forked from Ponysearch/Ponysearch
apache: normalize installation (docs and script)s over all distros
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
parent
eb0d4646d8
commit
ee39a098ac
13 changed files with 289 additions and 196 deletions
|
@ -30,8 +30,6 @@ Install with apache
|
||||||
https://httpd.apache.org/docs/trunk/mod/core.html#location
|
https://httpd.apache.org/docs/trunk/mod/core.html#location
|
||||||
.. _uWSGI Apache support:
|
.. _uWSGI Apache support:
|
||||||
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
|
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
|
||||||
.. _apache uwsgi:
|
|
||||||
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
|
|
||||||
.. _mod_proxy_uwsgi:
|
.. _mod_proxy_uwsgi:
|
||||||
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
|
https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
|
||||||
|
|
||||||
|
@ -149,22 +147,6 @@ How this default intro site is configured, depends on the linux distribution
|
||||||
|
|
||||||
less /etc/httpd/conf.d/welcome.conf
|
less /etc/httpd/conf.d/welcome.conf
|
||||||
|
|
||||||
.. _The Debian Layout:
|
|
||||||
|
|
||||||
The Debian Layout
|
|
||||||
=================
|
|
||||||
|
|
||||||
Be aware that the Debian layout is quite different from the standard Apache
|
|
||||||
configuration. For details look at the README.Debian_
|
|
||||||
(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
|
|
||||||
Debian:
|
|
||||||
|
|
||||||
* :man:`apache2ctl`: Apache HTTP server control interface
|
|
||||||
* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
|
|
||||||
* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
|
|
||||||
* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites
|
|
||||||
|
|
||||||
|
|
||||||
.. _apache searx site:
|
.. _apache searx site:
|
||||||
|
|
||||||
Apache Reverse Proxy
|
Apache Reverse Proxy
|
||||||
|
@ -179,8 +161,12 @@ Apache Reverse Proxy
|
||||||
|
|
||||||
To setup a Apache revers proxy you have to enable the *headers* and *proxy*
|
To setup a Apache revers proxy you have to enable the *headers* and *proxy*
|
||||||
modules and create a `Location`_ configuration for the searx site. In most
|
modules and create a `Location`_ configuration for the searx site. In most
|
||||||
distributions you have to uncomment the lines in the main configuration file,
|
distributions you have to un-comment the lines in the main configuration file,
|
||||||
except in the :ref:`The Debian Layout`.
|
except in :ref:`The Debian Layout`.
|
||||||
|
|
||||||
|
To pass the HTTP HOST header
|
||||||
|
With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the
|
||||||
|
proxied host.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
|
@ -210,6 +196,8 @@ except in the :ref:`The Debian Layout`.
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
|
||||||
|
FIXME needs test
|
||||||
|
|
||||||
LoadModule headers_module modules/mod_headers.so
|
LoadModule headers_module modules/mod_headers.so
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
|
@ -221,7 +209,9 @@ except in the :ref:`The Debian Layout`.
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
|
||||||
LoadModule headers_module modules/mod_headers.so
|
FIXME needs test
|
||||||
|
|
||||||
|
LoadModule headers_module modules/mod_headers.so
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
|
|
||||||
|
@ -256,8 +246,7 @@ except in the :ref:`The Debian Layout`.
