From 04eeeb53a1215315d8027ac99978b560f45d5521 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Thu, 12 Dec 2019 19:48:42 +0100 Subject: doc: moved reST sources in the right folder (much clearer) Signed-off-by: Markus Heiser --- docs/admin/installation.rst | 341 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 341 insertions(+) create mode 100644 docs/admin/installation.rst (limited to 'docs/admin/installation.rst') diff --git a/docs/admin/installation.rst b/docs/admin/installation.rst new file mode 100644 index 000000000..239ce0704 --- /dev/null +++ b/docs/admin/installation.rst @@ -0,0 +1,341 @@ +.. _installation: + +============ +Installation +============ + +.. contents:: + :depth: 3 + +Basic installation +================== + +Step by step installation for Debian/Ubuntu with virtualenv. For Ubuntu, be sure +to have enable universe repository. + +Install packages: + +.. code:: sh + + $ sudo -H apt-get install \ + git build-essential libxslt-dev \ + python-dev python-virtualenv python-babel \ + zlib1g-dev libffi-dev libssl-dev + +Install searx: + +.. code:: sh + + cd /usr/local + sudo -H git clone https://github.com/asciimoo/searx.git + sudo -H useradd searx -d /usr/local/searx + sudo -H chown searx:searx -R /usr/local/searx + +Install dependencies in a virtualenv: + +.. code:: sh + + cd /usr/local/searx + sudo -H -u searx -i + +.. code:: sh + + (searx)$ virtualenv searx-ve + (searx)$ . ./searx-ve/bin/activate + (searx)$ ./manage.sh update_packages + +Configuration +============== + +.. code:: sh + + sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml + +Edit searx/settings.yml if necessary. + +Check +===== + +Start searx: + +.. code:: sh + + python searx/webapp.py + +Go to http://localhost:8888 + +If everything works fine, disable the debug option in settings.yml: + +.. code:: sh + + sed -i -e "s/debug : True/debug : False/g" searx/settings.yml + +At this point searx is not demonized ; uwsgi allows this. + +You can exit the virtualenv and the searx user bash (enter exit command +twice). + +uwsgi +===== + +Install packages: + +.. code:: sh + + sudo -H apt-get install \ + uwsgi uwsgi-plugin-python + +Create the configuration file ``/etc/uwsgi/apps-available/searx.ini`` with this +content: + +.. code:: ini + + [uwsgi] + # Who will run the code + uid = searx + gid = searx + + # disable logging for privacy + disable-logging = true + + # Number of workers (usually CPU count) + workers = 4 + + # The right granted on the created socket + chmod-socket = 666 + + # Plugin to use and interpretor config + single-interpreter = true + master = true + plugin = python + lazy-apps = true + enable-threads = true + + # Module to import + module = searx.webapp + + # Virtualenv and python path + virtualenv = /usr/local/searx/searx-ve/ + pythonpath = /usr/local/searx/ + chdir = /usr/local/searx/searx/ + +Activate the uwsgi application and restart: + +.. code:: sh + + cd /etc/uwsgi/apps-enabled + ln -s ../apps-available/searx.ini + /etc/init.d/uwsgi restart + +Web server +========== + +with nginx +---------- + +If nginx is not installed (uwsgi will not work with the package +nginx-light): + +.. code:: sh + + sudo -H apt-get install nginx + +Hosted at / +~~~~~~~~~~~ + +Create the configuration file ``/etc/nginx/sites-available/searx`` with this +content: + +.. code:: nginx + + server { + listen 80; + server_name searx.example.com; + root /usr/local/searx; + + location / { + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/app/searx/socket; + } + } + +Create a symlink to sites-enabled: + +.. code:: sh + + sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx + +Restart service: + +.. code:: sh + + sudo -H service nginx restart + sudo -H service uwsgi restart + +from subdirectory URL (/searx) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Add this configuration in the server config file +``/etc/nginx/sites-enabled/default``: + +.. code:: nginx + + location = /searx { rewrite ^ /searx/; } + location /searx { + try_files $uri @searx; + } + location @searx { + uwsgi_param SCRIPT_NAME /searx; + include uwsgi_params; + uwsgi_modifier1 30; + uwsgi_pass unix:/run/uwsgi/app/searx/socket; + } + + +**OR** using reverse proxy (Please, note that reverse proxy advised to be used +in case of single-user or low-traffic instances.) + +.. code:: nginx + + location /searx { + proxy_pass http://127.0.0.1:8888; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; + proxy_buffering off; + } + + +Enable ``base_url`` in ``searx/settings.yml`` + +.. code:: yaml + + base_url : http://your.domain.tld/searx/ + +Restart service: + +.. code:: sh + + sudo -H service nginx restart + sudo -H service uwsgi restart + +disable logs +^^^^^^^^^^^^ + +for better privacy you can disable nginx logs about searx. + +how to proceed: below ``uwsgi_pass`` in ``/etc/nginx/sites-available/default`` +add: + +.. code:: nginx + + access_log /dev/null; + error_log /dev/null; + +Restart service: + +.. code:: sh + + sudo -H service nginx restart + +with apache +----------- + +Add wsgi mod: + +.. code:: sh + + sudo -H apt-get install libapache2-mod-uwsgi + sudo -H a2enmod uwsgi + +Add this configuration in the file ``/etc/apache2/apache2.conf``: + +.. code:: apache + + + Options FollowSymLinks Indexes + SetHandler uwsgi-handler + uWSGISocket /run/uwsgi/app/searx/socket + + +Note that if your instance of searx is not at the root, you should change +```` by the location of your instance, like ````. + +Restart Apache: + +.. code:: sh + + sudo -H /etc/init.d/apache2 restart + +disable logs +~~~~~~~~~~~~ + +For better privacy you can disable Apache logs. + +.. warning:: + + You can only disable logs for the whole (virtual) server not for a specific + path. + +Go back to ``/etc/apache2/apache2.conf`` and above ```` add: + +.. code:: apache + + CustomLog /dev/null combined + +Restart Apache: + +.. code:: sh + + sudo -H /etc/init.d/apache2 restart + +How to update +============= + +.. code:: sh + + cd /usr/local/searx + sudo -H -u searx -i + +.. code:: sh + + (searx)$ . ./searx-ve/bin/activate + (searx)$ git stash + (searx)$ git pull origin master + (searx)$ git stash apply + (searx)$ ./manage.sh update_packages + +.. code:: sh + + sudo -H service uwsgi restart + +Docker +====== + +Make sure you have installed Docker. For instance, you can deploy searx like this: + +.. code:: sh + + docker pull wonderfall/searx + docker run -d --name searx -p $PORT:8888 wonderfall/searx + +Go to ``http://localhost:$PORT``. + +See https://hub.docker.com/r/wonderfall/searx/ for more informations. It's also +possible to build searx from the embedded Dockerfile. + +.. code:: sh + + git clone https://github.com/asciimoo/searx.git + cd searx + docker build -t whatever/searx . + +References +========== + +* https://about.okhin.fr/posts/Searx/ with some additions + +* How to: `Setup searx in a couple of hours with a free SSL certificate + `__ + -- cgit v1.2.3 From a1d9c81915b169272cf26139445f3e08e9b689b9 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Tue, 31 Dec 2019 14:24:27 +0100 Subject: Fix Nginx subdir URL install docs which allowed download of settings.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files. --- docs/admin/installation.rst | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'docs/admin/installation.rst') diff --git a/docs/admin/installation.rst b/docs/admin/installation.rst index 239ce0704..28a6b0614 100644 --- a/docs/admin/installation.rst +++ b/docs/admin/installation.rst @@ -114,6 +114,9 @@ content: # Module to import module = searx.webapp + # Support running the module from a webserver subdirectory. + route-run = fixpathinfo: + # Virtualenv and python path virtualenv = /usr/local/searx/searx-ve/ pythonpath = /usr/local/searx/ @@ -180,14 +183,16 @@ Add this configuration in the server config file .. code:: nginx - location = /searx { rewrite ^ /searx/; } - location /searx { - try_files $uri @searx; + location = /searx { + rewrite ^ /searx/; + } + + location /searx/static { } - location @searx { + + location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; - uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } @@ -338,4 +343,3 @@ References * How to: `Setup searx in a couple of hours with a free SSL certificate `__ - -- cgit v1.2.3 From 088337295aaeebf8a37d6b4e859cd59019cd3d27 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Tue, 31 Dec 2019 14:37:01 +0100 Subject: Simply Nginx example by using alias directive for subdirectory URL We explicitly specific the static directory here using alias to allow to host from a other subdirectory than "searx" which just so happens to match the source code directory. --- docs/admin/installation.rst | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'docs/admin/installation.rst') diff --git a/docs/admin/installation.rst b/docs/admin/installation.rst index 28a6b0614..e0b3779fa 100644 --- a/docs/admin/installation.rst +++ b/docs/admin/installation.rst @@ -183,11 +183,8 @@ Add this configuration in the server config file .. code:: nginx - location = /searx { - rewrite ^ /searx/; - } - location /searx/static { + alias /usr/local/searx/searx/static; } location /searx { -- cgit v1.2.3 From 3e5a3ee4e49c739fdc464d47252c684a42620d48 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Tue, 31 Dec 2019 14:38:30 +0100 Subject: Let Nginx deliver static files directory in all examples --- docs/admin/installation.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'docs/admin/installation.rst') diff --git a/docs/admin/installation.rst b/docs/admin/installation.rst index e0b3779fa..15800fc01 100644 --- a/docs/admin/installation.rst +++ b/docs/admin/installation.rst @@ -154,7 +154,10 @@ content: server { listen 80; server_name searx.example.com; - root /usr/local/searx; + root /usr/local/searx/searx; + + location /static { + } location / { include uwsgi_params; @@ -199,6 +202,10 @@ in case of single-user or low-traffic instances.) .. code:: nginx + location /searx/static { + alias /usr/local/searx/searx/static; + } + location /searx { proxy_pass http://127.0.0.1:8888; proxy_set_header Host $host; -- cgit v1.2.3