diff --git a/.env b/.env index 7ffd335..666f8e7 100644 --- a/.env +++ b/.env @@ -1,10 +1,13 @@ -# hostname and protocol +# hostname and protocol (empty except for localhost, set to "https://") SEARX_HOSTNAME=localhost - -# empty unless SEARX_HOSTNAME is localhost in this case "https://" SEARX_PROTOCOL=https:// +SEARX_TLS=self_signed -# Let's Encrypt : email provided +# automaticaly update settings to the new version +# comment this line if you made / will make some modifications to the settings +SEARX_COMMAND=-f + +# Let's encrypt contact information LETSENCRYPT_EMAIL=email@example.com # Do you agree Let's Encrypt TOS https://letsencrypt.org/repository/ diff --git a/Caddyfile b/Caddyfile index d1fe36d..2f341c3 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,5 +1,5 @@ {$SEARX_PROTOCOL}{$SEARX_HOSTNAME} { - tls self_signed + tls {$SEARX_TLS} gzip { not /morty } @@ -48,8 +48,18 @@ -Pragma } + cache { + match_path /static + status_header X-Cache-Status + default_max_age 12h + path /tmp/caddy-cache + } + + rewrite /status /searx-checker/status.json + proxy / 127.0.0.1:4040 { transparent + except /searx-checker/status.json } basicauth /filtron {$FILTRON_USER} {$FILTRON_PASSWORD} @@ -57,7 +67,6 @@ without /filtron } - proxy /morty 127.0.0.1:3000 limits { @@ -66,4 +75,6 @@ body /morty 5MB } + # ratelimit * /morty 150 300 hour + } diff --git a/README.md b/README.md index 9a996a6..9065cde 100644 --- a/README.md +++ b/README.md @@ -5,26 +5,42 @@ See https://github.com/asciimoo/searx/issues/1561 ) Do not use it for now : this is a work in progress and there is no antibot feature. +## What is included ? + +- [Caddy](https://github.com/abiosoft/caddy-docker) as a reverse proxy (create a LetsEncrypt certificate automaticaly) +- [filtron](https://github.com/asciimoo/filtron): See [#4](https://github.com/asciimoo/filtron/pull/4) to build the docker image. +- [searx](https://github.com/asciimoo/searx): See [#1629](https://github.com/asciimoo/searx/pull/1629) to build the docker image. +- [morty](https://github.com/asciimoo/morty): clone the project, then "make build" to create the docker image + ## How to use it - [Install docker](https://docs.docker.com/install/) - [Install docker-compose](https://docs.docker.com/compose/install/) - Get searx-docker ```sh -mkdir -p /opt -cd /opt +cd /usr/local git clone https://github.com/searx/searx-docker.git +cd searx-docker ``` -- Configure the .env file -- Check using ```docker-compose up``` -- If everything is working, then : +- Edit the .env file according to your need +- Check everything is working: ```./start.sh```, +- ```cp searx-docker.service.template searx-docker.service``` +- edit the content of ```WorkingDirectory``` in the ```searx-docker.service``` file (only if the installation path is different from /usr/local/searx-docker) +- Install the systemd unit : ```sh -cp /opt/searx-docker/searx-docker.service /etc/systemd/system +systemctl enable $(pwd)/searx-docker.service systemctl start searx-docker.service ``` -## What is included ? +## Custom docker-compose.yaml -- [Caddy](https://github.com/abiosoft/caddy-docker) as a reverse proxy (take care to call LetsEncrypt) -- [filtron](https://github.com/asciimoo/filtron): See [#4](https://github.com/asciimoo/filtron/pull/4) to build the docker image. -- [searx](https://github.com/asciimoo/searx): See [#1629](https://github.com/asciimoo/searx/pull/1629) to build the docker image. -- [morty](https://github.com/asciimoo/morty): clone the project, then "make build" to create the docker image +Do not modify docker-compose.yaml otherwise you won't be able to update easily from the git repository. + +It is possible to the [extend feature](https://docs.docker.com/compose/extends/) of docker-compose : +- stop the service : ```systemctl stop searx-docker.service``` +- create a new docker-compose-extend.yaml, check with ```start.sh``` +- update searx-docker.service (see SEARX_DOCKERCOMPOSEFILE) +- restart the servie : ```systemctl restart searx-docker.service``` + +## How to update ? + +- Check the content of ```update.sh``` diff --git a/docker-compose.yaml b/docker-compose.yaml index 9e7557e..7485994 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -11,12 +11,14 @@ services: network_mode: host command: -email ${LETSENCRYPT_EMAIL} -agree=${LETSENCRYPT_AGREE} -log stdout -host ${SEARX_HOSTNAME} -conf /etc/Caddyfile volumes: - - ./Caddyfile:/etc/Caddyfile - - ./caddy:/root/.caddy - - ./srv:/srv + - ./Caddyfile:/etc/Caddyfile:rw + - ./caddy:/root/.caddy:rw + - ./srv:/srv:rw + - searx-checker:/srv/searx-checker:rw environment: - SEARX_HOSTNAME=${SEARX_HOSTNAME} - - SEARX_PROTOCOL=${SEARX_PROTOCOL} + - SEARX_PROTOCOL=${SEARX_PROTOCOL:-} + - SEARX_TLS=${SEARX_TLS:-} - FILTRON_USER=${FILTRON_USER} - FILTRON_PASSWORD=${FILTRON_PASSWORD} cap_drop: @@ -43,14 +45,15 @@ services: searx: container_name: searx - image: searx + image: asciimoo/searx hostname: searx restart: always networks: searx: ipv4_address: 10.10.10.4 + command: ${SEARX_COMMAND:-} volumes: - - ./searx:/etc/searx + - ./searx:/etc/searx:rw environment: - BIND_ADDRESS=10.10.10.4:8080 - BASE_URL=https://${SEARX_HOSTNAME}/ @@ -74,7 +77,7 @@ services: networks: searx: ipv4_address: 10.10.10.5 - command: -listen 10.10.10.5:3000 -timeout 3 -ipv6 + command: -listen 10.10.10.5:3000 -timeout 6 -ipv6 environment: - MORTY_KEY=${MORTY_KEY} logging: @@ -83,9 +86,24 @@ services: cap_drop: - ALL + searx-checker: + container_name: searx-checker + image: searx/searx-checker + hostname: searx-checker + restart: always + networks: + searx: + ipv4_address: 10.10.10.6 + command: -cron -o html/data/status.json http://10.10.10.4:8080 + volumes: + - searx-checker:/usr/local/searx-checker/html/data:rw + networks: searx: ipam: driver: default config: - subnet: 10.10.10.0/24 + +volumes: + searx-checker: diff --git a/searx-docker.service b/searx-docker.service deleted file mode 100644 index c641a25..0000000 --- a/searx-docker.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=searx-docker service -Requires=docker.service -After=docker.service - -[Service] -Restart=always - -WorkingDirectory=/opt/searx-docker/ - -# Remove old containers, images and volumes -ExecStartPre=/usr/local/bin/docker-compose down -v -ExecStartPre=/usr/local/bin/docker-compose rm -fv - -# Compose up -ExecStart=/usr/bin/docker-compose up - -# Compose down, remove containers and volumes -ExecStop=/usr/local/bin/docker-compose down -v - -[Install] -WantedBy=multi-user.target diff --git a/searx-docker.service.template b/searx-docker.service.template new file mode 100644 index 0000000..470454b --- /dev/null +++ b/searx-docker.service.template @@ -0,0 +1,17 @@ +<[Unit] +Description=searx service +Requires=docker.service +After=docker.service + +[Service] +Restart=always + +Environment=SEARX_DOCKERCOMPOSEFILE=docker-compose.yaml + +WorkingDirectory=/usr/local/searx-docker + +ExecStart=/bin/sh -c "start.sh" +ExecStop=/bin/sh -c "stop.sh" + +[Install] +WantedBy=multi-user.target diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..dbfecbf --- /dev/null +++ b/start.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +. ./util.sh + +if grep -q "MORTY_KEY=RemplaceWithARealKey!" .env; then + echo "In the .env file, you must configure MORTY_KEY" 1>&2 + CANT_START=1 +fi + +if grep -q "FILTRON_PASSWORD=password" .env; then + echo "In the .env file, you must configure FILTRON_PASSWORD" 1>&2 + CANT_START=1 +fi + +if [ $CANT_START ]; then + exit 1 +fi + +$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE down -v +$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE rm -fv +$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE up diff --git a/stop.sh b/stop.sh new file mode 100755 index 0000000..c11628b --- /dev/null +++ b/stop.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +. ./util.sh + +$DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE down -v diff --git a/update.sh b/update.sh new file mode 100755 index 0000000..ea0a0e9 --- /dev/null +++ b/update.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +. ./util.sh + +if [ ! -x "${which systemctl}" ]; then + echo "systemctl not found" 1>&2 + exit 1 +fi + +if [ ! -x "${which git}" ]; then + echo "git not found" 1>&2 + exit 1 +fi + +# stop the systemd service +systemctl stop searx-docker.service + +# save local modification +git stash push + +# update only if fast forward can be used, saver than "git pull --rebase" +git pull --ff-only || { + git stash pop + echo "The local and remote branches have diverged. Please update manually." + echo "Use\n systemctl start searx-docker.service\nto restart searx" + exit 1 +} + +# re-apply local modification +git stash pop + +# update docker images +docker-compose pull + +# update searx configuration +source ./.env +docker-compose run searx ${SEARX_COMMAND} -d + +# let the user see +echo "Use\n systemctl start searx-docker.service\nto restart searx" diff --git a/util.sh b/util.sh new file mode 100644 index 0000000..d208347 --- /dev/null +++ b/util.sh @@ -0,0 +1,28 @@ +BASE_DIR="$(dirname -- "`readlink -f -- "$0"`")" +cd -- "$BASE_DIR" +set -e + +DOCKERCOMPOSE=$(which docker-compose || echo "/usr/local/bin/docker-compose") +DOCKERCOMPOSEFILE="${DOCKERCOMPOSEFILE:-docker-compose.yaml}" + +echo "use ${DOCKERCOMPOSEFILE}" + +if [ ! -x "$(which docker)" ]; then + echo "docker not found" 1>&2 + exit 1 +fi + +if ! docker version > /dev/null 2>&1; then + echo "can't execute docker (current user: $(whoami))" 1>&2 + exit 1 +fi + +if [ ! -x "${DOCKERCOMPOSE}" ]; then + echo "docker-compose not found" 1>&2 + exit 1 +fi + +if [ ! -f "${DOCKERCOMPOSEFILE}" ]; then + echo "${DOCKERCOMPOSEFILE} not found" 1>&2 + exit 1 +fi