Searx » Historique » Version 9
sacha, 10/03/2019 12:01
1 | 9 | sacha | # Searx |
---|---|---|---|
2 | 8 | ||
3 | 9 | sacha | ## Installation |
4 | |||
5 | https://github.com/asciimoo/searx |
||
6 | 8 | https://asciimoo.github.io/searx/ |
|
7 | |||
8 | Installation: https://asciimoo.github.io/searx/dev/install/installation.html |
||
9 | |||
10 | 9 | sacha | a2enmod remoteip |
11 | 8 | ||
12 | /etc/apache2/conf-available/remoteip.conf |
||
13 | |||
14 | 9 | sacha | RemoteIPHeader X-Forwarded-For |
15 | RemoteIPTrustedProxy 127.0.0.1 ::1 |
||
16 | 8 | ||
17 | 9 | sacha | a2enconf remoteip |
18 | service apache2 reload |
||
19 | |||
20 | 8 | /etc/apache2/sites-available/searx.aquilenet.fr |
|
21 | |||
22 | 9 | sacha | <VirtualHost *:80> |
23 | ServerName searx.aquilenet.fr |
||
24 | DocumentRoot /srv/www/aquilenet.fr/searx |
||
25 | <Directory> /srv/www/aquilenet.fr/searx> |
||
26 | # RewriteEngine On |
||
27 | # RewriteCond %{HTTPS} !=on |
||
28 | # RewriteRule ^/?(.*) https://pad.aquilenet.fr/$1 [R,L] |
||
29 | Redirect permanent / https://searx.aquilenet.fr/ |
||
30 | 8 | Require all granted |
|
31 | 9 | sacha | </Directory> |
32 | Alias /.well-known/acme-challenge /srv/letsencrypt/challenges/searx.aquilenet.fr |
||
33 | <Directory /srv/letsencrypt/challenges/searx.aquilenet.fr> |
||
34 | Require all granted |
||
35 | </Directory> |
||
36 | </VirtualHost> |
||
37 | |||
38 | <VirtualHost *:443> |
||
39 | DocumentRoot /srv/www/aquilenet.fr/searx |
||
40 | ServerName searx.aquilenet.fr |
||
41 | AllowEncodedSlashes On |
||
42 | |||
43 | SSLEngine on |
||
44 | SSLCompression off |
||
45 | SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128" |
||
46 | SSLHonorCipherOrder on |
||
47 | SSLProtocol TLSv1.2 |
||
48 | #SSLCertificateFile /etc/letsencrypt/live/searx.aquilenet.fr/fullchain.pem |
||
49 | #SSLCertificateKeyFile /etc/letsencrypt/live/searx.aquilenet.fr/privkey.pem |
||
50 | SSLCertificateFile /srv/letsencrypt/pem/searx.aquilenet.fr.pem |
||
51 | SSLCertificateKeyFile /srv/letsencrypt/private/searx.aquilenet.fr.key |
||
52 | # SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams_4096.pem" |
||
53 | |||
54 | ErrorLog /var/log/apache2/searx.aqln.error.log |
||
55 | LogLevel warn |
||
56 | CustomLog /var/log/apache2/searx.aqln.access.log combined |
||
57 | |||
58 | <FilesMatch \.xml$> |
||
59 | SetEnv no-gzip 1 |
||
60 | </FilesMatch> |
||
61 | |||
62 | <Proxy http://127.0.0.1:4004/*> |
||
63 | Allow from all |
||
64 | </Proxy> |
||
65 | |||
66 | <Location /> |
||
67 | Options FollowSymlinks Indexes |
||
68 | ProxyPass http://127.0.0.1:4004/ |
||
69 | ProxyPassReverse http://127.0.0.1:4004/ |
||
70 | SetHandler uwsgi-handler |
||
71 | uWSGISocket /run/uwsgi/app/searx/socket |
||
72 | |||
73 | </location> |
||
74 | <Location /.well-known> |
||
75 | SetHandler none |
||
76 | </location> |
||
77 | |||
78 | <Directory /> |
||
79 | Options FollowSymLinks |
||
80 | AllowOverride None |
||
81 | 8 | Require all granted |
|
82 | 9 | sacha | </Directory> |
83 | |||
84 | Alias /.well-known/acme-challenge /srv/letsencrypt/challenges/searx.aquilenet.fr |
||
85 | <Directory /srv/letsencrypt/challenges/searx.aquilenet.fr> |
||
86 | Require all granted |
||
87 | </Directory> |
||
88 | |||
89 | </VirtualHost> |
||
90 | 8 | ||
91 | /etc/uwsgi/apps-available/searx.ini |
||
92 | |||
93 | 9 | sacha | [uwsgi] |
94 | # Quel est l'utilisateur qui fera tourner le code |
||
95 | uid = searx |
||
96 | gid = searx |
||
97 | |||
98 | # No log + la vie privée = <3 |
||
99 | disable-logging = true |
||
100 | |||
101 | # Nombre de workers (habituellement, on met le nombre de processeurs de la machine) |
||
102 | workers = 4 |
||
103 | |||
104 | # Quels sont les droits sur le socket créé |
||
105 | chmod-socket = 666 |
||
106 | |||
107 | # Plugin à utiliser et configuration de l'interpréteur |
||
108 | single-interpreter = true |
||
109 | master = true |
||
110 | plugin = python |
||
111 | |||
112 | # Module à importer |
||
113 | module = searx.webapp |
||
114 | |||
115 | #base = /srv/www/aquilenet.fr/searx |
||
116 | |||
117 | # Chemin du virtualenv |
||
118 | virtualenv = /srv/www/aquilenet.fr/searx/searx-ve/ |
||
