diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2022-06-14 10:02:50 +0200 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarit.de> | 2022-07-30 13:39:35 +0200 |
| commit | ed8a1690296cfc55f67dc0a4dac6dee06a47bd06 (patch) | |
| tree | c2d2a4c8e5369b4f9a65d12c23c2dd0cb05d58f0 /docs/admin | |
| parent | 782f73540e2d383ea122716507ccd9582918ab51 (diff) | |
[doc] update documentation of the installation procedures
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Diffstat (limited to 'docs/admin')
| -rw-r--r-- | docs/admin/arch_public.dot | 39 | ||||
| -rw-r--r-- | docs/admin/architecture.rst | 20 | ||||
| -rw-r--r-- | docs/admin/buildhosts.rst | 8 | ||||
| -rw-r--r-- | docs/admin/engines/nosql-engines.rst | 8 | ||||
| -rw-r--r-- | docs/admin/engines/settings.rst | 13 | ||||
| -rw-r--r-- | docs/admin/engines/sql-engines.rst | 8 | ||||
| -rw-r--r-- | docs/admin/filtron.rst | 193 | ||||
| -rw-r--r-- | docs/admin/index.rst | 5 | ||||
| -rw-r--r-- | docs/admin/installation-apache.rst | 425 | ||||
| -rw-r--r-- | docs/admin/installation-docker.rst | 59 | ||||
| -rw-r--r-- | docs/admin/installation-nginx.rst | 287 | ||||
| -rw-r--r-- | docs/admin/installation-scripts.rst | 62 | ||||
| -rw-r--r-- | docs/admin/installation-searxng.rst | 58 | ||||
| -rw-r--r-- | docs/admin/installation-switch2ng.rst | 8 | ||||
| -rw-r--r-- | docs/admin/installation-uwsgi.rst | 206 | ||||
| -rw-r--r-- | docs/admin/installation.rst | 100 | ||||
| -rw-r--r-- | docs/admin/morty.rst | 40 | ||||
| -rw-r--r-- | docs/admin/update-searxng.rst | 60 |
18 files changed, 617 insertions, 982 deletions
diff --git a/docs/admin/arch_public.dot b/docs/admin/arch_public.dot index c4ee5f3c1..526fb53da 100644 --- a/docs/admin/arch_public.dot +++ b/docs/admin/arch_public.dot @@ -1,33 +1,30 @@ digraph G { - node [style=filled, shape=box, fillcolor="#ffffcc", fontname="Sans"]; + node [style=filled, shape=box, fillcolor="#ffffcc", fontname=Sans]; edge [fontname="Sans"]; - browser [label="Browser", shape=Mdiamond]; - rp [label="Reverse Proxy", href="https://docs.searxng.org/utils/filtron.sh.html#public-reverse-proxy"]; - filtron [label="Filtron", href="https://docs.searxng.org/utils/filtron.sh.html"]; - morty [label="Morty", href="https://docs.searxng.org/utils/morty.sh.html"]; - static [label="Static files", href="url to configure static files"]; - uwsgi [label="uwsgi", href="https://docs.searxng.org/utils/searx.sh.html"] - searx1 [label="Searx #1"]; - searx2 [label="Searx #2"]; - searx3 [label="Searx #3"]; - searx4 [label="Searx #4"]; + browser [label="browser", shape=tab, fillcolor=aliceblue]; + rp [label="reverse proxy"]; + static [label="static files", shape=folder, href="url to configure static files", fillcolor=lightgray]; + uwsgi [label="uwsgi", shape=parallelogram href="https://docs.searxng.org/utils/searx.sh.html"] + redis [label="redis DB", shape=cylinder]; + searxng1 [label="SearXNG #1", fontcolor=blue3]; + searxng2 [label="SearXNG #2", fontcolor=blue3]; + searxng3 [label="SearXNG #3", fontcolor=blue3]; + searxng4 [label="SearXNG #4", fontcolor=blue3]; browser -> rp [label="HTTPS"] - subgraph cluster_searx { - label = "Searx instance" fontname="Sans"; + subgraph cluster_searxng { + label = "SearXNG instance" fontname=Sans; bgcolor="#fafafa"; { rank=same; static rp }; - rp -> morty [label="optional: images and HTML pages proxy"]; - rp -> static [label="optional: reverse proxy serves directly static files"]; - rp -> filtron [label="HTTP"]; - filtron -> uwsgi [label="HTTP"]; - uwsgi -> searx1; - uwsgi -> searx2; - uwsgi -> searx3; - uwsgi -> searx4; + rp -> static [label="optional: reverse proxy serves static files", fillcolor=slategray, fontcolor=slategray]; + rp -> uwsgi [label="http:// (tcp) or unix:// (socket)"]; + uwsgi -> searxng1 -> redis; + uwsgi -> searxng2 -> redis; + uwsgi -> searxng3 -> redis; + uwsgi -> searxng4 -> redis; } } diff --git a/docs/admin/architecture.rst b/docs/admin/architecture.rst index db99c9f55..be99aa994 100644 --- a/docs/admin/architecture.rst +++ b/docs/admin/architecture.rst @@ -8,17 +8,19 @@ Architecture - Reverse Proxy: :ref:`Apache <apache searxng site>` & :ref:`nginx <nginx searxng site>` - - Filtron: :ref:`searxng filtron` - - Morty: :ref:`searxng morty` - uWSGI: :ref:`searxng uwsgi` - SearXNG: :ref:`installation basic` Herein you will find some hints and suggestions about typical architectures of SearXNG infrastructures. -We start with a contribution from :pull-searx:`@dalf <1776#issuecomment-567917320>`. -It shows a *reference* setup for public SearXNG instances which can build up and -maintained by the scripts from our :ref:`toolboxing`. +.. _architecture uWSGI: + +uWSGI Setup +=========== + +We start with a *reference* setup for public SearXNG instances which can build +up and maintained by the scripts from our :ref:`toolboxing`. .. _arch public: @@ -26,3 +28,11 @@ maintained by the scripts from our :ref:`toolboxing`. :alt: arch_public.dot Reference architecture of a public SearXNG setup. + +The reference installation activates ``server.limiter``, ``server.image_proxy`` +and ``ui.static_use_hash`` (:origin:`/etc/searxng/settings.yml +<utils/templates/etc/searxng/settings.yml>`) + +.. literalinclude:: ../../utils/templates/etc/searxng/settings.yml + :language: yaml + :end-before: # preferences: diff --git a/docs/admin/buildhosts.rst b/docs/admin/buildhosts.rst index e23327ba8..6926469ef 100644 --- a/docs/admin/buildhosts.rst +++ b/docs/admin/buildhosts.rst @@ -15,19 +15,19 @@ Buildhosts :backlinks: entry To get best results from build, its recommend to install additional packages -on build hosts (see :ref:`searx.sh`).:: +on build hosts (see :ref:`searxng.sh`).:: - sudo -H ./utils/searx.sh install buildhost + sudo -H ./utils/searxng.sh install buildhost This will install packages needed by searx: -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START distro-packages :end-before: END distro-packages and packages needed to build docuemtation and run tests: -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START build-packages :end-before: END build-packages diff --git a/docs/admin/engines/nosql-engines.rst b/docs/admin/engines/nosql-engines.rst index a50b9c367..68fd0e8bc 100644 --- a/docs/admin/engines/nosql-engines.rst +++ b/docs/admin/engines/nosql-engines.rst @@ -42,11 +42,11 @@ Extra Dependencies For using :ref:`engine redis_server` or :ref:`engine mongodb` you need to install additional packages in Python's Virtual Environment of your SearXNG -instance. To switch into the environment (:ref:`searx-src`) you can use -:ref:`searx.sh`:: +instance. To switch into the environment (:ref:`searxng-src`) you can use +:ref:`searxng.sh`:: - $ sudo utils/searx.sh shell - (searx-pyenv)$ pip install ... + $ sudo utils/searxng.sh instance cmd bash + (searxng-pyenv)$ pip install ... .. _engine redis_server: diff --git a/docs/admin/engines/settings.rst b/docs/admin/engines/settings.rst index 71ad29b43..0b4b984d7 100644 --- a/docs/admin/engines/settings.rst +++ b/docs/admin/engines/settings.rst @@ -207,10 +207,14 @@ Global Settings ``secret_key`` : ``$SEARXNG_SECRET`` Used for cryptography purpose. +.. _limiter: + ``limiter`` : Rate limit the number of request on the instance, block some bots. The :ref:`limiter plugin` requires a :ref:`settings redis` database. +.. _image_proxy: + ``image_proxy`` : Allow your instance of SearXNG of being able to proxy images. Uses memory space. @@ -225,9 +229,13 @@ Global Settings ``ui:`` ------- +.. _cache busting: + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#caching_static_assets_with_cache_busting + .. code:: yaml ui: + static_use_hash: false default_locale: "" query_in_title: false infinite_scroll: false @@ -236,6 +244,11 @@ Global Settings theme_args: simple_style: auto +.. _static_use_hash: + +``static_use_hash`` : + Enables `cache busting`_ of static files. + ``default_locale`` : SearXNG interface language. If blank, the locale is detected by using the browser language. If it doesn't work, or you are deploying a language diff --git a/docs/admin/engines/sql-engines.rst b/docs/admin/engines/sql-engines.rst index d91383214..6b6a4cb68 100644 --- a/docs/admin/engines/sql-engines.rst +++ b/docs/admin/engines/sql-engines.rst @@ -98,11 +98,11 @@ Extra Dependencies For using :ref:`engine postgresql` or :ref:`engine mysql_server` you need to install additional packages in Python's Virtual Environment of your SearXNG -instance. To switch into the environment (:ref:`searx-src`) you can use -:ref:`searx.sh`:: +instance. To switch into the environment (:ref:`searxng-src`) you can use +:ref:`searxng.sh`:: - $ sudo utils/searx.sh