diff --git a/docs/admin/filtron.rst b/docs/admin/filtron.rst index 9615cd935..8bf641649 100644 --- a/docs/admin/filtron.rst +++ b/docs/admin/filtron.rst @@ -158,6 +158,12 @@ of: Route request through filtron ============================= +.. sidebar:: further reading + + - :ref:`filtron.sh overview` + - :ref:`installation nginx` + - :ref:`installation apache` + Filtron can be started using the following command: .. code:: sh @@ -171,15 +177,24 @@ Use it along with ``nginx`` with the following example configuration. .. code:: nginx - location / { + # https://example.org/searx + + location /searx { proxy_pass http://127.0.0.1:4004/; proxy_set_header Host $http_host; + proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; } + location /searx/static { + /usr/local/searx/searx-src/searx/static; + } + + Requests are coming from port 4004 going through filtron and then forwarded to port 8888 where a searx is being run. For a complete setup see: :ref:`nginx searx site`. diff --git a/docs/admin/installation-nginx.rst b/docs/admin/installation-nginx.rst index e62c60df6..4ecc54066 100644 --- a/docs/admin/installation-nginx.rst +++ b/docs/admin/installation-nginx.rst @@ -159,14 +159,22 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location / { - proxy_pass http://127.0.0.1:4004/; + # https://example.org/searx - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - } + location /searx { + proxy_pass http://127.0.0.1:4004/; + + proxy_set_header Host $http_host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; + } + + location /searx/static { + /usr/local/searx/searx-src/searx/static; + } 2. Configure reverse proxy for :ref:`morty `, listening on @@ -174,10 +182,13 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location /morty { + # https://example.org/morty + + location /morty { proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $http_host; + proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; @@ -197,7 +208,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*. image_proxy : True - .. group-tab:: proxy or uWSGI + .. group-tab:: proxy or uWSGI Be warned, with this setup, your instance isn't :ref:`protected `. Nevertheless it is good enough for intranet usage and it is a @@ -208,15 +219,17 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location / { - proxy_pass http://127.0.0.1:8888; + # https://hostname.local/ - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - proxy_buffering off; - } + location / { + proxy_pass http://127.0.0.1:8888; + + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_buffering off; + } Alternatively you can use the `uWSGI support from nginx`_ via unix sockets. For socket communication, you have to activate ``socket = @@ -234,8 +247,8 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx server { - # replace example.org with your server's public name - server_name example.org; + # replace hostname.local with your server's name + server_name hostname.local; listen 80; listen [::]:80; @@ -245,7 +258,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*. uwsgi_pass unix:/run/uwsgi/app/searx/socket; } - root /usr/local/searx/searx-src/searx; + root /usr/local/searx/searx-src/searx; location /static { } } @@ -254,10 +267,10 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: bash - mkdir -p /run/uwsgi/app/searx/ - sudo -H chown -R searx:searx /run/uwsgi/app/searx/ + mkdir -p /run/uwsgi/app/searx/ + sudo -H chown -R searx:searx /run/uwsgi/app/searx/ - .. group-tab:: proxy at subdir URL + .. group-tab:: \.\. at subdir URL Be warned, with these setups, your instance isn't :ref:`protected `. The examples are just here to demonstrate how to export the @@ -265,19 +278,22 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location /searx { - proxy_pass http://127.0.0.1:8888; + # https://hostname.local/searx - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /searx; - proxy_buffering off; - } + location /searx { + proxy_pass http://127.0.0.1:8888; - location /searx/static { - alias /usr/local/searx/searx-src/searx/static; - } + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /searx; + proxy_buffering off; + } + + location /searx/static { + alias /usr/local/searx/searx-src/searx/static; + } The ``X-Script-Name /searx`` is needed by the searx implementation to calculate relative URLs correct. The next example shows a uWSGI @@ -286,15 +302,17 @@ Started wiki`_ is always a good resource *to keep in the pocket*. .. code:: nginx - location /searx/static { - alias /usr/local/searx/searx-src/searx; - } + # https://hostname.local/searx - location /searx { - uwsgi_param SCRIPT_NAME /searx; - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/app/searx/socket; - } + location /searx { + uwsgi_param SCRIPT_NAME /searx; + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/app/searx/socket; + } + + location /searx/static { + alias /usr/local/searx/searx-src/searx; + } For searx to work correctly the ``base_url`` must be set in the :origin:`searx/settings.yml`. diff --git a/utils/filtron.sh b/utils/filtron.sh index d24b6c39e..c82c2d0a3 100755 --- a/utils/filtron.sh +++ b/utils/filtron.sh @@ -44,9 +44,8 @@ GO_ENV="${SERVICE_HOME}/.go_env" GO_PKG_URL="https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz" GO_TAR=$(basename "$GO_PKG_URL") -# Apache Settings - APACHE_FILTRON_SITE="searx.conf" +NGINX_FILTRON_SITE="searx.conf" # shellcheck disable=SC2034 CONFIG_FILES=( @@ -60,9 +59,7 @@ usage() { # shellcheck disable=SC1117 cat <&2; + exit "${1-1}" +} + +die_caller() { + echo -e "${_BRed}ERROR:${_creset} ${BASH_SOURCE[2]}: line ${BASH_LINENO[1]}: ${FUNCNAME[1]}(): ${2-died ${1-1}}" >&2; + exit "${1-1}" +} + err_msg() { echo -e "${_BRed}ERROR:${_creset} $*" >&2; } warn_msg() { echo -e "${_BBlue}WARN:${_creset} $*" >&2; } info_msg() { echo -e "${_BYellow}INFO:${_creset} $*" >&2; } @@ -471,11 +481,7 @@ service_is_available() { # usage: service_is_available - local URL="$1" - if [[ -z $URL ]]; then - err_msg "service_is_available: missing arguments" - return 42 - fi + [[ -z $1 ]] && die_caller 42 "missing argument " http_code=$(curl -H 'Cache-Control: no-cache' \ --silent -o /dev/null --head --write-out '%{http_code}' --insecure \ @@ -624,6 +630,175 @@ EOF } +# nginx +# ----- + +nginx_distro_setup() { + # shellcheck disable=SC2034 + + NGINX_DEFAULT_SERVER=/etc/nginx/nginx.conf + + # Including *location* directives from a dedicated config-folder into the + # server directive is, what what fedora (already) does. + NGINX_APPS_ENABLED="/etc/nginx/default.d" + + # We add a apps-available folder and linking configurations into the + # NGINX_APPS_ENABLED folder. See also nginx_include_apps_enabled(). + NGINX_APPS_AVAILABLE="/etc/nginx/default.apps-available" + + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + NGINX_PACKAGES="nginx" + NGINX_DEFAULT_SERVER=/etc/nginx/sites-available/default + ;; + arch-*) + NGINX_PACKAGES="nginx-mainline" + ;; + fedora-*) + NGINX_PACKAGES="nginx" + ;; + *) + err_msg "$DIST_ID-$DIST_VERS: nginx not yet implemented" + ;; + esac +} +nginx_distro_setup + +install_nginx(){ + info_msg "installing nginx ..." + pkg_install "${NGINX_PACKAGES}" + case $DIST_ID-$DIST_VERS in + arch-*|fedora-*) + systemctl enable nginx + systemctl start nginx + ;; + esac +} + +nginx_is_installed() { + command -v nginx &>/dev/null +} + +nginx_reload() { + + info_msg "reload nginx .." + echo + if ! nginx -t; then + err_msg "testing nginx configuration failed" + return 42 + fi + systemctl restart nginx +} + +nginx_install_app() { + + # usage: nginx_install_app [