diff options
| author | Ivan Gabaldon <igabaldon@inetol.net> | 2025-05-11 18:12:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-11 18:12:51 +0200 |
| commit | d16854e67a5bf2f640aabf119c9b50f5a1a3f24f (patch) | |
| tree | 3c60e7f7fced18e5ff79f60e41968ab8e5dd2c88 /container | |
| parent | 1b787ed35e9c51e335c42faee1f76695780ba4cb (diff) | |
[mod] rework container deployment (#4764)
container.yml will run after integration.yml COMPLETES successfully and in master branch.
Style changes, cleanup and improved integration with CI by leveraging the use of
shared cache between all workflows.
* Podman is now supported to build the container images (Docker also received a refactor, merging both build and buildx)
* Container images are being built by Buildah instead of Docker BuildKit.
* Container images are tested before release.
* Splitting "modern" (amd64 & arm64) and "legacy" (armv7) arches on different Dockerfiles allowing future optimizations.
Diffstat (limited to 'container')
| -rw-r--r-- | container/Dockerfile | 100 | ||||
| -rwxr-xr-x | container/docker-entrypoint.sh | 167 | ||||
| -rw-r--r-- | container/legacy/Dockerfile | 106 | ||||
| -rw-r--r-- | container/uwsgi.ini | 55 |
4 files changed, 428 insertions, 0 deletions
diff --git a/container/Dockerfile b/container/Dockerfile new file mode 100644 index 000000000..b0530dfec --- /dev/null +++ b/container/Dockerfile @@ -0,0 +1,100 @@ +FROM docker.io/library/python:3.13-slim AS builder + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential \ + brotli \ + # uwsgi + libpcre3-dev \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /usr/local/searxng/ + +COPY ./requirements.txt ./requirements.txt + +RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \ + && . ./venv/bin/activate \ + && pip install -r requirements.txt \ + && pip install "uwsgi~=2.0" + +COPY ./searx/ ./searx/ + +ARG TIMESTAMP_SETTINGS=0 +ARG TIMESTAMP_UWSGI=0 + +RUN python -m compileall -q searx \ + && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \ + && touch -c --date=@$TIMESTAMP_UWSGI ./container/uwsgi.ini \ + && find /usr/local/searxng/searx/static \ + \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ + -type f -exec gzip -9 -k {} + -exec brotli --best {} + + +ARG SEARXNG_UID=977 +ARG SEARXNG_GID=977 + +RUN grep -m1 root /etc/group > /tmp/.searxng.group \ + && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \ + && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \ + && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd + +FROM docker.io/library/python:3.13-slim + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + # healthcheck + wget \ + # uwsgi + libpcre3 \ + libxml2 \ + mailcap \ + && rm -rf /var/lib/apt/lists/* + +COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd +COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group + +ARG LABEL_DATE="0001-01-01T00:00:00Z" +ARG GIT_URL="unspecified" +ARG SEARXNG_GIT_VERSION="unspecified" +ARG LABEL_VCS_REF="unspecified" +ARG LABEL_VCS_URL="unspecified" + +WORKDIR /usr/local/searxng/ + +COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/ +COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/ +COPY --chown=searxng:searxng ./container/ ./container/ + +LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \ + org.opencontainers.image.created=$LABEL_DATE \ + org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \ + org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \ + org.opencontainers.image.licenses="AGPL-3.0-or-later" \ + org.opencontainers.image.revision=$LABEL_VCS_REF \ + org.opencontainers.image.source=$LABEL_VCS_URL \ + org.opencontainers.image.title="searxng" \ + org.opencontainers.image.url=$LABEL_VCS_URL \ + org.opencontainers.image.version=$SEARXNG_GIT_VERSION + +ENV CONFIG_PATH=/etc/searxng \ + DATA_PATH=/var/cache/searxng + +ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \ + INSTANCE_NAME=searxng \ + AUTOCOMPLETE="" \ + BASE_URL="" \ + BIND_ADDRESS=[::]:8080 \ + MORTY_KEY="" \ + MORTY_URL="" \ + SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \ + UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \ + UWSGI_WORKERS=%k \ + UWSGI_THREADS=4 + +VOLUME $CONFIG_PATH +VOLUME $DATA_PATH + +EXPOSE 8080 + +HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1 + +ENTRYPOINT ["/usr/local/searxng/container/docker-entrypoint.sh"] diff --git a/container/docker-entrypoint.sh b/container/docker-entrypoint.sh new file mode 100755 index 000000000..72d020dcf --- /dev/null +++ b/container/docker-entrypoint.sh @@ -0,0 +1,167 @@ +#!/bin/sh + +help() { + cat <<EOF +Command line: + -h Display this help + -d Dry run to update the configuration files. + -f Always update on the configuration files (existing files are renamed with + the .old suffix). Without this option, the new configuration files are + copied with the .new suffix +Environment variables: + INSTANCE_NAME settings.yml : general.instance_name + AUTOCOMPLETE settings.yml : search.autocomplete + BASE_URL settings.yml : server.base_url + MORTY_URL settings.yml : result_proxy.url + MORTY_KEY settings.yml : result_proxy.key +Volume: + /etc/searxng the docker entry point copies settings.yml and uwsgi.ini in + this directory (see the -f command line option)" + +EOF +} + +# Parse command line +FORCE_CONF_UPDATE=0 +DRY_RUN=0 + +while getopts "fdh" option +do + case $option in + + f) FORCE_CONF_UPDATE=1 ;; + d) DRY_RUN=1 ;; + + h) + help + exit 0 + ;; + *) + echo "unknow option ${option}" + exit 42 + ;; + esac +done + +echo "SearXNG version $SEARXNG_VERSION" + +# helpers to update the configuration files +patch_uwsgi_settings() { + CONF="$1" + + # update uwsg.ini + sed -i \ + -e "s|workers = .*|workers = ${UWSGI_WORKERS:-%k}|g" \ + -e "s|threads = .*|threads = ${UWSGI_THREADS:-4}|g" \ + "${CONF}" +} + +patch_searxng_settings() { + CONF="$1" + + # Make sure that there is trailing slash at the end of BASE_URL + # see https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#Shell-Parameter-Expansion + export BASE_URL="${BASE_URL%/}/" + + # update settings.yml + sed -i \ + -e "s|base_url: false|base_url: ${BASE_URL}|g" \ + -e "s/instance_name: \"SearXNG\"/instance_name: \"${INSTANCE_NAME}\"/g" \ + -e "s/autocomplete: \"\"/autocomplete: \"${AUTOCOMPLETE}\"/g" \ + -e "s/ultrasecretkey/$(head -c 24 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9')/g" \ + "${CONF}" + + # Morty configuration + + if [ -n "${MORTY_KEY}" ] && [ -n "${MORTY_URL}" ]; then + sed -i -e "s/image_proxy: false/image_proxy: true/g" \ + "${CONF}" + cat >> "${CONF}" <<-EOF + +# Morty configuration +result_proxy: + url: ${MORTY_URL} + key: !!binary "${MORTY_KEY}" +EOF + fi +} + +update_conf() { + FORCE_CONF_UPDATE=$1 + CONF="$2" + NEW_CONF="${2}.new" + OLD_CONF="${2}.old" + REF_CONF="$3" + PATCH_REF_CONF="$4" + + if [ -f "${CONF}" ]; then + if [ "${REF_CONF}" -nt "${CONF}" ]; then + # There is a new version + if [ "$FORCE_CONF_UPDATE" -ne 0 ]; then + # Replace the current configuration + printf '⚠️ Automatically update %s