searxng/docs/admin/installation.rst

346 lines
6.6 KiB
ReStructuredText
Raw Normal View History

2016-07-15 16:41:05 +00:00
.. _installation:
============
2015-11-17 22:13:30 +00:00
Installation
============
.. contents::
:depth: 3
2015-11-17 22:13:30 +00:00
Basic installation
==================
2015-11-17 22:13:30 +00:00
Step by step installation for Debian/Ubuntu with virtualenv. For Ubuntu, be sure
to have enable universe repository.
2015-11-17 22:13:30 +00:00
Install packages:
2015-11-17 22:13:30 +00:00
.. code:: sh
$ sudo -H apt-get install \
git build-essential libxslt-dev \
python-dev python-virtualenv python-babel \
zlib1g-dev libffi-dev libssl-dev
2015-11-17 22:13:30 +00:00
Install searx:
2015-11-17 22:13:30 +00:00
.. code:: sh
cd /usr/local
sudo -H git clone https://github.com/asciimoo/searx.git
sudo -H useradd searx -d /usr/local/searx
sudo -H chown searx:searx -R /usr/local/searx
2015-11-17 22:13:30 +00:00
Install dependencies in a virtualenv:
2015-11-17 22:13:30 +00:00
.. code:: sh
cd /usr/local/searx
sudo -H -u searx -i
.. code:: sh
(searx)$ virtualenv searx-ve
(searx)$ . ./searx-ve/bin/activate
(searx)$ ./manage.sh update_packages
2015-11-17 22:13:30 +00:00
Configuration
==============
2015-11-17 22:13:30 +00:00
.. code:: sh
sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml
Edit searx/settings.yml if necessary.
Check
=====
2015-11-17 22:13:30 +00:00
Start searx:
2015-11-17 22:13:30 +00:00
.. code:: sh
python searx/webapp.py
Go to http://localhost:8888
If everything works fine, disable the debug option in settings.yml:
2015-11-17 22:13:30 +00:00
.. code:: sh
sed -i -e "s/debug : True/debug : False/g" searx/settings.yml
At this point searx is not demonized ; uwsgi allows this.
You can exit the virtualenv and the searx user bash (enter exit command
twice).
uwsgi
=====
2015-11-17 22:13:30 +00:00
Install packages:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H apt-get install \
uwsgi uwsgi-plugin-python
2015-11-17 22:13:30 +00:00
Create the configuration file ``/etc/uwsgi/apps-available/searx.ini`` with this
content:
2015-11-17 22:13:30 +00:00
.. code:: ini
2015-11-17 22:13:30 +00:00
[uwsgi]
# Who will run the code
uid = searx
gid = searx
# disable logging for privacy
disable-logging = true
# Number of workers (usually CPU count)
workers = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python
lazy-apps = true
enable-threads = true
2015-11-17 22:13:30 +00:00
# Module to import
module = searx.webapp
Fix Nginx subdir URL install docs which allowed download of settings.yml Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 13:24:27 +00:00
# Support running the module from a webserver subdirectory.
route-run = fixpathinfo:
2015-11-17 22:13:30 +00:00
# Virtualenv and python path
virtualenv = /usr/local/searx/searx-ve/
pythonpath = /usr/local/searx/
chdir = /usr/local/searx/searx/
Activate the uwsgi application and restart:
2015-11-17 22:13:30 +00:00
.. code:: sh
cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/searx.ini
/etc/init.d/uwsgi restart
Web server
==========
2015-11-17 22:13:30 +00:00
with nginx
----------
2015-11-17 22:13:30 +00:00
If nginx is not installed (uwsgi will not work with the package
nginx-light):
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H apt-get install nginx
2015-11-17 22:13:30 +00:00
Hosted at /
~~~~~~~~~~~
2015-11-17 22:13:30 +00:00
Create the configuration file ``/etc/nginx/sites-available/searx`` with this
content:
2015-11-17 22:13:30 +00:00
.. code:: nginx
server {
listen 80;
server_name searx.example.com;
root /usr/local/searx;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
}
2018-10-21 09:36:11 +00:00
Create a symlink to sites-enabled:
2018-10-21 09:42:00 +00:00
.. code:: sh
sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
2018-10-21 09:36:11 +00:00
Restart service:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H service nginx restart
sudo -H service uwsgi restart
2015-11-17 22:13:30 +00:00
from subdirectory URL (/searx)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2015-11-17 22:13:30 +00:00
Add this configuration in the server config file
``/etc/nginx/sites-enabled/default``:
2015-11-17 22:13:30 +00:00
.. code:: nginx
Fix Nginx subdir URL install docs which allowed download of settings.yml Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 13:24:27 +00:00
location = /searx {
rewrite ^ /searx/;
}
location /searx/static {
2015-11-17 22:13:30 +00:00
}
Fix Nginx subdir URL install docs which allowed download of settings.yml Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 13:24:27 +00:00
location /searx {
2015-11-17 22:13:30 +00:00
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
2016-04-21 11:16:18 +00:00
**OR** using reverse proxy (Please, note that reverse proxy advised to be used
in case of single-user or low-traffic instances.)
