diff options
| author | Markus Heiser <markus.heiser@darmarIT.de> | 2022-07-30 13:45:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-30 13:45:12 +0200 |
| commit | 645c2a2ca1cf40ab9429366ac70c69d1ac8fd004 (patch) | |
| tree | 943270e4998815d360713e21615082293300c877 /utils/templates | |
| parent | 0cf5310933ee4f6bff4a941f7296686bd671671f (diff) | |
| parent | e5323b8aa285d61bf011bbe7ca8f02818f19ed79 (diff) | |
Merge pull request #1332 from return42/searxng-install
Upgrade installation scripts and documentation
Diffstat (limited to 'utils/templates')
14 files changed, 218 insertions, 347 deletions
diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json deleted file mode 100644 index fff70fa8f..000000000 --- a/utils/templates/etc/filtron/rules.json +++ /dev/null @@ -1,129 +0,0 @@ -[ - { - "name": "roboagent limit", - "filters": [ - "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)" - ], - "limit": 0, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "botlimit", - "filters": [ - "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" - ], - "limit": 0, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "suspiciously frequent IP", - "filters": [], - "interval": 600, - "limit": 30, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions":[ - {"name":"log"} - ] - }, - { - "name": "search request", - "filters": [ - "Param:q", - "Path=^(/|/search)$" - ], - "interval": 61, - "limit": 999, - "subrules": [ - { - "name": "missing Accept-Language", - "filters": ["!Header:Accept-Language"], - "limit": 0, - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "suspiciously Connection=close header", - "filters": ["Header:Connection=close"], - "limit": 0, - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "IP limit", - "interval": 61, - "limit": 9, - "stop": true, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "rss/json limit", - "filters": [ - "Param:format=(csv|json|rss)" - ], - "interval": 121, - "limit": 2, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "useragent limit", - "interval": 61, - "limit": 199, - "aggregations": [ - "Header:User-Agent" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - } - ] - } -] diff --git a/utils/templates/etc/httpd/sites-available/morty.conf b/utils/templates/etc/httpd/sites-available/morty.conf deleted file mode 100644 index daeb3635a..000000000 --- a/utils/templates/etc/httpd/sites-available/morty.conf +++ /dev/null @@ -1,28 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -LoadModule headers_module ${APACHE_MODULES}/mod_headers.so -LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so -LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so -#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so - -# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog -# CustomLog /dev/null combined env=dontlog - -<Location ${PUBLIC_URL_PATH_MORTY} > - - <IfModule mod_security2.c> - SecRuleEngine Off - </IfModule> - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass http://${MORTY_LISTEN} - RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY} - -</Location> diff --git a/utils/templates/etc/httpd/sites-available/searxng.conf b/utils/templates/etc/httpd/sites-available/searxng.conf new file mode 100644 index 000000000..5278640c3 --- /dev/null +++ b/utils/templates/etc/httpd/sites-available/searxng.conf @@ -0,0 +1,41 @@ +# -*- coding: utf-8; mode: apache -*- + +LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so +# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so +# +# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog +# CustomLog /dev/null combined env=dontlog + +<Location ${SEARXNG_URL_PATH}> + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + # add the trailing slash + RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/ + + ProxyPreserveHost On + ProxyPass http://${SEARXNG_INTERNAL_HTTP} + + # see flaskfix.py + RequestHeader set X-Scheme %{REQUEST_SCHEME}s + RequestHeader set X-Script-Name ${SEARXNG_URL_PATH} + + # see limiter.py + RequestHeader set X-Real-IP %{REMOTE_ADDR}s + RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s + +</Location> + +# uWSGI serves the static files and in settings.yml we use:: +# +# ui: +# static_use_hash: true +# +# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/ diff --git a/utils/templates/etc/httpd/sites-available/searxng.conf:filtron b/utils/templates/etc/httpd/sites-available/searxng.conf:filtron deleted file mode 100644 index 379d47e24..000000000 --- a/utils/templates/etc/httpd/sites-available/searxng.conf:filtron +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -LoadModule headers_module ${APACHE_MODULES}/mod_headers.so -LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so -LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so -#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so - -# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog -# CustomLog /dev/null combined env=dontlog - -# SecRuleRemoveById 981054 -# SecRuleRemoveById 981059 -# SecRuleRemoveById 981060 -# SecRuleRemoveById 950907 - -<Location ${FILTRON_URL_PATH} > - - <IfModule mod_security2.c> - SecRuleEngine Off - </IfModule> - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass http://${FILTRON_LISTEN} - RequestHeader set X-Script-Name ${FILTRON_URL_PATH} - -</Location> diff --git a/utils/templates/etc/httpd/sites-available/searxng.conf:socket b/utils/templates/etc/httpd/sites-available/searxng.conf:socket new file mode 100644 index 000000000..b55ea7560 --- /dev/null +++ b/utils/templates/etc/httpd/sites-available/searxng.conf:socket @@ -0,0 +1,41 @@ +# -*- coding: utf-8; mode: apache -*- + +LoadModule ssl_module ${APACHE_MODULES}/mod_ssl.so +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so +# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so +# +# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog +# CustomLog /dev/null combined env=dontlog + +<Location ${SEARXNG_URL_PATH}> + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + # add the trailing slash + RedirectMatch 308 ${SEARXNG_URL_PATH}\$ ${SEARXNG_URL_PATH}/ + + ProxyPreserveHost On + ProxyPass unix:${SEARXNG_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searxng/ + + # see flaskfix.py + RequestHeader set X-Scheme %{REQUEST_SCHEME}s + RequestHeader set X-Script-Name ${SEARXNG_URL_PATH} + + # see limiter.py + RequestHeader set X-Real-IP %{REMOTE_ADDR}s + RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s + +</Location> + +# uWSGI serves the static files and in settings.yml we use:: +# +# ui: +# static_use_hash: true +# +# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/ diff --git a/utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi b/utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi deleted file mode 100644 index aabc125ae..000000000 --- a/utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -LoadModule headers_module ${APACHE_MODULES}/mod_headers.so -LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so -LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so -# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so - -# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog -# CustomLog /dev/null combined env=dontlog - -<Location ${SEARXNG_URL_PATH}> - - <IfModule mod_security2.c> - SecRuleEngine Off - </IfModule> - - Require all granted - - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/ - -</Location> diff --git a/utils/templates/etc/nginx/default.apps-available/morty.conf b/utils/templates/etc/nginx/default.apps-available/morty.conf deleted file mode 100644 index 51f083985..000000000 --- a/utils/templates/etc/nginx/default.apps-available/morty.conf +++ /dev/null @@ -1,11 +0,0 @@ -# https://example.org/morty - -location /morty { - proxy_pass http://127.0.0.1:3000/; - - proxy_set_header Host \$host; - proxy_set_header Connection \$http_connection; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Scheme \$scheme; -} diff --git a/utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron b/utils/templates/etc/nginx/default.apps-available/searxng.conf index