From eedd63ccd504099836d9f528d02daffa6bc826ad Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 4 Feb 2020 16:42:13 +0100 Subject: docs: revision of the installation instructions Signed-off-by: Markus Heiser --- docs/admin/installation-apache.rst | 94 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 docs/admin/installation-apache.rst (limited to 'docs/admin/installation-apache.rst') diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst new file mode 100644 index 000000000..7f92e47d5 --- /dev/null +++ b/docs/admin/installation-apache.rst @@ -0,0 +1,94 @@ +.. _installation apache: + +=================== +Install with apache +=================== + +.. sidebar:: public HTTP servers + + On public searx instances use an application firewall (:ref:`filtron + `). + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: entry + +Add wsgi mod +============ + +.. tabs:: + + .. group-tab:: Ubuntu / debian + + .. code:: sh + + sudo -H apt-get install libapache2-mod-uwsgi + sudo -H a2enmod uwsgi + +Add this configuration in the file ``/etc/apache2/apache2.conf``. To limit +acces to your intranet replace ``Allow from all`` directive and replace +``192.168.0.0/16`` with your subnet IP/class. + +.. _inranet apache site: + +Note that if your instance of searx is not at the root, you should change +```` by the location of your instance, like ````: + +.. code:: apache + + # CustomLog /dev/null combined + + + + + + Options FollowSymLinks Indexes + SetHandler uwsgi-handler + uWSGISocket /run/uwsgi/app/searx/socket + + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + + + + +Enable apache mod_uwsgi and restart apache: + +.. tabs:: + + .. group-tab:: Ubuntu / debian + + .. code:: sh + + a2enmod uwsgi + sudo -H systemctl restart apache2 + +disable logs +============ + +For better privacy you can disable Apache logs. Go back to +``/etc/apache2/apache2.conf`` :ref:`[example] ` and above +```` activate directive: + +.. code:: apache + + CustomLog /dev/null combined + +Restart apache: + +.. tabs:: + + .. group-tab:: Ubuntu / debian + + .. code:: sh + + sudo -H systemctl restart apache2 + +.. warning:: + + You can only disable logs for the whole (virtual) server not for a specific + path. -- cgit v1.2.3 From cbc08fdc26e96bf2cb02b76a30be095f5f60df9f Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Wed, 4 Mar 2020 19:56:40 +0100 Subject: docs: describe uwsgi setup of all suported distributions Signed-off-by: Markus Heiser --- docs/admin/installation-apache.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'docs/admin/installation-apache.rst') diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst index 7f92e47d5..8c6228380 100644 --- a/docs/admin/installation-apache.rst +++ b/docs/admin/installation-apache.rst @@ -4,10 +4,11 @@ Install with apache =================== -.. sidebar:: public HTTP servers +.. sidebar:: public to the internet? - On public searx instances use an application firewall (:ref:`filtron - `). + If your searx instance is public, stop here and first install :ref:`filtron + reverse proxy ` and :ref:`result proxy morty `, see + :ref:`installation scripts`. .. contents:: Contents :depth: 2 -- cgit v1.2.3 From eb0d4646d818fe12032379aae2fcd8b5bdb6467e Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Mon, 6 Apr 2020 17:59:06 +0200 Subject: docs: rework of chapter "Install with apache" BTW: normalize installation-nginx.rst --- docs/admin/installation-apache.rst | 462 +++++++++++++++++++++++++++++++++---- 1 file changed, 421 insertions(+), 41 deletions(-) (limited to 'docs/admin/installation-apache.rst') diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst index 8c6228380..da551c3a9 100644 --- a/docs/admin/installation-apache.rst +++ b/docs/admin/installation-apache.rst @@ -4,19 +4,303 @@ Install with apache =================== -.. sidebar:: public to the internet? - - If your searx instance is public, stop here and first install :ref:`filtron - reverse proxy ` and :ref:`result proxy morty `, see - :ref:`installation scripts`. +.. _Apache: https://httpd.apache.org/ +.. _Apache Debian: + https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x): +.. _README.Debian: + https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian +.. _Apache Arch Linux: + https://wiki.archlinux.org/index.php/Apache_HTTP_Server +.. _Apache Fedora: + https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-apache-http-server/index.html +.. _Apache directives: + https://httpd.apache.org/docs/trunk/mod/directives.html +.. _Getting Started: + https://httpd.apache.org/docs/current/en/getting-started.html +.. _Terms Used to Describe Directives: + https://httpd.apache.org/docs/current/en/mod/directive-dict.html +.. _Configuration Files: + https://httpd.apache.org/docs/current/en/configuring.html +.. