searxng/docs/admin/installation-nginx.rst
Markus Heiser 2b1252148d [brand] SearXNG - nginx & apache searxng.conf, uwsgi searxng.conf
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-10-30 16:11:01 +02:00

10 KiB

Install with nginx

Contents


Install nginx searx site using filtron.sh <filtron.sh overview>

$ sudo -H ./utils/filtron.sh nginx install

Install nginx searx site using morty.sh <morty.sh overview>

$ sudo -H ./utils/morty.sh nginx install

The nginx HTTP server

If nginx is not installed (uwsgi will not work with the package nginx-light), install it now.

Ubuntu / debian

sudo -H apt-get install nginx

Arch Linux

sudo -H pacman -S nginx-mainline
sudo -H systemctl enable nginx
sudo -H systemctl start nginx

Fedora / RHEL

sudo -H dnf install nginx
sudo -H systemctl enable nginx
sudo -H systemctl start nginx

Now at http://localhost you should see a Welcome to nginx! page, on Fedora you see a Fedora Webserver - Test Page. The test page comes from the default nginx server configuration. How this default intro site is configured, depends on the linux distribution:

Ubuntu / debian

less /etc/nginx/nginx.conf

there is a line including site configurations from:

include /etc/nginx/sites-enabled/*;

Arch Linux

less /etc/nginx/nginx.conf

in there is a configuration section named server:

server {
    listen       80;
    server_name  localhost;
    # ...
}

Fedora / RHEL

less /etc/nginx/nginx.conf

there is a line including site configurations from:

include /etc/nginx/conf.d/*.conf;

A nginx SearXNG site

public to the internet?

If your SearXNG instance is public, stop here and first install filtron reverse proxy <filtron.sh> and result proxy morty <morty.sh>, see installation scripts. If already done, follow setup: SearXNG via filtron plus morty.

Now you have to create a configuration for the SearXNG site. If nginx is new to you, the nginx beginners guide is a good starting point and the Getting Started wiki is always a good resource to keep in the pocket.

Ubuntu / debian

Create configuration at /etc/nginx/sites-available/searxng and place a symlink to sites-enabled:

sudo -H ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/searxng

Arch Linux

In the /etc/nginx/nginx.conf file, replace the configuration section named server.

Fedora / RHEL

Create configuration at /etc/nginx/conf.d/searxng and place a symlink to sites-enabled:

SearXNG via filtron plus morty

Use this setup, if your instance is public to the internet, compare figure: architecture <arch public> and installation scripts.

  1. Configure a reverse proxy for filtron <filtron.sh>, listening on localhost 4004 (filtron route request):

# https://example.org/searx

location /searx {

proxy_pass http://127.0.0.1:4004/;

proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx;

}

location /searx/static/ {

alias /usr/local/searx/searx-src/searx/static/;

}

  1. Configure reverse proxy for morty <searx morty>, listening on localhost 3000:

# https://example.org/morty

location /morty {

proxy_pass http://127.0.0.1:3000/;

proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; }

For a fully result proxification add morty's <searx morty> public URL to your searx/settings.yml:

result_proxy:
    # replace example.org with your server's public name
    url : https://example.org/morty
    key : !!binary "insert_your_morty_proxy_key_here"

server:
    image_proxy : True

proxy or uWSGI

Be warned, with this setup, your instance isn't protected <searx filtron>. Nevertheless it is good enough for intranet usage and it is a excellent example of; how different services can be set up. The next example shows a reverse proxy configuration wrapping the searx-uWSGI application <uwsgi configuration>, listening on http = 127.0.0.1:8888.

# https://hostname.local/

location / {

proxy_pass http://127.0.0.1:8888;

proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_buffering off;

}

Alternatively you can use the uWSGI support from nginx via unix sockets. For socket communication, you have to activate socket = /run/uwsgi/app/searx/socket and comment out the http = 127.0.0.1:8888 configuration in your uwsgi ini file <uwsgi configuration>.

The example shows a nginx virtual server configuration, listening on port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at location / by importing the uwsgi_params and passing requests to the uWSGI socket (uwsgi_pass). The server's root points to the searx-src clone <searx-src> and wraps directly the searx/static/ content at location /static.

server {
    # replace hostname.local with your server's name
    server_name hostname.local;

    listen 80;
    listen [::]:80;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
    }

    root /usr/local/searx/searx-src/searx;
    location /static { }
}

If not already exists, create a folder for the unix sockets, which can be used by the searx account:

mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/

.. at subdir URL

Be warned, with these setups, your instance isn't protected <searx filtron>. The examples are just here to demonstrate how to export the SearXNG application from a subdirectory URL https://example.org/searx/.

# https://hostname.local/searx

location /searx {

proxy_pass http://127.0.0.1:8888;

proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx; proxy_buffering off;

}

location /searx/static/ {

alias /usr/local/searx/searx-src/searx/static/;

}

The X-Script-Name /searx is needed by the SearXNG implementation to calculate relative URLs correct. The next example shows a uWSGI configuration. Since there are no HTTP headers in a (u)WSGI protocol, the value is shipped via the SCRIPT_NAME in the WSGI environment.

# https://hostname.local/searx

location /searx {

uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket;

}

location /searx/static/ {

alias /usr/local/searx/searx-src/searx/;

}

For SearXNG to work correctly the base_url must be set in the searx/settings.yml.

server:
    # replace example.org with your server's public name
    base_url : https://example.org/searx/

Restart service:

Ubuntu / debian

sudo -H systemctl restart nginx
sudo -H service uwsgi restart searx

Arch Linux

sudo -H systemctl restart nginx
sudo -H systemctl restart uwsgi@searx

Fedora

sudo -H systemctl restart nginx
sudo -H touch /etc/uwsgi.d/searxng.ini

Disable logs

For better privacy you can disable nginx logs in /etc/nginx/nginx.conf.

http {
    # ...
    access_log /dev/null;
    error_log  /dev/null;
    # ...
}