Searx¶
Installation #1¶
https://github.com/asciimoo/searx
https://asciimoo.github.io/searx/
Installation: https://asciimoo.github.io/searx/dev/install/installation.html
a2enmod remoteip
/etc/apache2/conf-available/remoteip.conf
RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 ::1 a2enconf remoteip service apache2 reload
/etc/apache2/sites-available/searx.aquilenet.fr
<VirtualHost *:80>
ServerName searx.aquilenet.fr
DocumentRoot /srv/www/aquilenet.fr/searx
<Directory> /srv/www/aquilenet.fr/searx>
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?(.*) https://pad.aquilenet.fr/$1 [R,L]
Redirect permanent / https://searx.aquilenet.fr/
Require all granted
</Directory>
Alias /.well-known/acme-challenge /srv/letsencrypt/challenges/searx.aquilenet.fr
<Directory /srv/letsencrypt/challenges/searx.aquilenet.fr>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /srv/www/aquilenet.fr/searx
ServerName searx.aquilenet.fr
AllowEncodedSlashes On
SSLEngine on
SSLCompression off
SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
SSLHonorCipherOrder on
SSLProtocol TLSv1.2
#SSLCertificateFile /etc/letsencrypt/live/searx.aquilenet.fr/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/searx.aquilenet.fr/privkey.pem
SSLCertificateFile /srv/letsencrypt/pem/searx.aquilenet.fr.pem
SSLCertificateKeyFile /srv/letsencrypt/private/searx.aquilenet.fr.key
# SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams_4096.pem"
ErrorLog /var/log/apache2/searx.aqln.error.log
LogLevel warn
CustomLog /var/log/apache2/searx.aqln.access.log combined
<FilesMatch \.xml$>
SetEnv no-gzip 1
</FilesMatch>
<Proxy http://127.0.0.1:4004/*>
Allow from all
</Proxy>
<Location />
Options FollowSymlinks Indexes
ProxyPass http://127.0.0.1:4004/
ProxyPassReverse http://127.0.0.1:4004/
SetHandler uwsgi-handler
uWSGISocket /run/uwsgi/app/searx/socket
</location>
<Location /.well-known>
SetHandler none
</location>
<Directory />
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Alias /.well-known/acme-challenge /srv/letsencrypt/challenges/searx.aquilenet.fr
<Directory /srv/letsencrypt/challenges/searx.aquilenet.fr>
Require all granted
</Directory>
</VirtualHost>
/etc/uwsgi/apps-available/searx.ini
[uwsgi] # Quel est l'utilisateur qui fera tourner le code uid = searx gid = searx # No log + la vie privée = <3 disable-logging = true # Nombre de workers (habituellement, on met le nombre de processeurs de la machine) workers = 4 # Quels sont les droits sur le socket créé chmod-socket = 666 # Plugin à utiliser et configuration de l'interpréteur single-interpreter = true master = true plugin = python # Module à importer module = searx.webapp #base = /srv/www/aquilenet.fr/searx # Chemin du virtualenv virtualenv = /srv/www/aquilenet.fr/searx/searx/searx-ve/ pythonpath = /srv/www/aquilenet.fr/searx/searx/ #chdir = /srv/www/aquilenet.fr/searx/searx/ #callable = app # Socket #socket = /run/uwsgi/app/searx/socket #add-header = Content-Security-Policy: default-src 'self' #add-header = X-Content-Security-Policy: default-src 'self' #add-header = X-WebKit-CSP: default-src 'self' #add-header = X-Content-Type-Options: nosniff #add-header = X-XSS-Protection: 1; mode=block #add-header = X-Frame-Options: DENY #add-header = Strict-Transport-Security: max-age=631138519; includeSubDomains #filtron http = 127.0.0.1:8888
Anti bot¶
Pour éviter de se faire pourrir par les bots: https://asciimoo.github.io/searx/admin/filtron.html
cat /srv/www/aquilenet.fr/searx/gocode/filtron/rules.json
[
{
"name": "search request",
"filters": ["Param:q", "Path=^(/|/search)$"],
"interval": 60,
"limit": 10,
"actions": [{"name": "log"}],
"subrules": [
{
"name": "roboagent limit",
"interval": 60,
"limit": 10,
"filters": ["Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"],
"actions": [
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "botlimit",
"limit": 0,
"stop": true,
"filters": ["Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"],
"actions": [
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "IP limit",
"interval": 60,
"limit": 2,
"stop": true,
"aggregations": ["Header:X-Forwarded-For"],
"actions": [
{"name": "block",
"params": {"message": "IP-Blocked"}}
]
},
{
"name": "rss/json limit",
"interval": 60,
"limit": 2,
"stop": true,
"filters": ["Param:format=(csv|json|rss)"],
"actions": [
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
},
{
"name": "useragent limit",
"interval": 60,
"limit": 10,
"aggregations": ["Header:User-Agent"],
"actions": [
{"name": "block",
"params": {"message": "Rate limit exceeded"}}
]
}
]
}
]
creation d'un beuk-systemd service filtron
/etc/systemd/system/filtron.service [Unit] Description=Filtron anti flood for searx Daemon After=network-online.target [Service] Type=simple User=searx Group=searx UMask=007 ExecStart=/srv/www/aquilenet.fr/searx/gocode/filtron/bin/filtron -rules /srv/www/aquilenet.fr/searx/gocode/filtron/rules.json Restart=on-failure # Configures the time to wait before service is stopped forcefully. TimeoutStopSec=300 [Install] WantedBy=multi-user.target
Un peu de cli systemd:
systemctl daemon-reload systemctl enable filtron.service systemctl start filtron systemctl status filtron
Mise à jour #1¶
cd /srv/www/aquilenet.fr/searx/searx
sudo -u searx -i
. ./searx-ve/bin/activate
git stash
git pull origin master
git stash apply
./manage.sh update_packages
sudo service uwsgi restart
Installation #2¶
Instance disponible sur : https://searx-adsillh.melisse.org (nécessite une adresse ipv6 publique depuis son client).
Contacts : cyril.millet@aquilenet.fr et habib.belaribi@aquilenet.fr
Rapport technique (installation et contribution au projet Searx sur github.com/searx/searx ) sous licence CCO au format pdf, dans le menu "Fichiers" (auteurs : Cyril Millet, Guzel Katnik, Habib Belaribi, Marc Cenon, Pierre Chevalier).
Prochaine étape visée : installation d'une nouvelle instance Searx sur Gaia.