docs: rework of chapter "Install with apache"

BTW: normalize installation-nginx.rst
2024-11-17 18:00:12 +01:00 · 2020-04-06 17:59:06 +02:00 · 2020-04-06 17:59:06 +02:00 · eb0d4646d8
commit eb0d4646d8
parent c81849cb5a
7 changed files with 465 additions and 63 deletions
--- a/docs/admin/installation-apache.rst
+++ b/docs/admin/installation-apache.rst
@ -4,19 +4,303 @@
 Install with apache
 ===================
-.. sidebar:: public to the internet?
+.. _Apache: https://httpd.apache.org/
 .. _Apache Debian:
    https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x):
 .. _README.Debian:
    https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian
 .. _Apache Arch Linux:
    https://wiki.archlinux.org/index.php/Apache_HTTP_Server
 .. _Apache Fedora:
    https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-apache-http-server/index.html
 .. _Apache directives:
    https://httpd.apache.org/docs/trunk/mod/directives.html
 .. _Getting Started:
    https://httpd.apache.org/docs/current/en/getting-started.html
 .. _Terms Used to Describe Directives:
    https://httpd.apache.org/docs/current/en/mod/directive-dict.html
 .. _Configuration Files:
    https://httpd.apache.org/docs/current/en/configuring.html
 .. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost
 .. _LoadModule:
    https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule
 .. _DocumentRoot:
    https://httpd.apache.org/docs/trunk/mod/core.html#documentroot
 .. _Location:
    https://httpd.apache.org/docs/trunk/mod/core.html#location
 .. _uWSGI Apache support:
    https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
 .. _apache uwsgi:
    https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
 .. _mod_proxy_uwsgi:
    https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
-   If your searx instance is public, stop here and first install :ref:`filtron
+.. sidebar:: further read
-   reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
+
-   :ref:`installation scripts`.
+   - `Apache Arch Linux`_
   - `Apache Debian`_ and `README.Debian`_
   - `Apache Fedora`_
   - `Apache directives`_
 .. contents:: Contents
   :depth: 2
   :local:
   :backlinks: entry
-Add wsgi mod
+The apache HTTP server
-============
+======================
 If Apache_ is not installed, install it now. If apache_ is new to you, the
 `Getting Started`_, `Configuration Files`_ and `Terms Used to Describe
 Directives`_ documentation gives first orientation.  There is also a list of
 `Apache directives`_ *to keep in the pocket*.
 .. tabs::
   .. group-tab:: Ubuntu / debian
      .. code:: sh
         sudo -H apt-get install apache2
   .. group-tab:: Arch Linux
      .. code:: sh
         sudo -H pacman -S apache
         sudo -H systemctl enable httpd
         sudo -H systemctl start http
   .. group-tab::  Fedora / RHEL
      .. code:: sh
         sudo -H dnf install httpd
         sudo -H systemctl enable httpd
         sudo -H systemctl start httpd
 Now at http://localhost you should see any kind of *Welcome* or *Test* page.
 How this default intro site is configured, depends on the linux distribution
 (compare `Apache directives`_).
 .. tabs::
   .. group-tab:: Ubuntu / debian
      .. code:: sh
         less /etc/apache2/sites-enabled/000-default.conf
      In this file, there is a line setting the `DocumentRoot`_ directive:
      .. code:: apache
         DocumentRoot /var/www/html
      And the *welcome* page is the HTML file at ``/var/www/html/index.html``.
   .. group-tab:: Arch Linux
      .. code:: sh
         less /etc/httpd/conf/httpd.conf
      In this file, there is a line setting the `DocumentRoot`_ directive:
      .. code:: apache
         DocumentRoot "/srv/http"
         <Directory "/srv/http">
             Options Indexes FollowSymLinks
             AllowOverride None
             Require all granted
         </Directory>
      The *welcome* page of Arch Linux is a page showing directory located at
      ``DocumentRoot``.  This is *directory* page is generated by the Module
      `mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_:
      .. code:: apache
         LoadModule autoindex_module modules/mod_autoindex.so
         ...
         Include conf/extra/httpd-autoindex.conf
   .. group-tab::  Fedora / RHEL
      .. code:: sh
         less /etc/httpd/conf/httpd.conf
      In this file, there is a line setting the ``DocumentRoot`` directive:
      .. code:: apache
          DocumentRoot "/var/www/html"
          ...
