From 692708aa771c1f4927a3037ecc5aa9c06f1a2494 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Thu, 16 Jun 2022 16:30:18 +0200 Subject: [PATCH] [clean up] drop obsolete searx, filtron and morty install scripts Since ./utils/searxng.sh is implemented, the old installation procedures from filtron, morty and searx can be removed. For users who want to upgrade, the procedures for removing old installations have still been retained. Signed-off-by: Markus Heiser --- .config.sh | 52 - .github/workflows/data-update.yml | 2 +- .github/workflows/integration.yml | 6 +- Makefile | 4 +- manage | 2 - utils/filtron.sh | 527 +-------- utils/lib_install.sh | 208 ---- utils/lxc.sh | 1 - utils/morty.sh | 457 +------- utils/searx.sh | 1033 +---------------- utils/templates/etc/filtron/rules.json | 129 -- .../etc/httpd/sites-available/morty.conf | 28 - .../sites-available/searxng.conf:filtron | 33 - .../httpd/sites-available/searxng.conf:uwsgi | 34 - .../nginx/default.apps-available/morty.conf | 11 - .../searxng.conf:filtron | 16 - 16 files changed, 25 insertions(+), 2518 deletions(-) delete mode 100644 .config.sh delete mode 100755 utils/lib_install.sh delete mode 100644 utils/templates/etc/filtron/rules.json delete mode 100644 utils/templates/etc/httpd/sites-available/morty.conf delete mode 100644 utils/templates/etc/httpd/sites-available/searxng.conf:filtron delete mode 100644 utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi delete mode 100644 utils/templates/etc/nginx/default.apps-available/morty.conf delete mode 100644 utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron diff --git a/.config.sh b/.config.sh deleted file mode 100644 index 972728c35..000000000 --- a/.config.sh +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8; mode: sh -*- -# SPDX-License-Identifier: AGPL-3.0-or-later -# shellcheck shell=bash disable=SC2034 -# -# This file should be edited only ones just before the installation of any -# service is done. After the installation of the searx service a copy of this -# file is placed into the $SEARXNG_SRC of the instance, e.g.:: -# -# /usr/local/searx/searx-src/.config.sh -# -# .. hint:: -# -# Before you change a value here, You have to fully uninstall any previous -# installation of searx, morty and filtron services! - -# utils/searx.sh -# -------------- - -# The setup of the SearXNG instance is done in the settings.yml -# (SEARXNG_SETTINGS_PATH). Read the remarks in [1] carefully and don't forget to -# rebuild instance's environment (make buildenv) if needed. The settings.yml -# file of an already installed instance is shown by:: -# -# $ ./utils/searx.sh --help -# ---- SearXNG instance setup (already installed) -# SEARXNG_SETTINGS_PATH : /etc/searxng/settings.yml -# SEARXNG_SRC : /usr/local/searx/searx-src -# -# [1] https://docs.searxng.org/admin/engines/settings.html - -# utils/filtron.sh -# ---------------- - -# FILTRON_API="127.0.0.1:4005" -# FILTRON_LISTEN="127.0.0.1:4004" - -# utils/morty.sh -# -------------- - -# morty listen address -# MORTY_LISTEN="127.0.0.1:3000" -# PUBLIC_URL_PATH_MORTY="/morty/" - -# system services -# --------------- - -# Common $HOME folder of the service accounts -# SERVICE_HOME_BASE="/usr/local" - -# **experimental**: Set SERVICE_USER to run all services by one account, but be -# aware that removing discrete components might conflict! -# SERVICE_USER=searx diff --git a/.github/workflows/data-update.yml b/.github/workflows/data-update.yml index fba56f120..d20cd6c63 100644 --- a/.github/workflows/data-update.yml +++ b/.github/workflows/data-update.yml @@ -26,7 +26,7 @@ jobs: - name: Install Ubuntu packages run: | - sudo ./utils/searx.sh install packages + sudo ./utils/searxng.sh install packages - name: Set up Python uses: actions/setup-python@v2 diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index ea9dc0972..f43f467e5 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v2 - name: Install Ubuntu packages run: | - sudo ./utils/searx.sh install packages + sudo ./utils/searxng.sh install packages sudo apt install firefox - name: Set up Python uses: actions/setup-python@v2 @@ -55,7 +55,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Install Ubuntu packages - run: sudo ./utils/searx.sh install buildhost + run: sudo ./utils/searxng.sh install buildhost - name: Set up Python uses: actions/setup-python@v2 with: @@ -82,7 +82,7 @@ jobs: fetch-depth: '0' persist-credentials: false - name: Install Ubuntu packages - run: sudo ./utils/searx.sh install buildhost + run: sudo ./utils/searxng.sh install buildhost - name: Set up Python uses: actions/setup-python@v2 with: diff --git a/Makefile b/Makefile index f21734793..66c644ba2 100644 --- a/Makefile +++ b/Makefile @@ -59,7 +59,6 @@ test.shell: utils/brand.env \ $(MTOOLS) \ utils/lib.sh \ - utils/lib_install.sh \ utils/lib_nvm.sh \ utils/lib_static.sh \ utils/lib_go.sh \ @@ -69,8 +68,7 @@ test.shell: utils/searxng.sh \ utils/morty.sh \ utils/lxc.sh \ - utils/lxc-searxng.env \ - .config.sh + utils/lxc-searxng.env $(Q)$(MTOOLS) build_msg TEST "$@ OK" diff --git a/manage b/manage index 5805481ab..f7cada3e1 100755 --- a/manage +++ b/manage @@ -417,8 +417,6 @@ docs.prebuild() { [ "$VERBOSE" = "1" ] && set -x mkdir -p "${DOCS_BUILD}/includes" ./utils/searxng.sh searxng.doc.rst > "${DOCS_BUILD}/includes/searxng.rst" - ./utils/filtron.sh doc | cat > "${DOCS_BUILD}/includes/filtron.rst" - ./utils/morty.sh doc | cat > "${DOCS_BUILD}/includes/morty.rst" pyenv.cmd searxng_extra/docs_prebuild ) dump_return $? diff --git a/utils/filtron.sh b/utils/filtron.sh index 158fd55be..ab207bbd8 100755 --- a/utils/filtron.sh +++ b/utils/filtron.sh @@ -4,56 +4,19 @@ # shellcheck source=utils/lib.sh source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" -# shellcheck source=utils/lib_go.sh -source "${REPO_ROOT}/utils/lib_go.sh" -# shellcheck source=utils/lib_install.sh -source "${REPO_ROOT}/utils/lib_install.sh" # ---------------------------------------------------------------------------- # config # ---------------------------------------------------------------------------- -PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}" - -FILTRON_URL_PATH="${FILTRON_URL_PATH:-$(echo "${PUBLIC_URL}" \ -| sed -e 's,^.