to the new version\n' "${CONF}" + if [ ! -f "${OLD_CONF}" ]; then + printf 'The previous configuration is saved to %s\n' "${OLD_CONF}" + mv "${CONF}" "${OLD_CONF}" + fi + cp "${REF_CONF}" "${CONF}" + $PATCH_REF_CONF "${CONF}" + else + # Keep the current configuration + printf '⚠️ Check new version %s to make sure SearXNG is working properly\n' "${NEW_CONF}" + cp "${REF_CONF}" "${NEW_CONF}" + $PATCH_REF_CONF "${NEW_CONF}" + fi + else + printf 'Use existing %s\n' "${CONF}" + fi + else + printf 'Create %s\n' "${CONF}" + cp "${REF_CONF}" "${CONF}" + $PATCH_REF_CONF "${CONF}" + fi +} + +# searx compatibility: copy /etc/searx/* to /etc/searxng/* +SEARX_CONF=0 +if [ -f "/etc/searx/settings.yml" ]; then + if [ ! -f "${SEARXNG_SETTINGS_PATH}" ]; then + printf '⚠️ /etc/searx/settings.yml is copied to /etc/searxng\n' + cp "/etc/searx/settings.yml" "${SEARXNG_SETTINGS_PATH}" + fi + SEARX_CONF=1 +fi +if [ -f "/etc/searx/uwsgi.ini" ]; then + printf '⚠️ /etc/searx/uwsgi.ini is ignored. Use the volume /etc/searxng\n' + SEARX_CONF=1 +fi +if [ "$SEARX_CONF" -eq "1" ]; then + printf '⚠️ The deprecated volume /etc/searx is mounted. Please update your configuration to use /etc/searxng ⚠️\n' + cat << EOF > /etc/searx/deprecated_volume_read_me.txt +This Docker image uses the volume /etc/searxng +Update your configuration: +* remove uwsgi.ini (or very carefully update your existing uwsgi.ini using https://github.com/searxng/searxng/blob/master/container/uwsgi.ini ) +* mount /etc/searxng instead of /etc/searx +EOF +fi +# end of searx compatibility + +# make sure there are uwsgi settings +update_conf "${FORCE_CONF_UPDATE}" "${UWSGI_SETTINGS_PATH}" "/usr/local/searxng/container/uwsgi.ini" "patch_uwsgi_settings" + +# make sure there are searxng settings +update_conf "${FORCE_CONF_UPDATE}" "${SEARXNG_SETTINGS_PATH}" "/usr/local/searxng/searx/settings.yml" "patch_searxng_settings" + +# dry run (to update configuration files, then inspect them) +if [ $DRY_RUN -eq 1 ]; then + printf 'Dry run\n' + exit +fi + +unset MORTY_KEY + +printf 'Listen on %s\n' "${BIND_ADDRESS}" + +# Start uwsgi +# TODO: "--http-socket" will be removed in the future (see uwsgi.ini.new config file): https://github.com/searxng/searxng/pull/4578 +exec /usr/local/searxng/venv/bin/uwsgi --http-socket "${BIND_ADDRESS}" "${UWSGI_SETTINGS_PATH}" diff --git a/container/legacy/Dockerfile b/container/legacy/Dockerfile new file mode 100644 index 000000000..5436ea5da --- /dev/null +++ b/container/legacy/Dockerfile @@ -0,0 +1,106 @@ +# For armv7 architecture + +FROM docker.io/library/python:3.13-slim AS builder + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential \ + brotli \ + # lxml + libxml2-dev \ + libxslt1-dev \ + zlib1g-dev \ + # uwsgi + libpcre3-dev \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /usr/local/searxng/ + +COPY ./requirements.txt ./requirements.txt + +RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \ + && . ./venv/bin/activate \ + && pip install -r requirements.txt \ + && pip install "uwsgi~=2.0" + +COPY ./searx/ ./searx/ + +ARG TIMESTAMP_SETTINGS=0 +ARG TIMESTAMP_UWSGI=0 + +RUN python -m compileall -q searx \ + && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \ + && touch -c --date=@$TIMESTAMP_UWSGI ./container/uwsgi.ini \ + && find /usr/local/searxng/searx/static \ + \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ + -type f -exec gzip -9 -k {} + -exec brotli --best {} + + +ARG SEARXNG_UID=977 +ARG SEARXNG_GID=977 + +RUN grep -m1 root /etc/group > /tmp/.searxng.group \ + && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \ + && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \ + && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd + +FROM docker.io/library/python:3.13-slim + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + # healthcheck + wget \ + # lxml (ARMv7) + libxslt1.1 \ + # uwsgi + libpcre3 \ + libxml2 \ + mailcap \ + && rm -rf /var/lib/apt/lists/* + +COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd +COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group + +ARG LABEL_DATE="0001-01-01T00:00:00Z" +ARG GIT_URL="unspecified" +ARG SEARXNG_GIT_VERSION="unspecified" +ARG LABEL_VCS_REF="unspecified" +ARG LABEL_VCS_URL="unspecified" + +WORKDIR /usr/local/searxng/ + +COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/ +COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/ +COPY --chown=searxng:searxng ./container/ ./container/ + +LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \ + org.opencontainers.image.created=$LABEL_DATE \ + org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \ + org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \ + org.opencontainers.image.licenses="AGPL-3.0-or-later" \ + org.opencontainers.image.revision=$LABEL_VCS_REF \ + org.opencontainers.image.source=$LABEL_VCS_URL \ + org.opencontainers.image.title="searxng" \ + org.opencontainers.image.url=$LABEL_VCS_URL \ + org.opencontainers.image.version=$SEARXNG_GIT_VERSION + +ENV CONFIG_PATH=/etc/searxng \ + DATA_PATH=/var/cache/searxng + +ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \ + INSTANCE_NAME=searxng \ + AUTOCOMPLETE="" \ + BASE_URL="" \ + BIND_ADDRESS=[::]:8080 \ + SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \ + UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \ + UWSGI_WORKERS=%k \ + UWSGI_THREADS=4 + +VOLUME $CONFIG_PATH +VOLUME $DATA_PATH + +EXPOSE 8080 + +HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1 + +ENTRYPOINT ["/usr/local/searxng/container/docker-entrypoint.sh"] diff --git a/container/uwsgi.ini b/container/uwsgi.ini new file mode 100644 index 000000000..3bfd49e72 --- /dev/null +++ b/container/uwsgi.ini @@ -0,0 +1,55 @@ +[uwsgi] +# Listening address +# default value: [::]:8080 (see Dockerfile) +http-socket = $(BIND_ADDRESS) + +# Who will run the code +uid = searxng +gid = searxng + +# Number of workers (usually CPU count) +# default value: %k (= number of CPU core, see Dockerfile) +workers = $(UWSGI_WORKERS) + +# Number of threads per worker +# default value: 4 (see Dockerfile) +threads = $(UWSGI_THREADS) + +# The right granted on the created socket +chmod-socket = 666 + +# Plugin to use and interpreter config +single-interpreter = true +master = true +lazy-apps = true +enable-threads = true + +# Module to import +module = searx.webapp + +# Virtualenv and python path +pythonpath = /usr/local/searxng/ +chdir = /usr/local/searxng/searx/ + +# automatically set processes name to something meaningful +auto-procname = true + +# Disable request logging for privacy +disable-logging = true +log-5xx = true + +# Set the max size of a request (request-body excluded) +buffer-size = 8192 + +# No keep alive +# See https://github.com/searx/searx-docker/issues/24 +add-header = Connection: close + +# Follow SIGTERM convention +# See https://github.com/searxng/searxng/issues/3427 +die-on-term + +# uwsgi serves the static files +static-map = /static=/usr/local/searxng/searx/static +static-gzip-all = True +offload-threads = %k |