          <Directory "/var/www">
              AllowOverride None
              # Allow open access:
              Require all granted
          </Directory>
      On fresh installations, the ``/var/www`` is empty and the *default
      welcome page* is shown, the configuration is located at::
        less /etc/httpd/conf.d/welcome.conf
 .. _The Debian Layout:
 The Debian Layout
 =================
 Be aware that the Debian layout is quite different from the standard Apache
 configuration.  For details look at the README.Debian_
 (``/usr/share/doc/apache2/README.Debian.gz``).  Some commands you should know on
 Debian:
 * :man:`apache2ctl`:  Apache HTTP server control interface
 * :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
 * :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
 * :man:`a2ensite`, :man:`a2dissite`: switch on/off sites
 .. _apache searx site:
 Apache Reverse Proxy
 ====================
 .. sidebar:: public to the internet?
   If your searx instance is public, stop here and first install :ref:`filtron
   reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
   :ref:`installation scripts`.  If already done, follow setup: *searx via
   filtron plus morty*.
 To setup a Apache revers proxy you have to enable the *headers* and *proxy*
 modules and create a `Location`_ configuration for the searx site.  In most
 distributions you have to uncomment the lines in the main configuration file,
 except in the :ref:`The Debian Layout`.
 .. tabs::
   .. group-tab:: Ubuntu / debian
      In the Apache setup, enable headers and proxy modules:
      .. code:: sh
         sudo -H a2enmod headers
         sudo -H a2enmod proxy
         sudo -H a2enmod proxy_http
      In :ref:`The Debian Layout` you create a ``searx.conf`` with the
      ``<Location /searx >`` directive and save this file in the *sites
      available* folder at ``/etc/apache2/sites-available``.  To enable the
      ``searx.conf`` use :man:`a2ensite`:
      .. code:: sh
         sudo -H a2ensite searx.conf
   .. group-tab:: Arch Linux
      In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
      modules (LoadModule_):
      .. code:: apache
         LoadModule headers_module modules/mod_headers.so
         LoadModule proxy_module modules/mod_proxy.so
         LoadModule proxy_http_module modules/mod_proxy_http.so
   .. group-tab::  Fedora / RHEL
      In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
      modules (LoadModule_):
      .. code:: apache
         LoadModule headers_module modules/mod_headers.so
         LoadModule proxy_module modules/mod_proxy.so
         LoadModule proxy_http_module modules/mod_proxy_http.so
 .. tabs::
   .. group-tab:: searx via filtron plus morty
      Use this setup, if your instance is public to the internet, compare
      figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
      1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
         *localhost 4004* (:ref:`filtron route request`):
      .. code:: apache
         <Location /searx >
             # SetEnvIf Request_URI "/searx" dontlog
             # CustomLog /dev/null combined env=dontlog
             Require all granted
             Order deny,allow
             Deny from all
             #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
             Allow from all
             ProxyPreserveHost On
             ProxyPass http://127.0.0.1:4004
             RequestHeader set X-Script-Name /searx
         </Location>
      2. Configure reverse proxy for :ref:`morty <searx morty>`, listening on
      *localhost 3000* (FYI: ``ProxyPreserveHost On`` is already set, see
      above):
      .. code:: apache
         ProxyPreserveHost On
         <Location /morty >
             # SetEnvIf Request_URI "/morty" dontlog
             # CustomLog /dev/null combined env=dontlog
             Require all granted
             Order deny,allow
             Deny from all
             #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
             Allow from all
             ProxyPass http://127.0.0.1:3000
             RequestHeader set X-Script-Name /morty
         </Location>
      Note that reverse proxy advised to be used in case of single-user or
      low-traffic instances.  For a fully result proxification add :ref:`morty's
      <searx morty>` **public URL** to your :origin:`searx/settings.yml`:
      .. code:: yaml
         result_proxy:
             # replace example.org with your server's public name
             url : https://example.org/morty
         server:
             image_proxy : True
 uWSGI support
 =============
 Be warned, with this setup, your instance isn't :ref:`protected <searx
 filtron>`.  Nevertheless it is good enough for intranet usage and it
 demonstrates: *how different the uwsgi support is, depending on the
 distribution*.  To enable :ref:`uWSGI <searx uwsgi>` support you need to install
 the apache `apache uwsgi`_ support:
 .. tabs::
@ -27,22 +311,60 @@ Add wsgi mod
         sudo -H apt-get install libapache2-mod-uwsgi
         sudo -H a2enmod uwsgi
-Add this configuration in the file ``/etc/apache2/apache2.conf``.  To limit
+   .. group-tab:: Arch Linux
 acces to your intranet replace ``Allow from all`` directive and replace
 ``192.168.0.0/16`` with your subnet IP/class.
-.. _inranet apache site:
+      .. code:: sh
-Note that if your instance of searx is not at the root, you should change
+         sudo -H pacman -S uwsgi
-``<Location />`` by the location of your instance, like ``<Location /searx>``:
+
      In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
      modules (LoadModule_):
      .. code:: apache
-   # CustomLog /dev/null combined
+         LoadModule proxy_module modules/mod_proxy.so
         LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
   .. group-tab::  Fedora / RHEL
      .. code:: sh
         sudo -H dnf install uwsgi
         FIXME: enable uwsgi in apache
 The next example shows a configuration using the `uWSGI Apache support`_ via
 unix sockets.  For socket communication, you have to activate ``socket =
 /run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888``
 configuration in your :ref:`uwsgi ini file <uwsgi configuration>`.