shell - (searx-pyenv)$ pip install ... + $ sudo utils/searxng.sh instance cmd bash + (searxng-pyenv)$ pip install ... .. _engine postgresql: diff --git a/docs/admin/filtron.rst b/docs/admin/filtron.rst deleted file mode 100644 index 60d7cbeba..000000000 --- a/docs/admin/filtron.rst +++ /dev/null @@ -1,193 +0,0 @@ - -.. _searxng filtron: - -========================== -How to protect an instance -========================== - -.. tip:: - - To protect your instance a installation of filtron (as described here) is no - longer needed, alternatively activate the :ref:`limiter plugin` in your - ``settings.yml``. Note that the :ref:`limiter plugin` requires a :ref:`Redis - <settings redis>` database. - - -.. sidebar:: further reading - - - :ref:`filtron.sh` - - :ref:`nginx searxng site` - -.. _filtron: https://github.com/searxng/filtron - -SearXNG depends on external search services. To avoid the abuse of these services -it is advised to limit the number of requests processed by SearXNG. - -An application firewall, filtron_ solves exactly this problem. Filtron is just -a middleware between your web server (nginx, apache, ...) and searx, we describe -such infrastructures in chapter: :ref:`architecture`. - - -filtron & go -============ - -.. _Go: https://golang.org/ -.. _filtron README: https://github.com/searxng/filtron/blob/master/README.md - -Filtron needs Go_ installed. If Go_ is preinstalled, filtron_ is simply -installed by ``go get`` package management (see `filtron README`_). If you use -filtron as middleware, a more isolated setup is recommended. To simplify such -an installation and the maintenance of, use our script :ref:`filtron.sh`. - -.. _Sample configuration of filtron: - -Sample configuration of filtron -=============================== - -.. sidebar:: Tooling box - - - :origin:`/etc/filtron/rules.json <utils/templates/etc/filtron/rules.json>` - -An example configuration can be find below. This configuration limits the access -of: - -- scripts or applications (roboagent limit) -- webcrawlers (botlimit) -- IPs which send too many requests (IP limit) -- too many json, csv, etc. requests (rss/json limit) -- the same UserAgent of if too many requests (useragent limit) - -.. code:: json - - [ - { - "name": "search request", - "filters": [ - "Param:q", - "Path=^(/|/search)$" - ], - "interval": "<time-interval-in-sec (int)>", - "limit": "<max-request-number-in-interval (int)>", - "subrules": [ - { - "name": "missing Accept-Language", - "filters": ["!Header:Accept-Language"], - "limit": "<max-request-number-in-interval (int)>", - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "suspiciously Connection=close header", - "filters": ["Header:Connection=close"], - "limit": "<max-request-number-in-interval (int)>", - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "IP limit", - "interval": "<time-interval-in-sec (int)>", - "limit": "<max-request-number-in-interval (int)>", - "stop": true, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "rss/json limit", - "filters": [ - "Param:format=(csv|json|rss)" - ], - "interval": "<time-interval-in-sec (int)>", - "limit": "<max-request-number-in-interval (int)>", - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "useragent limit", - "interval": "<time-interval-in-sec (int)>", - "limit": "<max-request-number-in-interval (int)>", - "aggregations": [ - "Header:User-Agent" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - } - ] - } - ] - - -.. _filtron route request: - -Route request through filtron -============================= - -.. sidebar:: further reading - - - :ref:`filtron.sh overview` - - :ref:`installation nginx` - - :ref:`installation apache` - -Filtron can be started using the following command: - -.. code:: sh - - $ filtron -rules rules.json - -It listens on ``127.0.0.1:4004`` and forwards filtered requests to -``127.0.0.1:8888`` by default. - -Use it along with ``nginx`` with the following example configuration. - -.. code:: nginx - - # https://example.org/searx - - location /searx { - proxy_pass http://127.0.0.1:4004/; - - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - } - - location /searx/static { - /usr/local/searx/searx-src/searx/static; - } - - -Requests are coming from port 4004 going through filtron and then forwarded to -port 8888 where a SearXNG is being run. For a complete setup see: :ref:`nginx -searxng site`. diff --git a/docs/admin/index.rst b/docs/admin/index.rst index e6c0636b2..17a758885 100644 --- a/docs/admin/index.rst +++ b/docs/admin/index.rst @@ -7,17 +7,16 @@ Administrator documentation :caption: Contents installation + installation-docker + installation-scripts installation-searxng installation-uwsgi installation-nginx installation-apache - installation-docker installation-switch2ng update-searxng engines/index api architecture - filtron - morty plugins buildhosts diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst index b60e20ad1..ca919812e 100644 --- a/docs/admin/installation-apache.rst +++ b/docs/admin/installation-apache.rst @@ -1,13 +1,13 @@ .. _installation apache: -=================== -Install with apache -=================== +====== +Apache +====== .. _Apache: https://httpd.apache.org/ .. _Apache Debian: https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x): -.. _README.Debian: +.. _apache2.README.Debian: https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian .. _Apache Arch Linux: https://wiki.archlinux.org/index.php/Apache_HTTP_Server @@ -23,7 +23,9 @@ Install with apache https://httpd.apache.org/docs/current/en/configuring.html .. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost .. _LoadModule: - https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule + https://httpd.apache.org/docs/mod/mod_so.html#loadmodule +.. _IncludeOptional: + https://httpd.apache.org/docs/mod/core.html#includeoptional .. _DocumentRoot: https://httpd.apache.org/docs/trunk/mod/core.html#documentroot .. _Location: @@ -32,11 +34,30 @@ Install with apache https://uwsgi-docs.readthedocs.io/en/latest/Apache.html .. _mod_proxy_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi +.. _mod_proxy_http: + https://httpd.apache.org/docs/current/mod/mod_proxy_http.html +.. _mod_proxy: + https://httpd.apache.org/docs/current/mod/mod_proxy.html + + +This section explains how to set up a SearXNG site using the HTTP server Apache_. +If you have used the :ref:`installation scripts` and do not have any preference +you can install the :ref:`SearXNG site <apache searxng site>` using +:ref:`searxng.sh <searxng.sh overview>`: + +.. code:: bash + + $ sudo -H ./utils/searxng.sh install apache + +If you have special interests or problems with setting up Apache, the following +section might give you some guidance. + .. sidebar:: further read - `Apache Arch Linux`_ - - `Apache Debian`_ and `README.Debian`_ + - `Apache Debian`_ + - `apache2.README.Debian`_ - `Apache Fedora`_ - `Apache directives`_ @@ -45,23 +66,8 @@ Install with apache :local: :backlinks: entry ----- - -**Install** :ref:`apache searxng site` using :ref:`filtron.sh <filtron.sh overview>` - -.. code:: bash - - $ sudo -H ./utils/filtron.sh apache install - -**Install** :ref:`apache searxng site` using :ref:`morty.sh <morty.sh overview>` - -.. code:: bash - $ sudo -H ./utils/morty.sh apache install - ----- - -The apache HTTP server +The Apache HTTP server ====================== If Apache_ is not installed, install it now. If apache_ is new to you, the @@ -73,13 +79,13 @@ Directives`_ documentation gives first orientation. There is also a list of .. group-tab:: Ubuntu / debian - .. code:: sh + .. code:: bash sudo -H apt-get install apache2 .. group-tab:: Arch Linux - .. code:: sh + .. code:: bash sudo -H pacman -S apache sudo -H systemctl enable httpd @@ -87,7 +93,7 @@ Directives`_ documentation gives first orientation. There is also a list of .. group-tab:: Fedora / RHEL - .. code:: sh + .. code:: bash sudo -H dnf install httpd sudo -H systemctl enable httpd @@ -101,7 +107,7 @@ How this default intro site is configured, depends on the linux distribution .. group-tab:: Ubuntu / debian - .. code:: sh + .. code:: bash less /etc/apache2/sites-enabled/000-default.conf @@ -115,7 +121,7 @@ How this default intro site is configured, depends on the linux distribution .. group-tab:: Arch Linux - .. code:: sh + .. code:: bash less /etc/httpd/conf/httpd.conf @@ -130,8 +136,8 @@ How this default intro site is configured, depends on the linux distribution Require all granted </Directory> - The *welcome* page of Arch Linux is a page showing directory located at - ``DocumentRoot``. This is *directory* page is generated by the Module + The *welcome* page of Arch Linux is a page showing the directory located + at ``DocumentRoot``. This *directory* page is generated by the Module `mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_: .. code:: apache @@ -142,7 +148,7 @@ How this default intro site is configured, depends on the linux distribution .. group-tab:: Fedora / RHEL - .. code:: sh + .. code:: bash less /etc/httpd/conf/httpd.conf @@ -163,323 +169,204 @@ How this default intro site is configured, depends on the linux distribution less /etc/httpd/conf.d/welcome.conf -.. _apache searxng site: -Apache Reverse Proxy -==================== +.. _Debian's Apache layout: -.. sidebar:: public to the internet? +Debian's Apache layout +---------------------- - If your SearXNG instance is public, stop here and first install :ref:`filtron - reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see - :ref:`installation scripts`. If already done, follow setup: *SearXNG via - filtron plus morty*. +Be aware, Debian's Apache layout is quite different from the standard Apache +configuration. For details look at the apache2.README.Debian_ +(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on +Debian: -To setup a Apache revers proxy you have to enable the *headers* and *proxy* -modules and create a `Location`_ configuration for the SearXNG site. In most -distributions you have to un-comment the lines in the main configuration file, -except in :ref:`The Debian Layout`. +* :man:`apache2ctl`: Apache HTTP server control interface +* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules +* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations +* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites + +.. _apache modules: + +Apache modules +-------------- + +To load additional modules, in most distributions you have to un-comment the +lines with the corresponding LoadModule_ directive, except in :ref:`Debian's +Apache layout`. .. tabs:: .. group-tab:: Ubuntu / debian - In the Apache setup, enable headers and proxy modules: + :ref:`Debian's Apache layout` uses :man:`a2enmod` and :man:`a2dismod` to + activate or disable modules: - .. code:: sh + .. code:: bash + sudo -H a2enmod ssl sudo -H a2enmod headers sudo -H a2enmod proxy sudo -H a2enmod proxy_http - - In :ref:`The Debian Layout` you create a ``searxng.conf`` with the - ``<Location /searx >`` directive and save this file in the *sites - available* folder at ``/etc/apache2/sites-available``. To enable the - ``searxng.conf`` use :man:`a2ensite`: - - .. code:: sh - - sudo -H a2ensite searxng.conf + sudo -H a2enmod proxy_uwsgi .. group-tab:: Arch Linux - In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy - modules (LoadModule_): + In the ``/etc/httpd/conf/httpd.conf`` file, activate LoadModule_ + directives: .. code:: apache - FIXME needs test - - LoadModule headers_module modules/mod_headers.so - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_http_module modules/mod_proxy_http.so + LoadModule ssl_module modules/mod_ssl.so + LoadModule headers_module modules/mod_headers.so + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_http_module modules/mod_proxy_http.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so .. group-tab:: Fedora / RHEL - In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy - modules (LoadModule_): + In the ``/etc/httpd/conf/httpd.conf`` file, activate LoadModule_ + directives: .. code:: apache - FIXME needs test + LoadModule ssl_module modules/mod_ssl.so + LoadModule headers_module modules/mod_headers.so + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_http_module modules/mod_proxy_http.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so - LoadModule headers_module modules/mod_headers.so - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_http_module modules/mod_proxy_http.so -With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the -proxied host. +.. _apache sites: -.. _apache searxng via filtron plus morty: - -.. tabs:: - - .. group-tab:: SearXNG via filtron plus morty - - Use this setup, if your instance is public to the internet, compare - figure: :ref:`architecture <arch public>` and :ref:`installation scripts`. - - 1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on - *localhost 4004* (:ref:`filtron route request`): - - .. code:: apache - - <Location /searx > - - # SetEnvIf Request_URI "/searx" dontlog - # CustomLog /dev/null combined env=dontlog - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass http://127.0.0.1:4004 - RequestHeader set X-Script-Name /searx - - </Location> - - 2. Configure reverse proxy for :ref:`morty <searxng morty>`, listening on - *localhost 3000* - - .. code:: apache - - ProxyPreserveHost On - - <Location /morty > - - # SetEnvIf Request_URI "/morty" dontlog - # CustomLog /dev/null combined env=dontlog - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPass http://127.0.0.1:3000 - RequestHeader set X-Script-Name /morty - - </Location> - - For a fully result proxification add :ref:`morty's <searxng morty>` **public - URL** to your :origin:`searx/settings.yml`: - - .. code:: yaml - - result_proxy: - # replace example.org with your server's public name - url : https://example.org/morty - key : !!binary "insert_your_morty_proxy_key_here" - - server: - image_proxy : True - -uWSGI support -============= - -Be warned, with this setup, your instance isn't :ref:`protected <searxng -filtron>`, nevertheless it is good enough for intranet usage. In modern Linux -distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache -package and you need to install only the :ref:`uWSGI <searxng uwsgi>` package: +Apache sites +------------ .. tabs:: .. group-tab:: Ubuntu / debian - .. code:: sh + In :ref:`Debian's Apache layout` you create a ``searxng.conf`` with the + ``<Location /searxng >`` directive and save this file in the *sites + available* folder at ``/etc/apache2/sites-available``. To enable the + ``searxng.conf`` use :man:`a2ensite`: - sudo -H apt-get install uwsgi + .. code:: bash - # Ubuntu =< 18.04 - sudo -H apt-get install libapache2-mod-proxy-uwsgi + sudo -H a2ensite searxng.conf .. group-tab:: Arch Linux - .. code:: sh - - sudo -H pacman -S uwsgi - - .. group-tab:: Fedora / RHEL - - .. code:: sh - - sudo -H dnf install uwsgi - -The next example shows a configuration using the `uWSGI Apache support`_ via -unix sockets and `mod_proxy_uwsgi`_. - -For socket communication, you have to activate ``socket = -/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` -configuration in your :ref:`uwsgi ini file <uwsgi configuration>`. If not -already exists, create a folder for the unix sockets, which can be used by the -SearXNG account (see :ref:`create searxng user`): - -.. code:: bash - - sudo -H mkdir -p /run/uwsgi/app/searx/ - sudo -H chown -R searx:searx /run/uwsgi/app/searx/ - -If the server is public; to limit access to your intranet replace ``Allow from -all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class. - -.. tabs:: - - .. group-tab:: Ubuntu / debian + In the ``/etc/httpd/conf/httpd.conf`` file add a IncludeOptional_ + directive: .. code:: apache - LoadModule headers_module /usr/lib/apache2/mod_headers.so - LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so - LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so - - # SetEnvIf Request_URI /searx dontlog - # CustomLog /dev/null combined env=dontlog + IncludeOptional sites-enabled/*.conf - <Location /searx> + Create two folders, one for the *available sites* and one for the *enabled sites*: - Require all granted - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all + .. code:: bash - ProxyPreserveHost On - ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + mkdir -p /etc/httpd/sites-available + mkdir -p /etc/httpd/sites-enabled - </Location> + Create configuration at ``/etc/httpd/sites-available`` and place a + symlink to ``sites-enabled``: - .. group-tab:: Arch Linux - - .. code:: apache + .. code:: bash - FIXME needs test + sudo -H ln -s /etc/httpd/sites-available/searxng.conf \ + /etc/httpd/sites-enabled/searxng.conf - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so - - # SetEnvIf Request_URI /searx dontlog - # CustomLog /dev/null combined env=dontlog + .. group-tab:: Fedora / RHEL - <Location /searx> + In the ``/etc/httpd/conf/httpd.conf`` file add a IncludeOptional_ + directive: - Require all granted - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all + .. code:: apache - ProxyPreserveHost On - ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + IncludeOptional sites-enabled/*.conf - </Location> + Create two folders, one for the *available sites* and one for