2016-04-21 12:30:17 +00:00
.. code:: nginx
location /searx {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
proxy_buffering off;
}
Enable ``base_url`` in ``searx/settings.yml``
2015-11-17 22:13:30 +00:00
.. code:: yaml
2015-11-17 22:13:30 +00:00
base_url : http://your.domain.tld/searx/
Restart service:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H service nginx restart
sudo -H service uwsgi restart
2015-11-17 22:13:30 +00:00
disable logs
^^^^^^^^^^^^
2015-11-17 22:13:30 +00:00
for better privacy you can disable nginx logs about searx.
how to proceed: below ``uwsgi_pass`` in ``/etc/nginx/sites-available/default``
add:
2015-11-17 22:13:30 +00:00
.. code:: nginx
2015-11-17 22:13:30 +00:00
access_log /dev/null;
error_log /dev/null;
Restart service:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H service nginx restart
2015-11-17 22:13:30 +00:00
with apache
-----------
2015-11-17 22:13:30 +00:00
Add wsgi mod:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H apt-get install libapache2-mod-uwsgi
sudo -H a2enmod uwsgi
2015-11-17 22:13:30 +00:00
Add this configuration in the file ``/etc/apache2/apache2.conf``:
2015-11-17 22:13:30 +00:00
.. code:: apache
<Location />
Options FollowSymLinks Indexes
SetHandler uwsgi-handler
uWSGISocket /run/uwsgi/app/searx/socket
</Location>
Note that if your instance of searx is not at the root, you should change
``<Location />`` by the location of your instance, like ``<Location /searx>``.
2015-11-17 22:13:30 +00:00
Restart Apache:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H /etc/init.d/apache2 restart
2015-11-17 22:13:30 +00:00
disable logs
~~~~~~~~~~~~
2015-11-17 22:13:30 +00:00
For better privacy you can disable Apache logs.
.. warning::
2015-11-17 22:13:30 +00:00
You can only disable logs for the whole (virtual) server not for a specific
path.
2015-11-17 22:13:30 +00:00
Go back to ``/etc/apache2/apache2.conf`` and above ``<Location />`` add:
2015-11-17 22:13:30 +00:00
.. code:: apache
CustomLog /dev/null combined
Restart Apache:
2015-11-17 22:13:30 +00:00
.. code:: sh
sudo -H /etc/init.d/apache2 restart
2015-11-17 22:13:30 +00:00
How to update
=============
2015-11-17 22:13:30 +00:00
.. code:: sh
cd /usr/local/searx
sudo -H -u searx -i
.. code:: sh
(searx)$ . ./searx-ve/bin/activate
(searx)$ git stash
(searx)$ git pull origin master
(searx)$ git stash apply
(searx)$ ./manage.sh update_packages
.. code:: sh
sudo -H service uwsgi restart
2015-11-17 22:13:30 +00:00
Docker
======
Make sure you have installed Docker. For instance, you can deploy searx like this:
.. code:: sh
docker pull wonderfall/searx
docker run -d --name searx -p $PORT:8888 wonderfall/searx
Go to ``http://localhost:$PORT``.
See https://hub.docker.com/r/wonderfall/searx/ for more informations. It's also
possible to build searx from the embedded Dockerfile.
.. code:: sh
git clone https://github.com/asciimoo/searx.git
cd searx
docker build -t whatever/searx .
References
==========
* https://about.okhin.fr/posts/Searx/ with some additions
* How to: `Setup searx in a couple of hours with a free SSL certificate
<https://www.reddit.com/r/privacytoolsIO/comments/366kvn/how_to_setup_your_own_privacy_respecting_search/>`__