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost +.. _LoadModule: + https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule +.. _DocumentRoot: + https://httpd.apache.org/docs/trunk/mod/core.html#documentroot +.. _Location: + https://httpd.apache.org/docs/trunk/mod/core.html#location +.. _uWSGI Apache support: + https://uwsgi-docs.readthedocs.io/en/latest/Apache.html +.. _apache uwsgi: + https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi +.. _mod_proxy_uwsgi: + https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi + +.. sidebar:: further read + + - `Apache Arch Linux`_ + - `Apache Debian`_ and `README.Debian`_ + - `Apache Fedora`_ + - `Apache directives`_ .. contents:: Contents :depth: 2 :local: :backlinks: entry -Add wsgi mod -============ +The apache HTTP server +====================== + +If Apache_ is not installed, install it now. If apache_ is new to you, the +`Getting Started`_, `Configuration Files`_ and `Terms Used to Describe +Directives`_ documentation gives first orientation. There is also a list of +`Apache directives`_ *to keep in the pocket*. + +.. tabs:: + + .. group-tab:: Ubuntu / debian + + .. code:: sh + + sudo -H apt-get install apache2 + + .. group-tab:: Arch Linux + + .. code:: sh + + sudo -H pacman -S apache + sudo -H systemctl enable httpd + sudo -H systemctl start http + + .. group-tab:: Fedora / RHEL + + .. code:: sh + + sudo -H dnf install httpd + sudo -H systemctl enable httpd + sudo -H systemctl start httpd + +Now at http://localhost you should see any kind of *Welcome* or *Test* page. +How this default intro site is configured, depends on the linux distribution +(compare `Apache directives`_). + +.. tabs:: + + .. group-tab:: Ubuntu / debian + + .. code:: sh + + less /etc/apache2/sites-enabled/000-default.conf + + In this file, there is a line setting the `DocumentRoot`_ directive: + + .. code:: apache + + DocumentRoot /var/www/html + + And the *welcome* page is the HTML file at ``/var/www/html/index.html``. + + .. group-tab:: Arch Linux + + .. code:: sh + + less /etc/httpd/conf/httpd.conf + + In this file, there is a line setting the `DocumentRoot`_ directive: + + .. code:: apache + + DocumentRoot "/srv/http" + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + The *welcome* page of Arch Linux is a page showing directory located at + ``DocumentRoot``. This is *directory* page is generated by the Module + `mod_autoindex `_: + + .. code:: apache + + LoadModule autoindex_module modules/mod_autoindex.so + ... + Include conf/extra/httpd-autoindex.conf + + .. group-tab:: Fedora / RHEL + + .. code:: sh + + less /etc/httpd/conf/httpd.conf + + In this file, there is a line setting the ``DocumentRoot`` directive: + + .. code:: apache + + DocumentRoot "/var/www/html" + ... + + AllowOverride None + # Allow open access: + Require all granted + + + On fresh installations, the ``/var/www`` is empty and the *default + welcome page* is shown, the configuration is located at:: + + less /etc/httpd/conf.d/welcome.conf + +.. _The Debian Layout: + +The Debian Layout +================= + +Be aware that the Debian layout is quite different from the standard Apache +configuration. For details look at the README.Debian_ +(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on +Debian: + +* :man:`apache2ctl`: Apache HTTP server control interface +* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules +* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations +* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites + + +.. _apache searx site: + +Apache Reverse Proxy +==================== + +.. sidebar:: public to the internet? + + If your searx instance is public, stop here and first install :ref:`filtron + reverse proxy ` and :ref:`result proxy morty `, see + :ref:`installation scripts`. If already done, follow setup: *searx via + filtron plus morty*. + +To setup a Apache revers proxy you have to enable the *headers* and *proxy* +modules and create a `Location`_ configuration for the searx site. In most +distributions you have to uncomment the lines in the main configuration file, +except in the :ref:`The Debian Layout`. + +.. tabs:: + + .. group-tab:: Ubuntu / debian + + In the Apache setup, enable headers and proxy modules: + + .. code:: sh + + sudo -H a2enmod headers + sudo -H a2enmod proxy + sudo -H a2enmod proxy_http + + In :ref:`The Debian Layout` you create a ``searx.conf`` with the + ```` directive and save this file in the *sites + available* folder at ``/etc/apache2/sites-available``. To enable the + ``searx.conf`` use :man:`a2ensite`: + + .. code:: sh + + sudo -H a2ensite searx.conf + + .. group-tab:: Arch Linux + + In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy + modules (LoadModule_): + + .. code:: apache + + LoadModule headers_module modules/mod_headers.so + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_http_module