nginx: normalize installation (docs and script)s over all distros

Route request through filtron

=============================

.. sidebar:: further reading

   - :ref:`filtron.sh overview`

   - :ref:`installation nginx`

   - :ref:`installation apache`

Filtron can be started using the following command:

.. code:: sh

.. code:: nginx

   location / {

   # https://example.org/searx

   location /searx {

       proxy_pass         http://127.0.0.1:4004/;

       proxy_set_header   Host             $http_host;

       proxy_set_header   Connection       $http_connection;

       proxy_set_header   X-Real-IP        $remote_addr;

       proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

       proxy_set_header   X-Scheme         $scheme;

       proxy_set_header   X-Script-Name    /searx;

   }

   location /searx/static {

       /usr/local/searx/searx-src/searx/static;

   }

Requests are coming from port 4004 going through filtron and then forwarded to

port 8888 where a searx is being run. For a complete setup see: :ref:`nginx

searx site`.

      .. code:: nginx

         location / {

	 # https://example.org/searx

	 location /searx {

	     proxy_pass         http://127.0.0.1:4004/;

	     proxy_set_header   Host             $http_host;

	     proxy_set_header   Connection       $http_connection;

	     proxy_set_header   X-Real-IP        $remote_addr;

	     proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

	     proxy_set_header   X-Scheme         $scheme;

	     proxy_set_header   X-Script-Name    /searx;

	 }

	 location /searx/static {

	     /usr/local/searx/searx-src/searx/static;

	 }

      .. code:: nginx

	 # https://example.org/morty

	 location /morty {

             proxy_pass         http://127.0.0.1:3000/;

             proxy_set_header   Host             $http_host;

             proxy_set_header   Connection       $http_connection;

             proxy_set_header   X-Real-IP        $remote_addr;

             proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

             proxy_set_header   X-Scheme         $scheme;

      .. code:: nginx

	 # https://hostname.local/

	 location / {

	     proxy_pass http://127.0.0.1:8888;

             proxy_set_header Host $host;

             proxy_set_header Connection       $http_connection;

             proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

             proxy_set_header X-Scheme         $scheme;

              proxy_set_header X-Script-Name /searx;

             proxy_buffering                   off;

         }

      .. code:: nginx

         server {

             # replace example.org with your server's public name

             server_name example.org;

             # replace hostname.local with your server's name

             server_name hostname.local;

             listen 80;

             listen [::]:80;

         mkdir -p /run/uwsgi/app/searx/

         sudo -H chown -R searx:searx /run/uwsgi/app/searx/

   .. group-tab:: proxy at subdir URL

   .. group-tab:: \.\. at subdir URL

      Be warned, with these setups, your instance isn't :ref:`protected <searx

      filtron>`.  The examples are just here to demonstrate how to export the

      .. code:: nginx

	 # https://hostname.local/searx

         location /searx {

             proxy_pass http://127.0.0.1:8888;

             proxy_set_header Host $host;

             proxy_set_header Connection       $http_connection;

             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

             proxy_set_header X-Scheme $scheme;

             proxy_set_header X-Script-Name /searx;

      .. code:: nginx

          location /searx/static {

              alias /usr/local/searx/searx-src/searx;

          }

	 # https://hostname.local/searx

         location /searx {

             uwsgi_param SCRIPT_NAME /searx;

             uwsgi_pass unix:/run/uwsgi/app/searx/socket;

         }

         location /searx/static {

             alias /usr/local/searx/searx-src/searx;

         }

      For searx to work correctly the ``base_url`` must be set in the

      :origin:`searx/settings.yml`.