119 | pythonpath = /srv/www/aquilenet.fr/searx/searx/ |
||
120 | #chdir = /srv/www/aquilenet.fr/searx/searx/ |
||
121 | |||
122 | #callable = app |
||
123 | |||
124 | # Socket |
||
125 | #socket = /run/uwsgi/app/searx/socket |
||
126 | |||
127 | #add-header = Content-Security-Policy: default-src 'self' |
||
128 | #add-header = X-Content-Security-Policy: default-src 'self' |
||
129 | #add-header = X-WebKit-CSP: default-src 'self' |
||
130 | #add-header = X-Content-Type-Options: nosniff |
||
131 | #add-header = X-XSS-Protection: 1; mode=block |
||
132 | #add-header = X-Frame-Options: DENY |
||
133 | #add-header = Strict-Transport-Security: max-age=631138519; includeSubDomains |
||
134 | |||
135 | #filtron |
||
136 | http = 127.0.0.1:8888 |
||
137 | 8 | ||
138 | 9 | sacha | ## Anti bot |
139 | Pour éviter de se faire pourrir par les bots: https://asciimoo.github.io/searx/admin/filtron.html |
||
140 | 8 | ||
141 | 9 | sacha | cat /srv/www/aquilenet.fr/searx/gocode/filtron/rules.json |
142 | [ |
||
143 | { |
||
144 | "name": "search request", |
||
145 | "filters": ["Param:q", "Path=^(/|/search)$"], |
||
146 | "interval": 60, |
||
147 | "limit": 10, |
||
148 | "actions": [{"name": "log"}], |
||
149 | "subrules": [ |
||
150 | { |
||
151 | "name": "roboagent limit", |
||
152 | "interval": 60, |
||
153 | "limit": 10, |
||
154 | "filters": ["Header:User-Agent=(curl|cURL|Wget|python-requests|Scrapy|FeedFetcher|Go-http-client)"], |
||
155 | "actions": [ |
||
156 | {"name": "block", |
||
157 | "params": {"message": "Rate limit exceeded"}} |
||
158 | ] |
||
159 | }, |
||
160 | { |
||
161 | "name": "botlimit", |
||
162 | "limit": 0, |
||
163 | "stop": true, |
||
164 | "filters": ["Header:User-Agent=(Googlebot|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT)"], |
||
165 | "actions": [ |
||
166 | {"name": "block", |
||
167 | "params": {"message": "Rate limit exceeded"}} |
||
168 | ] |
||
169 | }, |
||
170 | { |
||
171 | "name": "IP limit", |
||
172 | "interval": 60, |
||
173 | "limit": 10, |
||
174 | "stop": true, |
||
175 | "aggregations": ["Header:X-Forwarded-For"], |
||
176 | "actions": [ |
||
177 | {"name": "block", |
||
178 | "params": {"message": "Rate limit exceeded"}} |
||
179 | ] |
||
180 | }, |
||
181 | { |
||
182 | "name": "rss/json limit", |
||
183 | "interval": 60, |
||
184 | "limit": 10, |
||
185 | "stop": true, |
||
186 | "filters": ["Param:format=(csv|json|rss)"], |
||
187 | "actions": [ |
||
188 | {"name": "block", |
||
189 | "params": {"message": "Rate limit exceeded"}} |
||
190 | ] |
||
191 | }, |
||
192 | { |
||
193 | "name": "useragent limit", |
||
194 | "interval": 60, |
||
195 | "limit": 10, |
||
196 | "aggregations": ["Header:User-Agent"], |
||
197 | "actions": [ |
||
198 | {"name": "block", |
||
199 | "params": {"message": "Rate limit exceeded"}} |
||
200 | ] |
||
201 | } |
||
202 | ] |
||
203 | } |
||
204 | ] |
||
205 | 8 | ||
206 | 9 | sacha | creation d'un beuk-systemd service filtron |
207 | 8 | ||
208 | 9 | sacha | /etc/systemd/system/filtron.service |
209 | [Unit] |
||
210 | Description=Filtron anti flood for searx Daemon |
||
211 | After=network-online.target |
||
212 | |||
213 | [Service] |
||
214 | Type=simple |
||
215 | |||
216 | User=searx |
||
217 | Group=searx |
||
218 | UMask=007 |
||
219 | |||
220 | ExecStart=/srv/www/aquilenet.fr/searx/gocode/filtron/bin/filtron -rules /srv/www/aquilenet.fr/searx/gocode/filtron/rules.json |
||
221 | |||
222 | Restart=on-failure |
||
223 | |||
224 | # Configures the time to wait before service is stopped forcefully. |
||
225 | TimeoutStopSec=300 |
||
226 | |||
227 | [Install] |
||
228 | WantedBy=multi-user.target |
||
229 | 8 | ||
230 | 9 | sacha | Un peu de cli systemd: |
231 | 8 | ||
232 | 9 | sacha | systemctl daemon-reload |
233 | systemctl enable filtron.service |
||
234 | systemctl start filtron |
||
235 | systemctl status filtron |
||
236 | 8 | ||
237 | |||
238 | 9 | sacha | ## Mise à jour |
239 | 8 | ||
240 | 9 | sacha | cd /srv/www/aquilenet.fr/searx/searx |
241 | sudo -u searx -i |
||
242 | . ./searx-ve/bin/activate |
||
243 | git stash |
||
244 | git pull origin master |
||
245 | git stash apply |
||
246 | ./manage.sh update_packages |
||
247 | sudo service uwsgi restart |