Commit Graph

13 Commits

Author SHA1 Message Date
Robin Schneider 088337295a
Simply Nginx example by using alias directive for subdirectory URL
We explicitly specific the static directory here using alias to allow to
host from a other subdirectory than "searx" which just so happens to
match the source code directory.
2019-12-31 14:41:27 +01:00
Robin Schneider a1d9c81915
Fix Nginx subdir URL install docs which allowed download of settings.yml
Closes: #1617

There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:

```nginx
root /usr/local/searx;

location = /searx { rewrite ^ /searx/; }
        try_files $uri @searx;
}
location @searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_modifier1 30;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that  `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).

To fix this, I propose:

```nginx
location = /searx {
        rewrite ^ /searx/;
}

location /searx/static {
}

location /searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

And add

```
route-run = fixpathinfo:
```

to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action

I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).

https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:

> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Markus Heiser d1892b2112 docs(admin): add article 'Buildhosts' with system requirements
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:25:16 +01:00
Markus Heiser 90174e215c doc: add plugin section to admin section (template)
- Plugins configured at built time (defaults)

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:26:06 +01:00
Markus Heiser aa3b0265e7 doc: add 'Architecture' article to admin section
Herein we add some hints and suggestions about typical architectures of
searx infrastructures.  We start with a contribution from @dalf

- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320

thanks @dalf !!

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:05:33 +01:00
Markus Heiser d1154202bc doc: add reST templating // incl. generic engine tabe
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-21 17:13:38 +01:00
Markus Heiser 04eeeb53a1 doc: moved reST sources in the right folder (much clearer)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-12 19:48:42 +01:00
Markus Heiser e9fff4fde6 doc: proofread of the all reST sources (no content change)
Normalize reST sources with best practice and KISS in mind.

to name a few points:

- simplify reST tables
- make use of ``literal`` markup for monospace rendering
- fix code-blocks for better rendering in HTML
- normalize section header markup
- limit all lines to a maximum of 79 characters
- add option -H to the sudo command used in code blocks
- drop useless indentation of lists
- ...

[1] https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-12 19:20:56 +01:00
Markus Heiser 0a7479f194 doc: [fix] WARNING: Could not lex literal_block as "json"
docs/admin/filtron.rst:24: \
   WARNING: Could not lex literal_block as "json". Highlighting skipped.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-12 13:24:18 +01:00
Adam Tauber 6cc9f56949 [enh] add morty documentation 2017-08-08 15:23:17 +02:00
Noémi Ványi dca4d276a4 add sample config of filtron 2016-10-30 01:01:22 +02:00
Noémi Ványi 013139b036 add embedded search to docs 2016-09-06 18:16:29 +02:00
Noemi Vanyi 2ad8715b32 better API docs && more features in list 2016-07-09 22:31:21 +02:00