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
2. Configure reverse proxy for :ref:`morty <searx morty>`, listening on
|
2. Configure reverse proxy for :ref:`morty <searx morty>`, listening on
|
||||||
*localhost 3000* (FYI: ``ProxyPreserveHost On`` is already set, see
|
*localhost 3000*
|
||||||
above):
|
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
|
||||||
|
@ -297,10 +286,9 @@ uWSGI support
|
||||||
=============
|
=============
|
||||||
|
|
||||||
Be warned, with this setup, your instance isn't :ref:`protected <searx
|
Be warned, with this setup, your instance isn't :ref:`protected <searx
|
||||||
filtron>`. Nevertheless it is good enough for intranet usage and it
|
filtron>`, nevertheless it is good enough for intranet usage. In modern Linux
|
||||||
demonstrates: *how different the uwsgi support is, depending on the
|
distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache
|
||||||
distribution*. To enable :ref:`uWSGI <searx uwsgi>` support you need to install
|
package and you need to install only the :ref:`uWSGI <searx uwsgi>` package:
|
||||||
the apache `apache uwsgi`_ support:
|
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
|
@ -308,8 +296,10 @@ the apache `apache uwsgi`_ support:
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: sh
|
||||||
|
|
||||||
sudo -H apt-get install libapache2-mod-uwsgi
|
sudo -H apt-get install uwsgi
|
||||||
sudo -H a2enmod uwsgi
|
|
||||||
|
# Ubuntu =< 18.04
|
||||||
|
sudo -H apt-get install libapache2-mod-proxy-uwsgi
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
|
@ -317,43 +307,113 @@ the apache `apache uwsgi`_ support:
|
||||||
|
|
||||||
sudo -H pacman -S uwsgi
|
sudo -H pacman -S uwsgi
|
||||||
|
|
||||||
In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
|
|
||||||
modules (LoadModule_):
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
|
||||||
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
.. code:: sh
|
.. code:: sh
|
||||||
|
|
||||||
sudo -H dnf install uwsgi
|
sudo -H dnf install uwsgi
|
||||||
FIXME: enable uwsgi in apache
|
|
||||||
|
|
||||||
The next example shows a configuration using the `uWSGI Apache support`_ via
|
The next example shows a configuration using the `uWSGI Apache support`_ via
|
||||||
unix sockets. For socket communication, you have to activate ``socket =
|
unix sockets and `mod_proxy_uwsgi`_.
|
||||||
/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888``
|
|
||||||
configuration in your :ref:`uwsgi ini file <uwsgi configuration>`.
|
|
||||||
|
|
||||||
If not already exists, create a folder for the unix sockets, which can be
|
For socket communication, you have to activate ``socket =
|
||||||
used by the searx account:
|
/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888``
|
||||||
|
configuration in your :ref:`uwsgi ini file <uwsgi configuration>`. If not
|
||||||
|
already exists, create a folder for the unix sockets, which can be used by the
|
||||||
|
searx account (see :ref:`create searx user`):
|
||||||
|
|
||||||
.. code:: bash
|
.. code:: bash
|
||||||
|
|
||||||
sudo -H mkdir -p /run/uwsgi/app/searx/
|
sudo -H mkdir -p /run/uwsgi/app/searx/
|
||||||
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
|
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
|
||||||
|
|
||||||
To limit acces to your intranet replace ``Allow from all`` directive and replace
|
If the server is public; to limit access to your intranet replace ``Allow from
|
||||||
``192.168.0.0/16`` with your subnet IP/class.
|
all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class.
|
||||||
|
|
||||||
.. tabs::
|
.. tabs::
|
||||||
|
|
||||||
.. group-tab:: Ubuntu / debian
|
.. group-tab:: Ubuntu / debian
|
||||||
|
|
||||||
Debian uses the (old) `mod_uwsgi
|
.. code:: apache
|
||||||
|
|
||||||
|
LoadModule headers_module /usr/lib/apache2/mod_headers.so
|
||||||
|
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
|
||||||
|
LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
|
||||||
|
|
||||||
|
# SetEnvIf Request_URI /searx dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
|
<Location /searx>
|
||||||
|
|
||||||
|
Require all granted
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
|
Allow from all
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
||||||
|
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
.. group-tab:: Arch Linux
|
||||||
|
|
||||||
|
.. code:: apache
|
||||||
|
|
||||||
|
FIXME needs test
|
||||||
|
|
||||||
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
|
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||||
|
|
||||||
|
# SetEnvIf Request_URI /searx dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
|
<Location /searx>
|
||||||
|
|
||||||
|
Require all granted
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
|
Allow from all
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
||||||
|
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
.. group-tab:: Fedora / RHEL
|
||||||
|
|
||||||
|
.. code:: apache
|
||||||
|
|
||||||
|
FIXME needs test
|
||||||
|
|
||||||
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
|
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||||
|
<IfModule proxy_uwsgi_module>
|
||||||
|
|
||||||
|
# SetEnvIf Request_URI /searx dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
|
<Location /searx>
|
||||||
|
|
||||||
|
Require all granted
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
|
Allow from all
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
||||||
|
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
.. group-tab:: old mod_wsgi
|
||||||
|
|
||||||
|
We show this only for historical reasons, DON'T USE `mod_uwsgi
|
||||||
<https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_.
