installation-nginx.rst 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384
  1. .. _installation nginx:
  2. ==================
  3. Install with nginx
  4. ==================
  5. .. _nginx:
  6. https://docs.nginx.com/nginx/admin-guide/
  7. .. _nginx server configuration:
  8. https://docs.nginx.com/nginx/admin-guide/web-server/web-server/#setting-up-virtual-servers
  9. .. _nginx beginners guide:
  10. https://nginx.org/en/docs/beginners_guide.html
  11. .. _Getting Started wiki:
  12. https://www.nginx.com/resources/wiki/start/
  13. .. _uWSGI support from nginx:
  14. https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html
  15. .. _uwsgi_params:
  16. https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#configuring-nginx
  17. .. _SCRIPT_NAME:
  18. https://werkzeug.palletsprojects.com/en/1.0.x/wsgi/#werkzeug.wsgi.get_script_name
  19. .. sidebar:: further reading
  20. - nginx_
  21. - `nginx beginners guide`_
  22. - `nginx server configuration`_
  23. - `Getting Started wiki`_
  24. - `uWSGI support from nginx`_
  25. .. contents:: Contents
  26. :depth: 2
  27. :local:
  28. :backlinks: entry
  29. ----
  30. **Install** :ref:`nginx searx site` using :ref:`filtron.sh <filtron.sh overview>`
  31. .. code:: bash
  32. $ sudo -H ./utils/filtron.sh nginx install
  33. **Install** :ref:`nginx searx site` using :ref:`morty.sh <morty.sh overview>`
  34. .. code:: bash
  35. $ sudo -H ./utils/morty.sh nginx install
  36. ----
  37. The nginx HTTP server
  38. =====================
  39. If nginx_ is not installed (uwsgi will not work with the package nginx-light),
  40. install it now.
  41. .. tabs::
  42. .. group-tab:: Ubuntu / debian
  43. .. code:: sh
  44. sudo -H apt-get install nginx
  45. .. group-tab:: Arch Linux
  46. .. code-block:: sh
  47. sudo -H pacman -S nginx-mainline
  48. sudo -H systemctl enable nginx
  49. sudo -H systemctl start nginx
  50. .. group-tab:: Fedora / RHEL
  51. .. code-block:: sh
  52. sudo -H dnf install nginx
  53. sudo -H systemctl enable nginx
  54. sudo -H systemctl start nginx
  55. Now at http://localhost you should see a *Welcome to nginx!* page, on Fedora you
  56. see a *Fedora Webserver - Test Page*. The test page comes from the default
  57. `nginx server configuration`_. How this default intro site is configured,
  58. depends on the linux distribution:
  59. .. tabs::
  60. .. group-tab:: Ubuntu / debian
  61. .. code:: sh
  62. less /etc/nginx/nginx.conf
  63. there is a line including site configurations from:
  64. .. code:: nginx
  65. include /etc/nginx/sites-enabled/*;
  66. .. group-tab:: Arch Linux
  67. .. code-block:: sh
  68. less /etc/nginx/nginx.conf
  69. in there is a configuration section named ``server``:
  70. .. code-block:: nginx
  71. server {
  72. listen 80;
  73. server_name localhost;
  74. # ...
  75. }
  76. .. group-tab:: Fedora / RHEL
  77. .. code-block:: sh
  78. less /etc/nginx/nginx.conf
  79. there is a line including site configurations from:
  80. .. code:: nginx
  81. include /etc/nginx/conf.d/*.conf;
  82. .. _nginx searx site:
  83. A nginx searx site
  84. ==================
  85. .. sidebar:: public to the internet?
  86. If your searx instance is public, stop here and first install :ref:`filtron
  87. reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
  88. :ref:`installation scripts`. If already done, follow setup: *searx via
  89. filtron plus morty*.
  90. Now you have to create a configuration for the searx site. If nginx_ is new to
  91. you, the `nginx beginners guide`_ is a good starting point and the `Getting
  92. Started wiki`_ is always a good resource *to keep in the pocket*.
  93. .. tabs::
  94. .. group-tab:: Ubuntu / debian
  95. Create configuration at ``/etc/nginx/sites-available/searx`` and place a
  96. symlink to sites-enabled:
  97. .. code:: sh
  98. sudo -H ln -s /etc/nginx/sites-available/searx /etc/nginx/sites-enabled/searx
  99. .. group-tab:: Arch Linux
  100. In the ``/etc/nginx/nginx.conf`` file, replace the configuration section
  101. named ``server``.