*://[^/]*\(/.*\),\1,g')}" -[[ "${FILTRON_URL_PATH}" == "${PUBLIC_URL}" ]] && FILTRON_URL_PATH=/ - FILTRON_ETC="/etc/filtron" -FILTRON_RULES="$FILTRON_ETC/rules.json" -FILTRON_RULES_TEMPLATE="${FILTRON_RULES_TEMPLATE:-${REPO_ROOT}/utils/templates/etc/filtron/rules.json}" - -FILTRON_API="${FILTRON_API:-127.0.0.1:4005}" -FILTRON_LISTEN="${FILTRON_LISTEN:-127.0.0.1:4004}" - -# The filtron target is the SearXNG installation, listenning on server.port at -# server.bind_address. The default of FILTRON_TARGET is taken from the YAML -# configuration, do not change this value without reinstalling the entire -# SearXNG suite including filtron & morty. -FILTRON_TARGET="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}" SERVICE_NAME="filtron" SERVICE_USER="${SERVICE_USER:-${SERVICE_NAME}}" -SERVICE_HOME_BASE="${SERVICE_HOME_BASE:-/usr/local}" -SERVICE_HOME="${SERVICE_HOME_BASE}/${SERVICE_USER}" SERVICE_SYSTEMD_UNIT="${SYSTEMD_UNITS}/${SERVICE_NAME}.service" -# shellcheck disable=SC2034 -SERVICE_GROUP="${SERVICE_USER}" -# shellcheck disable=SC2034 -SERVICE_GROUP="${SERVICE_USER}" - -GO_ENV="${SERVICE_HOME}/.go_env" -GO_VERSION="go1.17.2" - -APACHE_FILTRON_SITE="searxng.conf" -NGINX_FILTRON_SITE="searxng.conf" - -# shellcheck disable=SC2034 -CONFIG_FILES=( - "${FILTRON_RULES}" - "${SERVICE_SYSTEMD_UNIT}" -) +APACHE_FILTRON_SITE="searx.conf" +NGINX_FILTRON_SITE="searx.conf" # ---------------------------------------------------------------------------- usage() { @@ -62,248 +25,45 @@ usage() { # shellcheck disable=SC1117 cat < "$(go_version)" ]]; then - warn_msg "golang ($(go_version)) needs to be $GO_VERSION at least" - warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all" - else - info_msg "golang $(go_version) is installed (min needed is: $GO_VERSION)" - fi - - if [ -f "${APACHE_SITES_AVAILABLE}/searx.conf" ]; then - warn_msg "old searx.conf apache site exists" - fi - - if [ -f "${NGINX_APPS_AVAILABLE}/searx.conf" ]; then - warn_msg "old searx.conf nginx site exists" - fi - -} - -go_version(){ - go.version "${SERVICE_USER}" -} - remove_all() { rst_title "De-Install $SERVICE_NAME (service)" @@ -321,219 +81,6 @@ installations that were installed with this script." fi } -assert_user() { - rst_title "user $SERVICE_USER" section - echo - tee_stderr 1 <> ~/.profile -EOF -} - -filtron_is_installed() { - [[ -f $SERVICE_HOME/go-apps/bin/filtron ]] -} - -install_filtron() { - rst_title "Install filtron in user's ~/go-apps" section - echo - go.install github.com/searxng/filtron@latest "${SERVICE_USER}" -} - -update_filtron() { - rst_title "Update filtron" section - echo - go.install github.com/searxng/filtron@latest "${SERVICE_USER}" -} - -install_rules() { - rst_title "Install filtron rules" - echo - if [[ ! -f "${FILTRON_RULES}" ]]; then - info_msg "install rules ${FILTRON_RULES_TEMPLATE}" - info_msg " --> ${FILTRON_RULES}" - mkdir -p "$(dirname "${FILTRON_RULES}")" - cp "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}" - return - fi - - if cmp --silent "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}"; then - info_msg "${FILTRON_RULES} is up to date with" - info_msg "${FILTRON_RULES_TEMPLATE}" - return - fi - - rst_para "Diff between origin's rules file (+) and current (-):" - echo "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}" - $DIFF_CMD "${FILTRON_RULES}" "${FILTRON_RULES_TEMPLATE}" - - local action - choose_one action "What should happen to the rules file? " \ - "keep configuration unchanged" \ - "use origin rules" \ - "start interactive shell" - case $action in - "keep configuration unchanged") - info_msg "leave rules file unchanged" - ;; - "use origin rules") - backup_file "${FILTRON_RULES}" - info_msg "install origin rules" - cp "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}" - ;; - "start interactive shell") - backup_file "${FILTRON_RULES}" - echo -e "// exit with [${_BCyan}CTRL-D${_creset}]" - sudo -H -i - rst_para 'Diff between new rules file (-) and current (+):' - echo - $DIFF_CMD "${FILTRON_RULES_TEMPLATE}" "${FILTRON_RULES}" - wait_key - ;; - esac -} - -inspect_service() { - - rst_title "service status & log" - - cat < ${PUBLIC_URL}" - info_msg "internal URL --> http://${FILTRON_LISTEN}" - fi - - - local _debug_on - if ask_yn "Enable filtron debug mode?"; then - enable_debug - _debug_on=1 - fi - echo - systemctl --no-pager -l status "${SERVICE_NAME}" - echo - - info_msg "public URL --> ${PUBLIC_URL}" - # shellcheck disable=SC2059 - printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log" - read -r -s -n1 -t 5 - echo - while true; do - trap break 2 - journalctl -f -u "${SERVICE_NAME}" - done - - if [[ $_debug_on == 1 ]]; then - disable_debug - fi - return 0 -} - - -enable_debug() { - info_msg "try to enable debug mode ..." - python < "$(go_version)" ]]; then - warn_msg "golang ($(go_version)) needs to be $GO_VERSION at least" - warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all" - else - info_msg "golang $(go_version) is installed (min needed is: $GO_VERSION)" - fi -} - -go_version(){ - go.version "${SERVICE_USER}" -} remove_all() { rst_title "De-Install $SERVICE_NAME (service)" @@ -321,152 +80,6 @@ installations that were installed with this script." fi } -assert_user() { - rst_title "user $SERVICE_USER" section - echo - tee_stderr 1 <> ~/.profile -EOF -} - -morty_is_installed() { - [[ -f $SERVICE_HOME/go-apps/bin/morty ]] -} - -install_morty() { - rst_title "Install morty in user's ~/go-apps" section - echo - go.install github.com/asciimoo/morty@latest "${SERVICE_USER}" -} - -update_morty() { - rst_title "Update morty" section - echo - go.install github.com/asciimoo/morty@latest "${SERVICE_USER}" -} - -set_service_env_debug() { - - # usage: set_service_env_debug [false|true] - - # shellcheck disable=SC2034 - local SERVICE_ENV_DEBUG="${1:-false}" - if systemd_remove_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}"; then - systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}" - fi -} - -inspect_service() { - - rst_title "service status & log" - - cat < ${PUBLIC_URL_MORTY}" - info_msg "morty URL --> http://${MORTY_LISTEN}" - fi - - local _debug_on - if ask_yn "Enable morty debug mode (needs reinstall of systemd service)?"; then - enable_debug - _debug_on=1 - else - systemctl --no-pager -l status "${SERVICE_NAME}" - fi - echo - - # shellcheck disable=SC2059 - printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log" - read -r -s -n1 -t 5 - echo - while true; do - trap break 2 - journalctl -f -u "${SERVICE_NAME}" - done - - if [[ $_debug_on == 1 ]]; then - FORCE_SELECTION=Y disable_debug - fi - return 0 -} - -enable_debug() { - warn_msg "Do not enable debug in production environments!!" - info_msg "Enabling debug option needs to reinstall systemd service!" - set_service_env_debug true -} - -disable_debug() { - info_msg "Disabling debug option needs to reinstall systemd service!" - set_service_env_debug false -} - - -set_new_key() { - rst_title "Set morty key" - echo - - MORTY_KEY="$(head -c 32 /dev/urandom | base64)" - info_msg "morty key: '${MORTY_KEY}'" - - warn_msg "this will need to reinstall services .." - MSG="${_Green}press any [${_BCyan}KEY${_Green}] to continue // stop with [${_BCyan}CTRL-C${_creset}]" wait_key - - systemd_install_service "${SERVICE_NAME}" "${SERVICE_SYSTEMD_UNIT}" - "${REPO_ROOT}/utils/searx.sh" option result-proxy "${PUBLIC_URL_MORTY}" "${MORTY_KEY}" - "${REPO_ROOT}/utils/searx.sh" option image-proxy-on -} - - -install_apache_site() { - - rst_title "Install Apache site $APACHE_MORTY_SITE" - - rst_para "\ -This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE})" - - ! apache_is_installed && err_msg "Apache is not installed." - - if ! ask_yn "Do you really want to continue?" Yn; then - return - else - install_apache - fi - - apache_install_site "${APACHE_MORTY_SITE}" - - info_msg "testing public url .." - if ! service_is_available "${PUBLIC_URL_MORTY}"; then - err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!" - fi -} remove_apache_site() { @@ -484,35 +97,6 @@ This removes apache site ${APACHE_MORTY_SITE}." apache_remove_site "$APACHE_MORTY_SITE" } -install_nginx_site() { - - rst_title "Install nginx site $NGINX_MORTY_SITE" - - rst_para "\ -This installs a reverse proxy (ProxyPass) into nginx site (${NGINX_MORTY_SITE})" - - ! nginx_is_installed && err_msg "nginx is not installed." - - if ! ask_yn "Do you really want to continue?" Yn; then - return - else - install_nginx - fi - - "${REPO_ROOT}/utils/searx.sh" install uwsgi - - # shellcheck disable=SC2034 - SEARXNG_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_SRC) - # shellcheck disable=SC2034 - SEARXNG_URL_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARXNG_URL_PATH) - nginx_install_app "${NGINX_MORTY_SITE}" - - info_msg "testing public url .." - if ! service_is_available "${PUBLIC_URL_MORTY}"; then - err_msg "Public service at ${PUBLIC_URL_MORTY} is not available!" - fi -} - remove_nginx_site() { rst_title "Remove nginx site $NGINX_MORTY_SITE" @@ -526,37 +110,10 @@ This removes nginx site ${NGINX_MORTY_SITE}." return fi - nginx_remove_site "$NGINX_MORTY_SITE" + nginx_remove_app "$NGINX_MORTY_SITE" } -rst-doc() { - - eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/morty.rst")\"" - - echo -e "\n.. START install systemd unit" - cat <] - $(basename "$0") option [debug-[on|off]|image-proxy-[on|off]|result-proxy ] - $(basename "$0") apache [install|remove] + $(basename "$0") remove all -shell - start interactive shell from user ${SERVICE_USER} -install / remove - :all: complete (de-) installation of SearXNG service - :user: add/remove service user '$SERVICE_USER' ($SERVICE_HOME) - :dot-config: copy ./config.sh to ${SEARXNG_SRC} - :searx-src: clone $GIT_URL - :init-src: copy files (SEARXNG_SRC_INIT_FILES) to ${SEARXNG_SRC} - :pyenv: create/remove virtualenv (python) in $SEARXNG_PYENV - :uwsgi: install SearXNG uWSGI application - :settings: reinstall settings from ${SEARXNG_SETTINGS_PATH} - :packages: install needed packages from OS package manager - :buildhost: install packages from OS package manager needed by buildhosts -install - :check: check the SearXNG installation -reinstall: - :all: runs 'install/remove all' -update searx - Update SearXNG installation ($SERVICE_HOME) -activate service - activate and start service daemon (systemd unit) -deactivate service - stop and deactivate service daemon (systemd unit) -inspect - :service: run some small tests and inspect service's status and log - :settings: inspect YAML setting from SearXNG