14 changed files with 452 additions and 164 deletions
--- a/.env
+++ b/.env
@ -1,7 +1,14 @@
 # By default listen on https://localhost
 # To change this:
-# * uncomment SEARXNG_HOSTNAME, and replace <host> by the SearXNG hostname
+# * uncomment SEARX_HOSTNAME, and replace <host> by the searx hostname
 # * uncomment LETSENCRYPT_EMAIL, and replace <email> by your email (require to create a Let's Encrypt certificate)
-# SEARXNG_HOSTNAME=<host>
+# SEARX_HOSTNAME=<host>
 # LETSENCRYPT_EMAIL=<email>
 # automatically update settings to the new version
 # comment this line if you made / will make some modifications to the settings
 SEARX_COMMAND=-f
 # use openssl rand -base64 33
 MORTY_KEY=ReplaceWithARealKey!
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,6 @@
 *~
-searxng-docker.service
+searx-docker.service
 caddy
 srv
-searxng/uwsgi.ini
+searx
--- a/54
+++ b/54
@ -2,18 +2,16 @@
  admin off
 }
-{$SEARXNG_HOSTNAME} {
+{$SEARX_HOSTNAME} {
  log {
        output discard
  }
-  tls {$SEARXNG_TLS}
+  tls {$SEARX_TLS}
  @api {
        path /config
-        path /healthz
+	path /status
        path /stats/errors
        path /stats/checker
  }
  @static {
@ -24,12 +22,12 @@
        not path /static/*
  }
-  @imageproxy {
+  @morty {
-        path /image_proxy
+        path /morty/*
  }
-  @notimageproxy {
+  @notmorty {
-        not path /image_proxy
+        not path /morty/*
  }
  header {
@ -42,10 +40,10 @@
        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
        X-Content-Type-Options "nosniff"
-        # Disable some features
+        # Disallow the site to be rendered within a frame (clickjacking protection)
-        Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
+        X-Frame-Options "SAMEORIGIN"
-        # Disable some features (legacy)
+        # Disable some features
        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
        # Referer
@ -66,8 +64,8 @@
  # Cache
  header @static {
        # Cache
-        Cache-Control "public, max-age=31536000"
+	Cache-Control "public, max-age=31536000"
-        defer
+	defer
  }
  header @notstatic {
@ -77,22 +75,36 @@
  }
  # CSP (see http://content-security-policy.com/ )
-  header @imageproxy {
+  header @morty {
-        Content-Security-Policy "default-src 'none'; img-src 'self' data:"
+	Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; img-src 'self' data:; font-src 'self'; frame-src 'self'"
  }
-  header @notimageproxy {
+  header @notmorty {
-        Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
+        Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
  }
-  # SearXNG
+  # Searx-Checker
  uri replace /status /searx-checker/status.json
  handle /searx-checker/status.json {
        root * /srv
        file_server
  }
  # Morty
  handle @morty {
        reverse_proxy localhost:3000
  }
  # Filtron
  handle {
        encode zstd gzip
-        reverse_proxy localhost:8080 {
+        reverse_proxy localhost:4040 {
               header_up X-Forwarded-Port {http.request.port}
               header_up X-Forwarded-Proto {http.request.scheme}
-               header_up X-Real-IP {remote_host}
+               header_up X-Forwarded-TlsProto {tls_protocol}
               header_up X-Forwarded-TlsCipher {tls_cipher}
               header_up X-Forwarded-HttpsProto {proto}
        }
  }
--- a/README.md
+++ b/README.md
@ -1,88 +1,68 @@
-# searxng-docker
+# searx-docker
-Create a new SearXNG instance in five minutes using Docker
+Create a new searx instance in five minutes using Docker (see https://github.com/asciimoo/searx/issues/1561 )