the *enabled sites*: - .. group-tab:: Fedora / RHEL + .. code:: bash - .. code:: apache + mkdir -p /etc/httpd/sites-available + mkdir -p /etc/httpd/sites-enabled - FIXME needs test + Create configuration at ``/etc/httpd/sites-available`` and place a + symlink to ``sites-enabled``: - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so - <IfModule proxy_uwsgi_module> + .. code:: bash - # SetEnvIf Request_URI /searx dontlog - # CustomLog /dev/null combined env=dontlog + sudo -H ln -s /etc/httpd/sites-available/searxng.conf \ + /etc/httpd/sites-enabled/searxng.conf - <Location /searx> - Require all granted - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all +.. _apache searxng site: - ProxyPreserveHost On - ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ +Apache's SearXNG site +===================== - </Location> +.. _mod_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi - </IfModule> +.. sidebar:: uWSGI - .. group-tab:: old mod_wsgi + Use mod_proxy_uwsgi_ / don't use the old mod_uwsgi_ anymore. - We show this only for historical reasons, DON'T USE `mod_uwsgi - <https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_. - ANYMORE! +To proxy the incoming requests to the SearXNG instance Apache needs the +mod_proxy_ module (:ref:`apache modules`). - .. code:: apache +.. sidebar:: HTTP headers - <IfModule mod_uwsgi.c> + With ProxyPreserveHost_ the incoming ``Host`` header is passed to the proxied + host. - # SetEnvIf Request_URI "/searx" dontlog - # CustomLog /dev/null combined env=dontlog +Depending on what your SearXNG installation is listen, you need a http +mod_proxy_http_) or socket (mod_proxy_uwsgi_) communication to upstream. - <Location /searx > +The :ref:`installation scripts` installs by default the :ref:`reference setup +<use_default_settings.yml>` and a :ref:`uwsgi setup` that listens on a socket. +You can install and activate your own ``searxng.conf`` like shown in +:ref:`apache sites`. - Require all granted +.. tabs:: - Options FollowSymLinks Indexes - SetHandler uwsgi-handler - uWSGISocket /run/uwsgi/app/searx/socket + .. group-tab:: socket - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst + :start-after: START apache socket + :end-before: END apache socket - </Location> + .. group-tab:: http - </IfModule> + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst + :start-after: START apache http + :end-before: END apache http .. _restart apache: -Restart service -=============== +Restart service: .. tabs:: .. group-tab:: Ubuntu / debian - .. code:: sh + .. code:: bash sudo -H systemctl restart apache2 - sudo -H service uwsgi restart searx + sudo -H service uwsgi restart searxng .. group-tab:: Arch Linux - .. code:: sh + .. code:: bash sudo -H systemctl restart httpd - sudo -H systemctl restart uwsgi@searx + sudo -H systemctl restart uwsgi@searxng .. group-tab:: Fedora / RHEL - .. code:: sh + .. code:: bash sudo -H systemctl restart httpd sudo -H touch /etc/uwsgi.d/searxng.ini @@ -489,27 +376,13 @@ disable logs ============ For better privacy you can disable Apache logs. In the examples above activate -one of the lines and `restart apache`_:: - +one of the lines and `restart apache`_: - # SetEnvIf Request_URI "/searx" dontlog - # CustomLog /dev/null combined env=dontlog +.. code:: apache -The ``CustomLog`` directive disable logs for the whole (virtual) server, use it -when the URL of the service does not have a path component (``/searx``) / is -located at root (``/``). + SetEnvIf Request_URI "/searxng" dontlog + # CustomLog /dev/null combined env=dontlog -.. _The Debian Layout: - -The Debian Layout -================= - -Be aware that the Debian layout is quite different from the standard Apache -configuration. For details look at the README.Debian_ -(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on -Debian: - -* :man:`apache2ctl`: Apache HTTP server control interface -* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules -* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations -* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites +The ``CustomLog`` directive disable logs of the entire (virtual) server, use it +when the URL of the service does not have a path component (``/searxng``), when +SearXNG is located at root (``/``). diff --git a/docs/admin/installation-docker.rst b/docs/admin/installation-docker.rst index cd91af382..7800472eb 100644 --- a/docs/admin/installation-docker.rst +++ b/docs/admin/installation-docker.rst @@ -1,37 +1,60 @@ - .. _installation docker: -=================== -Docker installation -=================== +================ +Docker Container +================ .. _ENTRYPOINT: https://docs.docker.com/engine/reference/builder/#entrypoint +.. _searxng/searxng @dockerhub: https://hub.docker.com/r/searxng/searxng .. _searxng-docker: https://github.com/searxng/searxng-docker -.. _[filtron]: https://hub.docker.com/r/dalf/filtron -.. _[morty]: https://hub.docker.com/r/dalf/morty .. _[caddy]: https://hub.docker.com/_/caddy +.. _Redis: https://redis.io/ + +---- .. sidebar:: info + - `searxng/searxng @dockerhub`_ - :origin:`Dockerfile` - - `searxng/searxng @dockerhub <https://hub.docker.com/r/searxng/searxng>`_ - `Docker overview <https://docs.docker.com/get-started/overview>`_ - - `Docker Cheat Sheet <https://www.docker.com/sites/default/files/d8/2019-09/docker-cheat-sheet.pdf>`_ - - `Alpine Linux <https://alpinelinux.org>`_ `(wiki) <https://en.wikipedia.org/wiki/Alpine_Linux>`__ `apt packages <https://pkgs.alpinelinux.org/packages>`_ + - `Docker Cheat Sheet <https://docs.docker.com/get-started/docker_cheatsheet.pdf>`_ + - `Alpine Linux <https://alpinelinux.org>`_ + `(wiki) <https://en.wikipedia.org/wiki/Alpine_Linux>`__ + `apt packages <https://pkgs.alpinelinux.org/packages>`_ - Alpine's ``/bin/sh`` is :man:`dash` -.. tip:: +**If you intend to create a public instance using Docker, use our well maintained +docker container** + +- `searxng/searxng @dockerhub`_. + +.. sidebar:: hint + + The rest of this article is of interest only to those who want to create and + maintain their own Docker images. + +The sources are hosted at searxng-docker_ and the container includes: + +- a HTTPS reverse proxy `[caddy]`_ and +- a Redis_ DB + +The `default SearXNG setup <https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml>`_ +of this container: + +- enables :ref:`limiter <limiter>` to protect against bots +- enables :ref:`image proxy <image_proxy>` for better privacy +- enables :ref:`cache busting <static_use_hash>` to save bandwith + +---- - If you intend to create a public instance using Docker, use our well - maintained searxng-docker_ image which includes - - :ref:`protection <searxng filtron>` `[filtron]`_, - - a :ref:`result proxy <searxng morty>` `[morty]`_ and - - a HTTPS reverse proxy `[caddy]`_. +Get Docker +========== -Make sure you have `installed Docker <https://docs.docker.com/get-docker/>`_ and -on Linux, don't forget to add your user to the docker group (log out and log -back in so that your group membership is re-evaluated): +If you plan to build and maintain a docker image by your own, make sure you have +`Docker installed <https://docs.docker.com/get-docker/>`_ and on Linux, don't +forget to add your user to the docker group (log out and log back in so that +your group membership is re-evaluated): .. code:: sh diff --git a/docs/admin/installation-nginx.rst b/docs/admin/installation-nginx.rst index fdbcdf032..33b6df53a 100644 --- a/docs/admin/installation-nginx.rst +++ b/docs/admin/installation-nginx.rst @@ -1,8 +1,8 @@ .. _installation nginx: -================== -Install with nginx -================== +===== +NGINX +===== .. _nginx: https://docs.nginx.com/nginx/admin-guide/ @@ -19,6 +19,19 @@ Install with nginx .. _SCRIPT_NAME: https://werkzeug.palletsprojects.com/en/1.0.x/wsgi/#werkzeug.wsgi.get_script_name +This section explains how to set up a SearXNG site using the HTTP server nginx_. +If you have used the :ref:`installation scripts` and do not have any preference +you can install the :ref:`SearXNG site <nginx searxng site>` using +:ref:`searxng.sh <searxng.sh overview>`: + +.. code:: bash + + $ sudo -H ./utils/searxng.sh install nginx + +If you have special interests or problems with setting up nginx, the following +section might give you some guidance. + + .. sidebar:: further reading - nginx_ @@ -27,39 +40,23 @@ Install with nginx - `Getting Started wiki`_ - `uWSGI support from nginx`_ + .. contents:: Contents :depth: 2 :local: :backlinks: entry ----- - -**Install** :ref:`nginx searxng site` using :ref:`filtron.sh <filtron.sh overview>` - -.. code:: bash - - $ sudo -H ./utils/filtron.sh nginx install - -**Install** :ref:`nginx searxng site` using :ref:`morty.sh <morty.sh overview>` - -.. code:: bash - - $ sudo -H ./utils/morty.sh nginx install - ----- - The nginx HTTP server ===================== -If nginx_ is not installed (uwsgi will not work with the package nginx-light), -install it now. +If nginx_ is not installed, install it now. .. tabs:: .. group-tab:: Ubuntu / debian - .. code:: sh + .. code:: bash sudo -H apt-get install nginx @@ -88,11 +85,11 @@ depends on the linux distribution: .. group-tab:: Ubuntu / debian - .. code:: sh + .. code:: bash less /etc/nginx/nginx.conf - there is a line including site configurations from: + There is one line that includes site configurations from: .. code:: nginx @@ -104,7 +101,7 @@ depends on the linux distribution: less /etc/nginx/nginx.conf - in there is a configuration section named ``server``: + There is a configuration section named ``server``: .. code-block:: nginx @@ -120,249 +117,121 @@ depends on the linux distribution: less /etc/nginx/nginx.conf - there is a line including site configurations from: + There is one line that includes site configurations from: .. code:: nginx include /etc/nginx/conf.d/*.conf; + .. _nginx searxng site: -A nginx SearXNG site +NGINX's SearXNG site ==================== -.. sidebar:: public to the internet? - - If your SearXNG instance is public, stop here and first install :ref:`filtron - reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see - :ref:`installation scripts`. If already done, follow setup: *SearXNG via - filtron plus morty*. +Now you have to create a configuration file (``searxng.conf``) for the SearXNG +site. If nginx_ is new to you, the `nginx beginners guide`_ is a good starting +point and the `Getting Started wiki`_ is always a good resource *to keep in the +pocket*. -Now you have to create a configuration for the SearXNG site. If nginx_ is new to -you, the `nginx beginners guide`_ is a good starting point and the `Getting -Started wiki`_ is always a good resource *to keep in the pocket*. +Depending on what your SearXNG installation is listen, you need a http or socket +communication to upstream. .. tabs:: - .. group-tab:: Ubuntu / debian - - Create configuration at ``/etc/nginx/sites-available/searxng`` and place a - symlink to sites-enabled: - - .. code:: sh - - sudo -H ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/searxng - - .. group-tab:: Arch Linux + .. group-tab:: socket - In the ``/etc/nginx/nginx.conf`` file, replace the configuration section - named ``server``. + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst + :start-after: START nginx socket + :end-before: END nginx socket - .. group-tab:: Fedora / RHEL + .. group-tab:: http - Create configuration at ``/etc/nginx/conf.d/searxng`` and place a - symlink to sites-enabled: + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst + :start-after: START nginx http + :end-before: END nginx http -.. _nginx searxng via filtron plus morty: +The :ref:`installation scripts` installs by default the :ref:`reference setup +<use_default_settings.yml>` and a :ref:`uwsgi setup` that listens on a socket. .. tabs:: - .. group-tab:: SearXNG via filtron plus morty - - Use this setup, if your instance is public to the internet, compare - figure: :ref:`architecture <arch public>` and :ref:`installation scripts`. - - 1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on - *localhost 4004* (:ref:`filtron route request`): - - .. code:: nginx - - # https://example.org/searx - - location /searx { - proxy_pass http://127.0.0.1:4004/; - - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - } - - location /searx/static/ { - alias /usr/local/searx/searx-src/searx/static/; - } - - - 2. Configure reverse proxy for :ref:`morty <searxng morty>`, listening on - *localhost 3000*: - - .. code:: nginx - - # https://example.org/morty - - location /morty { - proxy_pass http://127.0.0.1:3000/; - - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - } - - For a fully result proxification add :ref:`morty's <searxng morty>` **public - URL** to your :origin:`searx/settings.yml`: - - .. code:: yaml - - result_proxy: - # replace example.org with your server's public name - url : https://example.org/morty - key : !!binary "insert_your_morty_proxy_key_here" - - server: - image_proxy : True - - - .. group-tab:: proxy or uWSGI - - Be warned, with this setup, your instance isn't :ref:`protected <searxng - filtron>`. Nevertheless it is good enough for intranet usage and it is a - excellent example of; *how different services can be set up*. The next - example shows a reverse proxy configuration wrapping the :ref:`searx-uWSGI - application <uwsgi configuration>`, listening on ``http = - 127.0.0.1:8888``. - - .. code:: nginx + .. group-tab:: Ubuntu / debian - # https://hostname.local/ + Create configuration at ``/etc/nginx/sites-available/`` and place a + symlink to ``sites-enabled``: - location / { - proxy_pass http://127.0.0.1:8888; + .. code:: bash - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_buffering off; - } + sudo -H ln -s /etc/nginx/sites-available/searxng.conf \ + /etc/nginx/sites-enabled/searxng.conf - Alternatively you can use the `uWSGI support from nginx`_ via unix - sockets. For socket communication, you have to activate ``socket = - /run/uwsgi/app/searx/socket`` and comment out the ``http = - 127.0.0.1:8888`` configuration in your :ref:`uwsgi ini file <uwsgi - configuration>`. + .. group-tab:: Arch Linux - The example shows a nginx virtual ``server`` configuration, listening on - port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at - location ``/`` by importing the `uwsgi_params`_ and passing requests to - the uWSGI socket (``uwsgi_pass``). The ``server``\'s root points to the - :ref:`searx-src clone <searx-src>` and wraps directly the - :origin:`searx/static/` content at ``location /static``. + In the ``/etc/nginx/nginx.conf`` file, in the ``server`` section add a + `include <https://nginx.org/en/docs/ngx_core_module.html#include>`_ + directive: .. code:: nginx server { - # replace hostname.local with your server's name - server_name hostname.local; - - listen 80; - listen [::]:80; - - location / { - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/app/searx/socket; - } - - root /usr/local/searx/searx-src/searx; - location /static { } + # ... + include /etc/nginx/default.d/*.conf; + # ... } - If not already exists, create a folder for the unix sockets, which can be - used by the SearXNG account: + Create two folders, one for the *available sites* and one for the *enabled sites*: .. code:: bash - mkdir -p /run/uwsgi/app/searx/ - sudo -H chown -R searx:searx /run/uwsgi/app/searx/ - - .. group-tab:: \.\. at subdir URL - - Be warned, with these setups, your instance isn't :ref:`protected <searxng - filtron>`. The examples are just here to demonstrate how to export the - SearXNG application from a subdirectory URL ``https://example.org/searx/``. - - .. code:: nginx - - # https://hostname.local/searx - - location /searx { - proxy_pass http://127.0.0.1:8888; + mkdir -p /etc/nginx/default.d + mkdir -p /etc/nginx/default.apps-available - proxy_set_header Host $host; - proxy_set_header Connection $http_connection; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - proxy_buffering off; - } - - location /searx/static/ { - alias /usr/local/searx/searx-src/searx/static/; - } + Create configuration at ``/etc/nginx/default.apps-available`` and place a + symlink to ``default.d``: - The ``X-Script-Name /searx`` is needed by the SearXNG implementation to - calculate relative URLs correct. The next example shows a uWSGI - configuration. Since there are no HTTP headers in a (u)WSGI protocol, the - value is shipped via the SCRIPT_NAME_ in the WSGI environment. + .. code:: bash - .. code:: nginx + sudo -H ln -s /etc/nginx/default.apps-available/searxng.conf \ + /etc/nginx/default.d/searxng.conf - # https://hostname.local/searx + .. group-tab:: Fedora / RHEL - location /searx { - uwsgi_param SCRIPT_NAME /searx; - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/app/searx/socket; - } + Create a folder for the *available sites*: - location /searx/static/ { - alias /usr/local/searx/searx-src/searx/; - } + .. code:: bash - For SearXNG to work correctly the ``base_url`` must be set in the - :origin:`searx/settings.yml`. + mkdir -p /etc/nginx/default.apps-available - .. code:: yaml + Create configuration at ``/etc/nginx/default.apps-available`` and place a + symlink to ``conf.d``: - server: - # replace example.org with your server's public name - base_url : https://example.org/searx/ + .. code:: bash + sudo -H ln -s /etc/nginx/default.apps-available/searxng.conf \ + /etc/nginx/conf.d/searxng.conf -Restart service: +Restart services: .. tabs:: .. group-tab:: Ubuntu / debian - .. code:: sh + .. code:: bash sudo -H systemctl restart nginx - sudo -H service uwsgi restart searx + sudo -H service uwsgi restart searxng .. group-tab:: Arch Linux - .. code:: sh + .. code:: bash sudo -H systemctl restart nginx - sudo -H systemctl restart uwsgi@searx + sudo -H systemctl restart uwsgi@searxng - .. group-tab:: Fedora + .. group-tab:: Fedora / RHEL - .. code:: sh + .. code:: bash sudo -H systemctl restart nginx sudo -H touch /etc/uwsgi.d/searxng.ini diff --git a/docs/admin/installation-scripts.rst b/docs/admin/installation-scripts.rst new file mode 100644 index 000000000..0efeee2a8 --- /dev/null +++ b/docs/admin/installation-scripts.rst @@ -0,0 +1,62 @@ +.. _installation scripts: + +=================== +Installation Script +=================== + +.. sidebar:: Update OS first! + + To avoid unwanted side effects, update your OS before installing SearXNG. + +The following will install a setup as shown in :ref:`the reference architecture +<arch public>`. First you need to get a clone. The clone is only needed for +the installation procedure and some maintenance tasks. + +.. sidebar:: further read + + - :ref:`toolboxing` + +Jump to a folder that is readable by *others* and start to clone SearXNG, +alternatively you can create your own fork and clone from there. + +.. code:: bash + + $ cd ~/Downloads + $ git clone https://github.com/searxng/searxng.git searxng + $ cd searxng + +.. sidebar:: further read + + - :ref:`inspect searxng` + +To install a SearXNG :ref:`reference setup <use_default_settings.yml>` +including a :ref:`uWSGI setup <architecture uWSGI>` as described in the +:ref:`installation basic` and in the :ref:`searxng uwsgi` section type: + +.. code:: bash + + $ sudo -H ./utils/searxng.sh install all + +.. attention:: + + For the installation procedure, use a *sudoer* login to run the scripts. If + you install from ``root``, take into account that the scripts are creating a + ``searxng`` user. In the installation procedure this new created user do + need read access to the clone of searx, which is not the case if you clone + into a folder below ``/root``! + +.. sidebar:: further read + + - :ref:`update searxng` + +.. _caddy: https://hub.docker.com/_/caddy + +When all services are installed and running fine, you can add SearXNG to your +HTTP server. We do not have any preferences for the HTTP server, you can use +whatever you prefer. + +We use caddy in our :ref:`docker image <installation docker>` and we have +implemented installation procedures for: + +- :ref:`installation nginx` +- :ref:`installation apache` diff --git a/docs/admin/installation-searxng.rst b/docs/admin/installation-searxng.rst index b14139310..db760bc39 100644 --- a/docs/admin/installation-searxng.rst +++ b/docs/admin/installation-searxng.rst @@ -9,15 +9,16 @@ Step by step installation :local: :backlinks: entry -Step by step installation with virtualenv. For Ubuntu, be sure to have enable -universe repository. + +In this section we show the setup of a SearXNG instance that will be installed +by the :ref:`installation scripts`. .. _install packages: Install packages ================ -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START distro-packages :end-before: END distro-packages @@ -30,24 +31,24 @@ Install packages Create user =========== -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START create user :end-before: END create user -.. _searx-src: +.. _searxng-src: Install SearXNG & dependencies ============================== -Start a interactive shell from new created user and clone searx: +Start a interactive shell from new created user and clone SearXNG: -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START clone searxng :end-before: END clone searxng In the same shell create *virtualenv*: -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START create virtualenv :end-before: END create virtualenv @@ -55,7 +56,7 @@ To install searx's dependencies, exit the SearXNG *bash* session you opened abov and restart a new. Before install, first check if your *virtualenv* was sourced from the login (*~/.profile*): -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START manage.sh update_packages :end-before: END manage.sh update_packages @@ -77,30 +78,41 @@ Configuration - :ref:`settings use_default_settings` - :origin:`/etc/searxng/settings.yml <utils/templates/etc/searxng/settings.yml>` -To create a initial ``/etc/searxng/settings.yml`` you can start with a copy of -the file :origin:`utils/templates/etc/searxng/settings.yml`. This setup +To create a initial ``/etc/searxng/settings.yml`` we recommend to start with a +copy of the file :origin:`utils/templates/etc/searxng/settings.yml`. This setup :ref:`use default settings <settings use_default_settings>` from -:origin:`searx/settings.yml`. +:origin:`searx/settings.yml` and is shown in the tab *"Use default settings"* +below. This setup: -For a *minimal setup*, configure like shown below – replace ``searx@$(uname --n)`` with a name of your choice, set ``ultrasecretkey`` -- *and/or* edit -``/etc/searxng/settings.yml`` to your needs. +- enables :ref:`limiter <limiter>` to protect against bots +- enables :ref:`image proxy <image_proxy>` for better privacy +- enables :ref:`cache busting <static_use_hash>` to save bandwith -.. kernel-include:: $DOCS_BUILD/includes/searx.rst - :start-after: START searxng config - :end-before: END searxng config +Modify the ``/etc/searxng/settings.yml`` to your needs: .. tabs:: .. group-tab:: Use default settings - .. literalinclude:: ../../utils/templates/etc/searxng/settings.yml - :language: yaml + .. literalinclude:: ../../utils/templates/etc/searxng/settings.yml + :language: yaml + :end-before: # hostname_replace: + + To see the entire file jump to :origin:`utils/templates/etc/searxng/settings.yml` .. group-tab:: searx/settings.yml - .. literalinclude:: ../../searx/settings.yml - :language: yaml + .. literalinclude:: ../../searx/settings.yml + :language: yaml + :end-before: # hostname_replace: + + To see the entire file jump to :origin:`searx/settings.yml` + +For a *minimal setup* you need to set ``server:secret_key``. + +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst + :start-after: START searxng config + :end-before: END searxng config Check @@ -110,7 +122,7 @@ To check your SearXNG setup, optional enable debugging and start the *webapp*. SearXNG looks at the exported environment ``$SEARXNG_SETTINGS_PATH`` for a configuration file. -.. kernel-include:: $DOCS_BUILD/includes/searx.rst +.. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START check searxng installation :end-before: END check searxng installation diff --git a/docs/admin/installation-switch2ng.rst b/docs/admin/installation-switch2ng.rst index 8863cd71e..0e25b960a 100644 --- a/docs/admin/installation-switch2ng.rst +++ b/docs/admin/installation-switch2ng.rst @@ -22,7 +22,11 @@ If your searx instance was installed *"Step by step"* or by the *"Installation scripts"*, you need to undo the installation procedure completely. If you have morty & filtron installed, it is recommended to uninstall these services also. In case of scripts, to uninstall use the scripts from the origin you installed -searx from. +searx from or try:: + + $ sudo -H ./utils/filtron.sh remve all + $ sudo -H ./utils/morty.sh remve all + $ sudo -H ./utils/searx.sh remve all If you have removed the old searx installation, clone from SearXNG and and start with your installation procedure (e.g. :ref:`installation scripts`): @@ -53,7 +57,7 @@ Once you have done your installation, you can run a SearXNG *check* procedure, to see if there are some left overs. In this example there exists a *old* ``/etc/searx/settings.yml``:: - $ sudo -H ./utils/searx.sh install check + $ sudo -H ./utils/searxng.sh instance check ============================ SearXNG (check installation) diff --git a/docs/admin/installation-uwsgi.rst b/docs/admin/installation-uwsgi.rst index 1021283f9..eea52ab3e 100644 --- a/docs/admin/installation-uwsgi.rst +++ b/docs/admin/installation-uwsgi.rst @@ -1,7 +1,7 @@ .. _searxng uwsgi: ===== -uwsgi +uWSGI ===== .. sidebar:: further reading @@ -29,37 +29,51 @@ uwsgi Origin uWSGI ============ -How uWSGI is implemented by distributors is different. uWSGI itself -recommend two methods +.. _Tyrant mode: + https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting -`systemd.unit`_ template files as described here `One service per app in systemd`_. +How