instance (${SEARXNG_SRC}) -option - set one of the available options -apache - :install: apache site with the SearXNG uwsgi app - :remove: apache site ${APACHE_FILTRON_SITE} ----- sourced ${DOT_CONFIG} - SERVICE_USER : ${SERVICE_USER} - SERVICE_HOME : ${SERVICE_HOME} +remove all: complete uninstall of SearXNG service EOF - install_log_searx_instance [[ -n ${1} ]] && err_msg "$1" } main() { - required_commands \ - sudo systemctl install git wget curl \ - || exit local _usage="unknown or missing $1 command $2" case $1 in - --getenv) var="$2"; echo "${!var}"; exit 0;; - -h|--help) usage; exit 0;; - shell) - sudo_or_exit - interactive_shell "${SERVICE_USER}" - ;; - inspect) - case $2 in - service) - sudo_or_exit - inspect_service - ;; - settings) - prompt_installation_setting "$3" - dump_return $? - ;; - *) usage "$_usage"; exit 42;; - esac ;; - reinstall) - rst_title "re-install $SERVICE_NAME" part - sudo_or_exit - case $2 in - all) - remove_all - install_all - ;; - *) usage "$_usage"; exit 42;; - esac ;; - install) - sudo_or_exit - case $2 in - all) - rst_title "SearXNG (install)" part - install_all - ;; - check) - rst_title "SearXNG (check installation)" part - verify_continue_install - install_check - ;; - user) - rst_title "SearXNG (install user)" - verify_continue_install - assert_user - ;; - pyenv) - rst_title "SearXNG (install pyenv)" - verify_continue_install - create_pyenv - ;; - searx-src) - rst_title "SearXNG (install searx-src)" - verify_continue_install - assert_user - clone_searx - install_DOT_CONFIG - init_SEARX_SRC - ;; - init-src) - init_SEARX_SRC - ;; - dot-config) - install_DOT_CONFIG - ;; - settings) - install_settings - ;; - uwsgi) - rst_title "SearXNG (install uwsgi)" - verify_continue_install - install_searx_uwsgi - if ! service_is_available "http://${SEARXNG_INTERNAL_HTTP}"; then - err_msg "URL http://${SEARXNG_INTERNAL_HTTP} not available, check SearXNG & uwsgi setup!" - fi - ;; - packages) - rst_title "SearXNG (install packages)" - pkg_install "$SEARX_PACKAGES" - ;; - buildhost) - rst_title "SearXNG (install buildhost)" - pkg_install "$SEARX_PACKAGES" - pkg_install "$BUILD_PACKAGES" - ;; - *) usage "$_usage"; exit 42;; - esac ;; - update) - sudo_or_exit - case $2 in - searx) update_searx;; - *) usage "$_usage"; exit 42;; - esac ;; remove) rst_title "SearXNG (remove)" part sudo_or_exit case $2 in all) remove_all;; - user) drop_service_account "${SERVICE_USER}";; - pyenv) remove_pyenv ;; - searx-src) remove_searx ;; *) usage "$_usage"; exit 42;; esac ;; - activate) - sudo_or_exit - case $2 in - service) - activate_service ;; - *) usage "$_usage"; exit 42;; - esac ;; - deactivate) - sudo_or_exit - case $2 in - service) deactivate_service ;; - *) usage "$_usage"; exit 42;; - esac ;; - option) - sudo_or_exit - case $2 in - debug-on) echo; enable_debug ;; - debug-off) echo; disable_debug ;; - result-proxy) set_result_proxy "$3" "$4" ;; - image-proxy-on) enable_image_proxy ;; - image-proxy-off) disable_image_proxy ;; - *) usage "$_usage"; exit 42;; - esac ;; - apache) - sudo_or_exit - case $2 in - install) install_apache_site ;; - remove) remove_apache_site ;; - *) usage "$_usage"; exit 42;; - esac ;; - doc) rst-doc;; *) usage "unknown or missing command $1"; exit 42;; esac } -_service_prefix=" ${_Yellow}|$SERVICE_USER|${_creset} " - -install_all() { - rst_title "Install SearXNG (service)" - verify_continue_install - pkg_install "$SEARX_PACKAGES" - wait_key - assert_user - wait_key - clone_searx - wait_key - install_DOT_CONFIG - wait_key - init_SEARX_SRC - wait_key - create_pyenv - wait_key - install_settings - wait_key - test_local_searx - wait_key - install_searx_uwsgi - if ! service_is_available "http://${SEARXNG_INTERNAL_HTTP}"; then - err_msg "URL http://${SEARXNG_INTERNAL_HTTP} not available, check SearXNG & uwsgi setup!" - fi - if ask_yn "Do you want to inspect the installation?" Ny; then - inspect_service - fi -} - -install_check() { - if service_account_is_available "$SERVICE_USER"; then - info_msg "Service account $SERVICE_USER exists." - else - err_msg "Service account $SERVICE_USER does not exists!" - fi - - if pyenv_is_available; then - info_msg "~$SERVICE_USER: python environment is available." - else - err_msg "~$SERVICE_USER: python environment is not available!" - fi - - if clone_is_available; then - info_msg "~$SERVICE_USER: SearXNG software is installed." - else - err_msg "~$SERVICE_USER: Missing SearXNG software!" - fi - - if uWSGI_app_enabled "$SEARXNG_UWSGI_APP"; then - info_msg "uWSGI app $SEARXNG_UWSGI_APP is enabled." - else - err_msg "uWSGI app $SEARXNG_UWSGI_APP not enabled!" - fi - - uWSGI_app_available "$SEARXNG_UWSGI_APP" \ - || err_msg "uWSGI app $SEARXNG_UWSGI_APP not available!" - - sudo -H -u "${SERVICE_USER}" "${SEARXNG_PYENV}/bin/python" "utils/searxng_check.py" - - if uWSGI_app_available 'searx.ini'; then - warn_msg "old searx.ini uWSGI app exists" - warn_msg "you need to reinstall $SERVICE_USER --> $0 reinstall all" - fi -} - -update_searx() { - rst_title "Update SearXNG instance" - - rst_para "fetch from $GIT_URL and reset to origin/$GIT_BRANCH" - tee_stderr 0.3 <&1 | prefix_stdout "$_service_prefix" -cd ${SEARXNG_SRC} -git fetch origin "$GIT_BRANCH" -git reset --hard "origin/$GIT_BRANCH" -pip install -U pip -pip install -U setuptools -pip install -U wheel -pip install -U pyyaml -pip install -U -e . -EOF - install_settings - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - remove_all() { rst_title "De-Install SearXNG (service)" @@ -438,250 +64,6 @@ installations that were installed with this script." fi } -assert_user() { - rst_title "user $SERVICE_USER" section - echo - if getent passwd "$SERVICE_USER" > /dev/null; then - echo "user exists" - return 0 - fi - - tee_stderr 1 < /dev/null; then - die 42 "user '$SERVICE_USER' missed read permission: $REPO_ROOT" - fi - SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME 2>/dev/null)" - if [[ ! "${SERVICE_HOME}" ]]; then - err_msg "to clone SearXNG sources, user $SERVICE_USER hast to be created first" - return 42 - fi - if [[ ! $(git show-ref "refs/heads/${GIT_BRANCH}") ]]; then - warn_msg "missing local branch ${GIT_BRANCH}" - info_msg "create local branch ${GIT_BRANCH} from start point: origin/${GIT_BRANCH}" - git branch "${GIT_BRANCH}" "origin/${GIT_BRANCH}" - fi - if [[ ! $(git rev-parse --abbrev-ref HEAD) == "${GIT_BRANCH}" ]]; then - warn_msg "take into account, installing branch $GIT_BRANCH while current branch is $(git rev-parse --abbrev-ref HEAD)" - fi - export SERVICE_HOME - git_clone "$REPO_ROOT" "$SEARXNG_SRC" \ - "$GIT_BRANCH" "$SERVICE_USER" - - pushd "${SEARXNG_SRC}" > /dev/null - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -cd "${SEARXNG_SRC}" -git remote set-url origin ${GIT_URL} -git config user.email "$ADMIN_EMAIL" -git config user.name "$ADMIN_NAME" -git config --list -EOF - popd > /dev/null -} - -prompt_installation_status(){ - - # shellcheck disable=SC2034 - local GIT_URL GIT_BRANCH VERSION_STRING VERSION_TAG - local ret_val state branch remote remote_url - state="$(install_searx_get_state)" - - case $state in - missing-searx-clone|missing-searx-pyenv) - info_msg "${_BBlue}(status: $(install_searx_get_state))${_creset}" - return 0 - ;; - *) - info_msg "SearXNG instance already installed at: $SEARXNG_SRC" - info_msg "status: ${_BBlue}$(install_searx_get_state)${_creset} " - branch="$(git name-rev --name-only HEAD)" - remote="$(git config branch."${branch}".remote)" - remote_url="$(git config remote."${remote}".url)" - eval "$(get_installed_version_variables)" - - ret_val=0 - if ! [ "$GIT_URL" = "$remote_url" ]; then - warn_msg "instance's git URL: '${GIT_URL}'" \ - "differs from local clone's remote URL: ${remote_url}" - ret_val=42 - fi - if ! [ "$GIT_BRANCH" = "$branch" ]; then - warn_msg "instance git branch: ${GIT_BRANCH}" \ - "differs from local clone's branch: ${branch}" - ret_val=42 - fi - return $ret_val - ;; - esac -} - -verify_continue_install(){ - if ! prompt_installation_status; then - MSG="[${_BCyan}KEY${_creset}] to continue installation / [${_BCyan}CTRL-C${_creset}] to exit" \ - wait_key - fi -} - -prompt_installation_setting(){ - - # usage: prompt_installation_setting brand.docs_url - # - # Prompts the value of the (YAML) setting in the SearXNG instance. - - local _state - _state="$(install_searx_get_state)" - case $_state in - python-installed|installer-modified) - sudo -H -u "${SERVICE_USER}" "${SEARXNG_PYENV}/bin/python" < ${SEARXNG_SRC}/${fname}" - cp "${REPO_ROOT}/${fname}" "${SEARXNG_SRC}/${fname}" - break - ;; - "diff files") - $DIFF_CMD "${SEARXNG_SRC}/${fname}" "${REPO_ROOT}/${fname}" - ;; - "interactive shell") - backup_file "${SEARXNG_SRC}/${fname}" - echo -e "// edit ${_Red}${dst}${_creset} to your needs" - echo -e "// exit with [${_BCyan}CTRL-D${_creset}]" - sudo -H -u "${SERVICE_USER}" -i - $DIFF_CMD "${SEARXNG_SRC}/${fname}" "${REPO_ROOT}/${fname}" - echo - echo -e "// ${_BBlack}did you edit file ...${_creset}" - echo -en "// ${_Red}${dst}${_creset}" - if ask_yn "//${_BBlack}... to your needs?${_creset}"; then - break - fi - ;; - esac - done - done -} - -install_DOT_CONFIG(){ - rst_title "Update instance: ${SEARXNG_SRC}/.config.sh" section - - if cmp --silent "${REPO_ROOT}/.config.sh" "${SEARXNG_SRC}/.config.sh"; then - info_msg "${SEARXNG_SRC}/.config.sh is up to date" - return 0 - fi - - diff "${REPO_ROOT}/.config.sh" "${SEARXNG_SRC}/.config.sh" - if ! ask_yn "Do you want to copy file .config.sh into instance?" Yn; then - return 42 - fi - backup_file "${SEARXNG_SRC}/.config.sh" - cp "${REPO_ROOT}/.config.sh" "${SEARXNG_SRC}/.config.sh" -} - -install_settings() { - rst_title "${SEARXNG_SETTINGS_PATH}" section - - if ! clone_is_available; then - err_msg "you have to install SearXNG first" - exit 42 - fi - - mkdir -p "$(dirname "${SEARXNG_SETTINGS_PATH}")" - install_template --no-eval \ - "${SEARXNG_SETTINGS_PATH}" \ - "${SERVICE_USER}" "${SERVICE_GROUP}" - configure_searx -} - remove_settings() { rst_title "remove SearXNG settings" section echo @@ -689,419 +71,12 @@ remove_settings() { rm -f "${SEARXNG_SETTINGS_PATH}" } -remove_searx() { - rst_title "Drop SearXNG sources" section - if ask_yn "Do you really want to drop SearXNG sources ($SEARXNG_SRC)?"; then - rm -rf "$SEARXNG_SRC" - else - rst_para "Leave SearXNG sources unchanged." - fi -} - -pyenv_is_available() { - [[ -f "${SEARXNG_PYENV}/bin/activate" ]] -} - -create_pyenv() { - rst_title "Create virtualenv (python)" section - echo - if [[ ! -f "${SEARXNG_SRC}/manage" ]]; then - err_msg "to create pyenv for SearXNG, SearXNG has to be cloned first" - return 42 - fi - info_msg "create pyenv in ${SEARXNG_PYENV}" - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -rm -rf "${SEARXNG_PYENV}" -python3 -m venv "${SEARXNG_PYENV}" -grep -qFs -- 'source ${SEARXNG_PYENV}/bin/activate' ~/.profile \ - || echo 'source ${SEARXNG_PYENV}/bin/activate' >> ~/.profile -EOF - info_msg "inspect python's virtual environment" - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -command -v python && python --version -EOF - wait_key - info_msg "install needed python packages" - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -pip install -U pip -pip install -U setuptools -pip install -U wheel -pip install -U pyyaml -cd ${SEARXNG_SRC} -pip install -e . -EOF -} - -remove_pyenv() { - rst_title "Remove virtualenv (python)" section - if ! ask_yn "Do you really want to drop ${SEARXNG_PYENV} ?"; then - return - fi - info_msg "remove pyenv activation from ~/.profile" - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -grep -v 'source ${SEARXNG_PYENV}/bin/activate' ~/.profile > ~/.profile.