 ## What is included ?
 | Name | Description | Docker image | Dockerfile |
 | -- | -- | -- | -- |
-| [Caddy](https://github.com/caddyserver/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [docker.io/library/caddy:2-alpine](https://hub.docker.com/_/caddy)           | [Dockerfile](https://github.com/caddyserver/caddy-docker/blob/master/Dockerfile.tmpl) |
+| [Caddy](https://github.com/caddy/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [caddy/caddy:2-alpine](https://hub.docker.com/_/caddy) | [Dockerfile](https://github.com/caddyserver/caddy-docker) |
-| [SearXNG](https://github.com/searxng/searxng) | SearXNG by itself                                              | [docker.io/searxng/searxng:latest](https://hub.docker.com/r/searxng/searxng) | [Dockerfile](https://github.com/searxng/searxng/blob/master/Dockerfile)               |
+| [Filtron](https://github.com/asciimoo/filtron) |  Filtering reverse HTTP proxy, bot and abuse protection | [dalf/filtron:latest](https://hub.docker.com/r/dalf/filtron) | See [asciimoo/filtron#4](https://github.com/asciimoo/filtron/pull/4) |
-| [Valkey](https://github.com/valkey-io/valkey) | In-memory database                                             | [cgr.dev/chainguard/valkey:latest](https://cgr.dev/chainguard/valkey)        | [Valkey-image](https://github.com/chainguard-images/images/tree/main/images/valkey)             |
+| [Searx](https://github.com/asciimoo/searx) | searx by itself | [searx/searx:latest](https://hub.docker.com/r/searx/searx) | [Dockerfile](https://github.com/searx/searx/blob/master/Dockerfile) |
 | [Morty](https://github.com/asciimoo/morty) | Privacy aware web content sanitizer proxy as a service. | [dalf/morty:latest](https://hub.docker.com/r/dalf/morty) | [Dockerfile](https://github.com/dalf/morty/blob/master/Dockerfile) |
 | [Searx-checker](https://github.com/searx/searx-checker) | Check which engines return results of the instance.<br>JSON result available at<br>```https://{SEARX_HOSTNAME}/status```<br>Automatically updated every 24h | [searx/searx-checker:latest](https://hub.docker.com/r/searx/searx-checker) | [Dockerfile](https://github.com/searx/searx-checker/blob/master/Dockerfile) |
 ## How to use it
 - [Install docker](https://docs.docker.com/install/)
- Get searxng-docker
+- [Install docker-compose](https://docs.docker.com/compose/install/) (be sure that docker-compose version is at least 1.9.0).
-  ```sh
+- only on MacOSX: ```brew install coreutils``` to install ```greadlink```
-  cd /usr/local
+- Get searx-docker
-  git clone https://github.com/searxng/searxng-docker.git
+```sh
-  cd searxng-docker
+cd /usr/local
-  ```
+git clone https://github.com/searx/searx-docker.git
- Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
+cd searx-docker
- Generate the secret key `sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
+```
- Edit the [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) file according to your need
+- Edit the [.env](https://github.com/searx/searx-docker/blob/master/.env) file according to your need
- Check everything is working: `docker compose up`
+- Check everything is working: ```./start.sh```,
- Run SearXNG in the background: `docker compose up -d`
+- ```cp searx-docker.service.template searx-docker.service```
-
+- edit the content of ```WorkingDirectory``` in the ```searx-docker.service``` file (only if the installation path is different from /usr/local/searx-docker)
-> [!WARNING]  
+- Install the systemd unit :
-> If you use an older version of docker desktop (`< 3.6.0`), you may have to install Docker Compose v1.
+```sh
-> Accordingly, you should modify the commands in this documentation to suit Docker Compose v1. For instance, change 'docker compose up' to 'docker-compose up'.
+systemctl enable $(pwd)/searx-docker.service
->
+systemctl start searx-docker.service
-> [Install the docker-compose plugin](https://docs.docker.com/compose/install/#scenario-two-install-the-compose-plugin) (be sure that docker-compose version is at least 1.9.0)
+```
 ## How to access the logs
 To access the logs from all the containers use: `docker compose logs -f`.
 To access the logs of one specific container:
 - Caddy: `docker compose logs -f caddy`
 - SearXNG: `docker compose logs -f searxng`
 - Valkey: `docker compose logs -f redis`
 ### Start SearXNG with systemd
 You can skip this step if you don't use systemd.