GO_PKG_URL="https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz"

GO_TAR=$(basename "$GO_PKG_URL")

# Apache Settings

APACHE_FILTRON_SITE="searx.conf"

NGINX_FILTRON_SITE="searx.conf"

# shellcheck disable=SC2034

CONFIG_FILES=(

    # shellcheck disable=SC1117

    cat <<EOF

usage::

  $(basename "$0") shell

  $(basename "$0") install    [all|user|rules]

  $(basename "$0") update     [filtron]

  $(basename "$0") inspect    [service]

  $(basename "$0") option     [debug-on|debug-off]

  $(basename "$0") apache     [install|remove]

  $(basename "$0") nginx      [install|remove]

shell

  start interactive shell from user ${SERVICE_USER}

apache (${PUBLIC_URL})

  :install: apache site with a reverse proxy (ProxyPass)

  :remove:  apache site ${APACHE_FILTRON_SITE}

nginx (${PUBLIC_URL})

  :install: nginx site with a reverse proxy (ProxyPass)

  :remove:  nginx site ${NGINX_FILTRON_SITE}

filtron rules: ${FILTRON_RULES}

}

main() {

    rst_title "$SERVICE_NAME" part

    required_commands \

        sudo install git wget curl \

        || exit

    local _usage="unknown or missing $1 command $2"

    case $1 in

        --source-only)  ;;

        --getenv)  var="$2"; echo "${!var}"; exit 0;;

        -h|--help) usage; exit 0;;

        shell)

                *) usage "$_usage"; exit 42;;

            esac ;;

        install)

            rst_title "$SERVICE_NAME" part

            sudo_or_exit

            case $2 in

                all) install_all ;;

                remove) remove_apache_site ;;

                *) usage "$_usage"; exit 42;;

            esac ;;

        nginx)

            sudo_or_exit

            case $2 in

                install) install_nginx_site ;;

                remove) remove_nginx_site ;;

                *) usage "$_usage"; exit 42;;

            esac ;;

        option)

            sudo_or_exit

            case $2 in

}

install_nginx_site() {

    rst_title "Install nginx site $NGINX_FILTRON_SITE"

    rst_para "\

This installs a reverse proxy (ProxyPass) into nginx site (${NGINX_FILTRON_SITE})"

    ! nginx_is_installed && err_msg "nginx is not installed."

    if ! ask_yn "Do you really want to continue?" Yn; then

        return

    else

        install_nginx

    fi

    "${REPO_ROOT}/utils/searx.sh" install uwsgi

    SEARX_SRC=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_SRC)

    SEARX_URL_PATH=$("${REPO_ROOT}/utils/searx.sh" --getenv SEARX_URL_PATH)

    nginx_install_app --variant=filtron "${NGINX_FILTRON_SITE}"

    info_msg "testing public url .."

    if ! service_is_available "${PUBLIC_URL}"; then

        err_msg "Public service at ${PUBLIC_URL} is not available!"

    fi

}

remove_nginx_site() {

    rst_title "Remove nginx site $NGINX_FILTRON_SITE"

    rst_para "\

This removes nginx site ${NGINX_FILTRON_SITE}."

    ! nginx_is_installed && err_msg "nginx is not installed."

    if ! ask_yn "Do you really want to continue?" Yn; then

        return

    fi

    nginx_remove_site "$FILTRON_FILTRON_SITE"

}

rst-doc() {

    eval "echo \"$(< "${REPO_ROOT}/docs/build-templates/filtron.rst")\""

    fi

}

die() {

    echo -e "${_BRed}ERROR:${_creset} ${BASH_SOURCE[1]}: line ${BASH_LINENO[0]}: ${2-died ${1-1}}" >&2;

    exit "${1-1}"

}

die_caller() {

    echo -e "${_BRed}ERROR:${_creset} ${BASH_SOURCE[2]}: line ${BASH_LINENO[1]}: ${FUNCNAME[1]}(): ${2-died ${1-1}}" >&2;

    exit "${1-1}"