## -mv ~/.profile.## ~/.profile -EOF - rm -rf "${SEARXNG_PYENV}" -} - -configure_searx() { - rst_title "Configure SearXNG" section - rst_para "Setup SearXNG config located at $SEARXNG_SETTINGS_PATH" - echo - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -cd ${SEARXNG_SRC} -sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "$SEARXNG_SETTINGS_PATH" -EOF -} - -test_local_searx() { - rst_title "Testing SearXNG instance localy" section - echo - - if service_is_available "http://${SEARXNG_INTERNAL_HTTP}" &>/dev/null; then - err_msg "URL/port http://${SEARXNG_INTERNAL_HTTP} is already in use, you" - err_msg "should stop that service before starting local tests!" - if ! ask_yn "Continue with local tests?"; then - return - fi - fi - sed -i -e "s/debug: false/debug: true/g" "$SEARXNG_SETTINGS_PATH" - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -export SEARXNG_SETTINGS_PATH="${SEARXNG_SETTINGS_PATH}" -cd ${SEARXNG_SRC} -timeout 10 python searx/webapp.py & -sleep 3 -curl --location --verbose --head --insecure $SEARXNG_INTERNAL_HTTP -EOF - sed -i -e "s/debug: true/debug: false/g" "$SEARXNG_SETTINGS_PATH" -} - -install_searx_uwsgi() { - rst_title "Install SearXNG's uWSGI app (searxng.ini)" section - echo - install_uwsgi - uWSGI_install_app "$SEARXNG_UWSGI_APP" -} - remove_searx_uwsgi() { rst_title "Remove SearXNG's uWSGI app (searxng.ini)" section echo uWSGI_remove_app "$SEARXNG_UWSGI_APP" } -activate_service() { - rst_title "Activate SearXNG (service)" section - echo - uWSGI_enable_app "$SEARXNG_UWSGI_APP" - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - -deactivate_service() { - rst_title "De-Activate SearXNG (service)" section - echo - uWSGI_disable_app "$SEARXNG_UWSGI_APP" - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - -enable_image_proxy() { - info_msg "try to enable image_proxy ..." - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -cd ${SEARXNG_SRC} -sed -i -e "s/image_proxy: false/image_proxy: true/g" "$SEARXNG_SETTINGS_PATH" -EOF - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - -disable_image_proxy() { - info_msg "try to enable image_proxy ..." - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -cd ${SEARXNG_SRC} -sed -i -e "s/image_proxy: true/image_proxy: false/g" "$SEARXNG_SETTINGS_PATH" -EOF - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - -enable_debug() { - warn_msg "Do not enable debug in production environments!!" - info_msg "try to enable debug mode ..." - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -cd ${SEARXNG_SRC} -sed -i -e "s/debug: false/debug: true/g" "$SEARXNG_SETTINGS_PATH" -EOF - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - -disable_debug() { - info_msg "try to disable debug mode ..." - tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" -cd ${SEARXNG_SRC} -sed -i -e "s/debug: true/debug: false/g" "$SEARXNG_SETTINGS_PATH" -EOF - uWSGI_restart "$SEARXNG_UWSGI_APP" -} - -set_result_proxy() { - - # usage: set_result_proxy [] - - info_msg "try to set result proxy: '$1' ($2)" - cp "${SEARXNG_SETTINGS_PATH}" "${SEARXNG_SETTINGS_PATH}.bak" - _set_result_proxy "$1" "$2" > "${SEARXNG_SETTINGS_PATH}" -} - -_set_result_proxy() { - local line - local stage=0 - local url=" url: $1" - local key=" key: !!binary \"$2\"" - if [[ -z $2 ]]; then - key= - fi - - while IFS= read -r line - do - if [[ $stage = 0 ]] || [[ $stage = 2 ]] ; then - if [[ $line =~ ^[[:space:]]*#*[[:space:]]*result_proxy[[:space:]]*:[[:space:]]*$ ]]; then - if [[ $stage = 0 ]]; then - stage=1 - echo "result_proxy:" - continue - elif [[ $stage = 2 ]]; then - continue - fi - fi - fi - if [[ $stage = 1 ]] || [[ $stage = 2 ]] ; then - if [[ $line =~ ^[[:space:]]*#*[[:space:]]*url[[:space:]]*:[[:space:]] ]]; then - [[ $stage = 1 ]] && echo "$url" - continue - elif [[ $line =~ ^[[:space:]]*#*[[:space:]]*key[[:space:]]*:[[:space:]] ]]; then - [[ $stage = 1 ]] && [[ -n $key ]] && echo "$key" - continue - elif [[ $line =~ ^[[:space:]]*$ ]]; then - stage=2 - fi - fi - echo "$line" - done < "${SEARXNG_SETTINGS_PATH}.bak" -} - -function has_substring() { - [[ "$1" != "${2/$1/}" ]] -} -inspect_service() { - rst_title "service status & log" - cat < ${PUBLIC_URL}" - info_msg "internal URL --> http://${SEARXNG_INTERNAL_HTTP}" - fi - - if ! service_is_available "http://${SEARXNG_INTERNAL_HTTP}"; then - err_msg "uWSGI app (service) at http://${SEARXNG_INTERNAL_HTTP} is not available!" - MSG="${_Green}[${_BCyan}CTRL-C${_Green}] to stop or [${_BCyan}KEY${_Green}] to continue"\ - wait_key - fi - - if ! service_is_available "${PUBLIC_URL}"; then - warn_msg "Public service at ${PUBLIC_URL} is not available!" - if ! in_container; then - warn_msg "Check if public name is correct and routed or use the public IP from above." - fi - fi - - local _debug_on - if ask_yn "Enable SearXNG debug mode?"; then - enable_debug - _debug_on=1 - fi - echo - - case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) - systemctl --no-pager -l status "${SERVICE_NAME}" - ;; - arch-*) - systemctl --no-pager -l status "uwsgi@${SERVICE_NAME%.