 - ```cp searxng-docker.service.template searxng-docker.service```
 - edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is different from /usr/local/searxng-docker)
 - Install the systemd unit:
  ```sh
  systemctl enable $(pwd)/searxng-docker.service
  systemctl start searxng-docker.service
  ```
 ## Note on the image proxy feature
-The SearXNG image proxy is activated by default.
+The searx image proxy is activated by default using [Morty](https://github.com/asciimoo/morty).
-The default [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) allow the browser to access to ```${SEARXNG_HOSTNAME}``` and ```https://*.tile.openstreetmap.org;```.
+The default [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) allow the browser to access to {SEARX_HOSTNAME} and ```https://*.tile.openstreetmap.org;```.
-If some users want to disable the image proxy, you have to modify [./Caddyfile](https://github.com/searxng/searxng-docker/blob/master/Caddyfile). Replace the ```img-src 'self' data: https://*.tile.openstreetmap.org;``` by ```img-src * data:;```.
+If some users wants to disable the image proxy, you have to modify [./Caddyfile](https://github.com/searx/searx-docker/blob/master/Caddyfile). Replace the ```img-src 'self' data: https://*.tile.openstreetmap.org;``` by ```img-src * data:;```
 ## Custom docker-compose.yaml
 Do not modify docker-compose.yaml otherwise you won't be able to update easily from the git repository.
 It is possible to the [extend feature](https://docs.docker.com/compose/extends/) of docker-compose :
 - stop the service : ```systemctl stop searx-docker.service```
 - create a new docker-compose-extend.yaml, check with ```start.sh```
 - update searx-docker.service (see SEARX_DOCKERCOMPOSEFILE)
 - restart the servie  : ```systemctl restart searx-docker.service```
 ## Multi Architecture Docker images
-Supported architecture:
+For now only the amd64 platform is supported.
 - amd64
 - arm64
 - arm/v7
 ## How to update ?
-To update the SearXNG stack:
+Check the content of [```update.sh```](https://github.com/searx/searx-docker/blob/master/update.sh)
-```sh
+## Access to the Filtron API
-git pull
+
-docker compose pull
+The [Filtron API](https://github.com/asciimoo/filtron#api) is available on ```http://localhost:4041```
-docker compose up -d
+
 For example, to display the loaded rules:
 ```
-
+curl http://localhost:4041/rules | jq
 Or the old way (with the old docker-compose version):
 ```sh
 git pull
 docker-compose pull
 docker-compose up -d
 ```
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -1,77 +1,97 @@
-version: "3.7"
+version: '3.7'
 services:
  caddy:
    container_name: caddy
-    image: docker.io/library/caddy:2-alpine
+    image: caddy:2-alpine
    network_mode: host
    restart: unless-stopped
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - searx-checker:/srv/searx-checker:rw
      - caddy-data:/data:rw
      - caddy-config:/config:rw
    environment:
-      - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost:80}
+      - SEARX_HOSTNAME=${SEARX_HOSTNAME:-localhost}
-      - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
+      - SEARX_TLS=${LETSENCRYPT_EMAIL:-internal}
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
-    logging:
+      - DAC_OVERRIDE
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
-  redis:
+  filtron:
-    container_name: redis
+    container_name: filtron
-    image: cgr.dev/chainguard/valkey:latest
+    image: dalf/filtron
-    command: --save 30 1 --loglevel warning
+    restart: always
-    restart: unless-stopped
+    ports:
      - "127.0.0.1:4040:4040"
      - "127.0.0.1:4041:4041"
    networks:
-      - searxng
+      - searx
    command: -listen 0.0.0.0:4040 -api 0.0.0.0:4041 -target searx:8080
    volumes:
-      - valkey-data:/data
+      - ./rules.json:/etc/filtron/rules.json:rw
    read_only: true
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
-  searxng:
+  searx:
-    container_name: searxng
+    container_name: searx
-    image: docker.io/fauli1221/ponysearch:latest
+    image: searx/searx:latest
-    restart: unless-stopped
+    restart: always
    networks:
-      - searxng
+      - searx
-    ports:
+    command: ${SEARX_COMMAND:-}
      - "127.0.0.1:8080:8080"
    volumes:
-      - ./searxng:/etc/searxng:rw
+      - ./searx:/etc/searx:rw
    environment:
