Commit eedd63cc authored by Markus Heiser's avatar Markus Heiser

docs: revision of the installation instructions

Signed-off-by: default avatarMarkus Heiser <markus.heiser@darmarit.de>
parent a5eefea6
...@@ -4,13 +4,18 @@ ...@@ -4,13 +4,18 @@
Buildhosts Buildhosts
========== ==========
To get best results from build, its recommend to install additional packages
on build hosts.
.. sidebar:: This article needs some work .. sidebar:: This article needs some work
If you have any contribution send us your :pull:`PR <../pulls>`, see If you have any contribution send us your :pull:`PR <../pulls>`, see
:ref:`how to contribute`. :ref:`how to contribute`.
To get best results from build, its recommend to install additional packages .. contents:: Contents
on build hosts. :depth: 2
:local:
:backlinks: entry
.. _docs build: .. _docs build:
......
...@@ -9,6 +9,11 @@ How to protect an instance ...@@ -9,6 +9,11 @@ How to protect an instance
- :ref:`filtron.sh` - :ref:`filtron.sh`
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
.. _filtron: https://github.com/asciimoo/filtron .. _filtron: https://github.com/asciimoo/filtron
Searx depens on external search services. To avoid the abuse of these services Searx depens on external search services. To avoid the abuse of these services
......
...@@ -3,9 +3,12 @@ Administrator documentation ...@@ -3,9 +3,12 @@ Administrator documentation
=========================== ===========================
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 2
:caption: Contents
installation installation
installation-nginx
installation-apache
settings settings
api api
architecture architecture
......
.. _installation apache:
===================
Install with apache
===================
.. sidebar:: public HTTP servers
On public searx instances use an application firewall (:ref:`filtron
<filtron.sh>`).
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
Add wsgi mod
============
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H apt-get install libapache2-mod-uwsgi
sudo -H a2enmod uwsgi
Add this configuration in the file ``/etc/apache2/apache2.conf``. To limit
acces to your intranet replace ``Allow from all`` directive and replace
``192.168.0.0/16`` with your subnet IP/class.
.. _inranet apache site:
Note that if your instance of searx is not at the root, you should change
``<Location />`` by the location of your instance, like ``<Location /searx>``:
.. code:: apache
# CustomLog /dev/null combined
<IfModule mod_uwsgi.c>
<Location />
Options FollowSymLinks Indexes
SetHandler uwsgi-handler
uWSGISocket /run/uwsgi/app/searx/socket
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
</Location>
</IfModule>
Enable apache mod_uwsgi and restart apache:
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
a2enmod uwsgi
sudo -H systemctl restart apache2
disable logs
============
For better privacy you can disable Apache logs. Go back to
``/etc/apache2/apache2.conf`` :ref:`[example] <inranet apache site>` and above
``<Location />`` activate directive:
.. code:: apache
CustomLog /dev/null combined
Restart apache:
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H systemctl restart apache2
.. warning::
You can only disable logs for the whole (virtual) server not for a specific
path.
.. _installation nginx:
==================
Install with nginx
==================
.. sidebar:: public HTTP servers
On public searx instances use an application firewall (:ref:`filtron
<filtron.sh>`).
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
If nginx is not installed (uwsgi will not work with the package
nginx-light):
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H apt-get install nginx
Hosted at ``/``
===============
Create the configuration file ``/etc/nginx/sites-available/searx`` with this
content:
.. code:: nginx
server {
listen 80;
server_name searx.example.com;
root /usr/local/searx/searx;
location /static {
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
}
Create a symlink to sites-enabled:
.. code:: sh
sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
Restart service:
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H systemctl restart nginx
sudo -H systemctl restart uwsgi
from subdirectory URL (``/searx``)
==================================
Add this configuration in the server config file
``/etc/nginx/sites-enabled/default``:
.. code:: nginx
location /searx/static {
alias /usr/local/searx/searx/static;
}
location /searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
**OR** using reverse proxy (Please, note that reverse proxy advised to be used
in case of single-user or low-traffic instances.)