*}" - ;; - fedora-*|centos-7) - systemctl --no-pager -l status uwsgi - ;; - esac - - # shellcheck disable=SC2059 - printf "// use ${_BCyan}CTRL-C${_creset} to stop monitoring the log" - read -r -s -n1 -t 5 - echo - - while true; do - trap break 2 - case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) tail -f /var/log/uwsgi/app/searx.log ;; - arch-*) journalctl -f -u "uwsgi@${SERVICE_NAME%.*}" ;; - fedora-*|centos-7) journalctl -f -u uwsgi ;; - esac - done - - if [[ $_debug_on == 1 ]]; then - disable_debug - fi - return 0 -} - -install_apache_site() { - rst_title "Install Apache site $APACHE_SEARX_SITE" - - rst_para "\ -This installs the SearXNG uwsgi app as apache site. If your server is public to -the internet, you should instead use a reverse proxy (filtron) to block -excessively bot queries." - - ! apache_is_installed && err_msg "Apache is not installed." - - if ! ask_yn "Do you really want to continue?" Yn; then - return - else - install_apache - fi - - apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}" - - rst_title "Install SearXNG's uWSGI app (searxng.ini)" section - echo - uWSGI_install_app --variant=socket "$SEARXNG_UWSGI_APP" - - if ! service_is_available "${PUBLIC_URL}"; then - err_msg "Public service at ${PUBLIC_URL} is not available!" - fi -} - -remove_apache_site() { - - rst_title "Remove Apache site ${APACHE_SEARX_SITE}" - - rst_para "\ -This removes apache site ${APACHE_SEARX_SITE}." - - ! apache_is_installed && err_msg "Apache is not installed." - - if ! ask_yn "Do you really want to continue?" Yn; then - return - fi - - apache_remove_site "${APACHE_SEARX_SITE}" - - rst_title "Remove SearXNG's uWSGI app (searxng.ini)" section - echo - uWSGI_remove_app "$SEARXNG_UWSGI_APP" -} - -rst-doc() { - local debian="${SEARX_PACKAGES_debian}" - local arch="${SEARX_PACKAGES_arch}" - local fedora="${SEARX_PACKAGES_fedora}" - local centos="${SEARX_PACKAGES_centos}" - local debian_build="${BUILD_PACKAGES_debian}" - local arch_build="${BUILD_PACKAGES_arch}" - local fedora_build="${BUILD_PACKAGES_fedora}" - local centos_build="${SEARX_PACKAGES_centos}" - debian="$(echo "${debian}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - arch="$(echo "${arch}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - fedora="$(echo "${fedora}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - centos="$(echo "${centos}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - debian_build="$(echo "${debian_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - arch_build="$(echo "${arch_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - fedora_build="$(echo "${fedora_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - centos_build="$(echo "${centos_build}" | sed 's/.*/ & \\/' | sed '$ s/.$//')" - - eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/searx.rst")\"" - - # I use ubuntu-20.04 here to demonstrate that versions are also suported, - # normaly debian-* and ubuntu-* are most the same. - - for DIST_NAME in ubuntu-20.04 arch fedora; do - ( - DIST_ID=${DIST_NAME%-*} - DIST_VERS=${DIST_NAME#*-} - [[ $DIST_VERS =~ $DIST_ID ]] && DIST_VERS= - uWSGI_distro_setup - - echo -e "\n.. START searxng uwsgi-description $DIST_NAME" - - case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) cat < /usr/share/doc/uwsgi/README.Debian.gz - # For uWSGI debian uses the LSB init process, this might be changed - # one day, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833067 - - create ${uWSGI_APPS_AVAILABLE}/${SEARXNG_UWSGI_APP} - enable: sudo -H ln -s ${uWSGI_APPS_AVAILABLE}/${SEARXNG_UWSGI_APP} ${uWSGI_APPS_ENABLED}/ - start: sudo -H service uwsgi start ${SEARXNG_UWSGI_APP%.*} - restart: sudo -H service uwsgi restart ${SEARXNG_UWSGI_APP%.*} - stop: sudo -H service uwsgi stop ${SEARXNG_UWSGI_APP%.*} - disable: sudo -H rm ${uWSGI_APPS_ENABLED}/${SEARXNG_UWSGI_APP} - -EOF - ;; - arch-*) cat < /usr/lib/systemd/system/uwsgi@.service - # For uWSGI archlinux uses systemd template units, see - # - http://0pointer.de/blog/projects/instances.html - # - https://uwsgi-docs.readthedocs.io/en/latest/Systemd.html#one-service-per-app-in-systemd - - create: ${uWSGI_APPS_ENABLED}/${SEARXNG_UWSGI_APP} - enable: sudo -H systemctl enable uwsgi@${SEARXNG_UWSGI_APP%.*} - start: sudo -H systemctl start uwsgi@${SEARXNG_UWSGI_APP%.*} - restart: sudo -H systemctl restart uwsgi@${SEARXNG_UWSGI_APP%.*} - stop: sudo -H systemctl stop uwsgi@${SEARXNG_UWSGI_APP%.*} - disable: sudo -H systemctl disable uwsgi@${SEARXNG_UWSGI_APP%.*} - -EOF - ;; - fedora-*|centos-7) cat < /usr/lib/systemd/system/uwsgi.service - # The unit file starts uWSGI in emperor mode (/etc/uwsgi.ini), see - # - https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html - - create: ${uWSGI_APPS_ENABLED}/${SEARXNG_UWSGI_APP} - restart: sudo -H touch ${uWSGI_APPS_ENABLED}/${SEARXNG_UWSGI_APP} - disable: sudo -H rm ${uWSGI_APPS_ENABLED}/${SEARXNG_UWSGI_APP} - -EOF - ;; - esac - echo -e ".. END searxng uwsgi-description $DIST_NAME" - - echo -e "\n.. START searxng uwsgi-appini $DIST_NAME" - echo ".. code:: bash" - echo - eval "echo \"$(< "${TEMPLATES}/${uWSGI_APPS_AVAILABLE}/${SEARXNG_UWSGI_APP}")\"" | prefix_stdout " " - echo -e "\n.. END searxng uwsgi-appini $DIST_NAME" - - ) - done - -} # ---------------------------------------------------------------------------- main "$@" diff --git a/utils/templates/etc/filtron/rules.json b/utils/templates/etc/filtron/rules.json deleted file mode 100644 index fff70fa8f..000000000 --- a/utils/templates/etc/filtron/rules.json +++ /dev/null @@ -1,129 +0,0 @@ -[ - { - "name": "roboagent limit", - "filters": [ - "Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client|Ruby|UniversalFeedParser)" - ], - "limit": 0, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "botlimit", - "filters": [ - "Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)" - ], - "limit": 0, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "suspiciously frequent IP", - "filters": [], - "interval": 600, - "limit": 30, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions":[ - {"name":"log"} - ] - }, - { - "name": "search request", - "filters": [ - "Param:q", - "Path=^(/|/search)$" - ], - "interval": 61, - "limit": 999, - "subrules": [ - { - "name": "missing Accept-Language", - "filters": ["!Header:Accept-Language"], - "limit": 0, - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "suspiciously Connection=close header", - "filters": ["Header:Connection=close"], - "limit": 0, - "stop": true, - "actions": [ - {"name":"log"}, - {"name": "block", - "params": {"message": "Rate limit exceeded"}} - ] - }, - { - "name": "IP limit", - "interval": 61, - "limit": 9, - "stop": true, - "aggregations": [ - "Header:X-Forwarded-For" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "rss/json limit", - "filters": [ - "Param:format=(csv|json|rss)" - ], - "interval": 121, - "limit": 2, - "stop": true, - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - }, - { - "name": "useragent limit", - "interval": 61, - "limit": 199, - "aggregations": [ - "Header:User-Agent" - ], - "actions": [ - { "name": "log"}, - { "name": "block", - "params": { - "message": "Rate limit exceeded" - } - } - ] - } - ] - } -] diff --git a/utils/templates/etc/httpd/sites-available/morty.conf b/utils/templates/etc/httpd/sites-available/morty.conf deleted file mode 100644 index daeb3635a..000000000 --- a/utils/templates/etc/httpd/sites-available/morty.conf +++ /dev/null @@ -1,28 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -LoadModule headers_module ${APACHE_MODULES}/mod_headers.so -LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so -LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so -#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so - -# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog -# CustomLog /dev/null combined env=dontlog - - - - - SecRuleEngine Off - - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass http://${MORTY_LISTEN} - RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY} - - diff --git a/utils/templates/etc/httpd/sites-available/searxng.conf:filtron b/utils/templates/etc/httpd/sites-available/searxng.conf:filtron deleted file mode 100644 index 379d47e24..000000000 --- a/utils/templates/etc/httpd/sites-available/searxng.conf:filtron +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -LoadModule headers_module ${APACHE_MODULES}/mod_headers.so -LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so -LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so -#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so - -# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog -# CustomLog /dev/null combined env=dontlog - -# SecRuleRemoveById 981054 -# SecRuleRemoveById 981059 -# SecRuleRemoveById 981060 -# SecRuleRemoveById 950907 - - - - - SecRuleEngine Off - - - Require all granted - - Order deny,allow - Deny from all - #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass http://${FILTRON_LISTEN} - RequestHeader set X-Script-Name ${FILTRON_URL_PATH} - - diff --git a/utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi b/utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi deleted file mode 100644 index 1e4ee4123..000000000 --- a/utils/templates/etc/httpd/sites-available/searxng.conf:uwsgi +++ /dev/null @@ -1,34 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - -LoadModule headers_module ${APACHE_MODULES}/mod_headers.so -LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so -LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so -# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so -# -# SetEnvIf Request_URI "${SEARXNG_URL_PATH}" dontlog -# CustomLog /dev/null combined env=dontlog - - - - - SecRuleEngine Off - - - Require all granted - - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass unix:${SEARXNG_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/ - - - -# uWSGI serves the static files and in settings.yml we use:: -# -# ui: -# static_use_hash: true -# -# Alias ${SEARXNG_URL_PATH}/static/ ${SEARXNG_STATIC}/ diff --git a/utils/templates/etc/nginx/default.apps-available/morty.conf b/utils/templates/etc/nginx/default.apps-available/morty.conf deleted file mode 100644 index 51f083985..000000000 --- a/utils/templates/etc/nginx/default.apps-available/morty.conf +++ /dev/null @@ -1,11 +0,0 @@ -# https://example.org/morty - -location /morty { - proxy_pass http://127.0.0.1:3000/; - - proxy_set_header Host \$host; - proxy_set_header Connection \$http_connection; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Scheme \$scheme; -} diff --git a/utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron b/utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron deleted file mode 100644 index 631f2b265..000000000 --- a/utils/templates/etc/nginx/default.apps-available/searxng.conf:filtron +++ /dev/null @@ -1,16 +0,0 @@ -# https://example.org/searx - -location ${SEARXNG_URL_PATH} { - proxy_pass http://127.0.0.1:4004/; - - proxy_set_header Host \$host; - proxy_set_header Connection \$http_connection; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Scheme \$scheme; - proxy_set_header X-Script-Name ${SEARXNG_URL_PATH}; -} - -location ${SEARXNG_URL_PATH}/static/ { - alias ${SEARXNG_STATIC}/; -}