Robin Schneider
a1d9c81915
Fix Nginx subdir URL install docs which allowed download of settings.yml
...
Closes : #1617
There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:
```nginx
root /usr/local/searx;
location = /searx { rewrite ^ /searx/; }
try_files $uri @searx;
}
location @searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_modifier1 30;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```
`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).
To fix this, I propose:
```nginx
location = /searx {
rewrite ^ /searx/;
}
location /searx/static {
}
location /searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```
And add
```
route-run = fixpathinfo:
```
to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action
I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).
https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:
> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Markus Heiser
754a10c1c1
Merge pull request #1661 from 0xhtml/fix-engine-spotify
...
Fix engine spotify
As you can read here https://developer.spotify.com/documentation/web-api/#authentication all requests to the spotify api require authentication. You can not test the api without credentials.
2019-12-30 07:44:31 +01:00
Markus Heiser
36e72a4619
Merge branch 'master' into fix-engine-spotify
2019-12-29 09:47:06 +01:00
Markus Heiser
f6d66c0f6f
Merge pull request #1776 from return42/makefile-doc
...
doc: describe Makefile targets & add reST primer
2019-12-28 13:55:20 +01:00
Markus Heiser
b91e07bbf1
docs(css): render HTML rst-example slightly more discreet
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:26:24 +01:00
Markus Heiser
d1892b2112
docs(admin): add article 'Buildhosts' with system requirements
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:25:16 +01:00
Markus Heiser
d6f2802e4b
docs(dev): add more markups to reST primer
...
- Literal blocks
- Unicode substitution
- Horizontal list
- Math equations
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:01:11 +01:00
Markus Heiser
92afe68d65
doc(dev): reST/sphinx add tabbed views extension (sphinx_tabs.tabs)
...
See issue #1785 :
idea: in the doc, provide installation instructions with one tab per
distrubution
preview (don't bookmark):
https://return42.github.io/searx/dev/reST.html#tabbed-views
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-26 10:26:12 +01:00
Markus Heiser
62505f8982
docs(dev): add refs to to gitmoji and Semantic PR in contrib section
...
preview (don't bookmark):
https://return42.github.io/searx/dev/contribution_guide.html#code
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-25 09:57:21 +01:00
Markus Heiser
4ca8b69c81
doc(dev): add remarks about creating good commits (messages)
...
preview (don't bookmark):
https://return42.github.io/searx/dev/contribution_guide.html#code
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-24 18:48:23 +01:00
Markus Heiser
5eb8cf4ebb
Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc
2019-12-24 18:00:24 +01:00
Markus Heiser
a52a638ba8
Merge pull request #1701 from CaffeinatedTech/patch-1
...
Update README.rst
for the future: please select meaningful commit messages. Here is a good summarize how a useful commit messages looks like: https://www.conventionalcommits.org/en/v1.0.0-beta.2/#summary
Further read: https://wiki.openstack.org/wiki/GitCommitMessages#Information_in_commit_messages
2019-12-24 17:56:24 +01:00
Markus Heiser
ecb054a7a0
Merge branch 'master' into patch-1
2019-12-24 17:45:13 +01:00
Markus Heiser
5a0a66e9bc
Merge pull request #1615 from Nachtalb/ne/fix-infinite_scroll-with-vim_bindings
...
Fix not jumping to results loaded by infinite scroll
2019-12-24 17:34:33 +01:00
Markus Heiser
38dad2e8e3
Merge branch 'master' into ne/fix-infinite_scroll-with-vim_bindings
2019-12-24 15:42:05 +01:00
Markus Heiser
a395fb4a8d
Merge pull request #1694 from finn0/libgen
...
Fix broken Library Gensis Engine
2019-12-24 13:37:29 +01:00
Markus Heiser
fb668e2075
Merge branch 'master' into libgen
2019-12-24 13:33:07 +01:00
Markus Heiser
46dd51afad
Merge branch 'master' into makefile-doc
2019-12-24 12:27:36 +01:00
Markus Heiser
6d232e9b69
Merge pull request #1787 from finn0/fix/infobox
...
[Fix] oscar: no HTML escaping prior to output
2019-12-24 11:37:33 +01:00
Vipul
8bea927bb0
[Fix] oscar: no HTML escaping prior to output
...
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.
This change addresses the issue by using "safe" filter feature provided by
Django. See,
- https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
- Searx issue tracker (issue #1649 ), for more information.