}

err_msg()  { echo -e "${_BRed}ERROR:${_creset} $*" >&2; }

warn_msg() { echo -e "${_BBlue}WARN:${_creset}  $*" >&2; }

info_msg() { echo -e "${_BYellow}INFO:${_creset}  $*" >&2; }

    # usage:  service_is_available <URL>

    local URL="$1"

    if [[ -z $URL ]]; then

        err_msg "service_is_available: missing arguments"

        return 42

    fi

    [[ -z $1 ]] && die_caller 42 "missing argument <URL>"

    http_code=$(curl -H 'Cache-Control: no-cache' \

         --silent -o /dev/null --head --write-out '%{http_code}' --insecure \

}

# nginx

# -----

nginx_distro_setup() {

    # shellcheck disable=SC2034

    NGINX_DEFAULT_SERVER=/etc/nginx/nginx.conf

    # Including *location* directives from a dedicated config-folder into the

    # server directive is, what what fedora (already) does.

    NGINX_APPS_ENABLED="/etc/nginx/default.d"

    # We add a apps-available folder and linking configurations into the

    # NGINX_APPS_ENABLED folder.  See also nginx_include_apps_enabled().

    NGINX_APPS_AVAILABLE="/etc/nginx/default.apps-available"

    case $DIST_ID-$DIST_VERS in

        ubuntu-*|debian-*)

            NGINX_PACKAGES="nginx"

            NGINX_DEFAULT_SERVER=/etc/nginx/sites-available/default

            ;;

        arch-*)

            NGINX_PACKAGES="nginx-mainline"

            ;;

        fedora-*)

            NGINX_PACKAGES="nginx"

            ;;

        *)

            err_msg "$DIST_ID-$DIST_VERS: nginx not yet implemented"

            ;;

    esac

}

nginx_distro_setup

install_nginx(){

    info_msg "installing nginx ..."

    pkg_install "${NGINX_PACKAGES}"

    case $DIST_ID-$DIST_VERS in

        arch-*|fedora-*)

            systemctl enable nginx

            systemctl start nginx

            ;;

    esac

}

nginx_is_installed() {

    command -v nginx &>/dev/null

}

nginx_reload() {

    info_msg "reload nginx .."

    echo

    if ! nginx -t; then

       err_msg "testing nginx configuration failed"

       return 42

    fi

    systemctl restart nginx

}

nginx_install_app() {

    # usage:  nginx_install_app [<template option> ...] <myapp>

    #

    # <template option>:   see install_template

    local template_opts=()

    local pos_args=("$0")

    for i in "$@"; do

        case $i in

            -*) template_opts+=("$i");;

            *)  pos_args+=("$i");;

        esac

    done

    nginx_include_apps_enabled "${NGINX_DEFAULT_SERVER}"

    install_template "${template_opts[@]}" \

                     "${NGINX_APPS_AVAILABLE}/${pos_args[1]}" \

                     root root 644

    nginx_enable_app "${pos_args[1]}"

    info_msg "installed nginx app: ${pos_args[1]}"

}

nginx_include_apps_enabled() {

    # Add the *NGINX_APPS_ENABLED* infrastruture to a nginx server block.  Such

    # infrastruture is already known from fedora, including apps (location

    # directives) from the /etc/nginx/default.d folder into the *default* nginx

    # server.

    # usage: nginx_include_apps_enabled <config-file>

    #

    #   config-file: Config file with server directive in.

    [[ -z $1 ]] && die_caller 42 "missing argument <config-file>"

    local server_conf="$1"

    # include /etc/nginx/default.d/*.conf;

    local include_directive="include ${NGINX_APPS_ENABLED}/*.conf;"

    local include_directive_re="^\s*include ${NGINX_APPS_ENABLED}/\*\.conf;"

    info_msg "checking existence: '${include_directive}' in file  ${server_conf}"

    if grep "${include_directive_re}" "${server_conf}"; then

        info_msg "OK, already exists."

        return

    fi

    info_msg "add missing directive: '${include_directive}'"

    cp "${server_conf}" "${server_conf}.bak"

    (

        local line

        local stage=0

        while IFS=  read -r line

        do

            echo "$line"

            if [[ $stage = 0 ]]; then

                if [[ $line =~ ^[[:space:]]*server*[[:space:]]*\{ ]]; then

                    stage=1

                fi

            fi

            if [[ $stage = 1 ]]; then

                echo "        # Load configuration files for the default server block."