e25461c47..7225a8f96 100644 --- a/utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron +++ b/utils/templates/etc/nginx/default.apps-available/searxng.conf @@ -1,16 +1,29 @@ -# https://example.org/searx - location ${SEARXNG_URL_PATH} { - proxy_pass http://127.0.0.1:4004/; + + proxy_pass http://${SEARXNG_INTERNAL_HTTP}; proxy_set_header Host \$host; proxy_set_header Connection \$http_connection; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + + # see flaskfix.py proxy_set_header X-Scheme \$scheme; proxy_set_header X-Script-Name ${SEARXNG_URL_PATH}; -} -location ${SEARXNG_URL_PATH}/static/ { - alias ${SEARX_SRC}/searx/static/; + # see limiter.py + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + + # proxy_buffering off; + # proxy_request_buffering off; + # proxy_buffer_size 8k; + } + +# uWSGI serves the static files and in settings.yml we use:: +# +# ui: +# static_use_hash: true +# +# location ${SEARXNG_URL_PATH}/static/ { +# alias ${SEARXNG_STATIC}/; +# } diff --git a/utils/templates/etc/nginx/default.apps-available/searxng.conf:socket b/utils/templates/etc/nginx/default.apps-available/searxng.conf:socket new file mode 100644 index 000000000..7a74eab48 --- /dev/null +++ b/utils/templates/etc/nginx/default.apps-available/searxng.conf:socket @@ -0,0 +1,26 @@ +location ${SEARXNG_URL_PATH} { + + uwsgi_pass unix://${SEARXNG_UWSGI_SOCKET}; + + include uwsgi_params; + + uwsgi_param HTTP_HOST \$host; + uwsgi_param HTTP_CONNECTION \$http_connection; + + # see flaskfix.py + uwsgi_param HTTP_X_SCHEME \$scheme; + uwsgi_param HTTP_X_SCRIPT_NAME ${SEARXNG_URL_PATH}; + + # see limiter.py + uwsgi_param HTTP_X_REAL_IP \$remote_addr; + uwsgi_param HTTP_X_FORWARDED_FOR \$proxy_add_x_forwarded_for; +} + +# uWSGI serves the static files and in settings.yml we use:: +# +# ui: +# static_use_hash: true +# +# location ${SEARXNG_URL_PATH}/static/ { +# alias ${SEARXNG_STATIC}/; +# } diff --git a/utils/templates/etc/searxng/settings.yml b/utils/templates/etc/searxng/settings.yml index 860f4f5e9..aee21474d 100644 --- a/utils/templates/etc/searxng/settings.yml +++ b/utils/templates/etc/searxng/settings.yml @@ -1,46 +1,55 @@ -# SearXNG settings, before editing this file read: -# -# https://docs.searxng.org/admin/engines/settings.html +# SearXNG settings use_default_settings: true general: - # Debug mode, only for development debug: false - # change displayed name - # instance_name: "SearXNG" + instance_name: "SearXNG" search: - # Filter results. 0: None, 1: Moderate, 2: Strict - safe_search: 0 - # Existing autocomplete backends: "dbpedia", "duckduckgo", "google", - # "startpage", "swisscows", "qwant", "wikipedia" - leave blank to turn it off - # by default. - autocomplete: '' - # Default search language - leave blank to detect from browser information or - # use codes from 'languages.py' - default_lang: '' - # remove format to deny access, use lower case. - formats: - - html + safe_search: 2 + autocomplete: 'duckduckgo' server: - secret_key: "ultrasecretkey" # change this! - # Proxying image results through SearXNG - image_proxy: false + secret_key: "ultrasecretkey" + limiter: true + image_proxy: true + +redis: + url: unix:///usr/local/searxng-redis/run/redis.sock?db=0 + +ui: + static_use_hash: true -# result_proxy: -# url: http://127.0.0.1:3000/ -# key: !!binary "your_morty_proxy_key" +# preferences: +# lock: +# - autocomplete +# - method + +enabled_plugins: + - 'Hash plugin' + - 'Search on category select' + - 'Self Informations' + - 'Tracker URL remover' + - 'Ahmia blacklist' + # - 'Hostname replace' # see hostname_replace configuration below + # - 'Infinite scroll' + # - 'Open Access DOI rewrite' + # - 'Vim-like hotkeys' # plugins: # - only_show_green_results -# engines: -# -# - name: duckduckgo -# disabled: false +# hostname_replace: # +# # twitter --> nitter +# '(www\.)