searxng-custom/Dockerfile

# use alpine as base for searx and set workdir as well as env vars
FROM alpine:3.20 AS base

ENV GID=991 UID=991 UWSGI_WORKERS=1 UWSGI_THREADS=16 UPSTREAM_COMMIT=d37dc307831ef0f16a6cb2fbb0c5afe9bb5e4258

COPY ./requirements.txt .

# install build deps and git clone searxng as well as setting the version
RUN apk -U upgrade \
&& apk add --no-cache -t build-dependencies \
    build-base \
    py3-setuptools \
    python3-dev \
    libffi-dev \
    libxslt-dev \
    libxml2-dev \
    openssl-dev \
    tar \
 && apk add --no-cache \
    ca-certificates \
    python3 \
    py3-pip \
    libxml2 \
    libxslt \
    openssl \
    tini \
    uwsgi \
    uwsgi-python3 \
    git \
    brotli \
&& pip install --no-cache --break-system-packages -r requirements.txt \
&& apk del build-dependencies \
&& rm -rf /var/cache/apk/* /root/.cache

FROM base AS searxng

WORKDIR /usr/local/searxng

# install build deps and git clone searxng as well as setting the version
RUN addgroup -g ${GID} searxng \
&& adduser -u ${UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng \
&& git config --global --add safe.directory /usr/local/searxng \
&& git clone https://github.com/searxng/searxng . \
&& git reset --hard ${UPSTREAM_COMMIT} \
&& chown -R searxng:searxng . \
&& su searxng -c "/usr/bin/python3 -m searx.version freeze"

# copy run.sh
COPY ./src/run.sh /usr/local/bin/run.sh

# include patches for authorized api access
COPY ./src/auth/auth.py searx/auth.py
RUN sed -i -e "/if output_format not in settings\\['search'\\]\\['formats'\\]:/a\\        from searx.auth import valid_api_key\\n        if (not valid_api_key(request)):" -e 's|flask.abort(403)|    flask.abort(403)|' /usr/local/searxng/searx/webapp.py \
&& sed -i "/return Response('', mimetype='text\/css')/a \\\\n@app.route('/<key>/search', methods=['GET', 'POST'])\\ndef search_key(key=None):\\n    from searx.auth import auth_search_key\\n    return auth_search_key(request, key)" /usr/local/searxng/searx/webapp.py \
&& sed -i "/3\. If the IP is not in either list, the request is not blocked\./a\\    from searx.auth import valid_api_key\\n    if (valid_api_key(request)):\\n        return None" searx/limiter.py

# make run.sh executable, copy uwsgi server ini, set default settings, precompile static theme files
RUN cp -r -v dockerfiles/uwsgi.ini /etc/uwsgi/; \
chmod +x /usr/local/bin/run.sh; \
su searxng -c "/usr/bin/python3 -m compileall -q searx"; \
find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+

# expose port and set tini as CMD; default user is searxng
USER searxng
EXPOSE 8080
CMD ["/sbin/tini","--","/usr/local/bin/run.sh"]
chore: init 2025-02-15 12:21:24 +00:00			`# use alpine as base for searx and set workdir as well as env vars`
			`FROM alpine:3.20 AS base`

			`ENV GID=991 UID=991 UWSGI_WORKERS=1 UWSGI_THREADS=16 UPSTREAM_COMMIT=d37dc307831ef0f16a6cb2fbb0c5afe9bb5e4258`

			`COPY ./requirements.txt .`

			`# install build deps and git clone searxng as well as setting the version`
			`RUN apk -U upgrade \`
			`&& apk add --no-cache -t build-dependencies \`
			`build-base \`
			`py3-setuptools \`
			`python3-dev \`
			`libffi-dev \`
			`libxslt-dev \`
			`libxml2-dev \`
			`openssl-dev \`
			`tar \`
			`&& apk add --no-cache \`
			`ca-certificates \`
			`python3 \`
			`py3-pip \`
			`libxml2 \`
			`libxslt \`
			`openssl \`
			`tini \`
			`uwsgi \`
			`uwsgi-python3 \`
			`git \`
			`brotli \`
			`&& pip install --no-cache --break-system-packages -r requirements.txt \`
			`&& apk del build-dependencies \`
			`&& rm -rf /var/cache/apk/* /root/.cache`

			`FROM base AS searxng`

			`WORKDIR /usr/local/searxng`

			`# install build deps and git clone searxng as well as setting the version`
			`RUN addgroup -g ${GID} searxng \`
			`&& adduser -u ${UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng \`
			`&& git config --global --add safe.directory /usr/local/searxng \`
			`&& git clone https://github.com/searxng/searxng . \`
			`&& git reset --hard ${UPSTREAM_COMMIT} \`
			`&& chown -R searxng:searxng . \`
			`&& su searxng -c "/usr/bin/python3 -m searx.version freeze"`

			`# copy run.sh`
			`COPY ./src/run.sh /usr/local/bin/run.sh`

			`# include patches for authorized api access`
			`COPY ./src/auth/auth.py searx/auth.py`
			`RUN sed -i -e "/if output_format not in settings\\['search'\\]\\['formats'\\]:/a\\ from searx.auth import valid_api_key\\n if (not valid_api_key(request)):" -e 's\|flask.abort(403)\| flask.abort(403)\|' /usr/local/searxng/searx/webapp.py \`
			`&& sed -i "/return Response('', mimetype='text\/css')/a \\\\n@app.route('/<key>/search', methods=['GET', 'POST'])\\ndef search_key(key=None):\\n from searx.auth import auth_search_key\\n return auth_search_key(request, key)" /usr/local/searxng/searx/webapp.py \`
			`&& sed -i "/3\. If the IP is not in either list, the request is not blocked\./a\\ from searx.auth import valid_api_key\\n if (valid_api_key(request)):\\n return None" searx/limiter.py`

			`# make run.sh executable, copy uwsgi server ini, set default settings, precompile static theme files`
			`RUN cp -r -v dockerfiles/uwsgi.ini /etc/uwsgi/; \`
			`chmod +x /usr/local/bin/run.sh; \`
			`su searxng -c "/usr/bin/python3 -m compileall -q searx"; \`
			`find /usr/local/searxng/searx/static -a \( -name '.html' -o -name '.css' -o -name '.js' -o -name '.svg' -o -name '.ttf' -o -name '.eot' \) \`
			`-type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+`

			`# expose port and set tini as CMD; default user is searxng`
			`USER searxng`
			`EXPOSE 8080`
fix: missing shebang 2025-02-15 12:32:49 +00:00			`CMD ["/sbin/tini","--","/usr/local/bin/run.sh"]`