13 KiB
Install with apache
further read
Contents
The apache HTTP server
If Apache is not installed, install it now. If apache is new to you, the Getting Started, Configuration Files and Terms Used to Describe Directives documentation gives first orientation. There is also a list of Apache directives to keep in the pocket.
Ubuntu / debian
sudo -H apt-get install apache2
Arch Linux
sudo -H pacman -S apache
sudo -H systemctl enable httpd
sudo -H systemctl start http
Fedora / RHEL
sudo -H dnf install httpd
sudo -H systemctl enable httpd
sudo -H systemctl start httpd
Now at http://localhost you should see any kind of Welcome or Test page. How this default intro site is configured, depends on the linux distribution (compare Apache directives).
Ubuntu / debian
less /etc/apache2/sites-enabled/000-default.conf
In this file, there is a line setting the DocumentRoot directive:
/var/www/html DocumentRoot
And the welcome page is the HTML file at /var/www/html/index.html
.
Arch Linux
less /etc/httpd/conf/httpd.conf
In this file, there is a line setting the DocumentRoot directive:
"/srv/http"
DocumentRoot<Directory "/srv/http">
Options Indexes FollowSymLinks
AllowOverride None
all granted
Require</Directory>
The welcome page of Arch Linux is a page showing directory located at DocumentRoot
. This is directory page is generated by the Module mod_autoindex:
autoindex_module modules/mod_autoindex.so
LoadModule
... conf/extra/httpd-autoindex.conf Include
Fedora / RHEL
less /etc/httpd/conf/httpd.conf
In this file, there is a line setting the DocumentRoot
directive:
"/var/www/html"
DocumentRoot
...<Directory "/var/www">
AllowOverride None
# Allow open access:
all granted
Require</Directory>
On fresh installations, the /var/www
is empty and the default welcome page is shown, the configuration is located at:
less /etc/httpd/conf.d/welcome.conf
The Debian Layout
Be aware that the Debian layout is quite different from the standard Apache configuration. For details look at the README.Debian (/usr/share/doc/apache2/README.Debian.gz
). Some commands you should know on Debian:
apache2ctl
: Apache HTTP server control interfacea2enmod
,a2dismod
: switch on/off modulesa2enconf
,a2disconf
: switch on/off configurationsa2ensite
,a2dissite
: switch on/off sites
Apache Reverse Proxy
public to the internet?
If your searx instance is public, stop here and first install filtron
reverse proxy <filtron.sh>
and result proxy morty <morty.sh>
, see installation scripts
. If already done, follow setup: searx via filtron plus morty.
To setup a Apache revers proxy you have to enable the headers and proxy modules and create a Location configuration for the searx site. In most distributions you have to uncomment the lines in the main configuration file, except in the The Debian Layout
.
Ubuntu / debian
In the Apache setup, enable headers and proxy modules:
sudo -H a2enmod headers
sudo -H a2enmod proxy
sudo -H a2enmod proxy_http
In The Debian Layout
you create a searx.conf
with the <Location /searx >
directive and save this file in the sites available folder at /etc/apache2/sites-available
. To enable the searx.conf
use a2ensite
:
sudo -H a2ensite searx.conf
Arch Linux
In the /etc/httpd/conf/httpd.conf
file, activate headers and proxy modules (LoadModule):
headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule
Fedora / RHEL
In the /etc/httpd/conf/httpd.conf
file, activate headers and proxy modules (LoadModule):
headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule
searx via filtron plus morty
Use this setup, if your instance is public to the internet, compare figure: architecture <arch public>
and installation scripts
.
- Configure a reverse proxy for
filtron <filtron.sh>
, listening on localhost 4004 (filtron route request
):
<Location /searx >
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
all granted
Require
Order deny,allow
from all
Deny#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
from all
Allow
ProxyPreserveHost On
http://127.0.0.1:4004
ProxyPass set X-Script-Name /searx
RequestHeader
</Location>
2. Configure reverse proxy for morty <searx morty>
, listening on localhost 3000 (FYI: ProxyPreserveHost On
is already set, see above):
ProxyPreserveHost On
<Location /morty >
# SetEnvIf Request_URI "/morty" dontlog
# CustomLog /dev/null combined env=dontlog
all granted
Require
Order deny,allow
from all
Deny#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
from all
Allow
http://127.0.0.1:3000
ProxyPass set X-Script-Name /morty
RequestHeader
</Location>
Note that reverse proxy advised to be used in case of single-user or low-traffic instances. For a fully result proxification add morty's
<searx morty>
public URL to your searx/settings.yml
:
result_proxy:
# replace example.org with your server's public name
url : https://example.org/morty
server:
image_proxy : True
uWSGI support
Be warned, with this setup, your instance isn't protected <searx
filtron>
. Nevertheless it is good enough for intranet usage and it demonstrates: how different the uwsgi support is, depending on the distribution. To enable uWSGI <searx uwsgi>
support you need to install the apache apache uwsgi support:
Ubuntu / debian
sudo -H apt-get install libapache2-mod-uwsgi
sudo -H a2enmod uwsgi
Arch Linux
sudo -H pacman -S uwsgi
In the /etc/httpd/conf/httpd.conf
file, activate headers and proxy modules (LoadModule):
proxy_module modules/mod_proxy.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so LoadModule
Fedora / RHEL
sudo -H dnf install uwsgi
FIXME: enable uwsgi in apache
The next example shows a configuration using the uWSGI Apache support via unix sockets. For socket communication, you have to activate socket = /run/uwsgi/app/searx/socket
and comment out the http = 127.0.0.1:8888
configuration in your uwsgi ini file <uwsgi configuration>
.
If not already exists, create a folder for the unix sockets, which can be used by the searx account:
sudo -H mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
To limit acces to your intranet replace Allow from all
directive and replace 192.168.0.0/16
with your subnet IP/class.
Ubuntu / debian
Debian uses the (old) mod_uwsgi.
<IfModule mod_uwsgi.c>
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx >
all granted
Require
Options FollowSymLinks Indexes
uwsgi-handler
SetHandler
uWSGISocket /run/uwsgi/app/searx/socket
Order deny,allow
from all
Deny# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
from all
Allow
</Location>
</IfModule>
Arch Linux
Arch Linux uses the (recommend) mod_proxy_uwsgi.
<IfModule proxy_uwsgi_module>
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx>
all granted
RequireOrder deny,allow
from all
Deny# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
from all
Allow
ProxyPreserveHost On
unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
ProxyPass
</Location>
</IfModule>
Fedora / RHEL
RHEL uses the (recommend) mod_proxy_uwsgi.
<IfModule proxy_uwsgi_module>
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx>
all granted
RequireOrder deny,allow
from all
Deny# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
from all
Allow
ProxyPreserveHost On
unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
ProxyPass
</Location>
</IfModule>
Restart service
Ubuntu / debian
sudo -H systemctl restart apache2
sudo -H service uwsgi restart searx
Arch Linux
sudo -H systemctl restart httpd
sudo -H systemctl restart uwsgi@searx
Fedora / RHEL
sudo -H systemctl restart httpd
sudo -H touch /etc/uwsgi.d/searx.ini
disable logs
For better privacy you can disable Apache logs. In the examples above activate one of the lines and restart apache:
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
The CustomLog
directive disable logs for the whole (virtual) server, use it when the URL of the service does not have a path component (/searx
) / is located at root (/
).