|
<https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_.
|
||||||
|
ANYMORE!
|
||||||
|
|
||||||
.. code:: apache
|
.. code:: apache
|
||||||
|
|
||||||
|
@ -379,58 +439,6 @@ To limit acces to your intranet replace ``Allow from all`` directive and replace
|
||||||
|
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
||||||
.. group-tab:: Arch Linux
|
|
||||||
|
|
||||||
Arch Linux uses the (recommend) `mod_proxy_uwsgi`_.
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
<IfModule proxy_uwsgi_module>
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI /searx dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location /searx>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
.. group-tab:: Fedora / RHEL
|
|
||||||
|
|
||||||
RHEL uses the (recommend) `mod_proxy_uwsgi`_.
|
|
||||||
|
|
||||||
.. code:: apache
|
|
||||||
|
|
||||||
<IfModule proxy_uwsgi_module>
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI /searx dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location /searx>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
ProxyPreserveHost On
|
|
||||||
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
.. _restart apache:
|
.. _restart apache:
|
||||||
|
|
||||||
Restart service
|
Restart service
|
||||||
|
@ -473,3 +481,18 @@ one of the lines and `restart apache`_::
|
||||||
The ``CustomLog`` directive disable logs for the whole (virtual) server, use it
|
The ``CustomLog`` directive disable logs for the whole (virtual) server, use it
|
||||||
when the URL of the service does not have a path component (``/searx``) / is
|
when the URL of the service does not have a path component (``/searx``) / is
|
||||||
located at root (``/``).
|
located at root (``/``).
|
||||||
|
|
||||||
|
.. _The Debian Layout:
|
||||||
|
|
||||||
|
The Debian Layout
|
||||||
|
=================
|
||||||
|
|
||||||
|
Be aware that the Debian layout is quite different from the standard Apache
|
||||||
|
configuration. For details look at the README.Debian_
|
||||||
|
(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
|
||||||
|
Debian:
|
||||||
|
|
||||||
|
* :man:`apache2ctl`: Apache HTTP server control interface
|
||||||
|
* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
|
||||||
|
* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
|
||||||
|
* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites
|
||||||
|
|
|
@ -25,6 +25,8 @@ Install packages
|
||||||
|
|
||||||
This installs also the packages needed by :ref:`searx uwsgi`
|
This installs also the packages needed by :ref:`searx uwsgi`
|
||||||
|
|
||||||
|
.. _create searx user:
|
||||||
|
|
||||||
Create user
|
Create user
|
||||||
===========
|
===========
|
||||||
|
|
||||||
|
|
|
@ -441,14 +441,12 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_FILTRON_SIT
|
||||||
|
|
||||||
! apache_is_installed && err_msg "Apache is not installed."
|
! apache_is_installed && err_msg "Apache is not installed."
