||||
stop and deactivate service daemon (systemd unit)
|
|
||||||
inspect service
|
|
||||||
show service status and log
|
|
||||||
option
|
|
||||||
set one of the available options
|
|
||||||
apache (${PUBLIC_URL})
|
|
||||||
:install: apache site with a reverse proxy (ProxyPass)
|
|
||||||
:remove: apache site ${APACHE_FILTRON_SITE}
|
|
||||||
nginx (${PUBLIC_URL})
|
|
||||||
:install: nginx site with a reverse proxy (ProxyPass)
|
|
||||||
:remove: nginx site ${NGINX_FILTRON_SITE}
|
|
||||||
filtron rules: ${FILTRON_RULES_TEMPLATE}
|
|
||||||
---- sourced ${DOT_CONFIG} :
|
|
||||||
SERVICE_USER : ${SERVICE_USER}
|
|
||||||
SERVICE_HOME : ${SERVICE_HOME}
|
|
||||||
FILTRON_TARGET : ${FILTRON_TARGET}
|
|
||||||
FILTRON_API : ${FILTRON_API}
|
|
||||||
FILTRON_LISTEN : ${FILTRON_LISTEN}
|
|
||||||
FILTRON_URL_PATH : ${FILTRON_URL_PATH}
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
install_log_searx_instance
|
|
||||||
[[ -n ${1} ]] && err_msg "$1"
|
[[ -n ${1} ]] && err_msg "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
required_commands \
|
|
||||||
sudo install git wget curl \
|
|
||||||
|| exit
|
|
||||||
|
|
||||||
local _usage="unknown or missing $1 command $2"
|
local _usage="unknown or missing $1 command $2"
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
--getenv) var="$2"; echo "${!var}"; exit 0;;
|
|
||||||
-h|--help) usage; exit 0;;
|
-h|--help) usage; exit 0;;
|
||||||
|
|
||||||
shell)
|
|
||||||
sudo_or_exit
|
|
||||||
interactive_shell "${SERVICE_USER}"
|
|
||||||
;;
|
|
||||||
inspect)
|
|
||||||
case $2 in
|
|
||||||
service)
|
|
||||||
sudo_or_exit
|
|
||||||
inspect_service
|
|
||||||
;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
reinstall)
|
|
||||||
rst_title "re-install $SERVICE_NAME" part
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
all)
|
|
||||||
remove_all
|
|
||||||
install_all
|
|
||||||
;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
install)
|
|
||||||
rst_title "$SERVICE_NAME" part
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
check)
|
|
||||||
rst_title "Check filtron installation" part
|
|
||||||
install_check
|
|
||||||
;;
|
|
||||||
all) install_all ;;
|
|
||||||
user) assert_user ;;
|
|
||||||
rules)
|
|
||||||
install_rules
|
|
||||||
systemd_restart_service "${SERVICE_NAME}"
|
|
||||||
;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
update)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
filtron) update_filtron ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
remove)
|
remove)
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
case $2 in
|
case $2 in
|
||||||
all) remove_all;;
|
all) remove_all;;
|
||||||
user) drop_service_account "${SERVICE_USER}" ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
activate)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
service) systemd_activate_service "${SERVICE_NAME}" ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
deactivate)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
service) systemd_deactivate_service "${SERVICE_NAME}" ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
*) usage "$_usage"; exit 42;;
|
||||||
esac ;;
|
esac ;;
|
||||||
apache)
|
apache)
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
case $2 in
|
case $2 in
|
||||||
install) install_apache_site ;;
|
|
||||||
remove) remove_apache_site ;;
|
remove) remove_apache_site ;;
|
||||||
*) usage "$_usage"; exit 42;;
|
*) usage "$_usage"; exit 42;;
|
||||||
esac ;;
|
esac ;;
|
||||||
nginx)
|
nginx)
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
case $2 in
|
case $2 in
|
||||||
install) install_nginx_site ;;
|
|
||||||
remove) remove_nginx_site ;;
|
remove) remove_nginx_site ;;
|
||||||
*) usage "$_usage"; exit 42;;
|
*) usage "$_usage"; exit 42;;
|
||||||
esac ;;
|
esac ;;
|
||||||
option)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
debug-on) echo; enable_debug ;;
|
|
||||||
debug-off) echo; disable_debug ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
doc) rst-doc ;;
|
|
||||||
*) usage "unknown or missing command $1"; exit 42;;
|
*) usage "unknown or missing command $1"; exit 42;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
install_all() {
|
|
||||||
rst_title "Install $SERVICE_NAME (service)"
|
|
||||||
assert_user
|
|
||||||
wait_key
|
|
||||||
go.golang "${GO_VERSION}" "${SERVICE_USER}"
|
|
||||||
wait_key
|
|
||||||
install_filtron
|
|
||||||
install_rules
|
|
||||||
wait_key
|
|
||||||
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
|
|
||||||
wait_key
|
|
||||||
echo
|
|
||||||
if ! service_is_available "http://${FILTRON_LISTEN}" ; then
|
|
||||||
err_msg "Filtron is not listening on: http://${FILTRON_LISTEN}"
|
|
||||||
fi
|
|
||||||
if apache_is_installed; then
|
|
||||||
info_msg "Apache is installed on this host."
|
|
||||||
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
|
|
||||||
install_apache_site
|
|
||||||
fi
|
|
||||||
elif nginx_is_installed; then
|
|
||||||
info_msg "nginx is installed on this host."
|
|
||||||
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
|
|
||||||
install_nginx_site
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if ask_yn "Do you want to inspect the installation?" Ny; then
|
|
||||||
inspect_service
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
install_check() {
|
|
||||||
|
|
||||||
if service_account_is_available "$SERVICE_USER"; then
|
|
||||||
info_msg "service account $SERVICE_USER available."
|
|
||||||
else
|
|
||||||
err_msg "service account $SERVICE_USER not available!"
|
|
||||||
fi
|
|
||||||
if go_is_available "$SERVICE_USER"; then
|
|
||||||
info_msg "~$SERVICE_USER: go is installed"
|
|
||||||
else
|
|
||||||
err_msg "~$SERVICE_USER: go is not installed"
|
|
||||||
fi
|
|
||||||
if filtron_is_installed; then
|
|
||||||
info_msg "~$SERVICE_USER: filtron app is installed"
|
|
||||||
else
|
|
||||||
err_msg "~$SERVICE_USER: filtron app is not installed!"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! service_is_available "http://${FILTRON_API}"; then
|
|
||||||
err_msg "API not available at: http://${FILTRON_API}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! service_is_available "http://${FILTRON_LISTEN}" ; then
|
|
||||||
err_msg "Filtron is not listening on: http://${FILTRON_LISTEN}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if service_is_available "http://${FILTRON_TARGET}" ; then
|
|
||||||
info_msg "Filtron's target is available at: http://${FILTRON_TARGET}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! service_is_available "${PUBLIC_URL}"; then
|
|
||||||
warn_msg "Public service at ${PUBLIC_URL} is not available!"
|
|
||||||
if ! in_container; then
|
|
||||||
warn_msg "Check if public name is correct and routed or use the public IP from above."
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "${GO_VERSION}" > "$(go_version)" ]]; then
|
|
||||||
warn_msg "golang ($(go_version)) needs to be $GO_VERSION at least"
|
|
||||||
warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all"
|
|
||||||
else
|
|
||||||
info_msg "golang $(go_version) is installed (min needed is: $GO_VERSION)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${APACHE_SITES_AVAILABLE}/searx.conf" ]; then
|
|
||||||
warn_msg "old searx.conf apache site exists"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${NGINX_APPS_AVAILABLE}/searx.conf" ]; then
|
|
||||||
warn_msg "old searx.conf nginx site exists"
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
go_version(){
|
|
||||||
go.version "${SERVICE_USER}"
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_all() {
|
remove_all() {
|
||||||
rst_title "De-Install $SERVICE_NAME (service)"
|
rst_title "De-Install $SERVICE_NAME (service)"
|
||||||
|
|
||||||
|
@ -321,219 +81,6 @@ installations that were installed with this script."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
assert_user() {
|
|
||||||
rst_title "user $SERVICE_USER" section
|
|
||||||
echo
|
|
||||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
|
||||||
useradd --shell /bin/bash --system \
|
|
||||||
--home-dir "$SERVICE_HOME" \
|
|
||||||
--comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
|
|
||||||
mkdir "$SERVICE_HOME"
|
|
||||||
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
|
||||||
groups $SERVICE_USER
|
|
||||||
EOF
|
|
||||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
|
||||||
export SERVICE_HOME
|
|
||||||
echo "export SERVICE_HOME=$SERVICE_HOME"
|
|
||||||
|
|
||||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER"
|
|
||||||
touch "$GO_ENV"
|
|
||||||
grep -qFs -- 'source "$GO_ENV"' ~/.profile || echo 'source "$GO_ENV"' >> ~/.profile
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
filtron_is_installed() {
|
|
||||||
[[ -f $SERVICE_HOME/go-apps/bin/filtron ]]
|
|
||||||
}
|
|
||||||
|
|
||||||
install_filtron() {
|
|
||||||
rst_title "Install filtron in user's ~/go-apps" section
|
|
||||||
echo
|
|
||||||
go.install github.com/searxng/filtron@latest "${SERVICE_USER}"
|
|
||||||
}
|
|
||||||
|
|
||||||
update_filtron() {
|
|
||||||
rst_title "Update filtron" section
|
|
||||||
echo
|
|
||||||
go.install github.com/searxng/filtron@latest "${SERVICE_USER}"
|
|
||||||
}
|
|
||||||
|
|
||||||
install_rules() {
|
|
||||||
rst_title "Install filtron rules"
|
|
||||||
echo
|
|
||||||
if [[ ! -f "${FILTRON_RULES}" ]]; then
|
|
||||||
info_msg "install rules ${FILTRON_RULES_TEMPLATE}"
|
|
||||||
info_msg " --> ${FILTRON_RULES}"
|
|
||||||
mkdir -p "$(dirname "${FILTRON_RULES}")"
|
|
||||||
cp "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if cmp --silent "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"; then
|
|
||||||
info_msg "${FILTRON_RULES} is up to date with"
|
|
||||||
info_msg "${FILTRON_RULES_TEMPLATE}"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
rst_para "Diff between origin's rules file (+) and current (-):"
|
|
||||||
echo "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"
|
|
||||||
$DIFF_CMD "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"
|
|
||||||
|
|
||||||
local action
|
|
||||||
choose_one action "What should happen to the rules file? " \
|
|
||||||
"keep configuration unchanged" \
|
|
||||||
"use origin rules" \
|
|
||||||
"start interactive shell"
|
|
||||||
case $action in
|
|
||||||
"keep configuration unchanged")
|
|
||||||
info_msg "leave rules file unchanged"
|
|
||||||
;;
|
|
||||||
"use origin rules")
|
|
||||||
backup_file "${FILTRON_RULES}"
|
|
||||||
info_msg "install origin rules"
|
|
||||||
cp "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}"
|
|
||||||
;;
|
|
||||||
"start interactive shell")
|
|
||||||
backup_file "${FILTRON_RULES}"
|
|
||||||
echo -e "// exit with [${_BCyan}CTRL-D${_creset}]"
|
|
||||||
sudo -H -i
|
|
||||||
rst_para 'Diff between new rules file (-) and current (+):'
|
|
||||||
echo
|
|
||||||
$DIFF_CMD "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}"
|
|
||||||
wait_key
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
inspect_service() {
|
|
||||||
|
|
||||||
rst_title "service status & log"
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
sourced ${DOT_CONFIG} :
|
|
||||||
SERVICE_USER : ${SERVICE_USER}
|
|
||||||
SERVICE_HOME : ${SERVICE_HOME}
|
|
||||||
FILTRON_TARGET : ${FILTRON_TARGET}
|
|
||||||
FILTRON_API : ${FILTRON_API}
|
|
||||||
FILTRON_LISTEN : ${FILTRON_LISTEN}
|
|
||||||
FILTRON_URL_PATH : ${FILTRON_URL_PATH}
|
|
||||||
EOF
|
|
||||||
install_log_searx_instance
|
|
||||||
|
|
||||||
install_check
|
|
||||||
|
|
||||||
if in_container; then
|
|
||||||
lxc_suite_info
|
|
||||||
else
|
|
||||||
info_msg "public URL --> ${PUBLIC_URL}"
|
|
||||||
info_msg "internal URL --> http://${FILTRON_LISTEN}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
local _debug_on
|
|
||||||
if ask_yn "Enable filtron debug mode?"; then
|
|
||||||
enable_debug
|
|
||||||
_debug_on=1
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
systemctl --no-pager -l status "${SERVICE_NAME}"
|
|
||||||
echo
|
|
||||||
|
|
||||||
info_msg "public URL --> ${PUBLIC_URL}"
|
|
||||||
# shellcheck disable=SC2059
|
|
||||||
printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log"
|
|
||||||
read -r -s -n1 -t 5
|
|
||||||
echo
|
|
||||||
while true; do
|
|
||||||
trap break 2
|
|
||||||
journalctl -f -u "${SERVICE_NAME}"
|
|
||||||
done
|
|
||||||
|
|
||||||
if [[ $_debug_on == 1 ]]; then
|
|
||||||
disable_debug
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
enable_debug() {
|
|
||||||
info_msg "try to enable debug mode ..."
