Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
10 KiB
Install with nginx
further reading
Contents
Install nginx searx site
using filtron.sh <filtron.sh overview>
sudo -H ./utils/filtron.sh nginx install $
Install nginx searx site
using morty.sh <morty.sh overview>
sudo -H ./utils/morty.sh nginx install $
The nginx HTTP server
If nginx is not installed (uwsgi will not work with the package nginx-light), install it now.
Ubuntu / debian
sudo -H apt-get install nginx
Arch Linux
sudo -H pacman -S nginx-mainline
sudo -H systemctl enable nginx
sudo -H systemctl start nginx
Fedora / RHEL
sudo -H dnf install nginx
sudo -H systemctl enable nginx
sudo -H systemctl start nginx
Now at http://localhost you should see a Welcome to nginx! page, on Fedora you see a Fedora Webserver - Test Page. The test page comes from the default nginx server configuration. How this default intro site is configured, depends on the linux distribution:
Ubuntu / debian
less /etc/nginx/nginx.conf
there is a line including site configurations from:
include /etc/nginx/sites-enabled/*;
Arch Linux
less /etc/nginx/nginx.conf
in there is a configuration section named server
:
server {
listen 80;
server_name localhost;
# ...
}
Fedora / RHEL
less /etc/nginx/nginx.conf
there is a line including site configurations from:
include /etc/nginx/conf.d/*.conf;
A nginx SearXNG site
public to the internet?
If your SearXNG instance is public, stop here and first install filtron
reverse proxy <filtron.sh>
and result proxy morty <morty.sh>
, see installation scripts
. If already done, follow setup: SearXNG via filtron plus morty.
Now you have to create a configuration for the SearXNG site. If nginx is new to you, the nginx beginners guide is a good starting point and the Getting Started wiki is always a good resource to keep in the pocket.
Ubuntu / debian
Create configuration at /etc/nginx/sites-available/searx
and place a symlink to sites-enabled:
sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
Arch Linux
In the /etc/nginx/nginx.conf
file, replace the configuration section named server
.
Fedora / RHEL
Create configuration at /etc/nginx/conf.d/searx
and place a symlink to sites-enabled:
SearXNG via filtron plus morty
Use this setup, if your instance is public to the internet, compare figure: architecture <arch public>
and installation scripts
.
- Configure a reverse proxy for
filtron <filtron.sh>
, listening on localhost 4004 (filtron route request
):
- location /searx {
proxy_pass http://127.0.0.1:4004/;
proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx;
}
- location /searx/static/ {
alias /usr/local/searx/searx-src/searx/static/;
}
- Configure reverse proxy for
morty <searx morty>
, listening on localhost 3000:
- location /morty {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; }
For a fully result proxification add morty's <searx morty>
public URL to your searx/settings.yml
:
result_proxy:
# replace example.org with your server's public name
url : https://example.org/morty
key : !!binary "insert_your_morty_proxy_key_here"
server:
image_proxy : True
proxy or uWSGI
Be warned, with this setup, your instance isn't protected <searx
filtron>
. Nevertheless it is good enough for intranet usage and it is a excellent example of; how different services can be set up. The next example shows a reverse proxy configuration wrapping the searx-uWSGI
application <uwsgi configuration>
, listening on http = 127.0.0.1:8888
.
- location / {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_buffering off;
}
Alternatively you can use the uWSGI support from nginx via unix sockets. For socket communication, you have to activate socket = /run/uwsgi/app/searx/socket
and comment out the http = 127.0.0.1:8888
configuration in your uwsgi ini file <uwsgi
configuration>
.
The example shows a nginx virtual server
configuration, listening on port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at location /
by importing the uwsgi_params and passing requests to the uWSGI socket (uwsgi_pass
). The server
's root points to the searx-src clone <searx-src>
and wraps directly the searx/static/
content at location /static
.
server {
# replace hostname.local with your server's name
server_name hostname.local;
listen 80;
listen [::]:80;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
root /usr/local/searx/searx-src/searx;
location /static { }
}
If not already exists, create a folder for the unix sockets, which can be used by the searx account:
mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
.. at subdir URL
Be warned, with these setups, your instance isn't protected <searx
filtron>
. The examples are just here to demonstrate how to export the SearXNG application from a subdirectory URL https://example.org/searx/
.
# https://hostname.local/searx
- location /searx {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx; proxy_buffering off;
}
- location /searx/static/ {
alias /usr/local/searx/searx-src/searx/static/;
}
The X-Script-Name /searx
is needed by the SearXNG implementation to calculate relative URLs correct. The next example shows a uWSGI configuration. Since there are no HTTP headers in a (u)WSGI protocol, the value is shipped via the SCRIPT_NAME in the WSGI environment.
# https://hostname.local/searx
- location /searx {
uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
- location /searx/static/ {
alias /usr/local/searx/searx-src/searx/;
}
For SearXNG to work correctly the base_url
must be set in the searx/settings.yml
.
server:
# replace example.org with your server's public name
base_url : https://example.org/searx/
Restart service:
Ubuntu / debian
sudo -H systemctl restart nginx
sudo -H service uwsgi restart searx
Arch Linux
sudo -H systemctl restart nginx
sudo -H systemctl restart uwsgi@searx
Fedora
sudo -H systemctl restart nginx
sudo -H touch /etc/uwsgi.d/searx.ini
Disable logs
For better privacy you can disable nginx logs in /etc/nginx/nginx.conf
.
http {
# ...
access_log /dev/null;
error_log /dev/null;
# ...
}