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to continue?"; then
|
if ! ask_yn "Do you really want to continue?" Yn; then
|
||||||
return
|
return
|
||||||
|
else
|
||||||
|
install_apache
|
||||||
fi
|
fi
|
||||||
|
|
||||||
a2enmod headers
|
|
||||||
a2enmod proxy
|
|
||||||
a2enmod proxy_http
|
|
||||||
|
|
||||||
echo
|
echo
|
||||||
apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}"
|
apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}"
|
||||||
|
|
||||||
|
|
119
utils/lib.sh
119
utils/lib.sh
|
@ -627,21 +627,56 @@ EOF
|
||||||
# Apache
|
# Apache
|
||||||
# ------
|
# ------
|
||||||
|
|
||||||
# FIXME: Arch Linux & RHEL should be added
|
apache_distro_setup() {
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
case $DIST_ID-$DIST_VERS in
|
||||||
|
ubuntu-*|debian-*)
|
||||||
|
# debian uses the /etc/apache2 path, while other distros use
|
||||||
|
# the apache default at /etc/httpd
|
||||||
|
APACHE_SITES_AVAILABLE="/etc/apache2/sites-available"
|
||||||
|
APACHE_SITES_ENABLED="/etc/apache2/sites-enabled"
|
||||||
|
APACHE_MODULES="/usr/lib/apache2/modules"
|
||||||
|
APACHE_PACKAGES="apache2"
|
||||||
|
;;
|
||||||
|
arch-*)
|
||||||
|
APACHE_SITES_AVAILABLE="/etc/httpd/sites-available"
|
||||||
|
APACHE_SITES_ENABLED="/etc/httpd/sites-enabled"
|
||||||
|
APACHE_MODULES="modules"
|
||||||
|
APACHE_PACKAGES="apache"
|
||||||
|
;;
|
||||||
|
fedora-*)
|
||||||
|
APACHE_SITES_AVAILABLE="/etc/httpd/sites-available"
|
||||||
|
APACHE_SITES_ENABLED="/etc/httpd/sites-enabled"
|
||||||
|
APACHE_MODULES="modules"
|
||||||
|
APACHE_PACKAGES="httpd"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
if [[ -z "${APACHE_SITES_AVAILABE}" ]]; then
|
apache_distro_setup
|
||||||
APACHE_SITES_AVAILABE="/etc/apache2/sites-available"
|
|
||||||
fi
|
install_apache(){
|
||||||
|
info_msg "installing apache ..."
|
||||||
|
pkg_install "$APACHE_PACKAGES"
|
||||||
|
case $DIST_ID-$DIST_VERS in
|
||||||
|
arch-*|fedora-*)
|
||||||
|
if ! grep "IncludeOptional sites-enabled" "/etc/httpd/conf/httpd.conf"; then
|
||||||
|
echo "IncludeOptional sites-enabled/*.conf" >> "/etc/httpd/conf/httpd.conf"
|
||||||
|
fi
|
||||||
|
systemctl enable httpd
|
||||||
|
systemctl start httpd
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
apache_is_installed() {
|
apache_is_installed() {
|
||||||
case $DIST_ID-$DIST_VERS in
|
case $DIST_ID-$DIST_VERS in
|
||||||
ubuntu-*|debian-*)
|
ubuntu-*|debian-*) (command -v apachectl) &>/dev/null;;
|
||||||
(command -v apachectl \
|
arch-*) (command -v httpd) &>/dev/null;;
|
||||||
&& command -v a2ensite \
|
fedora-*) (command -v httpd) &>/dev/null;;
|
||||||
&& command -v a2dissite ) &>/dev/null
|
|
||||||
;;
|
|
||||||
arch) (command -v httpd) ;;
|
|
||||||
fedora) (command -v httpd) ;;
|
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -649,8 +684,16 @@ apache_reload() {
|
||||||
|
|
||||||
info_msg "reload apache .."
|
info_msg "reload apache .."