modules/mod_proxy_http.so + + .. group-tab:: Fedora / RHEL + + In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy + modules (LoadModule_): + + .. code:: apache + + LoadModule headers_module modules/mod_headers.so + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_http_module modules/mod_proxy_http.so + +.. tabs:: + + .. group-tab:: searx via filtron plus morty + + Use this setup, if your instance is public to the internet, compare + figure: :ref:`architecture ` and :ref:`installation scripts`. + + 1. Configure a reverse proxy for :ref:`filtron `, listening on + *localhost 4004* (:ref:`filtron route request`): + + .. code:: apache + + + + # SetEnvIf Request_URI "/searx" dontlog + # CustomLog /dev/null combined env=dontlog + + Require all granted + + Order deny,allow + Deny from all + #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass http://127.0.0.1:4004 + RequestHeader set X-Script-Name /searx + + + + 2. Configure reverse proxy for :ref:`morty `, listening on + *localhost 3000* (FYI: ``ProxyPreserveHost On`` is already set, see + above): + + .. code:: apache + + ProxyPreserveHost On + + + + # SetEnvIf Request_URI "/morty" dontlog + # CustomLog /dev/null combined env=dontlog + + Require all granted + + Order deny,allow + Deny from all + #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPass http://127.0.0.1:3000 + RequestHeader set X-Script-Name /morty + + + + Note that reverse proxy advised to be used in case of single-user or + low-traffic instances. For a fully result proxification add :ref:`morty's + ` **public URL** to your :origin:`searx/settings.yml`: + + .. code:: yaml + + result_proxy: + # replace example.org with your server's public name + url : https://example.org/morty + + server: + image_proxy : True + +uWSGI support +============= + +Be warned, with this setup, your instance isn't :ref:`protected `. Nevertheless it is good enough for intranet usage and it +demonstrates: *how different the uwsgi support is, depending on the +distribution*. To enable :ref:`uWSGI ` support you need to install +the apache `apache uwsgi`_ support: .. tabs:: @@ -27,59 +311,130 @@ Add wsgi mod sudo -H apt-get install libapache2-mod-uwsgi sudo -H a2enmod uwsgi -Add this configuration in the file ``/etc/apache2/apache2.conf``. To limit -acces to your intranet replace ``Allow from all`` directive and replace -``192.168.0.0/16`` with your subnet IP/class. + .. group-tab:: Arch Linux + + .. code:: sh + + sudo -H pacman -S uwsgi -.. _inranet apache site: + In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy + modules (LoadModule_): -Note that if your instance of searx is not at the root, you should change -```` by the location of your instance, like ````: + .. code:: apache -.. code:: apache + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so - # CustomLog /dev/null combined + .. group-tab:: Fedora / RHEL - + .. code:: sh - + sudo -H dnf install uwsgi + FIXME: enable uwsgi in apache - Options FollowSymLinks Indexes - SetHandler uwsgi-handler - uWSGISocket /run/uwsgi/app/searx/socket +The next example shows a configuration using the `uWSGI Apache support`_ via +unix sockets. For socket communication, you have to activate ``socket = +/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` +configuration in your :ref:`uwsgi ini file `. - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all +If not already exists, create a folder for the unix sockets, which can be +used by the searx account: - +.. code:: bash - + sudo -H mkdir -p /run/uwsgi/app/searx/ + sudo -H chown -R searx:searx /run/uwsgi/app/searx/ -Enable apache mod_uwsgi and restart apache: +To limit acces to your intranet replace ``Allow from all`` directive and replace +``192.168.0.0/16`` with your subnet IP/class. .. tabs:: .. group-tab:: Ubuntu / debian - .. code:: sh + Debian uses the (old) `mod_uwsgi + `_. - a2enmod uwsgi - sudo -H systemctl restart apache2 + .. code:: apache -disable logs -============ + + + # SetEnvIf Request_URI "/searx" dontlog + # CustomLog /dev/null combined env=dontlog + + + + Require all granted + + Options FollowSymLinks Indexes + SetHandler uwsgi-handler + uWSGISocket /run/uwsgi/app/searx/socket + + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + + + + + .. group-tab:: Arch Linux + + Arch Linux uses the (recommend) `mod_proxy_uwsgi`_. + + .. code:: apache + + + + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog + + + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + + + + + + .. group-tab:: Fedora / RHEL + + RHEL uses the (recommend) `mod_proxy_uwsgi`_. -For better privacy you can disable Apache logs. Go back to -``/etc/apache2/apache2.conf`` :ref:`[example] ` and above -```` activate directive: + .. code:: apache -.. code:: apache + - CustomLog /dev/null combined + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog -Restart