From 051880d6b3ee31de2c187ff9fb2ae0a47bc0df96 Mon Sep 17 00:00:00 2001 From: rafa_99 Date: Sat, 16 Apr 2022 21:40:03 +0100 Subject: First Commit --- README.md | 2 + searx/README.md | 9 ++++ searx/deploy | 49 ++++++++++++++++++++ searx/nginx/sites-available/searx | 20 +++++++++ searx/uwsgi/apps-available/searx.ini | 87 ++++++++++++++++++++++++++++++++++++ 5 files changed, 167 insertions(+) create mode 100644 README.md create mode 100644 searx/README.md create mode 100755 searx/deploy create mode 100644 searx/nginx/sites-available/searx create mode 100644 searx/uwsgi/apps-available/searx.ini diff --git a/README.md b/README.md new file mode 100644 index 0000000..b975137 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# Self Hosting Services +Some setup scripts for my self-hosted services on a debian server. diff --git a/searx/README.md b/searx/README.md new file mode 100644 index 0000000..31baa1d --- /dev/null +++ b/searx/README.md @@ -0,0 +1,9 @@ +# SearX +Self hosted SearX instance with default configurations + +To install just run the script using: + +`bash deploy` + +## About +All the configurations are implemented on local area network, to host searx as just as local host, remove your ip from `nginx/sites-available/searx` under server\_name diff --git a/searx/deploy b/searx/deploy new file mode 100755 index 0000000..d6d630f --- /dev/null +++ b/searx/deploy @@ -0,0 +1,49 @@ +#!/bin/bash + +# Installing dependencies +sudo apt install -y python3-dev python3-babel python3-venv uwsgi uwsgi-plugin-python3 git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev shellcheck nginx + +# SearX +## Creating and setting up user +sudo -H useradd --shell /bin/bash --system \ + --home-dir "/usr/local/searx" \ + --comment 'Privacy-respecting metasearch engine' searx + +sudo -H mkdir "/usr/local/searx" +sudo -H chown -R "searx:searx" "/usr/local/searx" + +## Installing searx +sudo -H -u searx git clone "https://github.com/searx/searx.git" "/usr/local/searx/searx-src" +sudo -H -u searx python3 -m venv "/usr/local/searx/searx-pyenv" +echo "export SEARX_SETTINGS_PATH=\"/etc/searx/settings.yml\"" | sudo -H -u searx tee -a "/usr/local/searx/.profile" > /dev/null +echo ". /usr/local/searx/searx-pyenv/bin/activate" | sudo -H -u searx tee -a "/usr/local/searx/.profile" > /dev/null +sudo -H -u searx /usr/local/searx/searx-pyenv/bin/pip install -U pip setuptools wheel pyyaml +sudo -H -u searx /usr/local/searx/searx-pyenv/bin/pip install -e "/usr/local/searx/searx-src" + +## Configurating SearX +sudo -H mkdir -p "/etc/searx" +sudo -H cp "/usr/local/searx/searx-src/utils/templates/etc/searx/use_default_settings.yml" "/etc/searx/settings.yml" + +sudo -H sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "/etc/searx/settings.yml" + +# uwsgi +sudo -H cp -rf uwsgi/ /etc/ +sudo -H ln -s /etc/uwsgi/apps-available/searx.ini /etc/uwsgi/apps-enabled/ +sudo -H mkdir -p /run/uwsgi/app/searx/ +sudo -H chown -R searx:searx /run/uwsgi/app/searx/ + +# Nginx +sudo -H cp -rf nginx/ /etc/ +sudo -H sed -i -e "s:YOURIP:$(hostname -I | cut -d" " -f1):g" /etc/nginx/sites-available/searx +sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx +sudo -H rm -rf /etc/nginx/sites-enabled/default + +# SSL +sudo -H mkdir -p /usr/local/searx/searx-src/certs +openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") +sudo mv localhost.* /usr/local/searx/searx-src/certs + +# Restarting services +sudo -H systemctl restart nginx +sudo -H systemctl enable nginx +sudo -H service uwsgi restart searx diff --git a/searx/nginx/sites-available/searx b/searx/nginx/sites-available/searx new file mode 100644 index 0000000..4f96937 --- /dev/null +++ b/searx/nginx/sites-available/searx @@ -0,0 +1,20 @@ +# Default server configuration +# +server { + server_name YOURIP hostname.local; + + listen 443; + listen [::]:443; + + ssl on; + ssl_certificate /usr/local/searx/searx-src/certs/localhost.crt; + ssl_certificate_key /usr/local/searx/searx-src/certs/localhost.key; + + location / { + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/app/searx/socket; + } + + root /usr/local/searx/searx-src/searx; + location /static { } +} diff --git a/searx/uwsgi/apps-available/searx.ini b/searx/uwsgi/apps-available/searx.ini new file mode 100644 index 0000000..430a455 --- /dev/null +++ b/searx/uwsgi/apps-available/searx.ini @@ -0,0 +1,87 @@ +[uwsgi] + +# uWSGI core +# ---------- +# +# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core + +# Who will run the code +uid = searx +gid = searx + +# set (python) default encoding UTF-8 +env = LANG=C.UTF-8 +env = LANGUAGE=C.UTF-8 +env = LC_ALL=C.UTF-8 + +# chdir to specified directory before apps loading +chdir = /usr/local/searx/searx-src/searx + +# searx configuration (settings.yml) +env = SEARX_SETTINGS_PATH=/etc/searx/settings.yml + +# disable logging for privacy +disable-logging = true + +# The right granted on the created socket +chmod-socket = 666 + +# Plugin to use and interpretor config +single-interpreter = true + +# enable master process +master = true + +# load apps in each worker instead of the master +lazy-apps = true + +# load uWSGI plugins +plugin = python3,http + +# By default the Python plugin does not initialize the GIL. This means your +# app-generated threads will not run. If you need threads, remember to enable +# them with enable-threads. Running uWSGI in multithreading mode (with the +# threads options) will automatically enable threading support. This *strange* +# default behaviour is for performance reasons. +enable-threads = true + + +# plugin: python +# -------------- +# +# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-python + +# load a WSGI module +module = searx.webapp + +# set PYTHONHOME/virtualenv +virtualenv = /usr/local/searx/searx-pyenv + +# add directory (or glob) to pythonpath +pythonpath = /usr/local/searx/searx-src + + +# speak to upstream +# ----------------- +# +# Activate the 'http' configuration for filtron or activate the 'socket' +# configuration if you setup your HTTP server to use uWSGI protocol via sockets. + +# using IP: +# +# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http +# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html + +# http = 127.0.0.1:8888 + +# using unix-sockets: +# +# On some distributions you need to create the app folder for the sockets:: +# +# mkdir -p /run/uwsgi/app/searx +# chown -R searx:searx /run/uwsgi/app/searx +# +socket = /run/uwsgi/app/searx/socket + +# Cache +cache2 = name=searxcache,items=2000,blocks=2000,blocksize=4096,bitmap=1 -- cgit v1.2.3