 If not already exists, create a folder for the unix sockets, which can be
 used by the searx account:
 .. code:: bash
   sudo -H mkdir -p /run/uwsgi/app/searx/
   sudo -H chown -R searx:searx /run/uwsgi/app/searx/
 To limit acces to your intranet replace ``Allow from all`` directive and replace
 ``192.168.0.0/16`` with your subnet IP/class.
 .. tabs::
   .. group-tab:: Ubuntu / debian
      Debian uses the (old) `mod_uwsgi
      <https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_.
      .. code:: apache
         <IfModule mod_uwsgi.c>
-     <Location />
+             # SetEnvIf Request_URI "/searx" dontlog
             # CustomLog /dev/null combined env=dontlog
             <Location /searx >
                 Require all granted
                 Options FollowSymLinks Indexes
                 SetHandler uwsgi-handler
@ -57,7 +379,62 @@ Note that if your instance of searx is not at the root, you should change
         </IfModule>
-Enable apache mod_uwsgi and restart apache:
+   .. group-tab:: Arch Linux
      Arch Linux uses the (recommend) `mod_proxy_uwsgi`_.
      .. code:: apache
         <IfModule proxy_uwsgi_module>
             # SetEnvIf Request_URI /searx dontlog
             # CustomLog /dev/null combined env=dontlog
             <Location /searx>
                 Require all granted
                 Order deny,allow
                 Deny from all
                 # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
                 Allow from all
                 ProxyPreserveHost On
                 ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
 	     </Location>
         </IfModule>
   .. group-tab::  Fedora / RHEL
      RHEL uses the (recommend) `mod_proxy_uwsgi`_.
      .. code:: apache
         <IfModule proxy_uwsgi_module>
             # SetEnvIf Request_URI /searx dontlog
             # CustomLog /dev/null combined env=dontlog
             <Location /searx>
                 Require all granted
                 Order deny,allow
                 Deny from all
                 # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
                 Allow from all
                 ProxyPreserveHost On
                 ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
 	     </Location>
         </IfModule>
 .. _restart apache:
 Restart service
 ===============
 .. tabs::
@ -65,31 +442,34 @@ Enable apache mod_uwsgi and restart apache:
      .. code:: sh
         a2enmod uwsgi
         sudo -H systemctl restart apache2
         sudo -H service uwsgi restart searx
   .. group-tab:: Arch Linux
      .. code:: sh
         sudo -H systemctl restart httpd
         sudo -H systemctl restart uwsgi@searx
   .. group-tab::  Fedora / RHEL
      .. code:: sh
         sudo -H systemctl restart httpd
         sudo -H touch /etc/uwsgi.d/searx.ini
 disable logs
 ============
-For better privacy you can disable Apache logs.  Go back to
+For better privacy you can disable Apache logs.  In the examples above activate
-``/etc/apache2/apache2.conf`` :ref:`[example] <inranet apache site>` and above
+one of the lines and `restart apache`_::
 ``<Location />`` activate directive:
 .. code:: apache
-    CustomLog /dev/null combined
+  # SetEnvIf Request_URI "/searx" dontlog
  # CustomLog /dev/null combined env=dontlog
-Restart apache:
+The ``CustomLog`` directive disable logs for the whole (virtual) server, use it
-
+when the URL of the service does not have a path component (``/searx``) / is
-.. tabs::
+located at root (``/``).
   .. group-tab:: Ubuntu / debian
      .. code:: sh
         sudo -H systemctl restart apache2
 .. warning::
   You can only disable logs for the whole (virtual) server not for a specific
   path.
--- a/docs/admin/installation-nginx.rst
+++ b/docs/admin/installation-nginx.rst
@ -28,10 +28,9 @@ Install with nginx
 The nginx HTTP server
 =====================
-If nginx_ is not installed (uwsgi will not work with the package nginx-light)
+If nginx_ is not installed (uwsgi will not work with the package nginx-light),
 install it now.
 .. tabs::
   .. group-tab:: Ubuntu / debian
@ -58,7 +57,8 @@ install it now.
 Now at http://localhost you should see a *Welcome to nginx!* page, on Fedora you
 see a *Fedora Webserver - Test Page*.  The test page comes from the default
-`nginx server configuration`_:
+`nginx server configuration`_.  How this default intro site is configured,
 depends on the linux distribution:
 .. tabs::
@ -111,7 +111,8 @@ A nginx searx site
   If your searx instance is public, stop here and first install :ref:`filtron
   reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
-   :ref:`installation scripts`.