|
||||||
echo
|
echo
|
||||||
sudo -H apachectl configtest
|
case $DIST_ID-$DIST_VERS in
|
||||||
sudo -H service apache2 force-reload
|
ubuntu-*|debian-*)
|
||||||
|
sudo -H apachectl configtest
|
||||||
|
sudo -H systemctl force-reload apache2
|
||||||
|
;;
|
||||||
|
arch-*| fedora-*)
|
||||||
|
sudo -H httpd -t
|
||||||
|
sudo -H systemctl force-reload httpd
|
||||||
|
;;
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
apache_install_site() {
|
apache_install_site() {
|
||||||
|
@ -670,9 +713,8 @@ apache_install_site() {
|
||||||
done
|
done
|
||||||
|
|
||||||
install_template "${template_opts[@]}" \
|
install_template "${template_opts[@]}" \
|
||||||
"${APACHE_SITES_AVAILABE}/${pos_args[1]}" \
|
"${APACHE_SITES_AVAILABLE}/${pos_args[1]}" \
|
||||||
root root 644
|
root root 644
|
||||||
|
|
||||||
apache_enable_site "${pos_args[1]}"
|
apache_enable_site "${pos_args[1]}"
|
||||||
info_msg "installed apache site: ${pos_args[1]}"
|
info_msg "installed apache site: ${pos_args[1]}"
|
||||||
}
|
}
|
||||||
|
@ -683,15 +725,32 @@ apache_remove_site() {
|
||||||
|
|
||||||
info_msg "remove apache site: $1"
|
info_msg "remove apache site: $1"
|
||||||
apache_dissable_site "$1"
|
apache_dissable_site "$1"
|
||||||
rm -f "${APACHE_SITES_AVAILABE}/$1"
|
rm -f "${APACHE_SITES_AVAILABLE}/$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
apache_enable_site() {
|
apache_enable_site() {
|
||||||
|
|
||||||
# usage: apache_enable_site <mysite.conf>
|
# usage: apache_enable_site <mysite.conf>
|
||||||
|
|
||||||
info_msg "enable apache site: $1"
|
local CONF="$1"
|
||||||
sudo -H a2ensite -q "$1"
|
|
||||||
|
info_msg "enable apache site: ${CONF}"
|
||||||
|
|
||||||
|
case $DIST_ID-$DIST_VERS in
|
||||||
|
ubuntu-*|debian-*)
|
||||||
|
sudo -H a2ensite -q "${CONF}"
|
||||||
|
;;
|
||||||
|
arch-*)
|
||||||
|
mkdir -p "${APACHE_SITES_ENABLED}"
|
||||||
|
rm -f "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
;;
|
||||||
|
fedora-*)
|
||||||
|
mkdir -p "${APACHE_SITES_ENABLED}"
|
||||||
|
rm -f "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
apache_reload
|
apache_reload
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -699,9 +758,25 @@ apache_dissable_site() {
|
||||||
|
|
||||||
# usage: apache_disable_site <mysite.conf>
|
# usage: apache_disable_site <mysite.conf>
|
||||||
|
|
||||||
info_msg "disable apache site: $1"
|
local CONF="$1"
|
||||||
sudo -H a2dissite -q "$1"
|
|
||||||
apache_reload
|
info_msg "disable apache site: ${CONF}"
|
||||||
|
|
||||||
|
case $DIST_ID-$DIST_VERS in
|
||||||
|
ubuntu-*|debian-*)
|
||||||
|
sudo -H a2dissite -q "${CONF}"
|
||||||
|
;;
|
||||||
|
arch-*)
|
||||||
|
mkdir -p "${APACHE_SITES_ENABLED}"
|
||||||
|
rm -f "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
;;
|
||||||
|
fedora-*)
|
||||||
|
mkdir -p "${APACHE_SITES_ENABLED}"
|
||||||
|
rm -f "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
# uWSGI
|
# uWSGI
|
||||||
|
@ -741,7 +816,7 @@ uWSGI_distro_setup() {
|
||||||
uWSGI_GROUP="uwsgi"
|
uWSGI_GROUP="uwsgi"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
info_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented"
|
err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,7 +98,7 @@ start/stop
|
||||||
show
|
show
|
||||||
:info: show info of all (or <name>) containers from LXC suite
|
:info: show info of all (or <name>) containers from LXC suite
