Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
6.6 KiB
Installation
Basic installation
Step by step installation for Debian/Ubuntu with virtualenv. For Ubuntu, be sure to have enable universe repository.
Install packages:
sudo -H apt-get install \
$ git build-essential libxslt-dev \
python-dev python-virtualenv python-babel \
zlib1g-dev libffi-dev libssl-dev
Install searx:
cd /usr/local
sudo -H git clone https://github.com/asciimoo/searx.git
sudo -H useradd searx -d /usr/local/searx
sudo -H chown searx:searx -R /usr/local/searx
Install dependencies in a virtualenv:
cd /usr/local/searx
sudo -H -u searx -i
(searx)$ virtualenv searx-ve
(searx)$ . ./searx-ve/bin/activate
(searx)$ ./manage.sh update_packages
Configuration
sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml
Edit searx/settings.yml if necessary.
Check
Start searx:
python searx/webapp.py
Go to http://localhost:8888
If everything works fine, disable the debug option in settings.yml:
sed -i -e "s/debug : True/debug : False/g" searx/settings.yml
At this point searx is not demonized ; uwsgi allows this.
You can exit the virtualenv and the searx user bash (enter exit command twice).
uwsgi
Install packages:
sudo -H apt-get install \
uwsgi uwsgi-plugin-python
Create the configuration file /etc/uwsgi/apps-available/searx.ini
with this content:
[uwsgi]
# Who will run the code
uid = searx
gid = searx
# disable logging for privacy
disable-logging = true
# Number of workers (usually CPU count)
workers = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python
lazy-apps = true
enable-threads = true
# Module to import
module = searx.webapp
# Support running the module from a webserver subdirectory.
route-run = fixpathinfo:
# Virtualenv and python path
virtualenv = /usr/local/searx/searx-ve/
pythonpath = /usr/local/searx/
chdir = /usr/local/searx/searx/
Activate the uwsgi application and restart:
cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/searx.ini
/etc/init.d/uwsgi restart
Web server
with nginx
If nginx is not installed (uwsgi will not work with the package nginx-light):
sudo -H apt-get install nginx
Hosted at /
Create the configuration file /etc/nginx/sites-available/searx
with this content:
server {
listen 80;
server_name searx.example.com;
root /usr/local/searx;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
}
Create a symlink to sites-enabled:
sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
Restart service:
sudo -H service nginx restart
sudo -H service uwsgi restart
from subdirectory URL (/searx)
Add this configuration in the server config file /etc/nginx/sites-enabled/default
:
location = /searx {
rewrite ^ /searx/;
}
location /searx/static {
}
location /searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
OR using reverse proxy (Please, note that reverse proxy advised to be used in case of single-user or low-traffic instances.)
location /searx {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
proxy_buffering off;
}
Enable base_url
in searx/settings.yml
base_url : http://your.domain.tld/searx/
Restart service:
sudo -H service nginx restart
sudo -H service uwsgi restart
disable logs
for better privacy you can disable nginx logs about searx.
how to proceed: below uwsgi_pass
in /etc/nginx/sites-available/default
add:
access_log /dev/null;
error_log /dev/null;
Restart service:
sudo -H service nginx restart
with apache
Add wsgi mod:
sudo -H apt-get install libapache2-mod-uwsgi
sudo -H a2enmod uwsgi
Add this configuration in the file /etc/apache2/apache2.conf
:
<Location />
Options FollowSymLinks Indexes
uwsgi-handler
SetHandler
uWSGISocket /run/uwsgi/app/searx/socket</Location>
Note that if your instance of searx is not at the root, you should change <Location />
by the location of your instance, like <Location /searx>
.
Restart Apache:
sudo -H /etc/init.d/apache2 restart
disable logs
For better privacy you can disable Apache logs.
Warning
You can only disable logs for the whole (virtual) server not for a specific path.
Go back to /etc/apache2/apache2.conf
and above <Location />
add:
/dev/null combined CustomLog
Restart Apache:
sudo -H /etc/init.d/apache2 restart
How to update
cd /usr/local/searx
sudo -H -u searx -i
(searx)$ . ./searx-ve/bin/activate
(searx)$ git stash
(searx)$ git pull origin master
(searx)$ git stash apply
(searx)$ ./manage.sh update_packages
sudo -H service uwsgi restart
Docker
Make sure you have installed Docker. For instance, you can deploy searx like this:
docker pull wonderfall/searx
docker run -d --name searx -p $PORT:8888 wonderfall/searx
Go to http://localhost:$PORT
.
See https://hub.docker.com/r/wonderfall/searx/ for more informations. It's also possible to build searx from the embedded Dockerfile.
git clone https://github.com/asciimoo/searx.git
cd searx
docker build -t whatever/searx .
References
- https://about.okhin.fr/posts/Searx/ with some additions
- How to: Setup searx in a couple of hours with a free SSL certificate