|
|
||||||
python <<EOF
|
|
||||||
import sys, json
|
|
||||||
|
|
||||||
debug = {
|
|
||||||
u'name': u'debug request'
|
|
||||||
, u'filters': []
|
|
||||||
, u'interval': 0
|
|
||||||
, u'limit': 0
|
|
||||||
, u'actions': [{u'name': u'log'}]
|
|
||||||
}
|
|
||||||
|
|
||||||
with open('$FILTRON_RULES') as rules:
|
|
||||||
j = json.load(rules)
|
|
||||||
|
|
||||||
pos = None
|
|
||||||
for i in range(len(j)):
|
|
||||||
if j[i].get('name') == 'debug request':
|
|
||||||
pos = i
|
|
||||||
break
|
|
||||||
if pos is not None:
|
|
||||||
j[pos] = debug
|
|
||||||
else:
|
|
||||||
j.append(debug)
|
|
||||||
with open('$FILTRON_RULES', 'w') as rules:
|
|
||||||
json.dump(j, rules, indent=2, sort_keys=True)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
systemctl restart "${SERVICE_NAME}.service"
|
|
||||||
}
|
|
||||||
|
|
||||||
disable_debug() {
|
|
||||||
info_msg "try to disable debug mode ..."
|
|
||||||
python <<EOF
|
|
||||||
import sys, json
|
|
||||||
with open('$FILTRON_RULES') as rules:
|
|
||||||
j = json.load(rules)
|
|
||||||
|
|
||||||
pos = None
|
|
||||||
for i in range(len(j)):
|
|
||||||
if j[i].get('name') == 'debug request':
|
|
||||||
pos = i
|
|
||||||
break
|
|
||||||
if pos is not None:
|
|
||||||
del j[pos]
|
|
||||||
with open('$FILTRON_RULES', 'w') as rules:
|
|
||||||
json.dump(j, rules, indent=2, sort_keys=True)
|
|
||||||
EOF
|
|
||||||
systemctl restart "${SERVICE_NAME}.service"
|
|
||||||
}
|
|
||||||
|
|
||||||
install_apache_site() {
|
|
||||||
|
|
||||||
rst_title "Install Apache site $APACHE_FILTRON_SITE"
|
|
||||||
|
|
||||||
rst_para "\
|
|
||||||
This installs a reverse proxy (ProxyPass) into apache site (${APACHE_FILTRON_SITE})"
|
|
||||||
|
|
||||||
! apache_is_installed && info_msg "Apache is not installed."
|
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to continue?" Yn; then
|
|
||||||
return
|
|
||||||
else
|
|
||||||
install_apache
|
|
||||||
fi
|
|
||||||
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" install uwsgi
|
|
||||||
|
|
||||||
apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}"
|
|
||||||
|
|
||||||
info_msg "testing public url .."
|
|
||||||
if ! service_is_available "${PUBLIC_URL}"; then
|
|
||||||
err_msg "Public service at ${PUBLIC_URL} is not available!"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_apache_site() {
|
remove_apache_site() {
|
||||||
|
|
||||||
rst_title "Remove Apache site $APACHE_FILTRON_SITE"
|
rst_title "Remove Apache site $APACHE_FILTRON_SITE"
|
||||||
|
@ -551,35 +98,6 @@ This removes apache site ${APACHE_FILTRON_SITE}."
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
install_nginx_site() {
|
|
||||||
|
|
||||||
rst_title "Install nginx site $NGINX_FILTRON_SITE"
|
|
||||||
|
|
||||||
rst_para "\
|
|
||||||
This installs a reverse proxy (ProxyPass) into nginx site (${NGINX_FILTRON_SITE})"
|
|
||||||
|
|
||||||
! nginx_is_installed && info_msg "nginx is not installed."
|
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to continue?" Yn; then
|
|
||||||
return
|
|
||||||
else
|
|
||||||
install_nginx
|
|
||||||
fi
|
|
||||||
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" install uwsgi
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SEARXNG_URL_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_URL_PATH)
|
|
||||||
nginx_install_app --variant=filtron "${NGINX_FILTRON_SITE}"
|
|
||||||
|
|
||||||
info_msg "testing public url .."
|
|
||||||
if ! service_is_available "${PUBLIC_URL}"; then
|
|
||||||
err_msg "Public service at ${PUBLIC_URL} is not available!"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_nginx_site() {
|
remove_nginx_site() {
|
||||||
|
|
||||||
rst_title "Remove nginx site $NGINX_FILTRON_SITE"
|
rst_title "Remove nginx site $NGINX_FILTRON_SITE"
|
||||||
|
@ -593,37 +111,10 @@ This removes nginx site ${NGINX_FILTRON_SITE}."
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
nginx_remove_site "$FILTRON_FILTRON_SITE"
|
nginx_remove_app "$FILTRON_FILTRON_SITE"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
rst-doc() {
|
|
||||||
|
|
||||||
eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/filtron.rst")\""
|
|
||||||
|
|
||||||
echo -e "\n.. START install systemd unit"
|
|
||||||
cat <<EOF
|
|
||||||
.. tabs::
|
|
||||||
|
|
||||||
.. group-tab:: systemd
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
EOF
|
|
||||||
eval "echo \"$(< "${TEMPLATES}/${SERVICE_SYSTEMD_UNIT}")\"" | prefix_stdout " "
|
|
||||||
echo -e "\n.. END install systemd unit"
|
|
||||||
|
|
||||||
# for DIST_NAME in ubuntu-20.04 arch fedora centos; do
|
|
||||||
# (
|
|
||||||
# DIST_ID=${DIST_NAME%-*}
|
|
||||||
# DIST_VERS=${DIST_NAME#*-}
|
|
||||||
# [[ $DIST_VERS =~ $DIST_ID ]] && DIST_VERS=
|
|
||||||
# # ...
|
|
||||||
# )
|
|
||||||
# done
|
|
||||||
}
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
main "$@"
|
main "$@"
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
|
|
47
utils/lib.sh
47
utils/lib.sh
|
@ -195,7 +195,7 @@ wait_key(){
|
||||||
[[ -n $_t ]] && _t="-t $_t"
|
[[ -n $_t ]] && _t="-t $_t"
|
||||||
printf "$msg"
|
printf "$msg"
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
read -r -s -n1 $_t
|
read -r -s -n1 $_t || true
|
||||||
echo
|
echo
|
||||||
clean_stdin
|
clean_stdin
|
||||||
}
|
}
|
||||||
|
@ -1027,7 +1027,7 @@ nginx_include_apps_enabled() {
|
||||||
local include_directive="include ${NGINX_APPS_ENABLED}/*.conf;"
|
local include_directive="include ${NGINX_APPS_ENABLED}/*.conf;"
|
||||||
local include_directive_re="^\s*include ${NGINX_APPS_ENABLED}/\*\.conf;"
|
local include_directive_re="^\s*include ${NGINX_APPS_ENABLED}/\*\.conf;"
|
||||||
|
|
||||||
info_msg "checking existence: '${include_directive}' in file ${server_conf}"
|
info_msg "checking existence: '${include_directive}' in file ${server_conf}"
|
||||||
if grep "${include_directive_re}" "${server_conf}"; then
|
if grep "${include_directive_re}" "${server_conf}"; then
|
||||||
info_msg "OK, already exists."
|
info_msg "OK, already exists."
|
||||||
return
|
return
|
||||||
|
@ -1117,7 +1117,7 @@ apache_distro_setup() {
|
||||||
APACHE_SITES_AVAILABLE="/etc/httpd/sites-available"
|
APACHE_SITES_AVAILABLE="/etc/httpd/sites-available"
|
||||||
APACHE_SITES_ENABLED="/etc/httpd/sites-enabled"
|
APACHE_SITES_ENABLED="/etc/httpd/sites-enabled"
|
||||||
APACHE_MODULES="modules"
|
APACHE_MODULES="modules"
|
||||||
APACHE_PACKAGES="httpd"
|
APACHE_PACKAGES="httpd mod_ssl"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented"
|
err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented"
|
||||||
|
@ -1249,8 +1249,6 @@ apache_dissable_site() {
|
||||||
# -----
|
# -----
|
||||||
|
|
||||||
uWSGI_SETUP="${uWSGI_SETUP:=/etc/uwsgi}"
|
uWSGI_SETUP="${uWSGI_SETUP:=/etc/uwsgi}"
|
||||||
uWSGI_USER=
|
|
||||||
uWSGI_GROUP=
|
|
||||||
|
|
||||||
# How distros manage uWSGI apps is very different. From uWSGI POV read:
|
# How distros manage uWSGI apps is very different. From uWSGI POV read:
|
||||||
# - https://uwsgi-docs.readthedocs.io/en/latest/Management.html
|
# - https://uwsgi-docs.readthedocs.io/en/latest/Management.html
|
||||||
|
@ -1276,13 +1274,14 @@ uWSGI_distro_setup() {
|
||||||
;;
|
;;
|
||||||
fedora-*|centos-7)
|
fedora-*|centos-7)