+   :ref:`installation scripts`.  If already done, follow setup: *searx via
   filtron plus morty*.
 Now you have to create a configuration for the searx site.  If nginx_ is new to
 you, the `nginx beginners guide`_ is a good starting point and the `Getting
@ -143,9 +144,10 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
   .. group-tab:: searx via filtron plus morty
      Use this setup, if your instance is public to the internet, compare
-      figure: :ref:`architecture <arch public>`.  Configure a reverse proxy for
+      figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
-      :ref:`filtron <filtron.sh>`, listening on *localhost 4004* (:ref:`filtron
+
-      route request`):
+      1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
         *localhost 4004* (:ref:`filtron route request`):
      .. code:: nginx
@ -159,7 +161,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
         }
-      Configure reverse proxy for :ref:`morty <searx morty>`, listening on
+      2. Configure reverse proxy for :ref:`morty <searx morty>`, listening on
         *localhost 3000*:
      .. code:: nginx
@ -181,7 +183,10 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
         result_proxy:
             # replace example.org with your server's public name
-             url : https://example.org/
+             url : https://example.org/morty
         server:
             image_proxy : True
   .. group-tab:: proxy or uWSGI
@ -244,7 +249,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
 	 mkdir -p /run/uwsgi/app/searx/
 	 sudo -H chown -R searx:searx /run/uwsgi/app/searx/
-   .. group-tab:: subdirectory URL
+   .. group-tab:: proxy at subdir URL
      Be warned, with these setups, your instance isn't :ref:`protected <searx
      filtron>`.  The examples are just here to demonstrate how to export the
--- a/docs/admin/installation.rst
+++ b/docs/admin/installation.rst
@ -54,3 +54,9 @@ This installs searx as described in :ref:`installation basic`.
 .. code:: bash
   $ sudo -H ./utils/morty.sh install all
 If all services are running fine, you can add it to your HTTP server:
 - :ref:`installation apache`
 - :ref:`installation nginx`
--- a/utils/lib.sh
+++ b/utils/lib.sh
@ -634,9 +634,15 @@ if [[ -z "${APACHE_SITES_AVAILABE}" ]]; then
 fi
 apache_is_installed() {
    case $DIST_ID-$DIST_VERS in
        ubuntu-*|debian-*)
            (command -v apachectl \
                 && command -v a2ensite \
                 && command -v a2dissite ) &>/dev/null
            ;;
        arch) (command -v httpd) ;;
        fedora) (command -v httpd) ;;
    esac
 }
 apache_reload() {
--- a/utils/searx.sh
+++ b/utils/searx.sh
@ -735,6 +735,11 @@ This installs the searx uwsgi app as apache site.  If your server is public to
 the internet, you should instead use a reverse proxy (filtron) to block
 excessively bot queries."
    case $DIST_ID-$DIST_VERS in
        ubuntu-*|debian-*) : ;;
        *) err_msg "sorry distro $DIST_ID $DIST_VERS not yet supported"; exit 42 ;;
    esac
    ! apache_is_installed && err_msg "Apache is not installed."
    if ! ask_yn "Do you really want to install apache site for searx-uwsgi?"; then
--- a/utils/templates/etc/apache2/sites-available/morty.conf
+++ b/utils/templates/etc/apache2/sites-available/morty.conf
@ -18,8 +18,8 @@ ProxyPreserveHost On
    ProxyPass http://${MORTY_LISTEN}
    RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
-    # In Apache it seems, that setting HTTP_HOST header direct here does have no
+    # In Apache it seems, that setting HTTP_HOST header directive here does have
-    # effect.  I needed to set 'ProxyPreserveHost On' (see above).
+    # no effect.  I needed to set 'ProxyPreserveHost On' (see above).
    # RequestHeader set Host ${PUBLIC_HOST}
--- a/utils/templates/etc/apache2/sites-available/searx.conf:filtron
+++ b/utils/templates/etc/apache2/sites-available/searx.conf:filtron
@ -23,8 +23,8 @@ ProxyPreserveHost On
    ProxyPass http://${FILTRON_LISTEN}
    RequestHeader set X-Script-Name ${FILTRON_URL_PATH}
-    # In Apache it seems, that setting HTTP_HOST header direct here does have no
+    # In Apache it seems, that setting HTTP_HOST header directive here does have
-    # effect.  I needed to set 'ProxyPreserveHost On' (see above).  HTTP_HOST
+    # no effect.  I needed to set 'ProxyPreserveHost On' (see above).  HTTP_HOST
    # (ProxyPreserveHost On) is needed by searx to render correct *Search URL*
    # in the *Link* box and *saved preference*.