Resolves : #1649
2019-12-24 15:11:48 +05:30
Markus Heiser
07c8ca87e6
Merge branch 'master' into makefile-doc
2019-12-23 13:58:53 +00:00
Markus Heiser
3e14bf4d27
Merge pull request #1686 from MarcAbonce/wiki_infobox_fixes
...
Infobox fixes
2019-12-23 12:31:31 +00:00
Markus Heiser
c8645d6e37
doc: reST-primer -- imrpove desription of definition lists
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-23 09:37:51 +01:00
Markus Heiser
d3e4e81faf
makefile.sphinx: fix gh-pages / pull before add commits
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:28:07 +01:00
Markus Heiser
90174e215c
doc: add plugin section to admin section (template)
...
- Plugins configured at built time (defaults)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:26:06 +01:00
Vipul
f407dd8ef4
Switch to https for some domains
2019-12-22 13:39:00 +00:00
Markus Heiser
31db843c9c
doc: CSS - fix alignment of code block in figure blocks
...
BTW: minor profread of reST.rst
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:08:57 +01:00
Markus Heiser
aa3b0265e7
doc: add 'Architecture' article to admin section
...
Herein we add some hints and suggestions about typical architectures of
searx infrastructures. We start with a contribution from @dalf
- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320
thanks @dalf !!
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:05:33 +01:00
Vipul
ee6781d777
[Fix] Libgen engine
...
Libgen has switched to new domain (i.e https://libgen.is ) with TLS
support and older domain (i.e. http://libgen.io ) is no longer
accessible. See, https://en.wikipedia.org/wiki/Library_Genesis , for more
information.
Resolves : #1693
2019-12-22 13:04:46 +00:00
Markus Heiser
5bdca1a5bf
doc: improved HTML table layout (CSS)
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 11:46:03 +01:00
Markus Heiser
aea4667fbc
Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc
2019-12-22 10:12:33 +01:00
Marc Abonce Seguin
495ae59b31
hide suggestions box if empty
...
This bug happens only in python3
because map returns an iterator.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin
5706c12fba
remove empty parenthesis in wikipedia's summary
...
They're usually IPA pronunciations which are removed
by the API.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin
c18048e045
exclude disambiguation pages from wikipedia infobox
2019-12-21 22:47:08 -06:00
Adam Tauber
34ad3d6b34
[enh] display error message if gigablast extra param expired
2019-12-21 21:25:50 +01:00
Adam Tauber
52ccaa7acc
[mod] remove useless engine unit tests
...
These tests are not able to detect engine errors if the upstream
site changes.
2019-12-21 21:15:09 +01:00
Adam Tauber
fc457569f7
[fix] pep8
2019-12-21 21:13:43 +01:00
Adam Tauber
00512e36c1
[fix] handle empty response from wikipedia engine - closes #1114
2019-12-21 21:01:08 +01:00
Adam Tauber
f8713512be
[fix] convert byte query to string in osm engine - fixes #1220
2019-12-21 20:56:38 +01:00
Adam Tauber
e5305f886c
[fix] fetch extra search param of gigablast - fixes #1293
2019-12-21 20:51:30 +01:00
Adam Tauber
8850036ded
[fix] add explicit useragent header to requests - closes #1459
2019-12-21 20:25:39 +01:00
Markus Heiser
d1154202bc
doc: add reST templating // incl. generic engine tabe
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-21 17:13:38 +01:00
Markus Heiser
c2b9aa0c2f
docs: reST-primer describe table markup (WIP)
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-20 20:39:14 +01:00
Markus Heiser
b201f84595
docs: reST-primer continued proofreading (WIP)
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-20 17:47:24 +01:00
Markus Heiser
ae7cb5937e
docs: reST-primer first proofreading (WIP)
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-20 12:10:43 +01:00
Markus Heiser
b82f61f704
doc: reST primer -- describe admonitions & customize their CSS
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-20 11:01:41 +01:00
Markus Heiser
e1566e68aa
doc: add content to reST primer (WIP) // linuxdoc
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-19 23:36:53 +01:00
Markus Heiser
bee19a76f7
doc: add reST primer (inital / WIP)
...
preview: https://return42.github.io/searx/dev/reST.html
includes:
- :class: rst-example // admonitions with (rendered) reST markup example
- extlinks to docutils
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-19 17:05:50 +01:00
Markus Heiser
2b4526916d
edoc: -- makefile.rst fix typo and add extlinks['man']
...
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-18 18:32:42 +01:00
Markus Heiser
f09459b98a
doc: describe Makefile targets
...
With the aim to simplify development cycles, started with PR #1756 a Makefile
based boilerplate was added. This patch adds the missing developer
documentation.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-18 16:11:05 +01:00