|
||||||
# systemd --> /usr/lib/systemd/system/uwsgi.service
|
# systemd --> /usr/lib/systemd/system/uwsgi.service
|
||||||
# The unit file starts uWSGI in emperor mode (/etc/uwsgi.ini), see
|
# Fedora runs uWSGI in emperor-tyrant mode: in Tyrant mode the
|
||||||
# - https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html
|
# Emperor will run the vassal using the UID/GID of the vassal
|
||||||
|
# configuration file [1] (user and group of the app .ini file).
|
||||||
|
# There are some quirks abbout additional POSIX groups in uWSGI
|
||||||
|
# 2.0.x, read at least: https://github.com/unbit/uwsgi/issues/2099
|
||||||
uWSGI_APPS_AVAILABLE="${uWSGI_SETUP}/apps-available"
|
uWSGI_APPS_AVAILABLE="${uWSGI_SETUP}/apps-available"
|
||||||
uWSGI_APPS_ENABLED="${uWSGI_SETUP}.d"
|
uWSGI_APPS_ENABLED="${uWSGI_SETUP}.d"
|
||||||
uWSGI_PACKAGES="uwsgi"
|
uWSGI_PACKAGES="uwsgi"
|
||||||
uWSGI_USER="uwsgi"
|
|
||||||
uWSGI_GROUP="uwsgi"
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented"
|
err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented"
|
||||||
|
@ -1344,30 +1343,6 @@ uWSGI_restart() {
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
uWSGI_prepare_app() {
|
|
||||||
|
|
||||||
# usage: uWSGI_prepare_app <myapp.ini>
|
|
||||||
|
|
||||||
[[ -z $1 ]] && die_caller 42 "missing argument <myapp.ini>"
|
|
||||||
|
|
||||||
local APP="${1%.*}"
|
|
||||||
|
|
||||||
case $DIST_ID-$DIST_VERS in
|
|
||||||
fedora-*|centos-7)
|
|
||||||
# in emperor mode, the uwsgi user is the owner of the sockets
|
|
||||||
info_msg "prepare (uwsgi:uwsgi) /run/uwsgi/app/${APP}"
|
|
||||||
mkdir -p "/run/uwsgi/app/${APP}"
|
|
||||||
chown -R "uwsgi:uwsgi" "/run/uwsgi/app/${APP}"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
info_msg "prepare (${SERVICE_USER}:${SERVICE_GROUP}) /run/uwsgi/app/${APP}"
|
|
||||||
mkdir -p "/run/uwsgi/app/${APP}"
|
|
||||||
chown -R "${SERVICE_USER}:${SERVICE_GROUP}" "/run/uwsgi/app/${APP}"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uWSGI_app_available() {
|
uWSGI_app_available() {
|
||||||
# usage: uWSGI_app_available <myapp.ini>
|
# usage: uWSGI_app_available <myapp.ini>
|
||||||
local CONF="$1"
|
local CONF="$1"
|
||||||
|
@ -1378,7 +1353,7 @@ uWSGI_app_available() {
|
||||||
|
|
||||||
uWSGI_install_app() {
|
uWSGI_install_app() {
|
||||||
|
|
||||||
# usage: uWSGI_install_app [<template option> ...] <myapp.ini>
|
# usage: uWSGI_install_app [<template option> ...] <myapp.ini> [{owner} [{group} [{chmod}]]]
|
||||||
#
|
#
|
||||||
# <template option>: see install_template
|
# <template option>: see install_template
|
||||||
|
|
||||||
|
@ -1390,11 +1365,10 @@ uWSGI_install_app() {
|
||||||
*) pos_args+=("$i");;
|
*) pos_args+=("$i");;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
uWSGI_prepare_app "${pos_args[1]}"
|
|
||||||
mkdir -p "${uWSGI_APPS_AVAILABLE}"
|
mkdir -p "${uWSGI_APPS_AVAILABLE}"
|
||||||
install_template "${template_opts[@]}" \
|
install_template "${template_opts[@]}" \
|
||||||
"${uWSGI_APPS_AVAILABLE}/${pos_args[1]}" \
|
"${uWSGI_APPS_AVAILABLE}/${pos_args[1]}" \
|
||||||
root root 644
|
"${pos_args[2]:-root}" "${pos_args[3]:-root}" "${pos_args[4]:-644}"
|
||||||
uWSGI_enable_app "${pos_args[1]}"
|
uWSGI_enable_app "${pos_args[1]}"
|
||||||
uWSGI_restart "${pos_args[1]}"
|
uWSGI_restart "${pos_args[1]}"
|
||||||
info_msg "uWSGI app: ${pos_args[1]} is installed"
|
info_msg "uWSGI app: ${pos_args[1]} is installed"
|
||||||
|
@ -1468,7 +1442,6 @@ uWSGI_enable_app() {
|
||||||
mkdir -p "${uWSGI_APPS_ENABLED}"
|
mkdir -p "${uWSGI_APPS_ENABLED}"
|
||||||
rm -f "${uWSGI_APPS_ENABLED}/${CONF}"
|
rm -f "${uWSGI_APPS_ENABLED}/${CONF}"
|
||||||
ln -s "${uWSGI_APPS_AVAILABLE}/${CONF}" "${uWSGI_APPS_ENABLED}/${CONF}"
|
ln -s "${uWSGI_APPS_AVAILABLE}/${CONF}" "${uWSGI_APPS_ENABLED}/${CONF}"
|
||||||
chown "${uWSGI_USER}:${uWSGI_GROUP}" "${uWSGI_APPS_ENABLED}/${CONF}"
|
|
||||||
info_msg "enabled uWSGI app: ${CONF}"
|
info_msg "enabled uWSGI app: ${CONF}"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
|
@ -1,207 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
||||||
|
|
||||||
# https://github.com/koalaman/shellcheck/issues/356#issuecomment-853515285
|
|
||||||
# shellcheck source=utils/lib.sh
|
|
||||||
. /dev/null
|
|
||||||
|
|
||||||
# Initialize installation procedures:
|
|
||||||
#
|
|
||||||
# - Modified source_dot_config function that
|
|
||||||
# - loads .config.sh from an existing installation (at SEARX_SRC).
|
|
||||||
# - initialize **SEARX_SRC_INIT_FILES**
|
|
||||||
# - functions like:
|
|
||||||
# - install_log_searx_instance()
|
|
||||||
# - install_searx_get_state()
|
|
||||||
#
|
|
||||||
# usage:
|
|
||||||
# source lib_install.sh
|
|
||||||
#
|
|
||||||
# **Installation scripts**
|
|
||||||
#
|
|
||||||
# The utils/lib_install.sh is sourced by the installations scripts:
|
|
||||||
#
|
|
||||||
# - utils/searx.sh
|
|
||||||
# - utils/morty.sh
|
|
||||||
# - utils/filtron.sh
|
|
||||||
#
|
|
||||||
# If '${SEARX_SRC}/.config.sh' exists, the modified source_dot_config() function
|
|
||||||
# loads this configuration (instead of './.config.sh').
|
|
||||||
|
|
||||||
# **SEARX_SRC_INIT_FILES**
|
|
||||||
#
|
|
||||||
# Array of file names to sync into a installation at $SEARX_SRC. The file names
|
|
||||||
# are relative to the $REPO_ROOT. Set by function init_SEARX_SRC_INIT_FILES().
|
|
||||||
# Most often theses are files like:
|
|
||||||
# - .config.sh
|
|
||||||
# - searx/settings.yml
|
|
||||||
# - utils/brand.env
|
|
||||||
# - ...
|
|
||||||
|
|
||||||
|
|
||||||
SEARX_SRC_INIT_FILES=()
|
|
||||||
|
|
||||||
eval orig_"$(declare -f source_dot_config)"
|
|
||||||
|
|
||||||
source_dot_config() {
|
|
||||||
|
|
||||||
# Modified source_dot_config function that
|
|
||||||
# - loads .config.sh from an existing installation (at SEARX_SRC).
|
|
||||||
# - initialize SEARX_SRC_INIT_FILES
|
|
||||||
|
|
||||||
if [ -z "$eval_SEARX_SRC" ]; then
|
|
||||||
export eval_SEARX_SRC='true'
|
|
||||||
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
|
|
||||||
SEARX_PYENV=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_PYENV)
|
|
||||||
SEARXNG_SETTINGS_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_SETTINGS_PATH)
|
|
||||||
if [ ! -r "${SEARX_SRC}" ]; then
|
|
||||||
info_msg "not yet cloned: ${SEARX_SRC}"
|
|
||||||
orig_source_dot_config
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
info_msg "using instance at: ${SEARX_SRC}"
|
|
||||||
|
|
||||||
# set and log DOT_CONFIG
|
|
||||||
if [ -r "${SEARX_SRC}/.config.sh" ]; then
|
|
||||||
info_msg "switching to ${SEARX_SRC}/.config.sh"
|
|
||||||
DOT_CONFIG="${SEARX_SRC}/.config.sh"
|
|
||||||
else
|
|
||||||
info_msg "using local config: ${DOT_CONFIG}"
|
|
||||||
fi
|
|
||||||
init_SEARX_SRC_INIT_FILES
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
init_SEARX_SRC_INIT_FILES(){
|
|
||||||
# init environment SEARX_SRC_INIT_FILES
|
|
||||||
|
|
||||||
# Monitor modified files in the working-tree from the local repository, only
|
|
||||||
# if the local file differs to the corresponding file in the instance. Most
|
|
||||||
# often theses are files like:
|
|
||||||
#
|
|
||||||
# - .config.sh
|
|
||||||
# - searx/settings.yml
|
|
||||||
# - utils/brand.env
|
|
||||||
# - ...
|
|
||||||
|
|
||||||
# keep list empty if there is no installation
|
|
||||||
SEARX_SRC_INIT_FILES=()
|
|
||||||
if [ ! -r "$SEARX_SRC" ]; then
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
local fname
|
|
||||||
local msg=""
|
|
||||||
local _prefix=""
|
|
||||||
if [[ -n ${SUDO_USER} ]]; then
|
|
||||||
_prefix="sudo -u ${SUDO_USER}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Monitor local modified files from the repository, only if the local file
|
|
||||||
# differs to the corresponding file in the instance
|
|
||||||
|
|
||||||
while IFS= read -r fname; do
|
|
||||||
if [ -z "$fname" ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
if [ -r "${SEARX_SRC}/${fname}" ]; then
|
|
||||||
# diff "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"
|
|
||||||
if ! cmp --silent "${REPO_ROOT}/${fname}" "${SEARX_SRC}/${fname}"; then
|
|
||||||
SEARX_SRC_INIT_FILES+=("${fname}")
|
|
||||||
info_msg "local clone (workingtree), modified file: ./$fname"
|
|
||||||
msg="to update use: sudo -H ./utils/searx.sh install init-src"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done <<< "$($_prefix git diff --name-only)"
|
|
||||||
[ -n "$msg" ] && info_msg "$msg"
|
|
||||||
}
|
|
||||||
|
|
||||||
install_log_searx_instance() {
|
|
||||||
|
|
||||||
echo -e "---- SearXNG instance setup ${_BBlue}(status: $(install_searx_get_state))${_creset}"
|
|
||||||
echo -e " SEARXNG_SETTINGS_PATH : ${_BBlue}${SEARXNG_SETTINGS_PATH}${_creset}"
|
|
||||||
echo -e " SEARX_PYENV : ${_BBlue}${SEARX_PYENV}${_creset}"
|
|
||||||
echo -e " SEARX_SRC : ${_BBlue}${SEARX_SRC:-none}${_creset}"
|
|
||||||
echo -e " SEARXNG_URL : ${_BBlue}${SEARXNG_URL:-none}${_creset}"
|
|
||||||
|
|
||||||
if in_container; then
|
|
||||||
# SearXNG is listening on 127.0.0.1 and not available from outside container
|
|
||||||
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
|
|
||||||
echo -e "---- container setup"
|
|
||||||
echo -e " ${_BBlack}HINT:${_creset} SearXNG only listen on loopback device" \
|
|
||||||
"${_BBlack}inside${_creset} the container."
|
|
||||||
for ip in $(global_IPs) ; do
|
|
||||||
if [[ $ip =~ .*:.* ]]; then
|
|
||||||
echo " container (IPv6): [${ip#*|}]"
|
|
||||||
else
|
|
||||||
# IPv4:
|
|
||||||
echo " container (IPv4): ${ip#*|}"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
install_searx_get_state(){
|
|
||||||
|
|
||||||
# usage: install_searx_get_state
|
|
||||||
#
|
|
||||||
# Prompts a string indicating the status of the installation procedure
|
|
||||||
#
|
|
||||||
# missing-searx-clone:
|
|
||||||
# There is no clone at ${SEARX_SRC}
|
|
||||||
# missing-searx-pyenv:
|
|
||||||
# There is no pyenv in ${SEARX_PYENV}
|
|
||||||
# installer-modified:
|
|
||||||
# There are files modified locally in the installer (clone),
|
|
||||||
# see ${SEARX_SRC_INIT_FILES} description.
|
|
||||||
# python-installed:
|
|
||||||
# Scripts can be executed in instance's environment
|
|
||||||
# - user: ${SERVICE_USER}
|
|
||||||
# - pyenv: ${SEARX_PYENV}
|
|
||||||
|
|
||||||
if [ -f /etc/searx/settings.yml ]; then
|
|
||||||
err_msg "settings.yml in /etc/searx/ is deprecated, move file to folder /etc/searxng/"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! [ -r "${SEARX_SRC}" ]; then
|
|
||||||
echo "missing-searx-clone"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
if ! [ -f "${SEARX_PYENV}/bin/activate" ]; then
|
|
||||||
echo "missing-searx-pyenv"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
if ! [ -r "${SEARXNG_SETTINGS_PATH}" ]; then
|
|
||||||
echo "missing-settings"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
if ! [ ${#SEARX_SRC_INIT_FILES[*]} -eq 0 ]; then
|
|
||||||
echo "installer-modified"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
echo "python-installed"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Initialization of the installation procedure
|
|
||||||
# --------------------------------------------
|
|
||||||
|
|
||||||
# shellcheck source=utils/brand.env
|
|
||||||
source "${REPO_ROOT}/utils/brand.env"