                echo "        $include_directive"

                echo ""

                stage=2

            fi

        done < "${server_conf}.bak"

    ) > "${server_conf}"

}

nginx_remove_app() {

    # usage:  nginx_remove_app <myapp.conf>

    info_msg "remove nginx app: $1"

    nginx_dissable_app "$1"

    rm -f "${NGINX_APPS_AVAILABLE}/$1"

}

nginx_enable_app() {

    # usage:  nginx_enable_app <myapp.conf>

    local CONF="$1"

    info_msg "enable nginx app: ${CONF}"

    mkdir -p "${NGINX_APPS_ENABLED}"

    rm -f "${NGINX_APPS_ENABLED}/${CONF}"

    ln -s "${NGINX_APPS_AVAILABLE}/${CONF}" "${NGINX_APPS_ENABLED}/${CONF}"

    nginx_reload

}

nginx_dissable_app() {

    # usage:  nginx_disable_app <myapp.conf>

    local CONF="$1"

    info_msg "disable nginx app: ${CONF}"

    rm -f "${NGINX_APPS_ENABLED}/${CONF}"

    nginx_reload

}

# Apache

# ------

# ----------------------------------------------------------------------------

    _cmd="$(basename "$0")"

    cat <<EOF

usage::

  $_cmd build        [containers|<name>]

  $_cmd copy         [images]

  $_cmd remove       [containers|<name>|images]

  :suite:        show services of all (or <name>) containers from the LXC suite

  :images:       show information of local images

cmd

  use single qoutes to evaluate in container's bash, e.g. 'echo $(hostname)'

  use single qoutes to evaluate in container's bash, e.g.: 'echo \$(hostname)'

  --             run command '...' in all containers of the LXC suite

  :<name>:       run command '...' in container <name>

install

    fi

    case $1 in

        --source-only)  ;;

        --getenv)  var="$2"; echo "${!var}"; exit 0;;

        -h|--help) usage; exit 0;;

        build)

            sudo_or_exit

            case $2 in

                ${LXC_HOST_PREFIX}-*) build_container "$2" ;;

                ''|containers) build_all_containers ;;

                ''|--|containers) build_all_containers ;;

                *) usage "$_usage"; exit 42;;

            esac

            ;;

        remove)

            sudo_or_exit

            case $2 in

                ''|containers) remove_containers ;;

                ''|--|containers) remove_containers ;;

                images) lxc_delete_images_localy ;;

                ${LXC_HOST_PREFIX}-*)

                    ! lxc_exists "$2" && usage_containers "unknown container: $2" && exit 42

        start|stop)

            sudo_or_exit

            case $2 in

                ''|containers)  lxc_cmd "$1" ;;

                ''|--|containers)  lxc_cmd "$1" ;;

                ${LXC_HOST_PREFIX}-*)

                    ! lxc_exists "$2" && usage_containers "unknown container: $2" && exit 42

                    info_msg "lxc $1 $2"

                            lxc exec -t "$3" -- "${LXC_REPO_ROOT}/utils/lxc.sh" __show suite \

                                | prefix_stdout "[${_BBlue}$3${_creset}]  "

                        ;;

                        *) show_suite;;

                        *|--) show_suite;;

                    esac

                    ;;

                images) show_images ;;

                            ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42

                            lxc config show "$3" | prefix_stdout "[${_BBlue}${3}${_creset}] "

                        ;;

                        *)

                        *|--)

                            rst_title "container configurations"

                            echo

                            lxc list "$LXC_HOST_PREFIX-"

                            ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42

                            lxc info "$3" | prefix_stdout "[${_BBlue}${3}${_creset}] "

                            ;;

                        *)

                        *|--)

                            rst_title "container info"

                            echo

                            lxc_cmd info

                            ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42

                            lxc_exec_cmd "$3" "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2"

                            ;;

                        '') lxc_exec "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2" ;;

                        ''|--) lxc_exec "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2" ;;

                        *) usage_containers "unknown container: $3" && exit 42

                    esac

                    ;;