|
||||||
:config: show config of all (or <name>) containers from the LXC suite
|
:config: show config of all (or <name>) containers from the LXC suite
|
||||||
:suite: show services of all the containers from the LXC suite
|
:suite: show services of all (or <name>) containers from the LXC suite
|
||||||
:images: show information of local images
|
:images: show information of local images
|
||||||
cmd
|
cmd
|
||||||
use single qoutes to evaluate in container's bash, e.g. 'echo $(hostname)'
|
use single qoutes to evaluate in container's bash, e.g. 'echo $(hostname)'
|
||||||
|
@ -294,11 +294,9 @@ main() {
|
||||||
|
|
||||||
build_all_containers() {
|
build_all_containers() {
|
||||||
rst_title "Build all LXC containers of suite"
|
rst_title "Build all LXC containers of suite"
|
||||||
|
echo
|
||||||
usage_containers
|
usage_containers
|
||||||
lxc_copy_images_localy
|
lxc_copy_images_localy
|
||||||
echo
|
|
||||||
rst_title "build containers" section
|
|
||||||
echo
|
|
||||||
lxc_init_all_containers
|
lxc_init_all_containers
|
||||||
lxc_config_all_containers
|
lxc_config_all_containers
|
||||||
lxc_boilerplate_all_containers
|
lxc_boilerplate_all_containers
|
||||||
|
@ -368,7 +366,6 @@ remove_containers() {
|
||||||
|
|
||||||
lxc_copy_images_localy() {
|
lxc_copy_images_localy() {
|
||||||
rst_title "copy images" section
|
rst_title "copy images" section
|
||||||
echo
|
|
||||||
for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
|
for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
|
||||||
lxc_image_copy "${LXC_SUITE[i]}" "${LXC_SUITE[i+1]}"
|
lxc_image_copy "${LXC_SUITE[i]}" "${LXC_SUITE[i+1]}"
|
||||||
done
|
done
|
||||||
|
@ -477,7 +474,7 @@ lxc_init_all_containers() {
|
||||||
local container_name
|
local container_name
|
||||||
|
|
||||||
for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
|
for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
|
||||||
lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${image_name}"
|
lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
# -*- coding: utf-8; mode: makefile-gmake -*-
|
# -*- coding: utf-8; mode: makefile-gmake -*-
|
||||||
|
|
||||||
ifeq (,$(wildcard /.lxcenv.mk))
|
ifeq (,$(wildcard /.lxcenv.mk))
|
||||||
PHONY += lxc-activate
|
PHONY += lxc-activate lxc-purge
|
||||||
lxc-activate:
|
lxc-activate:
|
||||||
@$(MAKE) -s -f /share/searx/utils/makefile.lxc lxc-activate
|
@$(MAKE) -s -f /share/searx/utils/makefile.lxc lxc-activate
|
||||||
|
lxc-purge:
|
||||||
|
$(Q)rm -rf ./lxc
|
||||||
else
|
else
|
||||||
include /.lxcenv.mk
|
include /.lxcenv.mk
|
||||||
endif
|
endif
|
||||||
|
|
|
@ -402,15 +402,12 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE}
|
||||||
|
|
||||||
! apache_is_installed && err_msg "Apache is not installed."
|
! apache_is_installed && err_msg "Apache is not installed."
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to continue?"; then
|
if ! ask_yn "Do you really want to continue?" Yn; then
|
||||||
return
|
return
|
||||||
|
else
|
||||||
|
install_apache
|
||||||
fi
|
fi
|
||||||
|
|
||||||
a2enmod headers
|
|
||||||
a2enmod proxy
|
|
||||||
a2enmod proxy_http
|
|
||||||
|
|
||||||
echo
|
|
||||||
apache_install_site "${APACHE_MORTY_SITE}"
|
apache_install_site "${APACHE_MORTY_SITE}"
|
||||||
|
|
||||||
info_msg "testing public url .."
|
info_msg "testing public url .."
