searxng/docs/admin/installation-nginx.rst
Markus Heiser 58d5da8b57 nginx: normalize installation (docs and script)s over all distros
This is the revision of the documentation about the varous nginx installation
variants.  It also implements the nginx installation scripts for morty and
filtron.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-04-11 13:19:11 +02:00

10 KiB

Install with nginx

Contents

The nginx HTTP server

If nginx is not installed (uwsgi will not work with the package nginx-light), install it now.

Ubuntu / debian

sudo -H apt-get install nginx

Arch Linux

sudo -H pacman -S nginx-mainline
sudo -H systemctl enable nginx
sudo -H systemctl start nginx

Fedora / RHEL

sudo -H dnf install nginx
sudo -H systemctl enable nginx
sudo -H systemctl start nginx

Now at http://localhost you should see a Welcome to nginx! page, on Fedora you see a Fedora Webserver - Test Page. The test page comes from the default nginx server configuration. How this default intro site is configured, depends on the linux distribution:

Ubuntu / debian

less /etc/nginx/nginx.conf

there is a line including site configurations from:

include /etc/nginx/sites-enabled/*;

Arch Linux

less /etc/nginx/nginx.conf

in there is a configuration section named server:

server {
    listen       80;
    server_name  localhost;
    # ...
}

Fedora / RHEL

less /etc/nginx/nginx.conf

there is a line including site configurations from:

include /etc/nginx/conf.d/*.conf;

A nginx searx site

public to the internet?

If your searx instance is public, stop here and first install filtron reverse proxy <filtron.sh> and result proxy morty <morty.sh>, see installation scripts. If already done, follow setup: searx via filtron plus morty.

Now you have to create a configuration for the searx site. If nginx is new to you, the nginx beginners guide is a good starting point and the Getting Started wiki is always a good resource to keep in the pocket.

Ubuntu / debian

Create configuration at /etc/nginx/sites-available/searx and place a symlink to sites-enabled:

sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx

Arch Linux

In the /etc/nginx/nginx.conf file, replace the configuration section named server.

Fedora / RHEL

Create configuration at /etc/nginx/conf.d/searx and place a symlink to sites-enabled:

searx via filtron plus morty

Use this setup, if your instance is public to the internet, compare figure: architecture <arch public> and installation scripts.

  1. Configure a reverse proxy for filtron <filtron.sh>, listening on localhost 4004 (filtron route request):

# https://example.org/searx

location /searx {

proxy_pass http://127.0.0.1:4004/;

proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx;

}

location /searx/static {

/usr/local/searx/searx-src/searx/static;

}

  1. Configure reverse proxy for morty <searx morty>, listening on localhost 3000:

# https://example.org/morty

location /morty {

proxy_pass http://127.0.0.1:3000/;

proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; }

Note that reverse proxy advised to be used in case of single-user or low-traffic instances. For a fully result proxification add morty's <searx morty> public URL to your searx/settings.yml:

result_proxy:
    # replace example.org with your server's public name
    url : https://example.org/morty

server:
    image_proxy : True

proxy or uWSGI

Be warned, with this setup, your instance isn't protected <searx filtron>. Nevertheless it is good enough for intranet usage and it is a excellent example of; how different services can be set up. The next example shows a reverse proxy configuration wrapping the searx-uWSGI application <uwsgi configuration>, listening on http = 127.0.0.1:8888.

# https://hostname.local/

location / {

proxy_pass http://127.0.0.1:8888;

proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_buffering off;

}

Alternatively you can use the uWSGI support from nginx via unix sockets. For socket communication, you have to activate socket = /run/uwsgi/app/searx/socket and comment out the http = 127.0.0.1:8888 configuration in your uwsgi ini file <uwsgi configuration>.

The example shows a nginx virtual server configuration, listening on port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at location / by importing the uwsgi_params and passing requests to the uWSGI socket (uwsgi_pass). The server's root points to the searx-src clone <searx-src> and wraps directly the searx/static/ content at location /static.

server {
    # replace hostname.local with your server's name
    server_name hostname.local;

    listen 80;
    listen [::]:80;

    location / {
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
    }

    root /usr/local/searx/searx-src/searx;
    location /static { }
}

If not already exists, create a folder for the unix sockets, which can be used by the searx account:

mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/

.. at subdir URL

Be warned, with these setups, your instance isn't protected <searx filtron>. The examples are just here to demonstrate how to export the searx application from a subdirectory URL https://example.org/searx/.

# https://hostname.local/searx

location /searx {

proxy_pass http://127.0.0.1:8888;

proxy_set_header Host $host; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx; proxy_buffering off;

}

location /searx/static {

alias /usr/local/searx/searx-src/searx/static;

}

The X-Script-Name /searx is needed by the searx implementation to calculate relative URLs correct. The next example shows a uWSGI configuration. Since there are no HTTP headers in a (u)WSGI protocol, the value is shipped via the SCRIPT_NAME in the WSGI environment.

# https://hostname.local/searx

location /searx {

uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket;

}

location /searx/static {

alias /usr/local/searx/searx-src/searx;

}

For searx to work correctly the base_url must be set in the searx/settings.yml.

server:
    # replace example.org with your server's public name
    base_url : https://example.org/searx/

Restart service:

Ubuntu / debian

sudo -H systemctl restart nginx
sudo -H service uwsgi restart searx

Arch Linux

sudo -H systemctl restart nginx
sudo -H systemctl restart uwsgi@searx

Fedora

sudo -H systemctl restart nginx
sudo -H touch /etc/uwsgi.d/searx.ini

Disable logs

For better privacy you can disable nginx logs in /etc/nginx/nginx.conf.

http {
    # ...
    access_log /dev/null;
    error_log  /dev/null;
    # ...
}