uWSGI is implemented by distributors varies. The uWSGI project itself +recommends two methods: - There is one `systemd unit template`_ and one `uwsgi ini file`_ per uWSGI-app - placed at dedicated locations. Take archlinux and a searxng.ini as example:: +1. `systemd.unit`_ template file as described here `One service per app in systemd`_: - unit template --> /usr/lib/systemd/system/uwsgi@.service - uwsgi ini files --> /etc/uwsgi/searxng.ini + There is one `systemd unit template`_ on the system installed and one `uwsgi + ini file`_ per uWSGI-app placed at dedicated locations. Take archlinux and a + ``searxng.ini`` as example:: - The SearXNG app can be maintained as know from common systemd units:: + systemd template unit: /usr/lib/systemd/system/uwsgi@.service + contains: [Service] + ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/%I.ini - systemctl enable uwsgi@searx - systemctl start uwsgi@searx - systemctl restart uwsgi@searx - systemctl stop uwsgi@searx + SearXNG application: /etc/uwsgi/searxng.ini + links to: /etc/uwsgi/apps-available/searxng.ini -The `uWSGI Emperor`_ mode which fits for maintaining a large range of uwsgi apps. + The SearXNG app (template ``/etc/uwsgi/%I.ini``) can be maintained as known + from common systemd units: + + .. code:: sh + + $ systemctl enable uwsgi@searxng + $ systemctl start uwsgi@searxng + $ systemctl restart uwsgi@searxng + $ systemctl stop uwsgi@searxng + +2. The `uWSGI Emperor`_ which fits for maintaining a large range of uwsgi + apps and there is a `Tyrant mode`_ to secure multi-user hosting. The Emperor mode is a special uWSGI instance that will monitor specific - events. The Emperor mode (service) is started by a (common, not template) - systemd unit. The Emperor service will scan specific directories for `uwsgi - ini file`_\s (also know as *vassals*). If a *vassal* is added, removed or the - timestamp is modified, a corresponding action takes place: a new uWSGI - instance is started, reload or stopped. Take Fedora and a searxng.ini as - example:: + events. The Emperor mode (the service) is started by a (common, not template) + systemd unit. + + The Emperor service will scan specific directories for `uwsgi ini file`_\s + (also know as *vassals*). If a *vassal* is added, removed or the timestamp is + modified, a corresponding action takes place: a new uWSGI instance is started, + reload or stopped. Take Fedora and a ``searxng.ini`` as example:: + + to install & start SearXNG instance create --> /etc/uwsgi.d/searxng.ini + to reload the instance edit timestamp --> touch /etc/uwsgi.d/searxng.ini + to stop instance remove ini --> rm /etc/uwsgi.d/searxng.ini - to start a new SearXNG instance create --> /etc/uwsgi.d/searxng.ini - to reload the instance edit timestamp --> touch /etc/uwsgi.d/searxng.ini - to stop instance remove ini --> rm /etc/uwsgi.d/searxng.ini Distributors ============ @@ -70,10 +84,22 @@ modes and their defaults. Another point they might differ is the packaging of plugins (if so, compare :ref:`install packages`) and what the default python interpreter is (python2 vs. python3). -Fedora starts a Emperor by default, while archlinux does not start any uwsgi -service by default. Worth to know; debian (ubuntu) follow a complete different -approach. *debian*: your are familiar with the apache infrastructure? .. they -do similar for the uWSGI infrastructure (with less comfort), the folders are:: +While archlinux does not start a uWSGI service by default, Fedora (RHEL) starts +a Emperor in `Tyrant mode`_ by default (you should have read :ref:`uWSGI Tyrant +mode pitfalls`). Worth to know; debian (ubuntu) follow a complete different +approach, read see :ref:`Debian's uWSGI layout`. + +.. _Debian's uWSGI layout: + +Debian's uWSGI layout +--------------------- + +.. _uwsgi.README.Debian: + https://salsa.debian.org/uwsgi-team/uwsgi/-/raw/debian/latest/debian/uwsgi.README.Debian + +Be aware, Debian's uWSGI layout is quite different from the standard uWSGI +configuration. Your are familiar with :ref:`Debian's Apache layout`? .. they do +similar for the uWSGI infrastructure. The folders are:: /etc/uwsgi/apps-available/ /etc/uwsgi/apps-enabled/ @@ -82,29 +108,52 @@ The `uwsgi ini file`_ is enabled by a symbolic link:: ln -s /etc/uwsgi/apps-available/searxng.ini /etc/uwsgi/apps-enabled/ -From debian's documentation (``/usr/share/doc/uwsgi/README.Debian.gz``): You -could control specific instance(s) by issuing:: +More details you will find in the uwsgi.README.Debian_ +(``/usr/share/doc/uwsgi/README.Debian.gz``). Some commands you should know on +Debian: - service uwsgi <command> <confname> <confname> ... +.. code:: none - sudo -H service uwsgi start searx - sudo -H service uwsgi stop searx + Commands recognized by init.d script + ==================================== -My experience is, that this command is a bit buggy. + You can issue to init.d script following commands: + * start | starts daemon + * stop | stops daemon + * reload | sends to daemon SIGHUP signal + * force-reload | sends to daemon SIGTERM signal + * restart | issues 'stop', then 'start' commands + * status | shows status of daemon instance (running/not running) -.. _uwsgi configuration: + 'status' command must be issued with exactly one argument: '<confname>'. -Alltogether -=========== + Controlling specific instances of uWSGI + ======================================= -Create the configuration ini-file according to your distribution (see below) and -restart the uwsgi application. + You could control specific instance(s) by issuing: + + SYSTEMCTL_SKIP_REDIRECT=1 service uwsgi <command> <confname> <confname>... + + where: + * <command> is one of 'start', 'stop' etc. + * <confname> is the name of configuration file (without extension) + + For example, this is how instance for /etc/uwsgi/apps-enabled/hello.xml is + started: + + SYSTEMCTL_SKIP_REDIRECT=1 service uwsgi start hello + + +.. _uWSGI maintenance: + +uWSGI maintenance +================= .. tabs:: .. group-tab:: Ubuntu / debian - .. kernel-include:: $DOCS_BUILD/includes/searx.rst + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START searxng uwsgi-description ubuntu-20.04 :end-before: END searxng uwsgi-description ubuntu-20.04 @@ -112,7 +161,7 @@ restart the uwsgi application. .. group-tab:: Arch Linux - .. kernel-include:: $DOCS_BUILD/includes/searx.rst + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START searxng uwsgi-description arch :end-before: END searxng uwsgi-description arch @@ -120,16 +169,28 @@ restart the uwsgi application. .. group-tab:: Fedora / RHEL - .. kernel-include:: $DOCS_BUILD/includes/searx.rst + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START searxng uwsgi-description fedora :end-before: END searxng uwsgi-description fedora +.. _uwsgi setup: + +uWSGI setup +=========== + +Create the configuration ini-file according to your distribution and restart the +uwsgi application. As shown below, the :ref:`installation scripts` installs by +default: + +- a uWSGI setup that listens on a socket and +- enables :ref:`cache busting <static_use_hash>`. + .. tabs:: .. group-tab:: Ubuntu / debian - .. kernel-include:: $DOCS_BUILD/includes/searx.rst + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START searxng uwsgi-appini ubuntu-20.04 :end-before: END searxng uwsgi-appini ubuntu-20.04 @@ -137,7 +198,7 @@ restart the uwsgi application. .. group-tab:: Arch Linux - .. kernel-include:: $DOCS_BUILD/includes/searx.rst + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START searxng uwsgi-appini arch :end-before: END searxng uwsgi-appini arch @@ -145,6 +206,63 @@ restart the uwsgi application. .. group-tab:: Fedora / RHEL - .. kernel-include:: $DOCS_BUILD/includes/searx.rst + .. kernel-include:: $DOCS_BUILD/includes/searxng.rst :start-after: START searxng uwsgi-appini fedora :end-before: END searxng uwsgi-appini fedora + + +.. _uWSGI Tyrant mode pitfalls: + +Pitfalls of the Tyrant mode +=========================== + +The implementation of the process owners and groups in the `Tyrant mode`_ is +somewhat unusual and requires special consideration. In `Tyrant mode`_ mode the +Emperor will run the vassal using the UID/GID of the vassal configuration file +(user and group of the app ``.ini`` file). + +.. _#2099@uWSGI: https://github.com/unbit/uwsgi/issues/2099 +.. _#752@uWSGI: https://github.com/unbit/uwsgi/pull/752 +.. _#2425uWSGI: https://github.com/unbit/uwsgi/issues/2425 + +Without option ``emperor-tyrant-initgroups=true`` in ``/etc/uwsgi.ini`` the +process won't get the additional groups, but this option is not available in +2.0.x branch (see `#2099@uWSGI`_) the feature `#752@uWSGI`_ has been merged (on +Oct. 2014) to the master branch of uWSGI but had never been released; the last +major release is from Dec. 2013, since the there had been only bugfix releases +(see `#2425uWSGI`_). To shorten up: + + **In Tyrant mode, there is no way to get additional groups, and the uWSGI + process misses additional permissions that may be needed.