.. code:: nginx
location /searx/static {
alias /usr/local/searx/searx/static;
}
location /searx {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
proxy_buffering off;
}
Enable ``base_url`` in ``searx/settings.yml``
.. code:: yaml
base_url : http://your.domain.tld/searx/
Restart service:
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H systemctl restart nginx
sudo -H systemctl restart uwsgi
disable logs
============
For better privacy you can disable nginx logs about searx. How to proceed:
below ``uwsgi_pass`` in ``/etc/nginx/sites-available/default`` add:
.. code:: nginx
access_log /dev/null;
error_log /dev/null;
Restart service:
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H systemctl restart nginx
...@@ -4,50 +4,64 @@ ...@@ -4,50 +4,64 @@
Installation Installation
============ ============
.. contents:: .. sidebar:: Searx server setup
:depth: 3
- :ref:`installation nginx`
- :ref:`installation apache`
If you do not have any special preferences, it is recommend to use
:ref:`searx.sh`.
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
.. _installation basic: .. _installation basic:
Basic installation Basic installation
================== ==================
.. sidebar:: further reading Step by step installation with virtualenv. For Ubuntu, be sure to have enable
universe repository.
- :ref:`searx.sh` Install packages:
Step by step installation for Debian/Ubuntu with virtualenv. For Ubuntu, be sure .. tabs::
to have enable universe repository.
Install packages: .. group-tab:: Ubuntu / debian
.. code:: sh .. code-block:: sh
$ sudo -H apt-get install \ $ sudo -H apt-get install \
git build-essential libxslt-dev \ git build-essential
python-dev python-virtualenv python-babel \ libxslt-dev python3-dev python3-babel \
zlib1g-dev libffi-dev libssl-dev zlib1g-dev libffi-dev libssl-dev
Install searx: Install searx:
.. code:: sh .. code:: sh
cd /usr/local sudo -H useradd searx --system --disabled-password -d /usr/local/searx
sudo -H git clone https://github.com/asciimoo/searx.git sudo -H usermod -a -G shadow $SERVICE_USER
sudo -H useradd searx -d /usr/local/searx cd /usr/local/searx
sudo -H git clone https://github.com/asciimoo/searx.git searx-src
sudo -H chown searx:searx -R /usr/local/searx sudo -H chown searx:searx -R /usr/local/searx
Install dependencies in a virtualenv: Install virtualenv:
.. code:: sh .. code:: sh
cd /usr/local/searx
sudo -H -u searx -i sudo -H -u searx -i
(searx)$ python3 -m venv searx-pyenv
(searx)$ echo 'source ~/searx-pyenv/bin/activate' > ~/.profile
Exit the searx bash and restart a new to install the searx dependencies:
.. code:: sh .. code:: sh
(searx)$ virtualenv searx-ve sudo -H -u searx -i
(searx)$ . ./searx-ve/bin/activate (searx)$ cd searx-src
(searx)$ ./manage.sh update_packages (searx)$ ./manage.sh update_packages
Configuration Configuration
...@@ -55,7 +69,9 @@ Configuration ...@@ -55,7 +69,9 @@ Configuration
.. code:: sh .. code:: sh
sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml sudo -H -u searx -i
(searx)$ cd searx-src
(searx)$ sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml
Edit searx/settings.yml if necessary. Edit searx/settings.yml if necessary.
...@@ -66,7 +82,9 @@ Start searx: ...@@ -66,7 +82,9 @@ Start searx:
.. code:: sh .. code:: sh
python searx/webapp.py sudo -H -u searx -i
(searx)$ cd searx-src
(searx)$ python3 searx/webapp.py
Go to http://localhost:8888 Go to http://localhost:8888
...@@ -76,254 +94,118 @@ If everything works fine, disable the debug option in settings.yml: ...@@ -76,254 +94,118 @@ If everything works fine, disable the debug option in settings.yml:
sed -i -e "s/debug : True/debug : False/g" searx/settings.yml sed -i -e "s/debug : True/debug : False/g" searx/settings.yml
At this point searx is not demonized ; uwsgi allows this. At this point searx is not demonized ; uwsgi allows this. You can exit the
virtualenv and the searx user bash (enter exit command twice).
