Ponysearch/docs/admin/installation.rst

238 lines
5.1 KiB
ReStructuredText
Raw Normal View History

2016-07-15 18:41:05 +02:00
.. _installation:
============
2015-11-17 23:13:30 +01:00
Installation
============
.. sidebar:: Searx server setup
- :ref:`installation nginx`
- :ref:`installation apache`
If you do not have any special preferences, it is recommend to use
:ref:`searx.sh`.
.. contents:: Contents
:depth: 2
:local:
:backlinks: entry
.. _installation basic:
2015-11-17 23:13:30 +01:00
Basic installation
==================
2015-11-17 23:13:30 +01:00
Step by step installation with virtualenv. For Ubuntu, be sure to have enable
universe repository.
Install packages:
.. tabs::
2015-11-17 23:13:30 +01:00
.. group-tab:: Ubuntu / debian
2015-11-17 23:13:30 +01:00
.. code-block:: sh
2015-11-17 23:13:30 +01:00
$ sudo -H apt-get install -m \
git build-essential
libxslt-dev python3-dev python3-babel python3-venv \
zlib1g-dev libffi-dev libssl-dev
2015-11-17 23:13:30 +01:00
Install searx:
2015-11-17 23:13:30 +01:00
.. code:: sh
sudo -H useradd searx --system --disabled-password -d /usr/local/searx
2020-02-08 13:24:08 +01:00
sudo -H usermod -a -G shadow searx
cd /usr/local/searx
sudo -H git clone https://github.com/asciimoo/searx.git searx-src
sudo -H chown searx:searx -R /usr/local/searx
2015-11-17 23:13:30 +01:00
Install virtualenv:
2015-11-17 23:13:30 +01:00
.. code:: sh
sudo -H -u searx -i
(searx)$ python3 -m venv searx-pyenv
(searx)$ echo 'source ~/searx-pyenv/bin/activate' > ~/.profile
Exit the searx bash and restart a new to install the searx dependencies:
.. code:: sh
sudo -H -u searx -i
(searx)$ cd searx-src
(searx)$ ./manage.sh update_packages
2015-11-17 23:13:30 +01:00
Configuration
==============
2015-11-17 23:13:30 +01:00
.. code:: sh
sudo -H -u searx -i
(searx)$ cd searx-src
(searx)$ sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml
2015-11-17 23:13:30 +01:00
Edit searx/settings.yml if necessary.
Check
=====
2015-11-17 23:13:30 +01:00
Start searx:
2015-11-17 23:13:30 +01:00
.. code:: sh
sudo -H -u searx -i
(searx)$ cd searx-src
(searx)$ python3 searx/webapp.py
2015-11-17 23:13:30 +01:00
Go to http://localhost:8888
If everything works fine, disable the debug option in settings.yml:
2015-11-17 23:13:30 +01:00
.. code:: sh
sed -i -e "s/debug : True/debug : False/g" searx/settings.yml
At this point searx is not demonized ; uwsgi allows this. You can exit the
virtualenv and the searx user bash (enter exit command twice).
2015-11-17 23:13:30 +01:00
uwsgi
=====
2015-11-17 23:13:30 +01:00
Install packages:
2015-11-17 23:13:30 +01:00
.. tabs::
2015-11-17 23:13:30 +01:00
.. group-tab:: Ubuntu / debian
2015-11-17 23:13:30 +01:00
.. code-block:: bash
2015-11-17 23:13:30 +01:00
sudo -H apt-get install uwsgi uwsgi-plugin-python3
Fix Nginx subdir URL install docs which allowed download of settings.yml Closes: #1617 There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments: ```nginx root /usr/local/searx; location = /searx { rewrite ^ /searx/; } try_files $uri @searx; } location @searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_modifier1 30; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` `try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored). To fix this, I propose: ```nginx location = /searx { rewrite ^ /searx/; } location /searx/static { } location /searx { uwsgi_param SCRIPT_NAME /searx; include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/searx/socket; } ``` And add ``` route-run = fixpathinfo: ``` to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again). https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this: > If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Create the configuration file ``/etc/uwsgi/apps-available/searx.ini`` with this
content:
2015-11-17 23:13:30 +01:00
.. code:: ini
2015-11-17 23:13:30 +01:00
[uwsgi]
2015-11-17 23:13:30 +01:00
# uWSGI core
# ----------
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
2015-11-17 23:13:30 +01:00
# Who will run the code
uid = searx
gid = searx
2015-11-17 23:13:30 +01:00
# chdir to specified directory before apps loading
chdir = /usr/local/searx/searx-src/searx
2015-11-17 23:13:30 +01:00
# disable logging for privacy
disable-logging = true
2015-11-17 23:13:30 +01:00
# The right granted on the created socket
chmod-socket = 666
2015-11-17 23:13:30 +01:00
# Plugin to use and interpretor config
single-interpreter = true
2015-11-17 23:13:30 +01:00
# enable master process
master = true
2015-11-17 23:13:30 +01:00
# load apps in each worker instead of the master
lazy-apps = true
2015-11-17 23:13:30 +01:00
# load uWSGI plugins
plugin = python3,http
2015-11-17 23:13:30 +01:00
# By default the Python plugin does not initialize the GIL. This means your
# app-generated threads will not run. If you need threads, remember to enable
# them with enable-threads. Running uWSGI in multithreading mode (with the
# threads options) will automatically enable threading support. This *strange*
# default behaviour is for performance reasons.
enable-threads = true
2015-11-17 23:13:30 +01:00
# plugin: python
# --------------
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-python
2015-11-17 23:13:30 +01:00
# load a WSGI module
module = searx.webapp
2015-11-17 23:13:30 +01:00
# set PYTHONHOME/virtualenv
virtualenv = /usr/local/searx/searx-pyenv
2015-11-17 23:13:30 +01:00
# add directory (or glob) to pythonpath
pythonpath = /usr/local/searx/searx-src
2015-11-17 23:13:30 +01:00
# plugin http
# -----------
#
# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
2015-11-17 23:13:30 +01:00
# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
http = 127.0.0.1:8888
2015-11-17 23:13:30 +01:00
Activate the uwsgi application and restart:
2015-11-17 23:13:30 +01:00
.. code:: sh
cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/searx.ini
/etc/init.d/uwsgi restart
2015-11-17 23:13:30 +01:00
How to update
=============
2015-11-17 23:13:30 +01:00
.. code:: sh
sudo -H -u searx -i
(searx)$ git stash
(searx)$ git pull origin master
(searx)$ git stash apply
(searx)$ ./manage.sh update_packages
Restart uwsgi:
.. tabs::
.. group-tab:: Ubuntu / debian
.. code:: sh
sudo -H systemctl restart uwsgi
2015-11-17 23:13:30 +01:00
Docker
======
Make sure you have installed Docker. For instance, you can deploy searx like this:
.. code:: sh
docker pull wonderfall/searx
docker run -d --name searx -p $PORT:8888 wonderfall/searx
Go to ``http://localhost:$PORT``.
See https://hub.docker.com/r/wonderfall/searx/ for more informations. It's also
possible to build searx from the embedded Dockerfile.
.. code:: sh
git clone https://github.com/asciimoo/searx.git
cd searx
docker build -t whatever/searx .
References
==========
* https://about.okhin.fr/posts/Searx/ with some additions
* How to: `Setup searx in a couple of hours with a free SSL certificate
<https://www.reddit.com/r/privacytoolsIO/comments/366kvn/how_to_setup_your_own_privacy_respecting_search/>`__