|
|
||||||
|
|
||||||
# SEARXNG_URL aka PUBLIC_URL: the public URL of the instance (e.g.
|
|
||||||
# "https://example.org/searx"). The value is taken from environment $SEARXNG_URL
|
|
||||||
# in ./utils/brand.env. This variable is a empty string if server.base_url in
|
|
||||||
# the settings.yml is set to 'false'.
|
|
||||||
|
|
||||||
SEARXNG_URL="${SEARXNG_URL:-http://$(uname -n)}"
|
|
||||||
if in_container; then
|
|
||||||
# hint: Linux containers do not have DNS entries, lets use IPs
|
|
||||||
SEARXNG_URL="http://$(primary_ip)"
|
|
||||||
fi
|
|
||||||
PUBLIC_URL="${SEARXNG_URL}"
|
|
||||||
|
|
||||||
source_dot_config
|
|
||||||
|
|
||||||
# shellcheck source=utils/lxc-searx.env
|
|
||||||
source "${REPO_ROOT}/utils/lxc-searx.env"
|
|
||||||
in_container && lxc_set_suite_env
|
|
|
@ -42,6 +42,8 @@ REDIS_GIT_URL="https://github.com/redis/redis.git"
|
||||||
REDIS_GIT_TAG="${REDIS_GIT_TAG:-6.2.6}"
|
REDIS_GIT_TAG="${REDIS_GIT_TAG:-6.2.6}"
|
||||||
|
|
||||||
REDIS_USER="searxng-redis"
|
REDIS_USER="searxng-redis"
|
||||||
|
REDIS_GROUP="searxng-redis"
|
||||||
|
|
||||||
REDIS_HOME="/usr/local/${REDIS_USER}"
|
REDIS_HOME="/usr/local/${REDIS_USER}"
|
||||||
REDIS_HOME_BIN="${REDIS_HOME}/.local/bin"
|
REDIS_HOME_BIN="${REDIS_HOME}/.local/bin"
|
||||||
REDIS_ENV="${REDIS_HOME}/.redis_env"
|
REDIS_ENV="${REDIS_HOME}/.redis_env"
|
||||||
|
@ -113,7 +115,7 @@ redis.devpkg() {
|
||||||
|
|
||||||
case ${DIST_ID} in
|
case ${DIST_ID} in
|
||||||
ubuntu|debian)
|
ubuntu|debian)
|
||||||
pkg_install git build-essential
|
pkg_install git build-essential gawk
|
||||||
;;
|
;;
|
||||||
arch)
|
arch)
|
||||||
pkg_install git base-devel
|
pkg_install git base-devel
|
||||||
|
@ -139,15 +141,20 @@ redis.build() {
|
||||||
rst_title "get redis sources" section
|
rst_title "get redis sources" section
|
||||||
redis.src "${CACHE}/redis"
|
redis.src "${CACHE}/redis"
|
||||||
|
|
||||||
if ! required_commands gcc nm make gawk; then
|
if ! required_commands gcc nm make gawk ; then
|
||||||
sudo -H "$0" redis.devpkg
|
info_msg "install development tools to get missing command(s) .."
|
||||||
|
if [[ -n ${SUDO_USER} ]]; then
|
||||||
|
sudo -H "$0" redis.devpkg
|
||||||
|
else
|
||||||
|
redis.devpkg
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rst_title "compile redis sources" section
|
rst_title "compile redis sources" section
|
||||||
|
|
||||||
pushd "${CACHE}/redis" &>/dev/null
|
pushd "${CACHE}/redis" &>/dev/null
|
||||||
|
|
||||||
if ask_yn "Do you run 'make distclean' first'?" Ny; then
|
if ask_yn "Do you run 'make distclean' first'?" Yn; then
|
||||||
$(bash.cmd) -c "make distclean" 2>&1 | prefix_stdout
|
$(bash.cmd) -c "make distclean" 2>&1 | prefix_stdout
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -158,7 +165,7 @@ redis.build() {
|
||||||
|
|
||||||
popd &>/dev/null
|
popd &>/dev/null
|
||||||
|
|
||||||
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
|
tee_stderr 0.1 <<EOF | $(bash.cmd) 2>&1 | prefix_stdout
|
||||||
mkdir -p "$(redis._get_dist)"
|
mkdir -p "$(redis._get_dist)"
|
||||||
cd "${CACHE}/redis/src"
|
cd "${CACHE}/redis/src"
|
||||||
cp ${REDIS_INSTALL_EXE[@]} "$(redis._get_dist)"
|
cp ${REDIS_INSTALL_EXE[@]} "$(redis._get_dist)"
|
||||||
|
@ -233,7 +240,7 @@ useradd --shell /bin/bash --system \
|
||||||
--home-dir "${REDIS_HOME}" \
|
--home-dir "${REDIS_HOME}" \
|
||||||
--comment 'user that runs a redis instance' "${REDIS_USER}"
|
--comment 'user that runs a redis instance' "${REDIS_USER}"
|
||||||
mkdir -p "${REDIS_HOME}"
|
mkdir -p "${REDIS_HOME}"
|
||||||
chown -R "${REDIS_USER}:${REDIS_USER}" "${REDIS_HOME}"
|
chown -R "${REDIS_USER}:${REDIS_GROUP}" "${REDIS_HOME}"
|
||||||
groups "${REDIS_USER}"
|
groups "${REDIS_USER}"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
@ -248,7 +255,7 @@ EOF
|
||||||
redis.userdel() {
|
redis.userdel() {
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
drop_service_account "${REDIS_USER}"
|
drop_service_account "${REDIS_USER}"
|
||||||
groupdel "${REDIS_USER}" 2>&1 | prefix_stdout || true
|
groupdel "${REDIS_GROUP}" 2>&1 | prefix_stdout || true
|
||||||
}
|
}
|
||||||
|
|
||||||
redis.addgrp() {
|
redis.addgrp() {
|
||||||
|
@ -256,7 +263,7 @@ redis.addgrp() {
|
||||||
# usage: redis.addgrp <user>
|
# usage: redis.addgrp <user>
|
||||||
|
|
||||||
[[ -z $1 ]] && die_caller 42 "missing argument <user>"
|
[[ -z $1 ]] && die_caller 42 "missing argument <user>"
|
||||||
sudo -H gpasswd -a "$1" "${REDIS_USER}"
|
sudo -H gpasswd -a "$1" "${REDIS_GROUP}"
|
||||||
}
|
}
|
||||||
|
|
||||||
redis.rmgrp() {
|
redis.rmgrp() {
|
||||||
|
@ -264,7 +271,7 @@ redis.rmgrp() {
|
||||||
# usage: redis.rmgrp <user>
|
# usage: redis.rmgrp <user>
|
||||||
|
|
||||||
[[ -z $1 ]] && die_caller 42 "missing argument <user>"
|
[[ -z $1 ]] && die_caller 42 "missing argument <user>"
|
||||||
sudo -H gpasswd -d "$1" "${REDIS_USER}"
|
sudo -H gpasswd -d "$1" "${REDIS_GROUP}"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -278,7 +285,7 @@ redis._install_bin() {
|
||||||
(
|
(
|
||||||
set -e
|
set -e
|
||||||
for redis_exe in "${REDIS_INSTALL_EXE[@]}"; do
|
for redis_exe in "${REDIS_INSTALL_EXE[@]}"; do
|
||||||
install -v -o "${REDIS_USER}" -g "${REDIS_USER}" \
|
install -v -o "${REDIS_USER}" -g "${REDIS_GROUP}" \
|
||||||
"${src}/${redis_exe}" "${REDIS_HOME_BIN}"
|
"${src}/${redis_exe}" "${REDIS_HOME_BIN}"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -4,24 +4,18 @@
|
||||||
|
|
||||||
# This file is a setup of a LXC suite. It is sourced from different context, do
|
# This file is a setup of a LXC suite. It is sourced from different context, do
|
||||||
# not manipulate the environment directly, implement functions and manipulate
|
# not manipulate the environment directly, implement functions and manipulate
|
||||||
# environment only is subshells!
|
# environment only in subshells.
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
# config
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
LXC_SUITE_NAME="searx"
|
|
||||||
lxc_set_suite_env() {
|
lxc_set_suite_env() {
|
||||||
|
|
||||||
|
export LXC_SUITE_NAME="searxng"
|
||||||
|
|
||||||
# name of https://images.linuxcontainers.org
|
# name of https://images.linuxcontainers.org
|
||||||
export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}"
|
export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}"
|
||||||
export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}"
|
export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}"
|
||||||
export LXC_SUITE=(
|
export LXC_SUITE=(
|
||||||
|
|
||||||
# to disable containers, comment out lines ..
|
|
||||||
|
|
||||||
# end of standard support see https://wiki.ubuntu.com/Releases
|
# end of standard support see https://wiki.ubuntu.com/Releases
|
||||||
"$LINUXCONTAINERS_ORG_NAME:ubuntu/18.04" "ubu1804" # April 2023
|
|
||||||
"$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # April 2025
|
"$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # April 2025
|
||||||
"$LINUXCONTAINERS_ORG_NAME:ubuntu/21.10" "ubu2110" # July 2027
|
"$LINUXCONTAINERS_ORG_NAME:ubuntu/21.10" "ubu2110" # July 2027
|
||||||
|
|
||||||
|
@ -30,49 +24,27 @@ lxc_set_suite_env() {
|
||||||
|
|
||||||
# rolling releases see https://www.archlinux.org/releng/releases/
|
# rolling releases see https://www.archlinux.org/releng/releases/
|
||||||
"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux"
|
"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux"
|
||||||
|
|
||||||
# EOL 30 June 2024
|
|
||||||
"$LINUXCONTAINERS_ORG_NAME:centos/7" "centos7"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