You can exit the virtualenv and the searx user bash (enter exit command
twice).
uwsgi uwsgi
===== =====
Install packages: Install packages:
.. code:: sh .. tabs::
sudo -H apt-get install \
uwsgi uwsgi-plugin-python
Create the configuration file ``/etc/uwsgi/apps-available/searx.ini`` with this
content:
.. code:: ini
[uwsgi]
# Who will run the code
uid = searx
gid = searx
# disable logging for privacy
disable-logging = true
# Number of workers (usually CPU count)
workers = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config .. group-tab:: Ubuntu / debian
single-interpreter = true
master = true
plugin = python
lazy-apps = true
enable-threads = true
# Module to import .. code-block:: bash
module = searx.webapp
# Support running the module from a webserver subdirectory. sudo -H apt-get install uwsgi uwsgi-plugin-python3
route-run = fixpathinfo:
# Virtualenv and python path Create the configuration file ``/etc/uwsgi/apps-available/searx.ini`` with this
virtualenv = /usr/local/searx/searx-ve/
pythonpath = /usr/local/searx/
chdir = /usr/local/searx/searx/
Activate the uwsgi application and restart:
.. code:: sh
cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/searx.ini
/etc/init.d/uwsgi restart
Web server
==========
with nginx
----------
If nginx is not installed (uwsgi will not work with the package
nginx-light):
.. code:: sh
sudo -H apt-get install nginx
Hosted at /
~~~~~~~~~~~
Create the configuration file ``/etc/nginx/sites-available/searx`` with this
content: content:
.. code:: nginx .. code:: ini
server {
listen 80;
server_name searx.example.com;
root /usr/local/searx/searx;
location /static {
}
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
}
Create a symlink to sites-enabled:
.. code:: sh
sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
Restart service:
.. code:: sh
sudo -H service nginx restart
sudo -H service uwsgi restart
from subdirectory URL (/searx)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add this configuration in the server config file
``/etc/nginx/sites-enabled/default``:
.. code:: nginx
location /searx/static {
alias /usr/local/searx/searx/static;
}
location /searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
**OR** using reverse proxy (Please, note that reverse proxy advised to be used
in case of single-user or low-traffic instances.)
.. code:: nginx
location /searx/static {
alias /usr/local/searx/searx/static;
}
location /searx {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /searx;
proxy_buffering off;
}
Enable ``base_url`` in ``searx/settings.yml``
.. code:: yaml
base_url : http://your.domain.tld/searx/
Restart service: [uwsgi]
.. code:: sh # uWSGI core
# ----------
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
sudo -H service nginx restart # Who will run the code
sudo -H service uwsgi restart uid = searx
gid = searx
disable logs # chdir to specified directory before apps loading
^^^^^^^^^^^^ chdir = /usr/local/searx/searx-src/searx
for better privacy you can disable nginx logs about searx. # disable logging for privacy
disable-logging = true
how to proceed: below ``uwsgi_pass`` in ``/etc/nginx/sites-available/default`` # The right granted on the created socket
add: chmod-socket = 666
.. code:: nginx # Plugin to use and interpretor config
single-interpreter = true
access_log /dev/null; # enable master process
error_log /dev/null; master = true
Restart service: # load apps in each worker instead of the master
lazy-apps = true
.. code:: sh # load uWSGI plugins
plugin = python3,http
sudo -H service nginx restart # By default the Python plugin does not initialize the GIL. This means your
# app-generated threads will not run. If you need threads, remember to enable
# them with enable-threads. Running uWSGI in multithreading mode (with the
# threads options) will automatically enable threading support. This *strange*
# default behaviour is for performance reasons.
enable-threads = true
with apache # plugin: python
----------- # --------------
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-python