installation-apache.rst 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516
  1. .. _installation apache:
  2. ===================
  3. Install with apache
  4. ===================
  5. .. _Apache: https://httpd.apache.org/
  6. .. _Apache Debian:
  7. https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x):
  8. .. _README.Debian:
  9. https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian
  10. .. _Apache Arch Linux:
  11. https://wiki.archlinux.org/index.php/Apache_HTTP_Server
  12. .. _Apache Fedora:
  13. https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-apache-http-server/index.html
  14. .. _Apache directives:
  15. https://httpd.apache.org/docs/trunk/mod/directives.html
  16. .. _Getting Started:
  17. https://httpd.apache.org/docs/current/en/getting-started.html
  18. .. _Terms Used to Describe Directives:
  19. https://httpd.apache.org/docs/current/en/mod/directive-dict.html
  20. .. _Configuration Files:
  21. https://httpd.apache.org/docs/current/en/configuring.html
  22. .. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost
  23. .. _LoadModule:
  24. https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule
  25. .. _DocumentRoot:
  26. https://httpd.apache.org/docs/trunk/mod/core.html#documentroot
  27. .. _Location:
  28. https://httpd.apache.org/docs/trunk/mod/core.html#location
  29. .. _uWSGI Apache support:
  30. https://uwsgi-docs.readthedocs.io/en/latest/Apache.html
  31. .. _mod_proxy_uwsgi:
  32. https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi
  33. .. sidebar:: further read
  34. - `Apache Arch Linux`_
  35. - `Apache Debian`_ and `README.Debian`_
  36. - `Apache Fedora`_
  37. - `Apache directives`_
  38. .. contents:: Contents
  39. :depth: 2
  40. :local:
  41. :backlinks: entry
  42. ----
  43. **Install** :ref:`apache searx site` using :ref:`filtron.sh <filtron.sh overview>`
  44. .. code:: bash
  45. $ sudo -H ./utils/filtron.sh apache install
  46. **Install** :ref:`apache searx site` using :ref:`morty.sh <morty.sh overview>`
  47. .. code:: bash
  48. $ sudo -H ./utils/morty.sh apache install
  49. ----
  50. The apache HTTP server
  51. ======================
  52. If Apache_ is not installed, install it now. If apache_ is new to you, the
  53. `Getting Started`_, `Configuration Files`_ and `Terms Used to Describe
  54. Directives`_ documentation gives first orientation. There is also a list of
  55. `Apache directives`_ *to keep in the pocket*.
  56. .. tabs::
  57. .. group-tab:: Ubuntu / debian
  58. .. code:: sh
  59. sudo -H apt-get install apache2
  60. .. group-tab:: Arch Linux
  61. .. code:: sh
  62. sudo -H pacman -S apache
  63. sudo -H systemctl enable httpd
  64. sudo -H systemctl start http
  65. .. group-tab:: Fedora / RHEL
  66. .. code:: sh
  67. sudo -H dnf install httpd
  68. sudo -H systemctl enable httpd
  69. sudo -H systemctl start httpd
  70. Now at http://localhost you should see any kind of *Welcome* or *Test* page.
  71. How this default intro site is configured, depends on the linux distribution
  72. (compare `Apache directives`_).
  73. .. tabs::
  74. .. group-tab:: Ubuntu / debian
  75. .. code:: sh
  76. less /etc/apache2/sites-enabled/000-default.conf
  77. In this file, there is a line setting the `DocumentRoot`_ directive:
  78. .. code:: apache
  79. DocumentRoot /var/www/html
  80. And the *welcome* page is the HTML file at ``/var/www/html/index.html``.
  81. .. group-tab:: Arch Linux
  82. .. code:: sh
  83. less /etc/httpd/conf/httpd.conf
  84. In this file, there is a line setting the `DocumentRoot`_ directive:
  85. .. code:: apache
  86. DocumentRoot "/srv/http"
  87. <Directory "/srv/http">
  88. Options Indexes FollowSymLinks
  89. AllowOverride None
  90. Require all granted
  91. </Directory>
  92. The *welcome* page of Arch Linux is a page showing directory located at
  93. ``DocumentRoot``. This is *directory* page is generated by the Module
  94. `mod_autoindex <https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html>`_:
  95. .. code:: apache
  96. LoadModule autoindex_module modules/mod_autoindex.so
  97. ...
  98. Include conf/extra/httpd-autoindex.conf
  99. .. group-tab:: Fedora / RHEL
  100. .. code:: sh
  101. less /etc/httpd/conf/httpd.conf
  102. In this file, there is a line setting the ``DocumentRoot`` directive:
  103. .. code:: apache
  104. DocumentRoot "/var/www/html"
  105. ...