|
|
||||||
if in_container; then
|
|
||||||
# container hostnames do not have a DNS entry: use primary IP!
|
|
||||||
PUBLIC_URL="http://$(primary_ip)/searx"
|
|
||||||
|
|
||||||
# make GUEST's services public to the HOST
|
|
||||||
FILTRON_API="0.0.0.0:4005"
|
|
||||||
FILTRON_LISTEN="0.0.0.0:4004"
|
|
||||||
MORTY_LISTEN="0.0.0.0:3000"
|
|
||||||
|
|
||||||
# export LXC specific environment
|
|
||||||
export PUBLIC_URL FILTRON_API FILTRON_LISTEN MORTY_LISTEN
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
lxc_suite_install_info() {
|
lxc_suite_install_info() {
|
||||||
(
|
(
|
||||||
lxc_set_suite_env
|
lxc_set_suite_env
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
LXC suite: ${LXC_SUITE_NAME} --> ${PUBLIC_URL}
|
LXC suite: ${LXC_SUITE_NAME}
|
||||||
suite includes searx, morty & filtron
|
Suite includes installation of SearXNG
|
||||||
suite images:
|
images: ${LOCAL_IMAGES[*]}
|
||||||
$(echo " ${LOCAL_IMAGES[*]}" | $FMT)
|
containers: ${CONTAINERS[*]}
|
||||||
suite containers:
|
|
||||||
$(echo " ${CONTAINERS[*]}" | $FMT)
|
|
||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
lxc_suite_install() {
|
lxc_suite_install() {
|
||||||
(
|
(
|
||||||
lxc_set_suite_env
|
lxc_set_suite_env
|
||||||
FORCE_TIMEOUT=0
|
FORCE_TIMEOUT=0
|
||||||
export FORCE_TIMEOUT
|
export FORCE_TIMEOUT
|
||||||
"${LXC_REPO_ROOT}/utils/searx.sh" install all
|
"${LXC_REPO_ROOT}/utils/searxng.sh" install all
|
||||||
"${LXC_REPO_ROOT}/utils/morty.sh" install all
|
|
||||||
"${LXC_REPO_ROOT}/utils/filtron.sh" install all
|
|
||||||
|
|
||||||
rst_title "suite installation finished ($(hostname))" part
|
rst_title "suite installation finished ($(hostname))" part
|
||||||
lxc_suite_info
|
lxc_suite_info
|
||||||
echo
|
echo
|
||||||
|
@ -88,10 +60,9 @@ lxc_suite_info() {
|
||||||
else
|
else
|
||||||
# IPv4:
|
# IPv4:
|
||||||
# shellcheck disable=SC2034,SC2031
|
# shellcheck disable=SC2034,SC2031
|
||||||
info_msg "(${ip%|*}) filtron: http://${ip#*|}:4004/ $PUBLIC_URL"
|
|
||||||
info_msg "(${ip%|*}) morty: http://${ip#*|}:3000/ $PUBLIC_URL_MORTY"
|
|
||||||
info_msg "(${ip%|*}) docs-live: http://${ip#*|}:8080/"
|
info_msg "(${ip%|*}) docs-live: http://${ip#*|}:8080/"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
"${LXC_REPO_ROOT}/utils/searxng.sh" searxng.instance.env
|
||||||
)
|
)
|
||||||
}
|
}
|
|
@ -4,12 +4,11 @@
|
||||||
|
|
||||||
# shellcheck source=utils/lib.sh
|
# shellcheck source=utils/lib.sh
|
||||||
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
||||||
source_dot_config
|
|
||||||
# shellcheck source=utils/brand.env
|
# shellcheck source=utils/brand.env
|
||||||
source "${REPO_ROOT}/utils/brand.env"
|
source "${REPO_ROOT}/utils/brand.env"
|
||||||
|
|
||||||
# load environment of the LXC suite
|
# load environment of the LXC suite
|
||||||
LXC_ENV="${LXC_ENV:-${REPO_ROOT}/utils/lxc-searx.env}"
|
LXC_ENV="${LXC_ENV:-${REPO_ROOT}/utils/lxc-searxng.env}"
|
||||||
source "$LXC_ENV"
|
source "$LXC_ENV"
|
||||||
lxc_set_suite_env
|
lxc_set_suite_env
|
||||||
|
|
||||||
|
|
457
utils/morty.sh
457
utils/morty.sh
|
@ -3,10 +3,6 @@
|
||||||
|
|
||||||
# shellcheck source=utils/lib.sh
|
# shellcheck source=utils/lib.sh
|
||||||
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
|
||||||
# shellcheck source=utils/lib_go.sh
|
|
||||||
source "${REPO_ROOT}/utils/lib_go.sh"
|
|
||||||
# shellcheck source=utils/lib_install.sh
|
|
||||||
source "${REPO_ROOT}/utils/lib_install.sh"
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
# config
|
# config
|
||||||
|
@ -16,24 +12,9 @@ MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}"
|
||||||
PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty/}"
|
PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty/}"
|
||||||
PUBLIC_URL_MORTY="${PUBLIC_URL_MORTY:-$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}}"
|
PUBLIC_URL_MORTY="${PUBLIC_URL_MORTY:-$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}}"
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
MORTY_TIMEOUT=5
|
|
||||||
|
|
||||||
SERVICE_NAME="morty"
|
SERVICE_NAME="morty"
|
||||||
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
|
SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}"
|
||||||
SERVICE_HOME_BASE="${SERVICE_HOME_BASE:-/usr/local}"
|
|
||||||
SERVICE_HOME="${SERVICE_HOME_BASE}/${SERVICE_USER}"
|
|
||||||
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
|
SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service"
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SERVICE_GROUP="${SERVICE_USER}"
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SERVICE_ENV_DEBUG=false
|
|
||||||
|
|
||||||
GO_ENV="${SERVICE_HOME}/.go_env"
|
|
||||||
GO_VERSION="go1.17.2"
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
CONFIG_FILES=()
|
|
||||||
|
|
||||||
# Apache Settings
|
# Apache Settings
|
||||||
|
|
||||||
|
@ -47,267 +28,45 @@ usage() {
|
||||||
# shellcheck disable=SC1117
|
# shellcheck disable=SC1117
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
usage::
|
usage::
|
||||||
$(basename "$0") shell
|
$(basename "$0") remove all
|
||||||
$(basename "$0") install [all|check|user]
|
$(basename "$0") apache remove
|
||||||
$(basename "$0") reinstall all
|
$(basename "$0") nginx remove
|
||||||
$(basename "$0") update [morty]
|
|
||||||
$(basename "$0") remove [all]
|
|
||||||
$(basename "$0") activate [service]
|
|
||||||
$(basename "$0") deactivate [service]
|
|
||||||
$(basename "$0") inspect [service]
|
|
||||||
$(basename "$0") option [debug-on|debug-off|new-key]
|
|
||||||
$(basename "$0") apache [install|remove]
|
|
||||||
$(basename "$0") nginx [install|remove]
|
|
||||||
$(basename "$0") info [searx]
|
|
||||||
|
|
||||||
shell
|
remove all : drop all components of the morty service
|
||||||
start interactive shell from user ${SERVICE_USER}
|
apache remove : drop apache site ${APACHE_MORTY_SITE}
|
||||||
install / remove
|
nginx remove : drop nginx site ${NGINX_MORTY_SITE}
|
||||||
:all: complete setup of morty service
|
|
||||||
:user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME)
|
|
||||||
install
|
|
||||||
:check: check the morty installation
|
|
||||||
reinstall:
|
|
||||||
:all: runs 'install/remove all'
|
|
||||||
update morty
|
|
||||||
Update morty installation ($SERVICE_HOME)
|
|
||||||
activate service
|
|
||||||
activate and start service daemon (systemd unit)
|
|
||||||
deactivate service
|
|
||||||
stop and deactivate service daemon (systemd unit)
|
|
||||||
inspect service
|
|
||||||
show service status and log
|
|
||||||
option
|
|
||||||
set one of the available options
|
|
||||||
:new-key: set new morty key
|
|
||||||
apache : ${PUBLIC_URL_MORTY}
|
|
||||||
:install: apache site with a reverse proxy (ProxyPass)
|
|
||||||
:remove: apache site ${APACHE_MORTY_SITE}
|
|
||||||
nginx (${PUBLIC_URL_MORTY})
|
|
||||||
:install: nginx site with a reverse proxy (ProxyPass)
|
|
||||||
:remove: nginx site ${NGINX_MORTY_SITE}
|
|
||||||
----
|
|
||||||
sourced ${DOT_CONFIG} :
|
|
||||||
SERVICE_USER : ${SERVICE_USER}
|
|
||||||
SERVICE_HOME : ${SERVICE_HOME}
|
|
||||||
PUBLIC_URL_MORTY: : ${PUBLIC_URL_MORTY}
|
|
||||||
MORTY_LISTEN: : ${MORTY_LISTEN}
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
install_log_searx_instance
|
|
||||||
if in_container; then
|
|
||||||
# in containers the service is listening on 0.0.0.0 (see lxc-searx.env)
|
|
||||||
for ip in $(global_IPs) ; do
|
|
||||||
if [[ $ip =~ .*:.* ]]; then
|
|
||||||
echo " container URL (IPv6): http://[${ip#*|}]:3000/"
|
|
||||||
else
|
|
||||||
# IPv4:
|
|
||||||
echo " container URL (IPv4): http://${ip#*|}:3000/"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
info_searx
|
|
||||||
|
|
||||||
[[ -n ${1} ]] && err_msg "$1"
|
[[ -n ${1} ]] && err_msg "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
info_searx() {
|
|
||||||
# shellcheck disable=SC1117
|
|
||||||
cat <<EOF
|
|
||||||
To activate result and image proxy in SearXNG read:
|
|
||||||
https://docs.searxng.org/admin/morty.html
|
|
||||||
Check settings in file ${SEARXNG_SETTINGS_PATH} ...
|
|
||||||
result_proxy:
|
|
||||||
url : ${PUBLIC_URL_MORTY}
|
|
||||||
server:
|
|
||||||
image_proxy : True
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
required_commands \
|
|
||||||
sudo install git wget curl \
|
|
||||||
|| exit
|
|
||||||
|
|
||||||
local _usage="ERROR: unknown or missing $1 command $2"
|
local _usage="ERROR: unknown or missing $1 command $2"
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
--getenv) var="$2"; echo "${!var}"; exit 0;;
|
|
||||||
-h|--help) usage; exit 0;;
|
-h|--help) usage; exit 0;;
|
||||||
|
|
||||||
shell)
|
|
||||||
sudo_or_exit
|
|
||||||
interactive_shell "${SERVICE_USER}"
|
|
||||||
;;
|
|
||||||
inspect)
|
|
||||||
case $2 in
|
|
||||||
service)
|
|
||||||
sudo_or_exit
|
|
||||||
inspect_service
|
|
||||||
;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
reinstall)
|
|
||||||
rst_title "re-install $SERVICE_NAME" part
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
all)
|
|
||||||
remove_all
|
|
||||||
install_all
|
|
||||||
;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
install)
|
|
||||||
rst_title "$SERVICE_NAME" part
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
all) install_all ;;
|
|
||||||
check)
|
|
||||||
rst_title "Check morty installation" part
|
|
||||||
install_check
|
|
||||||
;;
|
|
||||||
user) assert_user ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
update)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
morty) update_morty ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
remove)
|
remove)
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
case $2 in
|
case $2 in
|
||||||
all) remove_all;;
|
all) remove_all;;
|
||||||
user) drop_service_account "${SERVICE_USER}" ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
activate)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
service) systemd_activate_service "${SERVICE_NAME}" ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
deactivate)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
service) systemd_deactivate_service "${SERVICE_NAME}" ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
*) usage "$_usage"; exit 42;;
|
||||||
esac ;;
|
esac ;;
|
||||||
apache)
|
apache)
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
case $2 in
|
case $2 in
|
||||||
install) install_apache_site ;;
|
|
||||||
remove) remove_apache_site ;;
|
remove) remove_apache_site ;;
|
||||||
*) usage "$_usage"; exit 42;;
|
*) usage "$_usage"; exit 42;;
|
||||||
esac ;;
|
esac ;;
|
||||||
nginx)
|
nginx)
|
||||||
sudo_or_exit
|
sudo_or_exit
|
||||||
case $2 in
|
case $2 in
|
||||||
install) install_nginx_site ;;
|
|
||||||
remove) remove_nginx_site ;;
|
remove) remove_nginx_site ;;
|
||||||
*) usage "$_usage"; exit 42;;
|
*) usage "$_usage"; exit 42;;
|
||||||
esac ;;
|
esac ;;
|
||||||
info)
|
|
||||||
case $2 in
|
|
||||||
searx) info_searx ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
option)
|
|
||||||
sudo_or_exit
|
|
||||||
case $2 in
|
|
||||||
new-key) set_new_key ;;
|
|
||||||
debug-on) enable_debug ;;
|
|
||||||
debug-off) disable_debug ;;
|
|
||||||
*) usage "$_usage"; exit 42;;
|
|
||||||
esac ;;
|
|
||||||
doc) rst-doc ;;
|
|
||||||
*) usage "ERROR: unknown or missing command $1"; exit 42;;
|
*) usage "ERROR: unknown or missing command $1"; exit 42;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
install_all() {
|
|
||||||
|
|
||||||
MORTY_KEY="$(head -c 32 /dev/urandom | base64)"
|
|
||||||
|
|
||||||
rst_title "Install $SERVICE_NAME (service)"
|
|
||||||
assert_user
|
|
||||||
wait_key
|
|
||||||
go.golang "${GO_VERSION}" "${SERVICE_USER}"
|
|
||||||
wait_key
|
|
||||||
install_morty
|
|
||||||
wait_key
|
|
||||||
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
|
|
||||||
wait_key
|
|
||||||
if ! service_is_available "http://${MORTY_LISTEN}" ; then
|
|
||||||
err_msg "Morty is not listening on: http://${MORTY_LISTEN}"
|
|
||||||
fi
|
|
||||||
if apache_is_installed; then
|
|
||||||
info_msg "Apache is installed on this host."
|
|
||||||
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
|
|
||||||
install_apache_site
|
|
||||||
fi
|
|
||||||
elif nginx_is_installed; then
|
|
||||||
info_msg "nginx is installed on this host."
|
|
||||||
if ask_yn "Do you want to install a reverse proxy (ProxyPass)" Yn; then
|
|
||||||
install_nginx_site
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
info_searx
|
|
||||||
if ask_yn "Add image and result proxy to SearXNG settings.yml?" Yn; then
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}"
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" option image-proxy-on
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ask_yn "Do you want to inspect the installation?" Ny; then
|
|
||||||
inspect_service
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
install_check() {
|
|
||||||
|
|
||||||
if service_account_is_available "$SERVICE_USER"; then
|
|
||||||
info_msg "service account $SERVICE_USER available."
|
|
||||||
else
|
|
||||||
err_msg "service account $SERVICE_USER not available!"
|
|
||||||
fi
|
|
||||||
if go_is_available "$SERVICE_USER"; then
|
|
||||||
info_msg "~$SERVICE_USER: go is installed"
|
|
||||||
else
|
|
||||||
err_msg "~$SERVICE_USER: go is not installed"
|
|
||||||
fi
|
|
||||||
if morty_is_installed; then
|
|
||||||
info_msg "~$SERVICE_USER: morty app is installed"
|
|
||||||
else
|
|
||||||
err_msg "~$SERVICE_USER: morty app is not installed!"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! service_is_available "http://${MORTY_LISTEN}" ; then
|
|
||||||
err_msg "Morty is not listening on: http://${MORTY_LISTEN}"
|
|
||||||
echo -e "${_Green}stop with [${_BCyan}CTRL-C${_Green}] or .."
|
|
||||||
wait_key
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
|
|
||||||
warn_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
|
|
||||||
if ! in_container; then
|
|
||||||
warn_msg "Check if public name is correct and routed or use the public IP from above."