|
||||||
|
|
|
@ -75,21 +75,23 @@ texlive-xetex-bin texlive-collection-fontsrecommended
|
||||||
texlive-collection-latex dejavu-sans-fonts dejavu-serif-fonts
|
texlive-collection-latex dejavu-sans-fonts dejavu-serif-fonts
|
||||||
dejavu-sans-mono-fonts"
|
dejavu-sans-mono-fonts"
|
||||||
|
|
||||||
case $DIST_ID in
|
case $DIST_ID-$DIST_VERS in
|
||||||
ubuntu|debian)
|
ubuntu-16.04|ubuntu-18.04)
|
||||||
SEARX_PACKAGES="${SEARX_PACKAGES_debian}"
|
SEARX_PACKAGES="${SEARX_PACKAGES_debian}"
|
||||||
BUILD_PACKAGES="${BUILD_PACKAGES_debian}"
|
BUILD_PACKAGES="${BUILD_PACKAGES_debian}"
|
||||||
APACHE_PACKAGES="libapache2-mod-uwsgi"
|
APACHE_PACKAGES="$APACHE_PACKAGES libapache2-mod-proxy-uwsgi"
|
||||||
;;
|
;;
|
||||||
arch)
|
ubuntu-*|debian-*)
|
||||||
|
SEARX_PACKAGES="${SEARX_PACKAGES_debian}"
|
||||||
|
BUILD_PACKAGES="${BUILD_PACKAGES_debian}"
|
||||||
|
;;
|
||||||
|
arch-*)
|
||||||
SEARX_PACKAGES="${SEARX_PACKAGES_arch}"
|
SEARX_PACKAGES="${SEARX_PACKAGES_arch}"
|
||||||
BUILD_PACKAGES="${BUILD_PACKAGES_arch}"
|
BUILD_PACKAGES="${BUILD_PACKAGES_arch}"
|
||||||
APACHE_PACKAGES="uwsgi"
|
|
||||||
;;
|
;;
|
||||||
fedora)
|
fedora-*)
|
||||||
SEARX_PACKAGES="${SEARX_PACKAGES_fedora}"
|
SEARX_PACKAGES="${SEARX_PACKAGES_fedora}"
|
||||||
BUILD_PACKAGES="${BUILD_PACKAGES_fedora}"
|
BUILD_PACKAGES="${BUILD_PACKAGES_fedora}"
|
||||||
APACHE_PACKAGES="uwsgi"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
@ -462,6 +464,7 @@ EOF
|
||||||
wait_key
|
wait_key
|
||||||
info_msg "install needed python packages"
|
info_msg "install needed python packages"
|
||||||
tee_stderr 0.1 <<EOF | sudo -H -u "${SERVICE_USER}" -i 2>&1 | prefix_stdout "$_service_prefix"
|
tee_stderr 0.1 <<EOF | sudo -H -u "${SERVICE_USER}" -i 2>&1 | prefix_stdout "$_service_prefix"
|
||||||
|
pip install wheel
|
||||||
${SEARX_SRC}/manage.sh update_packages
|
${SEARX_SRC}/manage.sh update_packages
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
@ -735,21 +738,14 @@ This installs the searx uwsgi app as apache site. If your server is public to
|
||||||
the internet, you should instead use a reverse proxy (filtron) to block
|
the internet, you should instead use a reverse proxy (filtron) to block
|
||||||
excessively bot queries."
|
excessively bot queries."
|
||||||
|
|
||||||
case $DIST_ID-$DIST_VERS in
|
|
||||||
ubuntu-*|debian-*) : ;;
|
|
||||||
*) err_msg "sorry distro $DIST_ID $DIST_VERS not yet supported"; exit 42 ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
! apache_is_installed && err_msg "Apache is not installed."
|
! apache_is_installed && err_msg "Apache is not installed."
|
||||||
|
|
||||||
if ! ask_yn "Do you really want to install apache site for searx-uwsgi?"; then
|
if ! ask_yn "Do you really want to continue?" Yn; then
|
||||||
return
|
return
|
||||||
|
else
|
||||||
|
install_apache
|
||||||
fi
|
fi
|
||||||
|
|
||||||
pkg_install "$APACHE_PACKAGES"
|
|
||||||
a2enmod uwsgi
|
|
||||||
|
|
||||||
echo
|
|
||||||
apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}"
|
apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}"
|
||||||
|
|
||||||
if ! service_is_available "${PUBLIC_URL}"; then
|
if ! service_is_available "${PUBLIC_URL}"; then
|
||||||
|
|
1
utils/templates/etc/apache2
Symbolic link
1
utils/templates/etc/apache2
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
httpd
|
|
@ -1,27 +0,0 @@
|
||||||
# -*- coding: utf-8; mode: apache -*-
|
|
||||||
|
|
||||||
<IfModule mod_uwsgi.c>
|
|
||||||
|
|
||||||
# SetEnvIf Request_URI "${SEARX_URL_PATH}" dontlog
|
|
||||||
# CustomLog /dev/null combined env=dontlog
|
|
||||||
|
|
||||||
<Location ${SEARX_URL_PATH}>
|
|
||||||
|
|
||||||
<IfModule mod_security2.c>
|
|
||||||
SecRuleEngine Off
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
Require all granted
|
|