  106. <Directory "/var/www">
  107. AllowOverride None
  108. # Allow open access:
  109. Require all granted
  110. </Directory>
  111. On fresh installations, the ``/var/www`` is empty and the *default
  112. welcome page* is shown, the configuration is located at::
  113. less /etc/httpd/conf.d/welcome.conf
  114. .. _apache searx site:
  115. Apache Reverse Proxy
  116. ====================
  117. .. sidebar:: public to the internet?
  118. If your searx instance is public, stop here and first install :ref:`filtron
  119. reverse proxy <filtron.sh>` and :ref:`result proxy morty <morty.sh>`, see
  120. :ref:`installation scripts`. If already done, follow setup: *searx via
  121. filtron plus morty*.
  122. To setup a Apache revers proxy you have to enable the *headers* and *proxy*
  123. modules and create a `Location`_ configuration for the searx site. In most
  124. distributions you have to un-comment the lines in the main configuration file,
  125. except in :ref:`The Debian Layout`.
  126. .. tabs::
  127. .. group-tab:: Ubuntu / debian
  128. In the Apache setup, enable headers and proxy modules:
  129. .. code:: sh
  130. sudo -H a2enmod headers
  131. sudo -H a2enmod proxy
  132. sudo -H a2enmod proxy_http
  133. In :ref:`The Debian Layout` you create a ``searx.conf`` with the
  134. ``<Location /searx >`` directive and save this file in the *sites
  135. available* folder at ``/etc/apache2/sites-available``. To enable the
  136. ``searx.conf`` use :man:`a2ensite`:
  137. .. code:: sh
  138. sudo -H a2ensite searx.conf
  139. .. group-tab:: Arch Linux
  140. In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
  141. modules (LoadModule_):
  142. .. code:: apache
  143. FIXME needs test
  144. LoadModule headers_module modules/mod_headers.so
  145. LoadModule proxy_module modules/mod_proxy.so
  146. LoadModule proxy_http_module modules/mod_proxy_http.so
  147. .. group-tab:: Fedora / RHEL
  148. In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy
  149. modules (LoadModule_):
  150. .. code:: apache
  151. FIXME needs test
  152. LoadModule headers_module modules/mod_headers.so
  153. LoadModule proxy_module modules/mod_proxy.so
  154. LoadModule proxy_http_module modules/mod_proxy_http.so
  155. With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the
  156. proxied host.
  157. .. _apache searx via filtron plus morty:
  158. .. tabs::
  159. .. group-tab:: searx via filtron plus morty
  160. Use this setup, if your instance is public to the internet, compare
  161. figure: :ref:`architecture <arch public>` and :ref:`installation scripts`.
  162. 1. Configure a reverse proxy for :ref:`filtron <filtron.sh>`, listening on
  163. *localhost 4004* (:ref:`filtron route request`):
  164. .. code:: apache
  165. <Location /searx >
  166. # SetEnvIf Request_URI "/searx" dontlog
  167. # CustomLog /dev/null combined env=dontlog
  168. Require all granted
  169. Order deny,allow
  170. Deny from all
  171. #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
  172. Allow from all
  173. ProxyPreserveHost On
  174. ProxyPass http://127.0.0.1:4004
  175. RequestHeader set X-Script-Name /searx
  176. </Location>
  177. 2. Configure reverse proxy for :ref:`morty <searx morty>`, listening on
  178. *localhost 3000*
  179. .. code:: apache
  180. ProxyPreserveHost On
  181. <Location /morty >
  182. # SetEnvIf Request_URI "/morty" dontlog
  183. # CustomLog /dev/null combined env=dontlog
  184. Require all granted
  185. Order deny,allow
  186. Deny from all
  187. #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
  188. Allow from all
  189. ProxyPass http://127.0.0.1:3000
  190. RequestHeader set X-Script-Name /morty
  191. </Location>
  192. For a fully result proxification add :ref:`morty's <searx morty>` **public
  193. URL** to your :origin:`searx/settings.yml`:
  194. .. code:: yaml
  195. result_proxy:
  196. # replace example.org with your server's public name
  197. url : https://example.org/morty
  198. key : !!binary "insert_your_morty_proxy_key_here"
  199. server:
  200. image_proxy : True
  201. uWSGI support
  202. =============
  203. Be warned, with this setup, your instance isn't :ref:`protected <searx
  204. filtron>`, nevertheless it is good enough for intranet usage. In modern Linux
  205. distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache
  206. package and you need to install only the :ref:`uWSGI <searx uwsgi>` package:
  207. .. tabs::
  208. .. group-tab:: Ubuntu / debian
  209. .. code:: sh
  210. sudo -H apt-get install uwsgi
  211. # Ubuntu =< 18.04
  212. sudo -H apt-get install libapache2-mod-proxy-uwsgi
  213. .. group-tab:: Arch Linux
  214. .. code:: sh
  215. sudo -H pacman -S uwsgi
  216. .. group-tab:: Fedora / RHEL
  217. .. code:: sh
  218. sudo -H dnf install uwsgi
  219. The next example shows a configuration using the `uWSGI Apache support`_ via
  220. unix sockets and `mod_proxy_uwsgi`_.