-      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
+      - BIND_ADDRESS=0.0.0.0:8080
      - BASE_URL=https://${SEARX_HOSTNAME:-localhost}/
      - MORTY_URL=https://${SEARX_HOSTNAME:-localhost}/morty/
      - MORTY_KEY=${MORTY_KEY}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - DAC_OVERRIDE
  morty:
    container_name: morty
    image: dalf/morty
    restart: always
    ports:
      - "127.0.0.1:3000:3000"
    networks:
      - searx
    command: -timeout 6 -ipv6
    environment:
      - MORTY_KEY=${MORTY_KEY}
      - MORTY_ADDRESS=0.0.0.0:3000
    logging:
-      driver: "json-file"
+      driver: none
-      options:
+    read_only: true
-        max-size: "1m"
+    cap_drop:
-        max-file: "1"
+      - ALL
  searx-checker:
    container_name: searx-checker
    image: searx/searx-checker
    restart: always
    networks:
      - searx
    command: -cron -o html/data/status.json http://searx:8080
    volumes:
      - searx-checker:/usr/local/searx-checker/html/data:rw
 networks:
-  searxng:
+  searx:
    ipam:
      driver: default
 volumes:
  searx-checker:
  caddy-data:
  caddy-config:
  valkey-data:
--- a/rules.json
+++ b/rules.json
@ -0,0 +1,147 @@
 [
    {
        "name": "searx.space",
        "filters": ["Header:X-Forwarded-For=nslookup(check.searx.space)"],
        "stop": true,
        "actions": [{ "name": "log"}]
    },
    {
        "name": "IP limit, all paths",
        "interval": 3,
        "limit": 25,
        "aggregations": ["Header:X-Forwarded-For"],
        "actions": [
            {"name": "block",
             "params": {"message": "Rate limit exceeded, try again later."}}
        ]
    },
    {
        "name": "useragent limit, all paths",
        "interval": 30,
        "limit": 200,
        "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"],
        "stop": true,
        "actions": [
            {"name": "block",
             "params": {"message": "Rate limit exceeded, try again later."}}
        ]
    },
    {
        "name": "search request",
        "filters": ["Param:q", "Path=^(/|/search)$"],
        "subrules": [
            {
                "name": "allow Firefox Android (issue #48 and #60)",
                "filters": [
                    "Param:q=^1$",
                    "Header:User-Agent=(^MozacFetch/[0-9]{2,3}.[0-9].[0-9]+$|^Mozilla/5.0 \\(Android [0-9]{1,2}(.[0-9]{1,2}.[0-9]{1,2})?; Mobile; rv:[0-9]{2,3}.[0-9]\\) Gecko/[0-9]{2,3}.[0-9] Firefox/[0-9]{2,3}.[0-9]$)"
                ],
                "stop": true,
                "actions": [{"name": "log"}]
            },
            {
                "name": "robot agent forbidden",
                "limit": 0,
                "stop": true,
                "filters": ["Header:User-Agent=([Cc][Uu][Rr][Ll]|[wW]get|Scrapy|splash|JavaFX|FeedFetcher|python-requests|Go-http-client|Java|Jakarta|okhttp|HttpClient|Jersey|Python|libwww-perl|Ruby|SynHttpClient|UniversalFeedParser)"],
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "bot forbidden",
                "limit": 0,
                "stop": true,
                "filters": ["Header:User-Agent=(Googlebot|GoogleImageProxy|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT|Sogou|Abonti|Pixray|Spinn3r|SemrushBot|Exabot|ZmEu|BLEXBot|bitlybot)"],
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "block missing accept-language",
                "filters": ["!Header:Accept-Language"],
                "limit": 0,
                "stop": true,
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "block Connection:close",
                "filters": ["Header:Connection=close"],
                "limit": 0,
                "stop": true,
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "block no gzip support",
                "filters": ["!Header:Accept-Encoding=(^gzip$|^gzip[;,]|[; ]gzip$|[; ]gzip[;,])"],
                "limit": 0,
                "stop": true,
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "block no deflate support",
                "filters": ["!Header:Accept-Encoding=(^deflate$|^deflate[;,]|[; ]deflate$|[; ]deflate[;,])"],
                "limit": 0,
                "stop": true,
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "block accept everything",
                "filters": ["!Header:Accept=text/html"],
                "limit": 0,
                "stop": true,