  102. .. group-tab:: Fedora / RHEL
  103. Create configuration at ``/etc/nginx/conf.d/searx`` and place a
  104. symlink to sites-enabled:
  105. .. _nginx searx via filtron plus morty:
  106. .. tabs::
  107. .. group-tab:: searx via filtron plus morty
  108. Use this setup, if your instance is public to the internet, compare
  109. figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
  110. 1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
  111. *localhost 4004* (:ref:`filtron route request`):
  112. .. code:: nginx
  113. # https://example.org/searx
  114. location /searx {
  115. proxy_pass http://127.0.0.1:4004/;
  116. proxy_set_header Host $http_host;
  117. proxy_set_header Connection $http_connection;
  118. proxy_set_header X-Real-IP $remote_addr;
  119. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  120. proxy_set_header X-Scheme $scheme;
  121. proxy_set_header X-Script-Name /searx;
  122. }
  123. location /searx/static {
  124. alias /usr/local/searx/searx-src/searx/static;
  125. }
  126. 2. Configure reverse proxy for :ref:`morty <searx morty>`, listening on
  127. *localhost 3000*:
  128. .. code:: nginx
  129. # https://example.org/morty
  130. location /morty {
  131. proxy_pass http://127.0.0.1:3000/;
  132. proxy_set_header Host $http_host;
  133. proxy_set_header Connection $http_connection;
  134. proxy_set_header X-Real-IP $remote_addr;
  135. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  136. proxy_set_header X-Scheme $scheme;
  137. }
  138. For a fully result proxification add :ref:`morty's <searx morty>` **public
  139. URL** to your :origin:`searx/settings.yml`:
  140. .. code:: yaml
  141. result_proxy:
  142. # replace example.org with your server's public name
  143. url : https://example.org/morty
  144. key : !!binary "insert_your_morty_proxy_key_here"
  145. server:
  146. image_proxy : True
  147. .. group-tab:: proxy or uWSGI
  148. Be warned, with this setup, your instance isn't :ref:`protected <searx
  149. filtron>`. Nevertheless it is good enough for intranet usage and it is a
  150. excellent example of; *how different services can be set up*. The next
  151. example shows a reverse proxy configuration wrapping the :ref:`searx-uWSGI
  152. application <uwsgi configuration>`, listening on ``http =
  153. 127.0.0.1:8888``.
  154. .. code:: nginx
  155. # https://hostname.local/
  156. location / {
  157. proxy_pass http://127.0.0.1:8888;
  158. proxy_set_header Host $host;
  159. proxy_set_header Connection $http_connection;
  160. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  161. proxy_set_header X-Scheme $scheme;
  162. proxy_buffering off;
  163. }
  164. Alternatively you can use the `uWSGI support from nginx`_ via unix
  165. sockets. For socket communication, you have to activate ``socket =
  166. /run/uwsgi/app/searx/socket`` and comment out the ``http =
  167. 127.0.0.1:8888`` configuration in your :ref:`uwsgi ini file <uwsgi
  168. configuration>`.
  169. The example shows a nginx virtual ``server`` configuration, listening on
  170. port 80 (IPv4 and IPv6 http://[::]:80). The uWSGI app is configured at
  171. location ``/`` by importing the `uwsgi_params`_ and passing requests to
  172. the uWSGI socket (``uwsgi_pass``). The ``server``\'s root points to the
  173. :ref:`searx-src clone <searx-src>` and wraps directly the
  174. :origin:`searx/static/` content at ``location /static``.
  175. .. code:: nginx
  176. server {
  177. # replace hostname.local with your server's name
  178. server_name hostname.local;
  179. listen 80;
  180. listen [::]:80;
  181. location / {
  182. include uwsgi_params;
  183. uwsgi_pass unix:/run/uwsgi/app/searx/socket;
  184. }
  185. root /usr/local/searx/searx-src/searx;
  186. location /static { }
  187. }
  188. If not already exists, create a folder for the unix sockets, which can be
  189. used by the searx account:
  190. .. code:: bash
  191. mkdir -p /run/uwsgi/app/searx/
  192. sudo -H chown -R searx:searx /run/uwsgi/app/searx/
  193. .. group-tab:: \.\. at subdir URL
  194. Be warned, with these setups, your instance isn't :ref:`protected <searx
  195. filtron>`. The examples are just here to demonstrate how to export the
  196. searx application from a subdirectory URL ``https://example.org/searx/``.
  197. .. code:: nginx
  198. # https://hostname.local/searx
  199. location /searx {
  200. proxy_pass http://127.0.0.1:8888;
  201. proxy_set_header Host $host;
  202. proxy_set_header Connection $http_connection;
  203. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  204. proxy_set_header X-Scheme $scheme;
  205. proxy_set_header X-Script-Name /searx;
  206. proxy_buffering off;
  207. }
  208. location /searx/static {
  209. alias /usr/local/searx/searx-src/searx/static;
  210. }
  211. The ``X-Script-Name /searx`` is needed by the searx implementation to
  212. calculate relative URLs correct. The next example shows a uWSGI
  213. configuration. Since there are no HTTP headers in a (u)WSGI protocol, the
  214. value is shipped via the SCRIPT_NAME_ in the WSGI environment.
  215. .. code:: nginx
  216. # https://hostname.local/searx
  217. location /searx {
  218. uwsgi_param SCRIPT_NAME /searx;
  219. include uwsgi_params;
  220. uwsgi_pass unix:/run/uwsgi/app/searx/socket;
  221. }
  222. location /searx/static {
  223. alias /usr/local/searx/searx-src/searx;
  224. }
  225. For searx to work correctly the ``base_url`` must be set in the
  226. :origin:`searx/settings.yml`.
  227. .. code:: yaml
  228. server:
  229. # replace example.org with your server's public name
  230. base_url : https://example.org/searx/
  231. Restart service:
  232. .. tabs::
  233. .. group-tab:: Ubuntu / debian
  234. .. code:: sh
  235. sudo -H systemctl restart nginx
  236. sudo -H service uwsgi restart searx
  237. .. group-tab:: Arch Linux
  238. .. code:: sh
  239. sudo -H systemctl restart nginx
  240. sudo -H systemctl restart uwsgi@searx
  241. .. group-tab:: Fedora
  242. .. code:: sh
  243. sudo -H systemctl restart nginx
  244. sudo -H touch /etc/uwsgi.d/searx.ini
  245. Disable logs
  246. ============
  247. For better privacy you can disable nginx logs in ``/etc/nginx/nginx.conf``.
  248. .. code:: nginx
  249. http {
  250. # ...
  251. access_log /dev/null;
  252. error_log /dev/null;
  253. # ...
  254. }