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "${GO_VERSION}" > "$(go_version)" ]]; then
|
|
||||||
warn_msg "golang ($(go_version)) needs to be $GO_VERSION at least"
|
|
||||||
warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all"
|
|
||||||
else
|
|
||||||
info_msg "golang $(go_version) is installed (min needed is: $GO_VERSION)"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
go_version(){
|
|
||||||
go.version "${SERVICE_USER}"
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_all() {
|
remove_all() {
|
||||||
rst_title "De-Install $SERVICE_NAME (service)"
|
rst_title "De-Install $SERVICE_NAME (service)"
|
||||||
|
@ -321,152 +80,6 @@ installations that were installed with this script."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
assert_user() {
|
|
||||||
rst_title "user $SERVICE_USER" section
|
|
||||||
echo
|
|
||||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
|
||||||
useradd --shell /bin/bash --system \
|
|
||||||
--home-dir "$SERVICE_HOME" \
|
|
||||||
--comment 'Web content sanitizer proxy' $SERVICE_USER
|
|
||||||
mkdir "$SERVICE_HOME"
|
|
||||||
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
|
||||||
groups $SERVICE_USER
|
|
||||||
EOF
|
|
||||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
|
||||||
export SERVICE_HOME
|
|
||||||
echo "export SERVICE_HOME=$SERVICE_HOME"
|
|
||||||
|
|
||||||
tee_stderr <<EOF | sudo -i -u "$SERVICE_USER"
|
|
||||||
touch $GO_ENV
|
|
||||||
grep -qFs -- 'source "$GO_ENV"' ~/.profile || echo 'source "$GO_ENV"' >> ~/.profile
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
morty_is_installed() {
|
|
||||||
[[ -f $SERVICE_HOME/go-apps/bin/morty ]]
|
|
||||||
}
|
|
||||||
|
|
||||||
install_morty() {
|
|
||||||
rst_title "Install morty in user's ~/go-apps" section
|
|
||||||
echo
|
|
||||||
go.install github.com/asciimoo/morty@latest "${SERVICE_USER}"
|
|
||||||
}
|
|
||||||
|
|
||||||
update_morty() {
|
|
||||||
rst_title "Update morty" section
|
|
||||||
echo
|
|
||||||
go.install github.com/asciimoo/morty@latest "${SERVICE_USER}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set_service_env_debug() {
|
|
||||||
|
|
||||||
# usage: set_service_env_debug [false|true]
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
local SERVICE_ENV_DEBUG="${1:-false}"
|
|
||||||
if systemd_remove_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"; then
|
|
||||||
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
inspect_service() {
|
|
||||||
|
|
||||||
rst_title "service status & log"
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
sourced ${DOT_CONFIG} :
|
|
||||||
SERVICE_USER : ${SERVICE_USER}
|
|
||||||
SERVICE_HOME : ${SERVICE_HOME}
|
|
||||||
PUBLIC_URL_MORTY: : ${PUBLIC_URL_MORTY}
|
|
||||||
MORTY_LISTEN: : ${MORTY_LISTEN}
|
|
||||||
|
|
||||||
EOF
|
|
||||||
install_log_searx_instance
|
|
||||||
|
|
||||||
install_check
|
|
||||||
|
|
||||||
if in_container; then
|
|
||||||
lxc_suite_info
|
|
||||||
else
|
|
||||||
info_msg "public URL --> ${PUBLIC_URL_MORTY}"
|
|
||||||
info_msg "morty URL --> http://${MORTY_LISTEN}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
local _debug_on
|
|
||||||
if ask_yn "Enable morty debug mode (needs reinstall of systemd service)?"; then
|
|
||||||
enable_debug
|
|
||||||
_debug_on=1
|
|
||||||
else
|
|
||||||
systemctl --no-pager -l status "${SERVICE_NAME}"
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
|
|
||||||
# shellcheck disable=SC2059
|
|
||||||
printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log"
|
|
||||||
read -r -s -n1 -t 5
|
|
||||||
echo
|
|
||||||
while true; do
|
|
||||||
trap break 2
|
|
||||||
journalctl -f -u "${SERVICE_NAME}"
|
|
||||||
done
|
|
||||||
|
|
||||||
if [[ $_debug_on == 1 ]]; then
|
|
||||||
FORCE_SELECTION=Y disable_debug
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
enable_debug() {
|
|
||||||
warn_msg "Do not enable debug in production environments!!"
|
|
||||||
info_msg "Enabling debug option needs to reinstall systemd service!"
|
|
||||||
set_service_env_debug true
|
|
||||||
}
|
|
||||||
|
|
||||||
disable_debug() {
|
|
||||||
info_msg "Disabling debug option needs to reinstall systemd service!"
|
|
||||||
set_service_env_debug false
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
set_new_key() {
|
|
||||||
rst_title "Set morty key"
|
|
||||||
echo
|
|
||||||
|
|
||||||
MORTY_KEY="$(head -c 32 /dev/urandom | base64)"
|
|
||||||
info_msg "morty key: '${MORTY_KEY}'"
|
|
||||||
|
|
||||||
warn_msg "this will need to reinstall services .."
|
|
||||||
MSG="${_Green}press any [${_BCyan}KEY${_Green}] to continue // stop with [${_BCyan}CTRL-C${_creset}]" wait_key
|
|
||||||
|
|
||||||
systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}"
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" option image-proxy-on
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
install_apache_site() {
|
|
||||||
|
|
||||||
rst_title "Install Apache site $APACHE_MORTY_SITE"
|
|
||||||
|
|
||||||
rst_para "\
|
|
||||||
This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE})"
|
|
||||||
|
|
||||||
! apache_is_installed && err_msg "Apache is not installed."
|
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to continue?" Yn; then
|
|
||||||
return
|
|
||||||
else
|
|
||||||
install_apache
|
|
||||||
fi
|
|
||||||
|
|
||||||
apache_install_site "${APACHE_MORTY_SITE}"
|
|
||||||
|
|
||||||
info_msg "testing public url .."
|
|
||||||
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
|
|
||||||
err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_apache_site() {
|
remove_apache_site() {
|
||||||
|
|
||||||
|
@ -484,35 +97,6 @@ This removes apache site ${APACHE_MORTY_SITE}."
|
||||||
apache_remove_site "$APACHE_MORTY_SITE"
|
apache_remove_site "$APACHE_MORTY_SITE"
|
||||||
}
|
}
|
||||||
|
|
||||||
install_nginx_site() {
|
|
||||||
|
|
||||||
rst_title "Install nginx site $NGINX_MORTY_SITE"
|
|
||||||
|
|
||||||
rst_para "\
|
|
||||||
This installs a reverse proxy (ProxyPass) into nginx site (${NGINX_MORTY_SITE})"
|
|
||||||
|
|
||||||
! nginx_is_installed && err_msg "nginx is not installed."
|
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to continue?" Yn; then
|
|
||||||
return
|
|
||||||
else
|
|
||||||
install_nginx
|
|
||||||
fi
|
|
||||||
|
|
||||||
"${REPO_ROOT}/utils/searx.sh" install uwsgi
|
|
||||||
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)
|
|
||||||
# shellcheck disable=SC2034
|
|
||||||
SEARXNG_URL_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_URL_PATH)
|
|
||||||
nginx_install_app "${NGINX_MORTY_SITE}"
|
|
||||||
|
|
||||||
info_msg "testing public url .."
|
|
||||||
if ! service_is_available "${PUBLIC_URL_MORTY}"; then
|
|
||||||
err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_nginx_site() {
|
remove_nginx_site() {
|
||||||
|
|
||||||
rst_title "Remove nginx site $NGINX_MORTY_SITE"
|
rst_title "Remove nginx site $NGINX_MORTY_SITE"
|
||||||
|
@ -526,37 +110,10 @@ This removes nginx site ${NGINX_MORTY_SITE}."
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
nginx_remove_site "$NGINX_MORTY_SITE"
|
nginx_remove_app "$NGINX_MORTY_SITE"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
rst-doc() {
|
|
||||||
|
|
||||||
eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/morty.rst")\""
|
|
||||||
|
|
||||||
echo -e "\n.. START install systemd unit"
|
|
||||||
cat <<EOF
|
|
||||||
.. tabs::
|
|
||||||
|
|
||||||
.. group-tab:: systemd
|
|
||||||
|
|
||||||
.. code:: bash
|
|
||||||
|
|
||||||
EOF
|
|
||||||
eval "echo \"$(< "${TEMPLATES}/${SERVICE_SYSTEMD_UNIT}")\"" | prefix_stdout " "
|
|
||||||
echo -e "\n.. END install systemd unit"
