| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Closes: https://github.com/searxng/searxng/issues/450
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Reported-by: https://github.com/searx/searx/issues/2776
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
BTW: drop a trailing whitespace
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
related to:
- https://gist.github.com/dalf/60450e19b042bd39b9ce470c095d89b3#gistcomment-3263827
- https://github.com/searx/searx/issues/2013#issuecomment-647132313
- https://github.com/searx/searx/issues/2017#issuecomment-647700327
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
fix URLs
|
|
see: https://github.com/asciimoo/searx/pull/1803#issuecomment-618456661
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
BTW: normalize installation-nginx.rst
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Tested by:
sudo -H ./utils/lxc.sh build containers
sudo -H ./utils/lxc.sh cmd /share/searx/utils/searx.sh install all
sudo -H ./utils/lxc.sh cmd /share/searx/utils/filtron.sh install all
sudo -H ./utils/lxc.sh cmd /share/searx/utils/morty.sh install all
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
We explicitly specific the static directory here using alias to allow to
host from a other subdirectory than "searx" which just so happens to
match the source code directory.
|
|
Closes: #1617
There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:
```nginx
root /usr/local/searx;
location = /searx { rewrite ^ /searx/; }
try_files $uri @searx;
}
location @searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_modifier1 30;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```
`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).
To fix this, I propose:
```nginx
location = /searx {
rewrite ^ /searx/;
}
location /searx/static {
}
location /searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```
And add
```
route-run = fixpathinfo:
```
to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action
I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).
https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:
> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