||||||
|
|
||||||
Options FollowSymLinks Indexes
|
|
||||||
SetHandler uwsgi-handler
|
|
||||||
uWSGISocket ${SEARX_UWSGI_SOCKET}
|
|
||||||
|
|
||||||
Order deny,allow
|
|
||||||
Deny from all
|
|
||||||
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
|
||||||
Allow from all
|
|
||||||
|
|
||||||
</Location>
|
|
||||||
|
|
||||||
</IfModule>
|
|
|
@ -1,6 +1,12 @@
|
||||||
# -*- coding: utf-8; mode: apache -*-
|
# -*- coding: utf-8; mode: apache -*-
|
||||||
|
|
||||||
ProxyPreserveHost On
|
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so
|
||||||
|
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||||
|
|
||||||
|
# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
<Location ${PUBLIC_URL_PATH_MORTY} >
|
<Location ${PUBLIC_URL_PATH_MORTY} >
|
||||||
|
|
||||||
|
@ -15,12 +21,8 @@ ProxyPreserveHost On
|
||||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
Allow from all
|
Allow from all
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
ProxyPass http://${MORTY_LISTEN}
|
ProxyPass http://${MORTY_LISTEN}
|
||||||
RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
|
RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY}
|
||||||
|
|
||||||
# In Apache it seems, that setting HTTP_HOST header directive here does have
|
|
||||||
# no effect. I needed to set 'ProxyPreserveHost On' (see above).
|
|
||||||
|
|
||||||
# RequestHeader set Host ${PUBLIC_HOST}
|
|
||||||
|
|
||||||
</Location>
|
</Location>
|
|
@ -1,6 +1,12 @@
|
||||||
# -*- coding: utf-8; mode: apache -*-
|
# -*- coding: utf-8; mode: apache -*-
|
||||||
|
|
||||||
ProxyPreserveHost On
|
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so
|
||||||
|
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||||
|
|
||||||
|
# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
# SecRuleRemoveById 981054
|
# SecRuleRemoveById 981054
|
||||||
# SecRuleRemoveById 981059
|
# SecRuleRemoveById 981059
|
||||||
|
@ -20,14 +26,8 @@ ProxyPreserveHost On
|
||||||
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
Allow from all
|
Allow from all
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
ProxyPass http://${FILTRON_LISTEN}
|
ProxyPass http://${FILTRON_LISTEN}
|
||||||
RequestHeader set X-Script-Name ${FILTRON_URL_PATH}
|
RequestHeader set X-Script-Name ${FILTRON_URL_PATH}
|
||||||
|
|
||||||
# In Apache it seems, that setting HTTP_HOST header directive here does have
|
|
||||||
# no effect. I needed to set 'ProxyPreserveHost On' (see above). HTTP_HOST
|
|
||||||
# (ProxyPreserveHost On) is needed by searx to render correct *Search URL*
|
|
||||||
# in the *Link* box and *saved preference*.
|
|
||||||
|
|
||||||
# RequestHeader set Host ${PUBLIC_HOST}
|
|
||||||
|
|
||||||
</Location>
|
</Location>
|
27
utils/templates/etc/httpd/sites-available/searx.conf:uwsgi
Normal file
27
utils/templates/etc/httpd/sites-available/searx.conf:uwsgi
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# -*- coding: utf-8; mode: apache -*-
|
||||||
|
|
||||||
|
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
|
||||||
|
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
|
||||||
|
LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so
|
||||||
|
# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
|
||||||
|
|
||||||
|
# SetEnvIf Request_URI "${SEARX_URL_PATH}" dontlog
|
||||||
|
# CustomLog /dev/null combined env=dontlog
|
||||||
|
|
||||||
|
<Location ${SEARX_URL_PATH}>
|
||||||
|
|
||||||
|
<IfModule mod_security2.c>
|
||||||
|
SecRuleEngine Off
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
Require all granted
|
||||||
|
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
|
||||||
|
Allow from all
|
||||||
|
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/
|
||||||
|
|
||||||
|
</Location>
|
Loading…
Reference in a new issue