|
|
||||||
|
|
||||||
# for DIST_NAME in ubuntu-20.04 arch fedora centos; do
|
|
||||||
# (
|
|
||||||
# DIST_ID=${DIST_NAME%-*}
|
|
||||||
# DIST_VERS=${DIST_NAME#*-}
|
|
||||||
# [[ $DIST_VERS =~ $DIST_ID ]] && DIST_VERS=
|
|
||||||
# # ...
|
|
||||||
# )
|
|
||||||
# done
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
main "$@"
|
main "$@"
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
|
|
1031
utils/searx.sh
1031
utils/searx.sh
File diff suppressed because it is too large
Load diff
1017
utils/searxng.sh
Executable file
1017
utils/searxng.sh
Executable file
File diff suppressed because it is too large
Load diff
|
@ -25,3 +25,10 @@ if os.path.isfile(OLD_SETTING):
|
||||||
os.environ.get('SEARXNG_SETTINGS_PATH', '/etc/searxng/settings.yml')
|
os.environ.get('SEARXNG_SETTINGS_PATH', '/etc/searxng/settings.yml')
|
||||||
))
|
))
|
||||||
warnings.warn(msg, DeprecationWarning)
|
warnings.warn(msg, DeprecationWarning)
|
||||||
|
|
||||||
|
from searx.shared import redisdb
|
||||||
|
from searx import get_setting
|
||||||
|
|
||||||
|
if not redisdb.init():
|
||||||
|
warnings.warn("can't connect to redis DB at: %s" % get_setting('redis.url'), RuntimeWarning, stacklevel=2)
|
||||||
|
warnings.warn("--> no bot protection without redis DB", RuntimeWarning, stacklevel=2)
|
||||||
|
|
|
@ -1,129 +0,0 @@
|
||||||
[
|
|
||||||
{
|
|
||||||
"name": "roboagent limit",
|
|
||||||
"filters": [
|
|
||||||
"Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)"
|
|
||||||
],
|
|
||||||
"limit": 0,
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "botlimit",
|
|
||||||
"filters": [
|
|
||||||
"Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"
|
|
||||||
],
|
|
||||||
"limit": 0,
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "suspiciously frequent IP",
|
|
||||||
"filters": [],
|
|
||||||
"interval": 600,
|
|
||||||
"limit": 30,
|
|
||||||
"aggregations": [
|
|
||||||
"Header:X-Forwarded-For"
|
|
||||||
],
|
|
||||||
"actions":[
|
|
||||||
{"name":"log"}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "search request",
|
|
||||||
"filters": [
|
|
||||||
"Param:q",
|
|
||||||
"Path=^(/|/search)$"
|
|
||||||
],
|
|
||||||
"interval": 61,
|
|
||||||
"limit": 999,
|
|
||||||
"subrules": [
|
|
||||||
{
|
|
||||||
"name": "missing Accept-Language",
|
|
||||||
"filters": ["!Header:Accept-Language"],
|
|
||||||
"limit": 0,
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{"name":"log"},
|
|
||||||
{"name": "block",
|
|
||||||
"params": {"message": "Rate limit exceeded"}}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "suspiciously Connection=close header",
|
|
||||||
"filters": ["Header:Connection=close"],
|
|
||||||
"limit": 0,
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{"name":"log"},
|
|
||||||
{"name": "block",
|
|
||||||
"params": {"message": "Rate limit exceeded"}}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "IP limit",
|
|
||||||
"interval": 61,
|
|
||||||
"limit": 9,
|
|
||||||
"stop": true,
|
|
||||||
"aggregations": [
|
|
||||||
"Header:X-Forwarded-For"
|
|
||||||
],
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "rss/json limit",
|
|
||||||
"filters": [
|
|
||||||
"Param:format=(csv|json|rss)"
|
|
||||||
],
|
|
||||||
"interval": 121,
|
|
||||||
"limit": 2,
|
|
||||||
"stop": true,
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "useragent limit",
|
|
||||||
"interval": 61,
|
|
||||||
"limit": 199,
|
|
||||||
"aggregations": [
|
|
||||||
"Header:User-Agent"
|
|
||||||
],
|
|
||||||
"actions": [
|
|
||||||
{ "name": "log"},
|
|
||||||
{ "name": "block",
|
|
||||||
"params": {
|
|
||||||
"message": "Rate limit exceeded"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
|
@ -1,28 +0,0 @@
|
||||||
# -*- coding: utf-8; mode: apache -*-
|
|
||||||
|
|
||||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
|
||||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
|
||||||
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
|
|
||||||
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location ${PUBLIC_URL_PATH_MORTY} >
|
|
||||||
|
|
||||||
<IfModule mod_security2.c>
|
|
||||||
SecRuleEngine Off
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass http://${MORTY_LISTEN}
|
|
||||||
RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
|
|
||||||
|
|
||||||
</Location>
|
|
41
utils/templates/etc/httpd/sites-available/searxng.conf
Normal file
41
utils/templates/etc/httpd/sites-available/searxng.conf
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# -*- coding: utf-8; mode: apache -*-
|
||||||
|
|
||||||
|
LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so
|
||||||
|
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||||
|
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
|
||||||
|
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||||
|
#
|
||||||
|
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
|
<Location ${SEARXNG_URL_PATH}>
|
||||||
|
|
||||||
|
Require all granted
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
|
Allow from all
|
||||||
|
|
||||||
|
# add the trailing slash
|
||||||
|
RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyPass http://${SEARXNG_INTERNAL_HTTP}
|
||||||
|
|
||||||
|
# see flaskfix.py
|
||||||
|
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
|
||||||
|
RequestHeader set X-Script-Name ${SEARXNG_URL_PATH}
|
||||||
|
|
||||||
|
# see limiter.py
|
||||||
|
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
|
||||||
|
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
|
||||||
|
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
|
#
|
||||||
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
|
#
|
||||||
|
# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/
|
|
@ -1,33 +0,0 @@
|
||||||
# -*- coding: utf-8; mode: apache -*-
|
|
||||||
|
|
||||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
|
||||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
|
||||||
LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
|
|
||||||
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
# SecRuleRemoveById 981054
|
|
||||||
# SecRuleRemoveById 981059
|
|
||||||
# SecRuleRemoveById 981060
|
|
||||||
# SecRuleRemoveById 950907
|
|
||||||
|
|
||||||
<Location ${FILTRON_URL_PATH} >
|
|
||||||
|
|
||||||
<IfModule mod_security2.c>
|
|
||||||
SecRuleEngine Off
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass http://${FILTRON_LISTEN}
|
|
||||||
RequestHeader set X-Script-Name ${FILTRON_URL_PATH}
|
|
||||||
|
|
||||||
</Location>
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
# -*- coding: utf-8; mode: apache -*-
|
||||||
|
|
||||||
|
LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so
|
||||||
|
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||||
|
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
|
||||||
|
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||||
|
#
|
||||||
|
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
|
<Location ${SEARXNG_URL_PATH}>
|
||||||
|
|
||||||
|
Require all granted
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
|
Allow from all
|
||||||
|
|
||||||
|
# add the trailing slash
|
||||||
|
RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyPass unix:${SEARXNG_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searxng/
|
||||||
|
|
||||||
|
# see flaskfix.py
|
||||||
|
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
|
||||||
|
RequestHeader set X-Script-Name ${SEARXNG_URL_PATH}
|
||||||
|
|
||||||
|
# see limiter.py
|
||||||
|
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
|
||||||
|
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
|
||||||
|
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
|
#
|
||||||
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
|
#
|
||||||
|
# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/
|
|
@ -1,27 +0,0 @@
|
||||||
# -*- coding: utf-8; mode: apache -*-
|
|
||||||
|
|
||||||
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
|
||||||
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
|
||||||
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
|
|
||||||
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location ${SEARXNG_URL_PATH}>
|
|
||||||
|
|
||||||
<IfModule mod_security2.c>
|
|
||||||
SecRuleEngine Off
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/
|
|
||||||
|
|
||||||
</Location>
|
|
|
@ -1,11 +0,0 @@
|
||||||
# https://example.org/morty
|
|
||||||
|
|
||||||
location /morty {
|
|
||||||
proxy_pass http://127.0.0.1:3000/;
|
|
||||||
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header Connection \$http_connection;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Scheme \$scheme;
|
|
||||||
}
|
|
|
@ -1,16 +1,29 @@
|
||||||
# https://example.org/searx
|
|
||||||
|
|
||||||
location ${SEARXNG_URL_PATH} {
|
location ${SEARXNG_URL_PATH} {
|
||||||
proxy_pass http://127.0.0.1:4004/;
|
|
||||||
|
proxy_pass http://${SEARXNG_INTERNAL_HTTP};
|
||||||
|
|
||||||
proxy_set_header Host \$host;
|
proxy_set_header Host \$host;
|
||||||
proxy_set_header Connection \$http_connection;
|
proxy_set_header Connection \$http_connection;
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
# see flaskfix.py
|
||||||
proxy_set_header X-Scheme \$scheme;
|
proxy_set_header X-Scheme \$scheme;
|
||||||
proxy_set_header X-Script-Name ${SEARXNG_URL_PATH};
|
proxy_set_header X-Script-Name ${SEARXNG_URL_PATH};
|
||||||
|
|
||||||
|
# see limiter.py
|
||||||
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
# proxy_buffering off;
|
||||||
|
# proxy_request_buffering off;
|
||||||
|
# proxy_buffer_size 8k;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location ${SEARXNG_URL_PATH}/static/ {
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
alias ${SEARX_SRC}/searx/static/;
|
#
|
||||||
}
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
|
#
|
||||||
|
# location ${SEARXNG_URL_PATH}/static/ {
|
||||||
|
# alias ${SEARXNG_STATIC}/;
|
||||||
|
# }
|
|
@ -0,0 +1,26 @@
|
||||||
|
location ${SEARXNG_URL_PATH} {
|
||||||
|
|
||||||
|
uwsgi_pass unix://${SEARXNG_UWSGI_SOCKET};
|
||||||
|
|
||||||
|
include uwsgi_params;
|
||||||
|
|
||||||
|
uwsgi_param HTTP_HOST \$host;
|
||||||
|
uwsgi_param HTTP_CONNECTION \$http_connection;
|
||||||
|
|
||||||
|
# see flaskfix.py
|
||||||
|
uwsgi_param HTTP_X_SCHEME \$scheme;
|
||||||
|
uwsgi_param HTTP_X_SCRIPT_NAME ${SEARXNG_URL_PATH};
|
||||||
|
|
||||||
|
# see limiter.py
|
||||||
|
uwsgi_param HTTP_X_REAL_IP \$remote_addr;
|
||||||
|
uwsgi_param HTTP_X_FORWARDED_FOR \$proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
|
||||||
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
|
#
|
||||||
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
|
#
|
||||||
|
# location ${SEARXNG_URL_PATH}/static/ {
|
||||||
|
# alias ${SEARXNG_STATIC}/;
|
||||||
|
# }
|
|
@ -1,46 +1,55 @@
|
||||||
# SearXNG settings, before editing this file read:
|
# SearXNG settings
|
||||||
#
|
|
||||||
# https://docs.searxng.org/admin/engines/settings.html
|
|
||||||
|
|
||||||
use_default_settings: true
|
use_default_settings: true
|
||||||
|
|
||||||
general:
|
general:
|
||||||
# Debug mode, only for development
|
|
||||||
debug: false
|
debug: false
|
||||||
# change displayed name
|
instance_name: "SearXNG"
|
||||||
# instance_name: "SearXNG"
|
|
||||||
|
|
||||||
search:
|
search:
|
||||||
# Filter results. 0: None, 1: Moderate, 2: Strict
|
safe_search: 2
|
||||||
safe_search: 0
|
autocomplete: 'duckduckgo'
|
||||||
# Existing autocomplete backends: "dbpedia", "duckduckgo", "google",
|
|
||||||
# "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off
|
|
||||||
# by default.
|
|
||||||
autocomplete: ''
|
|
||||||
# Default search language - leave blank to detect from browser information or
|
|
||||||
# use codes from 'languages.py'
|
|
||||||
default_lang: ''
|
|
||||||
# remove format to deny access, use lower case.
|
|
||||||
formats:
|
|
||||||
- html
|
|
||||||
|
|
||||||
server:
|
server:
|
||||||
secret_key: "ultrasecretkey" # change this!