** + +By example, on Fedora (RHEL): If you try to install a redis DB with socket +communication and you want to connect from the SearXNG uWSGI, you will see a +*Permission denied* in the log of your instance:: + + ERROR:searx.shared.redis: [searxng (993)] can't connect redis DB ... + ERROR:searx.shared.redis: Error 13 connecting to unix socket: /usr/local/searxng-redis/run/redis.sock. Permission denied. + ERROR:searx.plugins.limiter: init limiter DB failed!!! + +Even if your *searxng* user of the uWSGI process is added to additional groups +to give access to the socket from the redis DB:: + + $ groups searxng + searxng : searxng searxng-redis + +To see the effective groups of the uwsgi process, you have to look at the status +of the process, by example:: + + $ ps -aef | grep '/usr/sbin/uwsgi --ini searxng.ini' + searxng 93 92 0 12:43 ? 00:00:00 /usr/sbin/uwsgi --ini searxng.ini + searxng 186 93 0 12:44 ? 00:00:01 /usr/sbin/uwsgi --ini searxng.ini + +Here you can see that the additional "Groups" of PID 186 are unset (missing gid +of ``searxng-redis``):: + + $ cat /proc/186/task/186/status + ... + Uid: 993 993 993 993 + Gid: 993 993 993 993 + FDSize: 128 + Groups: + ... diff --git a/docs/admin/installation.rst b/docs/admin/installation.rst index 91f82e504..f650480cb 100644 --- a/docs/admin/installation.rst +++ b/docs/admin/installation.rst @@ -14,99 +14,7 @@ Installation - :ref:`installation scripts` - :ref:`installation basic` -The :ref:`installation basic` is good enough for intranet usage and it is a -excellent illustration of *how a SearXNG instance is build up*. If you place your -instance public to the internet you should really consider to install a -:ref:`filtron reverse proxy <filtron.sh>` and for privacy a :ref:`result proxy -<morty.sh>` is mandatory. - -Therefore, if you do not have any special preferences, its recommend to use the -:ref:`installation docker` or the `Installation scripts`_ from our :ref:`tooling -box <toolboxing>` as described below. - -.. _installation scripts: - -Installation scripts -==================== - -.. sidebar:: Update OS first! - - To avoid unwanted side effects, update your OS before installing SearXNG. - -The following will install a setup as shown in :ref:`architecture`. First you -need to get a clone. The clone is only needed for the installation procedure -and some maintenance tasks (alternatively you can create your own fork). - -For the installation procedure, use a *sudoer* login to run the scripts. If you -install from ``root``, take into account that the scripts are creating a -``searx``, a ``filtron`` and a ``morty`` user. In the installation procedure -these new created users do need read access to the clone of searx, which is not -the case if you clone into a folder below ``/root``. - -.. code:: bash - - $ cd ~/Downloads - $ git clone https://github.com/searxng/searxng.git searxng - $ cd searxng - -.. sidebar:: further read - - - :ref:`toolboxing` - - :ref:`update searxng` - - :ref:`inspect searxng` - -**Install** :ref:`SearXNG service <searx.sh>` - -This installs SearXNG as described in :ref:`installation basic`. - -.. code:: bash - - $ sudo -H ./utils/searx.sh install all - -**Install** :ref:`filtron reverse proxy <filtron.sh>` - -.. code:: bash - - $ sudo -H ./utils/filtron.sh install all - -**Install** :ref:`result proxy <morty.sh>` - -.. code:: bash - - $ sudo -H ./utils/morty.sh install all - -If all services are running fine, you can add it to your HTTP server: - -**Install** HTTP - -- :ref:`installation apache` -- :ref:`installation nginx` - -**Install** :ref:`external plugins <dev plugin>` - -Use SearXNG's ``shell`` to install external plugins. In the example below we -install the SearXNG plugins from **The Green Web Foundation** `[ref] -<https://www.thegreenwebfoundation.org/news/searching-the-green-web-with-searx/>`__: - -.. code:: bash - - $ sudo -H ./utils/searx.sh shell - // exit with [CTRL-D] - (searx-pyenv) searx@ryzen:~$ pip install git+https://github.com/return42/tgwf-searx-plugins - -In the :ref:`settings.yml` activate the ``plugins:`` section and add module -``only_show_green_results`` from tgwf-searx-plugins. - -.. code:: yaml - - plugins: - - only_show_green_results - -.. _git stash: https://git-scm.com/docs/git-stash - -.. tip:: - - About script's installation options have a look at chapter :ref:`toolboxing - setup`. How to brand your instance see chapter :ref:`settings global`. To - *stash* your instance's setup, `git stash`_ your clone's :origin:`.config.sh` - file . +The :ref:`installation basic` is a excellent illustration of *how a SearXNG +instance is build up* (see :ref:`architecture uWSGI`). If you do not have any +special preferences, its recommend to use the :ref:`installation docker` or the +:ref:`installation scripts`. diff --git a/docs/admin/morty.rst b/docs/admin/morty.rst deleted file mode 100644 index b6bd2ea56..000000000 --- a/docs/admin/morty.rst +++ /dev/null @@ -1,40 +0,0 @@ - -.. _searxng morty: - -========================= -How to setup result proxy -========================= - -.. sidebar:: further reading - - - :ref:`morty.sh` - -.. _morty: https://github.com/asciimoo/morty -.. _morty's README: https://github.com/asciimoo/morty - -By default SearXNG can only act as an image proxy for result images, but it is -possible to proxify all the result URLs with an external service, morty_. - -To use this feature, morty has to be installed and activated in SearXNG's -``settings.yml``. Add the following snippet to your ``settings.yml`` and -restart searx: - -.. code:: yaml - - result_proxy: - url : http://127.0.0.1:3000/ - key : !!binary "insert_your_morty_proxy_key_here" - -Note that the example above (``http://127.0.0.1:3000``) is only for single-user -instances without a HTTP proxy. If your morty service is public, the url is the -address of the reverse proxy (e.g ``https://example.org/morty``). - -For more information about *result proxy* have a look at *"SearXNG via filtron -plus morty"* in the :ref:`nginx <nginx searxng via filtron plus morty>` and -:ref:`apache <apache searxng via filtron plus morty>` sections. - -``url`` - Is the address of the running morty service. - -``key`` - Is an optional argument, see `morty's README`_ for more information. diff --git a/docs/admin/update-searxng.rst b/docs/admin/update-searxng.rst index 4c541bf57..24bdf4f5f 100644 --- a/docs/admin/update-searxng.rst +++ b/docs/admin/update-searxng.rst @@ -1,59 +1,39 @@ -.. _update searxng: +=================== +SearXNG maintenance +=================== -============= -How to update -============= +.. sidebar:: further read -How to update depends on the :ref:`installation` method. If you have used the -:ref:`installation scripts`, use ``update`` command from the scripts. + - :ref:`toolboxing` + - :ref:`uWSGI maintenance` -**Update** :ref:`SearXNG service <searx.sh>` +.. contents:: Contents + :depth: 2 + :local: + :backlinks: entry -.. code:: sh +.. _update searxng: - sudo -H ./utils/searx.sh update searx +How to update +============= -**Update** :ref:`filtron reverse proxy <filtron.sh>` +How to update depends on the :ref:`installation` method. If you have used the +:ref:`installation scripts`, use ``update`` command from the :ref:`searxng.sh` +script. .. code:: sh - sudo -H ./utils/filtron.sh update filtron - -**Update** :ref:`result proxy <morty.sh>` - -.. code:: bash - - $ sudo -H ./utils/morty.sh update morty + sudo -H ./utils/searxng.sh instance update .. _inspect searxng: -====================== How to inspect & debug ====================== -.. sidebar:: further read - - - :ref:`toolboxing` - - :ref:`Makefile` - How to debug depends on the :ref:`installation` method. If you have used the -:ref:`installation scripts`, use ``inspect`` command from the scripts. - -**Inspect** :ref:`SearXNG service <searx.sh>` - -.. code:: sh - - sudo -H ./utils/searx.sh inspect service - -**Inspect** :ref:`filtron reverse proxy <filtron.sh>` +:ref:`installation scripts`, use ``inspect`` command from the :ref:`searxng.sh` +script. .. code:: sh - sudo -H ./utils/filtron.sh inspect service - -**Inspect** :ref:`result proxy <morty.sh>` - -.. code:: bash - - $ sudo -H ./utils/morty.sh inspect service - + sudo -H ./utils/searxng.sh instance inspect |