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded"}}
                ]
            },
            {
                "name": "rss/json limit",
                "interval": 3600,
                "limit": 4,
                "stop": true,
                "filters": ["Param:format=(csv|json|rss)"],
                "aggregations": ["Header:X-Forwarded-For"],
                "actions": [
                    {"name": "block",
 		     "params": {"message": "Rate limit exceeded, try again later."}}
                ]
            },
            {
                "name": "IP limit",
                "interval": 3,
                "limit": 3,
                "aggregations": ["Header:X-Forwarded-For"],
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded, try again later."}}
                ]
            },
            {
                "name": "IP and useragent limit",
                "interval": 600,
                "limit": 60,
                "stop": true,
                "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"],
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded, try again later."}}
 		]
            }
        ]
    }
 ]
--- a/searx-docker.service.template
+++ b/searx-docker.service.template
@ -0,0 +1,16 @@
 [Unit]
 Description=searx service
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=always
 Environment=SEARX_DIR=/usr/local/searx-docker
 Environment=SEARX_DOCKERCOMPOSEFILE=docker-compose.yaml
 ExecStart=/bin/sh -c "${SEARX_DIR}/start.sh"
 ExecStop=/bin/sh -c "${SEARX_DIR}/stop.sh"
 [Install]
 WantedBy=multi-user.target
--- a/searxng-docker.service.template
+++ b/searxng-docker.service.template
@ -1,16 +0,0 @@
 [Unit]
 Description=SearXNG service
 Requires=docker.service
 After=docker.service
 [Service]
 Restart=on-failure
 Environment=SEARXNG_DOCKERCOMPOSEFILE=docker-compose.yaml
 WorkingDirectory=/usr/local/searxng-docker
 ExecStart=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans
 ExecStop=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} down
 [Install]
 WantedBy=multi-user.target
--- a/searxng/limiter.toml
+++ b/searxng/limiter.toml
@ -1,6 +0,0 @@
 # This configuration file updates the default configuration file
 # See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
 [botdetection.ip_limit]
 # activate link_token method in the ip_limit method
 link_token = true
--- a/searxng/settings.yml
+++ b/searxng/settings.yml
@ -1,11 +0,0 @@
 # see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
 use_default_settings: true
 server:
  # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
  secret_key: "ultrasecretkey"  # change this!
  limiter: true  # can be disabled for a private instance
  image_proxy: true
 ui:
  static_use_hash: true
 redis:
  url: redis://redis:6379/0
--- a/start.sh
+++ b/start.sh
@ -0,0 +1,11 @@
 #!/bin/sh
 READLINK="$(which readlink greadlink | tail -n1)"
 BASE_DIR="$(dirname -- "`$READLINK -f -- "$0"`")"
 cd -- "$BASE_DIR"
 . ./util.sh
 $DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE down
 $DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE rm -fv
 $DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE up
--- a/stop.sh
+++ b/stop.sh
@ -0,0 +1,9 @@
 #!/bin/sh
 READLINK="$(which readlink greadlink | tail -n1)"
 BASE_DIR="$(dirname -- "`$READLINK -f -- "$0"`")"
 cd -- "$BASE_DIR"
 . ./util.sh
 $DOCKERCOMPOSE -f $DOCKERCOMPOSEFILE down
--- a/update.sh
+++ b/update.sh
@ -0,0 +1,93 @@
 #!/bin/sh
 #
 # Disclaimer: this is more a documentation than code to execute
 #
 # change if require
 SERVICE_NAME="searx-docker.service"
 # change if require :
 # fastforward : only fast-forward
 # rebase : rebase with autostash, at your own risk
 UPDATE_TYPE="fastforward"
 READLINK="$(which readlink greadlink | tail -n1)"
 BASE_DIR="$(dirname -- "`$READLINK -f -- "$0"`")"
 cd -- "$BASE_DIR"
 # check if git presence
 if [ ! -x "$(which git)" ]; then
    echo "git not found" 1>&2
    exit 1
 fi
 # check if the current user owns the local git repository
 git_owner=$(stat -c '%U' .git)
 if [ "$git_owner" != "$(whoami)" ]; then
    echo "The .git repository is own by $git_owner" 1>&2
    exit 1
 fi
 # warning if the current branch is not master
 current_branch=$(git rev-parse --abbrev-ref HEAD)
 if [ "$current_branch" != "master" ]; then
    echo "Warning: master won't be updated, only $current_branch"
