From fbe40001d35ea5cf74c92f35d76c642a480a5c9f Mon Sep 17 00:00:00 2001 From: Dalf Date: Sat, 29 Jun 2019 11:59:13 +0200 Subject: Update Docker image See #1561 , use uwsgi and Alpine Linux Volume: /var/log/uwsgi contains error log for 2 days (file uwsgi.log) /etc/searx contains the settings.yml and uwsgi.ini files. The docker image creates them if they don't exist. The two files can be modified after the first run. See below. Environement variables: MORTY_URL : external URL of Morty MORTY_KEY : base64 encoded key BASE_URL : external URL of Searx BIND_ADDRESS : internal HTTP port to listen to Labels : org.label-schema.schema.* Parameters: -h : display this help -d : will update the settings and quit immediately (settings.yml and uwsgi.ini) -f : always update the settings (previous version saved with suffix .old). without this parameter, the new settings are copied with suffix .new When the Docker image contains newer settings: - without -f parameter: the new versions are copied to /etc/searx/settings.yml.new and /etc/searx/uwsgi.ini.new. - with -f parameter: the old versions are renamed with .old suffix. The new version replaces /etc/searx/settings.yml and /etc/searx/uwsgi.ini Build using "./manage.sh docker_build", add "push" as parameter also push the Docker image. The script requires a git repository to work (it makes sure that the last git tag matches searx/version.py) "git describe" is used to create a meaningful version. Example : 0.15.0-90-49c5bcb4-dirty (dirty means that the docker image was made with uncommited changes). Use "docker inspect -f {{.Config.Labels.version}} searx" to get the version of an existing image. .dockerignore based on .gitignore .travis.yml: include docker stage --- Dockerfile | 102 ++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 61 insertions(+), 41 deletions(-) (limited to 'Dockerfile') diff --git a/Dockerfile b/Dockerfile index 95e21813f..03c4b76a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,57 +1,77 @@ -FROM alpine:3.8 -LABEL maintainer="searx " -LABEL description="A privacy-respecting, hackable metasearch engine." +FROM alpine:3.10 + +ARG VERSION_GITCOMMIT=unknow +ARG SEARX_GIT_VERSION=unknow + +ARG SEARX_GID=1000 +ARG SEARX_UID=1000 + +ARG TIMESTAMP_SETTINGS=0 +ARG TIMESTAMP_UWSGI=0 +ARG LABEL_VCS_REF= +ARG LABEL_VCS_URL= + +ENV BASE_URL= \ + MORTY_KEY= \ + MORTY_URL= +EXPOSE 8080 +VOLUME /etc/searx +VOLUME /var/log/uwsgi -ENV BASE_URL=False IMAGE_PROXY=False HTTP_PROXY_URL= HTTPS_PROXY_URL= -EXPOSE 8888 WORKDIR /usr/local/searx -CMD ["/sbin/tini","--","/usr/local/searx/run.sh"] - -RUN adduser -D -h /usr/local/searx -s /bin/sh searx searx \ - && echo '#!/bin/sh' >> run.sh \ - && echo 'sed -i "s|base_url : False|base_url : $BASE_URL|g" searx/settings.yml' >> run.sh \ - && echo 'sed -i "s/image_proxy : False/image_proxy : $IMAGE_PROXY/g" searx/settings.yml' >> run.sh \ - && echo 'sed -i "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml' >> run.sh \ - && echo 'if [ -n "$HTTP_PROXY_URL" ] || [ -n "$HTTPS_PROXY_URL" ]; then' >> run.sh \ - && echo ' sed -i "s~^# proxies :~ proxies:\\n http: ${HTTP_PROXY_URL}\\n https: ${HTTPS_PROXY_URL}\\n~" searx/settings.yml' >> run.sh \ - && echo 'fi' >> run.sh \ - && echo 'python searx/webapp.py' >> run.sh \ - && chmod +x run.sh + +RUN addgroup -g ${SEARX_GID} searx && \ + adduser -u ${SEARX_UID} -D -h /usr/local/searx -s /bin/sh -G searx searx COPY requirements.txt ./requirements.txt -RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ - && apk -U add \ - build-base \ - python \ - python-dev \ - py-pip \ - libxml2 \ - libxml2-dev \ - libxslt \ - libxslt-dev \ - libffi-dev \ - openssl \ - openssl-dev \ - ca-certificates \ - tini@commuedge \ - && pip install --upgrade pip \ - && pip install --no-cache -r requirements.txt \ - && apk del \ +RUN apk -U upgrade \ + && apk add -t build-dependencies \ build-base \ - python-dev \ + py3-setuptools \ + python3-dev \ libffi-dev \ - openssl-dev \ libxslt-dev \ libxml2-dev \ openssl-dev \ + tar \ + git \ + && apk add \ ca-certificates \ + su-exec \ + python3 \ + libxml2 \ + libxslt \ + openssl \ + tini \ + uwsgi \ + uwsgi-python3 \ + && pip3 install --upgrade pip \ + && pip3 install --no-cache -r requirements.txt \ + && apk del build-dependencies \ && rm -f /var/cache/apk/* -COPY . . +COPY --chown=searx:searx . . -RUN chown -R searx:searx * +RUN su searx -c "/usr/bin/python3 -m compileall -q searx"; \ + touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml; \ + touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini; \ + if [ ! -z $VERSION_GITCOMMIT ]; then\ + echo "VERSION_STRING = VERSION_STRING + \"-$VERSION_GITCOMMIT\"" >> /usr/local/searx/searx/version.py; \ + fi -USER searx +ENTRYPOINT ["/sbin/tini","--","/usr/local/searx/dockerfiles/docker-entrypoint.sh"] -RUN sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml +# Keep this argument at the end since it change each time +ARG LABEL_DATE= +LABEL maintainer="searx " \ + description="A privacy-respecting, hackable metasearch engine." \ + version="${SEARX_GIT_VERSION}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.name="searx" \ + org.label-schema.schema-version="${SEARX_GIT_VERSION}" \ + org.label-schema.url="${LABEL_VCS_URL}" \ + org.label-schema.vcs-ref=${LABEL_VCS_REF} \ + org.label-schema.vcs-url=${LABEL_VCS_URL} \ + org.label-schema.build-date="${LABEL_DATE}" \ + org.label-schema.usage="https://github.com/searx/searx-docker" -- cgit v1.2.3