apache: + + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + + + + + +.. _restart apache: + +Restart service +=============== .. tabs:: @@ -88,8 +443,33 @@ Restart apache: .. code:: sh sudo -H systemctl restart apache2 + sudo -H service uwsgi restart searx + + .. group-tab:: Arch Linux + + .. code:: sh + + sudo -H systemctl restart httpd + sudo -H systemctl restart uwsgi@searx + + .. group-tab:: Fedora / RHEL + + .. code:: sh + + sudo -H systemctl restart httpd + sudo -H touch /etc/uwsgi.d/searx.ini + + +disable logs +============ + +For better privacy you can disable Apache logs. In the examples above activate +one of the lines and `restart apache`_:: + -.. warning:: + # SetEnvIf Request_URI "/searx" dontlog + # CustomLog /dev/null combined env=dontlog - You can only disable logs for the whole (virtual) server not for a specific - path. +The ``CustomLog`` directive disable logs for the whole (virtual) server, use it +when the URL of the service does not have a path component (``/searx``) / is +located at root (``/``). -- cgit v1.2.3 From ee39a098acb2386abd5382de5c9476cc4ffe2e03 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 7 Apr 2020 18:31:51 +0200 Subject: apache: normalize installation (docs and script)s over all distros Signed-off-by: Markus Heiser --- docs/admin/installation-apache.rst | 169 +++++++++++++++++++++---------------- 1 file changed, 96 insertions(+), 73 deletions(-) (limited to 'docs/admin/installation-apache.rst') diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst index da551c3a9..0b6cc38df 100644 --- a/docs/admin/installation-apache.rst +++ b/docs/admin/installation-apache.rst @@ -30,8 +30,6 @@ Install with apache https://httpd.apache.org/docs/trunk/mod/core.html#location .. _uWSGI Apache support: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html -.. _apache uwsgi: - https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi .. _mod_proxy_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi @@ -149,22 +147,6 @@ How this default intro site is configured, depends on the linux distribution less /etc/httpd/conf.d/welcome.conf -.. _The Debian Layout: - -The Debian Layout -================= - -Be aware that the Debian layout is quite different from the standard Apache -configuration. For details look at the README.Debian_ -(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on -Debian: - -* :man:`apache2ctl`: Apache HTTP server control interface -* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules -* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations -* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites - - .. _apache searx site: Apache Reverse Proxy @@ -179,8 +161,12 @@ Apache Reverse Proxy To setup a Apache revers proxy you have to enable the *headers* and *proxy* modules and create a `Location`_ configuration for the searx site. In most -distributions you have to uncomment the lines in the main configuration file, -except in the :ref:`The Debian Layout`. +distributions you have to un-comment the lines in the main configuration file, +except in :ref:`The Debian Layout`. + +To pass the HTTP HOST header +With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the +proxied host. .. tabs:: @@ -210,6 +196,8 @@ except in the :ref:`The Debian Layout`. .. code:: apache + FIXME needs test + LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so @@ -221,7 +209,9 @@ except in the :ref:`The Debian Layout`. .. code:: apache - LoadModule headers_module modules/mod_headers.so + FIXME needs test + + LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so @@ -256,8 +246,7 @@ except in the :ref:`The Debian Layout`. 2. Configure reverse proxy for :ref:`morty `, listening on - *localhost 3000* (FYI: ``ProxyPreserveHost On`` is already set, see - above): + *localhost 3000* .. code:: apache @@ -297,10 +286,9 @@ uWSGI support ============= Be warned, with this setup, your instance isn't :ref:`protected `. Nevertheless it is good enough for intranet usage and it -demonstrates: *how different the uwsgi support is, depending on the -distribution*. To enable :ref:`uWSGI ` support you need to install -the apache `apache uwsgi`_ support: +filtron>`, nevertheless it is good enough for intranet usage. In modern Linux +distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache +package and you need to install only the :ref:`uWSGI ` package: .. tabs:: @@ -308,8 +296,10 @@ the apache `apache uwsgi`_ support: .. code:: sh - sudo -H apt-get install libapache2-mod-uwsgi - sudo -H a2enmod uwsgi + sudo -H apt-get install uwsgi + + # Ubuntu =< 18.04 + sudo -H apt-get install libapache2-mod-proxy-uwsgi .. group-tab:: Arch Linux @@ -317,74 +307,88 @@ the apache `apache uwsgi`_ support: sudo -H pacman -S uwsgi - In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy - modules (LoadModule_): - - .. code:: apache - - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so - .. group-tab:: Fedora / RHEL .. code:: sh sudo -H dnf install uwsgi - FIXME: enable uwsgi in apache The next example shows a configuration using the `uWSGI Apache support`_ via -unix sockets. For socket communication, you have to activate ``socket = -/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` -configuration in your :ref:`uwsgi ini file `. +unix sockets and `mod_proxy_uwsgi`_. -If not already exists, create a folder for the unix sockets, which can be -used by the searx account: +For socket communication, you have to activate ``socket = +/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` +configuration in your :ref:`uwsgi ini file `. If not +already exists, create a folder for the unix sockets, which can be used by the +searx account (see :ref:`create searx user`): .. code:: bash sudo -H mkdir -p /run/uwsgi/app/searx/ sudo -H chown -R searx:searx /run/uwsgi/app/searx/ -To limit acces to your intranet replace ``Allow from all`` directive and replace -``192.168.0.0/16`` with your subnet IP/class. +If the server is public; to limit access to your intranet replace ``Allow from +all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class. .. tabs:: .. group-tab:: Ubuntu / debian - Debian uses the (old) `mod_uwsgi - `_. - .. code:: apache - + LoadModule headers_module /usr/lib/apache2/mod_headers.so + LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so + LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so - # SetEnvIf Request_URI "/searx" dontlog - # CustomLog /dev/null combined env=dontlog + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog - + - Require all granted + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all - Options FollowSymLinks Indexes - SetHandler uwsgi-handler - uWSGISocket /run/uwsgi/app/searx/socket + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all + - + .. group-tab:: Arch Linux - + .. code:: apache - .. group-tab:: Arch Linux + FIXME needs test + + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so + + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog + + + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ - Arch Linux uses the (recommend) `mod_proxy_uwsgi`_. + + + .. group-tab:: Fedora / RHEL .. code:: apache + FIXME needs test + + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so # SetEnvIf Request_URI /searx dontlog @@ -405,29 +409,33 @@ To limit acces to your intranet replace ``Allow from all`` directive and replace - .. group-tab:: Fedora / RHEL + .. group-tab:: old mod_wsgi - RHEL uses the (recommend) `mod_proxy_uwsgi`_. + We show this only for historical reasons, DON'T USE `mod_uwsgi + `_. + ANYMORE! .. code:: apache - + - # SetEnvIf Request_URI /searx dontlog + # SetEnvIf Request_URI "/searx" dontlog # CustomLog /dev/null combined env=dontlog - + Require all granted + + Options FollowSymLinks Indexes + SetHandler uwsgi-handler + uWSGISocket /run/uwsgi/app/searx/socket + Order deny,allow Deny from all # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all - ProxyPreserveHost On - ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ - - + @@ -473,3 +481,18 @@ one of the lines and `restart apache`_:: The ``CustomLog`` directive disable logs for the whole (virtual) server, use it when the URL of the service does not have a path component (``/searx``) / is located at root (``/``). + +.. _The Debian Layout: + +The Debian Layout +================= + +Be aware that the Debian layout is quite different from the standard Apache +configuration. For details look at the README.Debian_ +(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on +Debian: + +* :man:`apache2ctl`: Apache HTTP server control interface +* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules +* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations +* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites -- cgit v1.2.3 From ebde9d10fd84de74ea99385dae4d95bcf932bcf3 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Thu, 9 Apr 2020 15:04:23 +0200 Subject: docs: proofreading of all the installation topics Signed-off-by: Markus Heiser --- docs/admin/installation-apache.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'docs/admin/installation-apache.rst') diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst index 0b6cc38df..217e57718 100644 --- a/docs/admin/installation-apache.rst +++ b/docs/admin/installation-apache.rst @@ -45,6 +45,22 @@ Install with apache :local: :backlinks: entry +---- + +**Install** :ref:`apache searx site` using :ref:`filtron.sh ` + +.. code:: bash + + $ sudo -H ./utils/filtron.sh apache install + +**Install** :ref:`apache searx site` using :ref:`morty.sh ` + +.. code:: bash + + $ sudo -H ./utils/morty.sh apache install + +---- + The apache HTTP server ====================== -- cgit v1.2.3