 fi
 # git fetch first
 git fetch origin master
 # is everything already up-to-date ?
 current_commit=$(git rev-parse $current_branch)
 origin_master_commit=$(git rev-parse origin/master)
 if [ "$current_commit" = "$origin_master_commit" ]; then
    echo "Already up-to-date, commit $current_commit"
    exit 0
 fi
 # docker stuff
 SEARX_DOCKERCOMPOSE=$(grep "Environment=SEARX_DOCKERCOMPOSEFILE=" "$SERVICE_NAME" | awk -F\= '{ print $3 }')
 . ./util.sh
 if [ ! -x "$(which systemctl)" ]; then
    echo "systemctl not found" 1>&2
    exit 1
 fi
 # stop the systemd service now, because after the update
 # the code might be out of sync with the current running services
 systemctl stop "${SERVICE_NAME}"
 # update
 case "$UPDATE_TYPE" in
    "fastforward")
 	git pull --ff-only origin master
 	;;
    "rebase")
 	git pull --rebase --autostash origin master
 	;;
 esac
 # Check conflicts
 if [ $(git ls-files -u | wc -l) -gt 0 ]; then
    echo "There are git conflicts"
 else
    # update docker images
    docker-compose -f $DOCKERCOMPOSEFILE pull
    # remove dangling images
    docker rmi $(docker images -f "dangling=true" -q)
    # display searx version
    SEARX_IMAGE=$(cat $DOCKERCOMPOSEFILE | grep "searx/searx" | grep -v "searx-checker" | awk '{ print $2 }')
    SEARX_VERSION=$(docker inspect -f '{{index .Config.Labels "org.label-schema.version"}}' $SEARX_IMAGE)
    echo "Searx version: $SEARX_VERSION"
    docker images --digests "searx/*:latest"
    # update searx configuration
    source ./.env
    docker-compose -f $DOCKERCOMPOSEFILE run searx ${SEARX_COMMAND} -d
    # let the user see
    echo "Use\nsystemctl start \"${SERVICE_NAME}\"\nto restart searx"
 fi
--- a/util.sh
+++ b/util.sh
@ -0,0 +1,26 @@
 set -e
 DOCKERCOMPOSE=$(which docker-compose || echo "/usr/local/bin/docker-compose")
 DOCKERCOMPOSEFILE="${DOCKERCOMPOSEFILE:-docker-compose.yaml}"
 echo "use ${DOCKERCOMPOSEFILE}"
 if [ ! -x "$(which docker)" ]; then
    echo "docker not found" 1>&2
    exit 1
 fi
 if ! docker version > /dev/null 2>&1; then
    echo "can't execute docker (current user: $(whoami))" 1>&2
    exit 1
 fi
 if [ ! -x "${DOCKERCOMPOSE}" ]; then
    echo "docker-compose not found" 1>&2
    exit 1
 fi
 if [ ! -f "${DOCKERCOMPOSEFILE}" ]; then
    echo "${DOCKERCOMPOSEFILE} not found" 1>&2
    exit 1
 fi