?twitter\.com$': 'nitter.net' + +engines: + + - name: google + use_mobile_ui: true + # - name: fdroid # disabled: false # @@ -48,6 +57,13 @@ server: # disabled: false # # - name: mediathekviewweb -# engine: mediathekviewweb -# shortcut: mvw -# categories: general +# categories: TV +# disabled: false +# +# - name: invidious +# disabled: false +# base_url: +# - https://invidious.snopyta.org +# - https://invidious.tiekoetter.com +# - https://invidio.xamh.de +# - https://inv.riverside.rocks diff --git a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini index aaf55a807..04c32c662 100644 --- a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini +++ b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini @@ -16,7 +16,7 @@ env = LANGUAGE=C.UTF-8 env = LC_ALL=C.UTF-8 # chdir to specified directory before apps loading -chdir = ${SEARX_SRC}/searx +chdir = ${SEARXNG_SRC}/searx # SearXNG configuration (settings.yml) env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} @@ -57,37 +57,27 @@ enable-threads = true module = searx.webapp # set PYTHONHOME/virtualenv -virtualenv = ${SEARX_PYENV} +virtualenv = ${SEARXNG_PYENV} # add directory (or glob) to pythonpath -pythonpath = ${SEARX_SRC} +pythonpath = ${SEARXNG_SRC} # speak to upstream # ----------------- -# -# Activate the 'http' configuration for filtron or activate the 'socket' -# configuration if you setup your HTTP server to use uWSGI protocol via sockets. -# using IP: -# # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http # Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html -http = ${SEARX_INTERNAL_HTTP} +http = ${SEARXNG_INTERNAL_HTTP} -# using unix-sockets: +# uWSGI serves the static files and in settings.yml we use:: # -# On some distributions you need to create the app folder for the sockets:: +# ui: +# static_use_hash: true # -# mkdir -p ${SEARX_UWSGI_SOCKET} -# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET} -# -# socket = ${SEARX_UWSGI_SOCKET} - -# uwsgi serves the static files +static-map = /static=${SEARXNG_STATIC} # expires set to one year since there are hashes -static-map = /static=${SEARX_SRC}/searx/static static-expires = /* 31557600 static-gzip-all = True offload-threads = %k diff --git a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket index e8facda86..bbfaf63be 100644 --- a/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket +++ b/utils/templates/etc/uwsgi/apps-archlinux/searxng.ini:socket @@ -16,7 +16,7 @@ env = LANGUAGE=C.UTF-8 env = LC_ALL=C.UTF-8 # chdir to specified directory before apps loading -chdir = ${SEARX_SRC}/searx +chdir = ${SEARXNG_SRC}/searx # SearXNG configuration (settings.yml) env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} @@ -57,37 +57,24 @@ enable-threads = true module = searx.webapp # set PYTHONHOME/virtualenv -virtualenv = ${SEARX_PYENV} +virtualenv = ${SEARXNG_PYENV} # add directory (or glob) to pythonpath -pythonpath = ${SEARX_SRC} +pythonpath = ${SEARXNG_SRC} # speak to upstream # ----------------- -# -# Activate the 'http' configuration for filtron or activate the 'socket' -# configuration if you setup your HTTP server to use uWSGI protocol via sockets. - -# using IP: -# -# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http -# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html -# http = ${SEARX_INTERNAL_HTTP} +socket = ${SEARXNG_UWSGI_SOCKET} -# using unix-sockets: +# uWSGI serves the static files and in settings.yml we use:: # -# On some distributions you need to create the app folder for the sockets:: +# ui: +# static_use_hash: true # -# mkdir -p ${SEARX_UWSGI_SOCKET} -# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET} -# -socket = ${SEARX_UWSGI_SOCKET} - -# uwsgi serves the static files +static-map = /static=${SEARXNG_STATIC} # expires set to one year since there are hashes -static-map = /static=${SEARX_SRC}/searx/static static-expires = /* 31557600 static-gzip-all = True offload-threads = %k diff --git a/utils/templates/etc/uwsgi/apps-available/searxng.ini b/utils/templates/etc/uwsgi/apps-available/searxng.ini index 9dad84c16..5ea7d991a 100644 --- a/utils/templates/etc/uwsgi/apps-available/searxng.ini +++ b/utils/templates/etc/uwsgi/apps-available/searxng.ini @@ -6,7 +6,11 @@ # # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core -# Who will run the code +# Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be +# ignored [1]. Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini). +# +# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting +# uid = ${SERVICE_USER} gid = ${SERVICE_GROUP} @@ -16,7 +20,7 @@ env = LANGUAGE=C.UTF-8 env = LC_ALL=C.UTF-8 # chdir to specified directory before apps loading -chdir = ${SEARX_SRC}/searx +chdir = ${SEARXNG_SRC}/searx # SearXNG configuration (settings.yml) env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} @@ -56,37 +60,27 @@ enable-threads = true module = searx.webapp # set PYTHONHOME/virtualenv -virtualenv = ${SEARX_PYENV} +virtualenv = ${SEARXNG_PYENV} # add directory (or glob) to pythonpath -pythonpath = ${SEARX_SRC} +pythonpath = ${SEARXNG_SRC} # speak to upstream # ----------------- -# -# Activate the 'http' configuration for filtron or activate the 'socket' -# configuration if you setup your HTTP server to use uWSGI protocol via sockets. -# using IP: -# # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http # Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html -http = ${SEARX_INTERNAL_HTTP} +http = ${SEARXNG_INTERNAL_HTTP} -# using unix-sockets: -# -# On some distributions you need to create the app folder for the sockets:: +# uWSGI serves the static files and in settings.yml we use:: # -# mkdir -p /run/uwsgi/app/searxng -# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET} +# ui: +# static_use_hash: true # -# socket = ${SEARX_UWSGI_SOCKET} - -# uwsgi serves the static files +static-map = /static=${SEARXNG_STATIC} # expires set to one year since there are hashes -static-map = /static=${SEARX_SRC}/searx/static static-expires = /* 31557600 static-gzip-all = True offload-threads = %k diff --git a/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket b/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket index c76d084e1..304ea3500 100644 --- a/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket +++ b/utils/templates/etc/uwsgi/apps-available/searxng.ini:socket @@ -6,7 +6,11 @@ # # https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core -# Who will run the code +# Who will run the code / Hint: in emperor-tyrant mode uid & gid setting will be +# ignored [1]. Mode emperor-tyrant is the default on fedora (/etc/uwsgi.ini). +# +# [1] https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html#tyrant-mode-secure-multi-user-hosting +# uid = ${SERVICE_USER} gid = ${SERVICE_GROUP} @@ -16,7 +20,7 @@ env = LANGUAGE=C.UTF-8 env = LC_ALL=C.UTF-8 # chdir to specified directory before apps loading -chdir = ${SEARX_SRC}/searx +chdir = ${SEARXNG_SRC}/searx # SearXNG configuration (settings.yml) env = SEARXNG_SETTINGS_PATH=${SEARXNG_SETTINGS_PATH} @@ -56,37 +60,24 @@ enable-threads = true module = searx.webapp # set PYTHONHOME/virtualenv -virtualenv = ${SEARX_PYENV} +virtualenv = ${SEARXNG_PYENV} # add directory (or glob) to pythonpath -pythonpath = ${SEARX_SRC} +pythonpath = ${SEARXNG_SRC} # speak to upstream # ----------------- -# -# Activate the 'http' configuration for filtron or activate the 'socket' -# configuration if you setup your HTTP server to use uWSGI protocol via sockets. -# using IP: -# -# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http -# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html +socket = ${SEARXNG_UWSGI_SOCKET} -# http = ${SEARX_INTERNAL_HTTP} - -# using unix-sockets: -# -# On some distributions you need to create the app folder for the sockets:: +# uWSGI serves the static files and in settings.yml we use:: # -# mkdir -p ${SEARX_UWSGI_SOCKET} -# chown -R ${SERVICE_USER}:${SERVICE_GROUP} ${SEARX_UWSGI_SOCKET} +# ui: +# static_use_hash: true # -socket = ${SEARX_UWSGI_SOCKET} - -# uwsgi serves the static files +static-map = /static=${SEARXNG_STATIC} # expires set to one year since there are hashes -static-map = /static=${SEARX_SRC}/searx/static static-expires = /* 31557600 static-gzip-all = True offload-threads = %k |