|
secret_key: "ultrasecretkey"
|
||||||
# Proxying image results through SearXNG
|
limiter: true
|
||||||
image_proxy: false
|
image_proxy: true
|
||||||
|
|
||||||
# result_proxy:
|
redis:
|
||||||
# url: http://127.0.0.1:3000/
|
url: unix:///usr/local/searxng-redis/run/redis.sock?db=0
|
||||||
# key: !!binary "your_morty_proxy_key"
|
|
||||||
|
ui:
|
||||||
|
static_use_hash: true
|
||||||
|
|
||||||
|
# preferences:
|
||||||
|
# lock:
|
||||||
|
# - autocomplete
|
||||||
|
# - method
|
||||||
|
|
||||||
|
enabled_plugins:
|
||||||
|
- 'Hash plugin'
|
||||||
|
- 'Search on category select'
|
||||||
|
- 'Self Informations'
|
||||||
|
- 'Tracker URL remover'
|
||||||
|
- 'Ahmia blacklist'
|
||||||
|
# - 'Hostname replace' # see hostname_replace configuration below
|
||||||
|
# - 'Infinite scroll'
|
||||||
|
# - 'Open Access DOI rewrite'
|
||||||
|
# - 'Vim-like hotkeys'
|
||||||
|
|
||||||
# plugins:
|
# plugins:
|
||||||
# - only_show_green_results
|
# - only_show_green_results
|
||||||
|
|
||||||
# engines:
|
# hostname_replace:
|
||||||
#
|
|
||||||
# - name: duckduckgo
|
|
||||||
# disabled: false
|
|
||||||
#
|
#
|
||||||
|
# # twitter --> nitter
|
||||||
|
# '(www\.)?twitter\.com$': 'nitter.net'
|
||||||
|
|
||||||
|
engines:
|
||||||
|
|
||||||
|
- name: google
|
||||||
|
use_mobile_ui: true
|
||||||
|
|
||||||
# - name: fdroid
|
# - name: fdroid
|
||||||
# disabled: false
|
# disabled: false
|
||||||
#
|
#
|
||||||
|
@ -48,6 +57,13 @@ server:
|
||||||
# disabled: false
|
# disabled: false
|
||||||
#
|
#
|
||||||
# - name: mediathekviewweb
|
# - name: mediathekviewweb
|
||||||
# engine: mediathekviewweb
|
# categories: TV
|
||||||
# shortcut: mvw
|
# disabled: false
|
||||||
# categories: general
|
#
|
||||||
|
# - name: invidious
|
||||||
|
# disabled: false
|
||||||
|
# base_url:
|
||||||
|
# - https://invidious.snopyta.org
|
||||||
|
# - https://invidious.tiekoetter.com
|
||||||
|
# - https://invidio.xamh.de
|
||||||
|
# - https://inv.riverside.rocks
|
||||||
|
|
|
@ -16,7 +16,7 @@ env = LANGUAGE=C.UTF-8
|
||||||
env = LC_ALL=C.UTF-8
|
env = LC_ALL=C.UTF-8
|
||||||
|
|
||||||
# chdir to specified directory before apps loading
|
# chdir to specified directory before apps loading
|
||||||
chdir = ${SEARX_SRC}/searx
|
chdir = ${SEARXNG_SRC}/searx
|
||||||
|
|
||||||
# SearXNG configuration (settings.yml)
|
# SearXNG configuration (settings.yml)
|
||||||
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
||||||
|
@ -57,37 +57,27 @@ enable-threads = true
|
||||||
module = searx.webapp
|
module = searx.webapp
|
||||||
|
|
||||||
# set PYTHONHOME/virtualenv
|
# set PYTHONHOME/virtualenv
|
||||||
virtualenv = ${SEARX_PYENV}
|
virtualenv = ${SEARXNG_PYENV}
|
||||||
|
|
||||||
# add directory (or glob) to pythonpath
|
# add directory (or glob) to pythonpath
|
||||||
pythonpath = ${SEARX_SRC}
|
pythonpath = ${SEARXNG_SRC}
|
||||||
|
|
||||||
|
|
||||||
# speak to upstream
|
# speak to upstream
|
||||||
# -----------------
|
# -----------------
|
||||||
#
|
|
||||||
# Activate the 'http' configuration for filtron or activate the 'socket'
|
|
||||||
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
|
|
||||||
|
|
||||||
# using IP:
|
|
||||||
#
|
|
||||||
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
|
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
|
||||||
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
|
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
|
||||||
|
|
||||||
http = ${SEARX_INTERNAL_HTTP}
|
http = ${SEARXNG_INTERNAL_HTTP}
|
||||||
|
|
||||||
# using unix-sockets:
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
#
|
#
|
||||||
# On some distributions you need to create the app folder for the sockets::
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
#
|
#
|
||||||
# mkdir -p ${SEARX_UWSGI_SOCKET}
|
static-map = /static=${SEARXNG_STATIC}
|
||||||
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET}
|
|
||||||
#
|
|
||||||
# socket = ${SEARX_UWSGI_SOCKET}
|
|
||||||
|
|
||||||
# uwsgi serves the static files
|
|
||||||
# expires set to one year since there are hashes
|
# expires set to one year since there are hashes
|
||||||
static-map = /static=${SEARX_SRC}/searx/static
|
|
||||||
static-expires = /* 31557600
|
static-expires = /* 31557600
|
||||||
static-gzip-all = True
|
static-gzip-all = True
|
||||||
offload-threads = %k
|
offload-threads = %k
|
||||||
|
|
|
@ -16,7 +16,7 @@ env = LANGUAGE=C.UTF-8
|
||||||
env = LC_ALL=C.UTF-8
|
env = LC_ALL=C.UTF-8
|
||||||
|
|
||||||
# chdir to specified directory before apps loading
|
# chdir to specified directory before apps loading
|
||||||
chdir = ${SEARX_SRC}/searx
|
chdir = ${SEARXNG_SRC}/searx
|
||||||
|
|
||||||
# SearXNG configuration (settings.yml)
|
# SearXNG configuration (settings.yml)
|
||||||
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
||||||
|
@ -57,37 +57,24 @@ enable-threads = true
|
||||||
module = searx.webapp
|
module = searx.webapp
|
||||||
|
|
||||||
# set PYTHONHOME/virtualenv
|
# set PYTHONHOME/virtualenv
|
||||||
virtualenv = ${SEARX_PYENV}
|
virtualenv = ${SEARXNG_PYENV}
|
||||||
|
|
||||||
# add directory (or glob) to pythonpath
|
# add directory (or glob) to pythonpath
|
||||||
pythonpath = ${SEARX_SRC}
|
pythonpath = ${SEARXNG_SRC}
|
||||||
|
|
||||||
|
|
||||||
# speak to upstream
|
# speak to upstream
|
||||||
# -----------------
|
# -----------------
|
||||||
#
|
|
||||||
# Activate the 'http' configuration for filtron or activate the 'socket'
|
|
||||||
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
|
|
||||||
|
|
||||||
# using IP:
|
socket = ${SEARXNG_UWSGI_SOCKET}
|
||||||
#
|
|
||||||
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
|
|
||||||
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
|
|
||||||
|
|
||||||
# http = ${SEARX_INTERNAL_HTTP}
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
|
|
||||||
# using unix-sockets:
|
|
||||||
#
|
#
|
||||||
# On some distributions you need to create the app folder for the sockets::
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
#
|
#
|
||||||
# mkdir -p ${SEARX_UWSGI_SOCKET}
|
static-map = /static=${SEARXNG_STATIC}
|
||||||
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET}
|
|
||||||
#
|
|
||||||
socket = ${SEARX_UWSGI_SOCKET}
|
|
||||||
|
|
||||||
# uwsgi serves the static files
|
|
||||||
# expires set to one year since there are hashes
|
# expires set to one year since there are hashes
|
||||||
static-map = /static=${SEARX_SRC}/searx/static
|
|
||||||
static-expires = /* 31557600
|
static-expires = /* 31557600
|
||||||
static-gzip-all = True
|
static-gzip-all = True
|
||||||
offload-threads = %k
|
offload-threads = %k
|
||||||
|
|
|
@ -6,7 +6,11 @@
|
||||||
#
|
#
|
||||||
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
|
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
|
||||||
|
|
||||||
# Who will run the code
|
# Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be
|
||||||
|
# ignored [1]. Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini).
|
||||||
|
#
|
||||||
|
# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
|
||||||
|
#
|
||||||
uid = ${SERVICE_USER}
|
uid = ${SERVICE_USER}
|
||||||
gid = ${SERVICE_GROUP}
|
gid = ${SERVICE_GROUP}
|
||||||
|
|
||||||
|
@ -16,7 +20,7 @@ env = LANGUAGE=C.UTF-8
|
||||||
env = LC_ALL=C.UTF-8
|
env = LC_ALL=C.UTF-8
|
||||||
|
|
||||||
# chdir to specified directory before apps loading
|
# chdir to specified directory before apps loading
|
||||||
chdir = ${SEARX_SRC}/searx
|
chdir = ${SEARXNG_SRC}/searx
|
||||||
|
|
||||||
# SearXNG configuration (settings.yml)
|
# SearXNG configuration (settings.yml)
|
||||||
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
||||||
|
@ -56,37 +60,27 @@ enable-threads = true
|
||||||
module = searx.webapp
|
module = searx.webapp
|
||||||
|
|
||||||
# set PYTHONHOME/virtualenv
|
# set PYTHONHOME/virtualenv
|
||||||
virtualenv = ${SEARX_PYENV}
|
virtualenv = ${SEARXNG_PYENV}
|
||||||
|
|
||||||
# add directory (or glob) to pythonpath
|
# add directory (or glob) to pythonpath
|
||||||
pythonpath = ${SEARX_SRC}
|
pythonpath = ${SEARXNG_SRC}
|
||||||
|
|
||||||
|
|
||||||
# speak to upstream
|
# speak to upstream
|
||||||
# -----------------
|
# -----------------
|
||||||
#
|
|
||||||
# Activate the 'http' configuration for filtron or activate the 'socket'
|
|
||||||
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
|
|
||||||
|
|
||||||
# using IP:
|
|
||||||
#
|
|
||||||
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
|
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
|
||||||
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
|
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
|
||||||
|
|
||||||
http = ${SEARX_INTERNAL_HTTP}
|
http = ${SEARXNG_INTERNAL_HTTP}
|
||||||
|
|
||||||
# using unix-sockets:
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
#
|
#
|
||||||
# On some distributions you need to create the app folder for the sockets::
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
#
|
#
|
||||||
# mkdir -p /run/uwsgi/app/searxng
|
static-map = /static=${SEARXNG_STATIC}
|
||||||
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET}
|
|
||||||
#
|
|
||||||
# socket = ${SEARX_UWSGI_SOCKET}
|
|
||||||
|
|
||||||
# uwsgi serves the static files
|
|
||||||
# expires set to one year since there are hashes
|
# expires set to one year since there are hashes
|
||||||
static-map = /static=${SEARX_SRC}/searx/static
|
|
||||||
static-expires = /* 31557600
|
static-expires = /* 31557600
|
||||||
static-gzip-all = True
|
static-gzip-all = True
|
||||||
offload-threads = %k
|
offload-threads = %k
|
||||||
|
|
|
@ -6,7 +6,11 @@
|
||||||
#
|
#
|
||||||
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
|
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
|
||||||
|
|
||||||
# Who will run the code
|
# Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be
|
||||||
|
# ignored [1]. Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini).
|
||||||
|
#
|
||||||
|
# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting
|
||||||
|
#
|
||||||
uid = ${SERVICE_USER}
|
uid = ${SERVICE_USER}
|
||||||
gid = ${SERVICE_GROUP}
|
gid = ${SERVICE_GROUP}
|
||||||
|
|
||||||
|
@ -16,7 +20,7 @@ env = LANGUAGE=C.UTF-8
|
||||||
env = LC_ALL=C.UTF-8
|
env = LC_ALL=C.UTF-8
|
||||||
|
|
||||||
# chdir to specified directory before apps loading
|
# chdir to specified directory before apps loading
|
||||||
chdir = ${SEARX_SRC}/searx
|
chdir = ${SEARXNG_SRC}/searx
|
||||||
|
|
||||||
# SearXNG configuration (settings.yml)
|
# SearXNG configuration (settings.yml)
|
||||||
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH}
|
||||||
|
@ -56,37 +60,24 @@ enable-threads = true
|
||||||
module = searx.webapp
|
module = searx.webapp
|
||||||
|
|
||||||
# set PYTHONHOME/virtualenv
|
# set PYTHONHOME/virtualenv
|
||||||
virtualenv = ${SEARX_PYENV}
|
virtualenv = ${SEARXNG_PYENV}
|
||||||
|
|
||||||
# add directory (or glob) to pythonpath
|
# add directory (or glob) to pythonpath
|
||||||
pythonpath = ${SEARX_SRC}
|
pythonpath = ${SEARXNG_SRC}
|
||||||
|
|
||||||
|
|
||||||
# speak to upstream
|
# speak to upstream
|
||||||
# -----------------
|
# -----------------
|
||||||
#
|
|
||||||
# Activate the 'http' configuration for filtron or activate the 'socket'
|
|
||||||
# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
|
|
||||||
|
|
||||||
# using IP:
|
socket = ${SEARXNG_UWSGI_SOCKET}
|
||||||
#
|
|
||||||
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
|
|
||||||
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
|
|
||||||
|
|
||||||
# http = ${SEARX_INTERNAL_HTTP}
|
# uWSGI serves the static files and in settings.yml we use::
|
||||||
|
|
||||||
# using unix-sockets:
|
|
||||||
#
|
#
|
||||||
# On some distributions you need to create the app folder for the sockets::
|
# ui:
|
||||||
|
# static_use_hash: true
|
||||||
#
|
#
|
||||||
# mkdir -p ${SEARX_UWSGI_SOCKET}
|
static-map = /static=${SEARXNG_STATIC}
|
||||||
# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET}
|
|
||||||
#
|
|
||||||
socket = ${SEARX_UWSGI_SOCKET}
|
|
||||||
|
|
||||||
# uwsgi serves the static files
|
|
||||||
# expires set to one year since there are hashes
|
# expires set to one year since there are hashes
|
||||||
static-map = /static=${SEARX_SRC}/searx/static
|
|
||||||
static-expires = /* 31557600
|
static-expires = /* 31557600
|
||||||
static-gzip-all = True
|
static-gzip-all = True
|
||||||
offload-threads = %k
|
offload-threads = %k
|
||||||
|
|
Loading…
Reference in a new issue