searxng/docs/admin/installation-apache.rst
Markus Heiser ed8a169029 [doc] update documentation of the installation procedures
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-07-30 13:39:35 +02:00

11 KiB

Apache

This section explains how to set up a SearXNG site using the HTTP server Apache. If you have used the installation scripts and do not have any preference you can install the SearXNG site <apache searxng site> using searxng.sh <searxng.sh overview>:

$ sudo -H ./utils/searxng.sh install apache

If you have special interests or problems with setting up Apache, the following section might give you some guidance.

Contents

The Apache HTTP server

If Apache is not installed, install it now. If apache is new to you, the Getting Started, Configuration Files and Terms Used to Describe Directives documentation gives first orientation. There is also a list of Apache directives to keep in the pocket.

Ubuntu / debian

sudo -H apt-get install apache2

Arch Linux

sudo -H pacman -S apache
sudo -H systemctl enable httpd
sudo -H systemctl start http

Fedora / RHEL

sudo -H dnf install httpd
sudo -H systemctl enable httpd
sudo -H systemctl start httpd

Now at http://localhost you should see any kind of Welcome or Test page. How this default intro site is configured, depends on the linux distribution (compare Apache directives).

Ubuntu / debian

less /etc/apache2/sites-enabled/000-default.conf

In this file, there is a line setting the DocumentRoot directive:

DocumentRoot /var/www/html

And the welcome page is the HTML file at /var/www/html/index.html.

Arch Linux

less /etc/httpd/conf/httpd.conf

In this file, there is a line setting the DocumentRoot directive:

DocumentRoot "/srv/http"
<Directory "/srv/http">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

The welcome page of Arch Linux is a page showing the directory located at DocumentRoot. This directory page is generated by the Module mod_autoindex:

LoadModule autoindex_module modules/mod_autoindex.so
...
Include conf/extra/httpd-autoindex.conf

Fedora / RHEL

less /etc/httpd/conf/httpd.conf

In this file, there is a line setting the DocumentRoot directive:

DocumentRoot "/var/www/html"
...
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

On fresh installations, the /var/www is empty and the default welcome page is shown, the configuration is located at:

less /etc/httpd/conf.d/welcome.conf

Debian's Apache layout

Be aware, Debian's Apache layout is quite different from the standard Apache configuration. For details look at the apache2.README.Debian (/usr/share/doc/apache2/README.Debian.gz). Some commands you should know on Debian:

  • apache2ctl: Apache HTTP server control interface
  • a2enmod, a2dismod: switch on/off modules
  • a2enconf, a2disconf: switch on/off configurations
  • a2ensite, a2dissite: switch on/off sites

Apache modules

To load additional modules, in most distributions you have to un-comment the lines with the corresponding LoadModule directive, except in Debian's Apache layout.

Ubuntu / debian

Debian's Apache layout uses a2enmod and a2dismod to activate or disable modules:

sudo -H a2enmod ssl
sudo -H a2enmod headers
sudo -H a2enmod proxy
sudo -H a2enmod proxy_http
sudo -H a2enmod proxy_uwsgi

Arch Linux

In the /etc/httpd/conf/httpd.conf file, activate LoadModule directives:

LoadModule ssl_module           modules/mod_ssl.so
LoadModule headers_module       modules/mod_headers.so
LoadModule proxy_module         modules/mod_proxy.so
LoadModule proxy_http_module    modules/mod_proxy_http.so
LoadModule proxy_uwsgi_module   modules/mod_proxy_uwsgi.so

Fedora / RHEL

In the /etc/httpd/conf/httpd.conf file, activate LoadModule directives:

LoadModule ssl_module           modules/mod_ssl.so
LoadModule headers_module       modules/mod_headers.so
LoadModule proxy_module         modules/mod_proxy.so
LoadModule proxy_http_module    modules/mod_proxy_http.so
LoadModule proxy_uwsgi_module   modules/mod_proxy_uwsgi.so

Apache sites

Ubuntu / debian

In Debian's Apache layout you create a searxng.conf with the <Location /searxng > directive and save this file in the sites available folder at /etc/apache2/sites-available. To enable the searxng.conf use a2ensite:

sudo -H a2ensite searxng.conf

Arch Linux

In the /etc/httpd/conf/httpd.conf file add a IncludeOptional directive:

IncludeOptional sites-enabled/*.conf

Create two folders, one for the available sites and one for the enabled sites:

mkdir -p /etc/httpd/sites-available
mkdir -p /etc/httpd/sites-enabled

Create configuration at /etc/httpd/sites-available and place a symlink to sites-enabled:

sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
              /etc/httpd/sites-enabled/searxng.conf

Fedora / RHEL

In the /etc/httpd/conf/httpd.conf file add a IncludeOptional directive:

IncludeOptional sites-enabled/*.conf

Create two folders, one for the available sites and one for the enabled sites:

mkdir -p /etc/httpd/sites-available
mkdir -p /etc/httpd/sites-enabled

Create configuration at /etc/httpd/sites-available and place a symlink to sites-enabled:

sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
              /etc/httpd/sites-enabled/searxng.conf

Apache's SearXNG site

uWSGI

Use mod_proxy_uwsgi / don't use the old mod_uwsgi anymore.

To proxy the incoming requests to the SearXNG instance Apache needs the mod_proxy module (apache modules).

HTTP headers

With ProxyPreserveHost the incoming Host header is passed to the proxied host.

Depending on what your SearXNG installation is listen, you need a http mod_proxy_http) or socket (mod_proxy_uwsgi) communication to upstream.

The installation scripts installs by default the reference setup <use_default_settings.yml> and a uwsgi setup that listens on a socket. You can install and activate your own searxng.conf like shown in apache sites.

socket

$DOCS_BUILD/includes/searxng.rst

http

$DOCS_BUILD/includes/searxng.rst

Restart service:

Ubuntu / debian

sudo -H systemctl restart apache2
sudo -H service uwsgi restart searxng

Arch Linux

sudo -H systemctl restart httpd
sudo -H systemctl restart uwsgi@searxng

Fedora / RHEL

sudo -H systemctl restart httpd
sudo -H touch /etc/uwsgi.d/searxng.ini

disable logs

For better privacy you can disable Apache logs. In the examples above activate one of the lines and restart apache:

SetEnvIf Request_URI "/searxng" dontlog
# CustomLog /dev/null combined env=dontlog

The CustomLog directive disable logs of the entire (virtual) server, use it when the URL of the service does not have a path component (/searxng), when SearXNG is located at root (/).