  221. For socket communication, you have to activate ``socket =
  222. /run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888``
  223. configuration in your :ref:`uwsgi ini file <uwsgi configuration>`. If not
  224. already exists, create a folder for the unix sockets, which can be used by the
  225. searx account (see :ref:`create searx user`):
  226. .. code:: bash
  227. sudo -H mkdir -p /run/uwsgi/app/searx/
  228. sudo -H chown -R searx:searx /run/uwsgi/app/searx/
  229. If the server is public; to limit access to your intranet replace ``Allow from
  230. all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class.
  231. .. tabs::
  232. .. group-tab:: Ubuntu / debian
  233. .. code:: apache
  234. LoadModule headers_module /usr/lib/apache2/mod_headers.so
  235. LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
  236. LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
  237. # SetEnvIf Request_URI /searx dontlog
  238. # CustomLog /dev/null combined env=dontlog
  239. <Location /searx>
  240. Require all granted
  241. Order deny,allow
  242. Deny from all
  243. # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
  244. Allow from all
  245. ProxyPreserveHost On
  246. ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
  247. </Location>
  248. .. group-tab:: Arch Linux
  249. .. code:: apache
  250. FIXME needs test
  251. LoadModule proxy_module modules/mod_proxy.so
  252. LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
  253. # SetEnvIf Request_URI /searx dontlog
  254. # CustomLog /dev/null combined env=dontlog
  255. <Location /searx>
  256. Require all granted
  257. Order deny,allow
  258. Deny from all
  259. # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
  260. Allow from all
  261. ProxyPreserveHost On
  262. ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
  263. </Location>
  264. .. group-tab:: Fedora / RHEL
  265. .. code:: apache
  266. FIXME needs test
  267. LoadModule proxy_module modules/mod_proxy.so
  268. LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
  269. <IfModule proxy_uwsgi_module>
  270. # SetEnvIf Request_URI /searx dontlog
  271. # CustomLog /dev/null combined env=dontlog
  272. <Location /searx>
  273. Require all granted
  274. Order deny,allow
  275. Deny from all
  276. # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
  277. Allow from all
  278. ProxyPreserveHost On
  279. ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
  280. </Location>
  281. </IfModule>
  282. .. group-tab:: old mod_wsgi
  283. We show this only for historical reasons, DON'T USE `mod_uwsgi
  284. <https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-uwsgi>`_.
  285. ANYMORE!
  286. .. code:: apache
  287. <IfModule mod_uwsgi.c>
  288. # SetEnvIf Request_URI "/searx" dontlog
  289. # CustomLog /dev/null combined env=dontlog
  290. <Location /searx >
  291. Require all granted
  292. Options FollowSymLinks Indexes
  293. SetHandler uwsgi-handler
  294. uWSGISocket /run/uwsgi/app/searx/socket
  295. Order deny,allow
  296. Deny from all
  297. # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
  298. Allow from all
  299. </Location>
  300. </IfModule>
  301. .. _restart apache:
  302. Restart service
  303. ===============
  304. .. tabs::
  305. .. group-tab:: Ubuntu / debian
  306. .. code:: sh
  307. sudo -H systemctl restart apache2
  308. sudo -H service uwsgi restart searx
  309. .. group-tab:: Arch Linux
  310. .. code:: sh
  311. sudo -H systemctl restart httpd
  312. sudo -H systemctl restart uwsgi@searx
  313. .. group-tab:: Fedora / RHEL
  314. .. code:: sh
  315. sudo -H systemctl restart httpd
  316. sudo -H touch /etc/uwsgi.d/searx.ini
  317. disable logs
  318. ============
  319. For better privacy you can disable Apache logs. In the examples above activate
  320. one of the lines and `restart apache`_::
  321. # SetEnvIf Request_URI "/searx" dontlog
  322. # CustomLog /dev/null combined env=dontlog
  323. The ``CustomLog`` directive disable logs for the whole (virtual) server, use it
  324. when the URL of the service does not have a path component (``/searx``) / is
  325. located at root (``/``).
  326. .. _The Debian Layout:
  327. The Debian Layout
  328. =================
  329. Be aware that the Debian layout is quite different from the standard Apache
  330. configuration. For details look at the README.Debian_
  331. (``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on
  332. Debian:
  333. * :man:`apache2ctl`: Apache HTTP server control interface
  334. * :man:`a2enmod`, :man:`a2dismod`: switch on/off modules
  335. * :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations
  336. * :man:`a2ensite`, :man:`a2dissite`: switch on/off sites