feat!: copy config into container
It is no longer recommended to mount /etc/searxng to a directory for configuration files. Instead, only mount /etc/searxng/auth for the tokens.txt file
This commit is contained in:
parent
bf26096ec7
commit
6a5b086d10
4 changed files with 200 additions and 4 deletions
11
Dockerfile
11
Dockerfile
|
@ -45,15 +45,15 @@ RUN addgroup -g ${GID} searxng \
|
|||
&& chown -R searxng:searxng . \
|
||||
&& su searxng -c "/usr/bin/python3 -m searx.version freeze"
|
||||
|
||||
# copy run.sh
|
||||
COPY ./src/run.sh /usr/local/bin/run.sh
|
||||
|
||||
# include patches for authorized api access
|
||||
COPY ./src/auth/auth.py searx/auth.py
|
||||
RUN sed -i -e "/if output_format not in settings\\['search'\\]\\['formats'\\]:/a\\ from searx.auth import valid_api_key\\n if (not valid_api_key(request)):" -e 's|flask.abort(403)| flask.abort(403)|' /usr/local/searxng/searx/webapp.py \
|
||||
&& sed -i "/return Response('', mimetype='text\/css')/a \\\\n@app.route('/<key>/search', methods=['GET', 'POST'])\\ndef search_key(key=None):\\n from searx.auth import auth_search_key\\n return auth_search_key(request, key)" /usr/local/searxng/searx/webapp.py \
|
||||
&& sed -i "/3\. If the IP is not in either list, the request is not blocked\./a\\ from searx.auth import valid_api_key\\n if (valid_api_key(request)):\\n return None" searx/limiter.py
|
||||
|
||||
# copy run.sh
|
||||
COPY ./src/run.sh /usr/local/bin/run.sh
|
||||
|
||||
# make run.sh executable, copy uwsgi server ini, set default settings, precompile static theme files
|
||||
RUN cp -r -v dockerfiles/uwsgi.ini /etc/uwsgi/; \
|
||||
chmod +x /usr/local/bin/run.sh; \
|
||||
|
@ -61,6 +61,11 @@ su searxng -c "/usr/bin/python3 -m compileall -q searx"; \
|
|||
find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
|
||||
-type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+
|
||||
|
||||
# copy searxng settings
|
||||
COPY ./config/settings.yml /etc/searxng/settings.yml
|
||||
# copy limiter settings
|
||||
COPY ./config/limiter.toml /etc/searxng/limiter.toml
|
||||
|
||||
# expose port and set tini as CMD; default user is searxng
|
||||
USER searxng
|
||||
EXPOSE 8080
|
||||
|
|
17
config/limiter.toml
Normal file
17
config/limiter.toml
Normal file
|
@ -0,0 +1,17 @@
|
|||
[real_ip]
|
||||
x_for = 2
|
||||
|
||||
# bans on ipv6 apply to the whole /40 block
|
||||
# households typically get /32 to /64 so this is a good compromise
|
||||
ipv6_prefix = 40
|
||||
|
||||
[botdetection.ip_lists]
|
||||
pass_ip = [
|
||||
'51.159.53.89/32', # Allow https://cryptcheck.fr
|
||||
'2001:bc8:1200:4:208:a2ff:fe0c:67ea/64' # Allow https://cryptcheck.fr
|
||||
]
|
||||
|
||||
pass_searxng_org = true
|
||||
|
||||
[botdetection.ip_limit]
|
||||
link_token = true
|
174
config/settings.yml
Normal file
174
config/settings.yml
Normal file
|
@ -0,0 +1,174 @@
|
|||
general:
|
||||
debug: false
|
||||
instance_name: "Astrial Search",
|
||||
privacypolicy_url: "https://astrial.org/privacy"
|
||||
donation_url: false
|
||||
contact_url: "https://astrial.org"
|
||||
enable_metrics: true
|
||||
|
||||
brand:
|
||||
new_issue_url: https://github.com/searxng/searxng/issues/new
|
||||
docs_url: https://docs.searxng.org/
|
||||
public_instances: https://searx.space
|
||||
wiki_url: https://github.com/searxng/searxng/wiki
|
||||
issue_url: https://github.com/searxng/searxng/issues
|
||||
|
||||
search:
|
||||
# 0: none, 1: moderate, 2: strict
|
||||
safe_search: 0
|
||||
autocomplete: ""
|
||||
favicon_resolver: ""
|
||||
default_lang: "auto"
|
||||
ban_time_on_fail: 5 # seconds
|
||||
max_ban_timeon_fail: 60 # seconds
|
||||
suspended_times:
|
||||
# Engine suspension time after error (in seconds; set to 0 to disable)
|
||||
# For error "Access denied" and "HTTP error [402, 403]"
|
||||
SearxEngineAccessDenied: 86400
|
||||
# For error "CAPTCHA"
|
||||
SearxEngineCaptcha: 86400
|
||||
# For error "Too many request" and "HTTP error 429"
|
||||
SearxEngineTooManyRequests: 3600
|
||||
# Cloudflare CAPTCHA
|
||||
cf_SearxEngineCaptcha: 1296000
|
||||
cf_SearxEngineAccessDenied: 86400
|
||||
# ReCAPTCHA
|
||||
recaptcha_SearxEngineCaptcha: 604800
|
||||
|
||||
# [html, csv, json, rss]
|
||||
formats:
|
||||
- html
|
||||
- json
|
||||
|
||||
server:
|
||||
port: 8080
|
||||
bind_address: "0.0.0.0"
|
||||
base_url: "https://search.astrial.org/"
|
||||
limiter: true
|
||||
public_instance: true
|
||||
secret_key: '' # overwritten by ${SEARXNG_SECRET_KEY}
|
||||
image_proxy: true
|
||||
# 1.0 or 1.1
|
||||
http_protocol_version: "1.1"
|
||||
method: "POST"
|
||||
default_http_headers:
|
||||
X-Content-Type-Options: nosniff
|
||||
X-Download-Options: noopen
|
||||
X-Robots-Tag: noindex, nofollow
|
||||
Referrer-Policy: no-referrer
|
||||
|
||||
redis:
|
||||
url: '' # overwritten by ${SEARXNG_REDIS_URL}
|
||||
|
||||
ui:
|
||||
static_path: ''
|
||||
# cache busting
|
||||
static_use_hash: true
|
||||
templates_path: ''
|
||||
query_in_title: false
|
||||
infinite_scroll: false
|
||||
default_theme: "simple"
|
||||
center_alignment: false
|
||||
default_locale: ""
|
||||
theme_args:
|
||||
simple_style: auto
|
||||
search_on_category_select: true
|
||||
# default, vim
|
||||
hotkeys: default
|
||||
# pretty, full, host
|
||||
url_formatting: pretty
|
||||
|
||||
# lock settings on preference page
|
||||
preferences:
|
||||
lock: [autocomplete]
|
||||
|
||||
outgoing:
|
||||
request_timeout: 3 # seconds
|
||||
useragent_suffix: "+webmaster [at] astrial [dot] org"
|
||||
# max concurrent connections
|
||||
pool_connections: 100
|
||||
# max keepalive connections
|
||||
pool_maxsize: 20
|
||||
enable_http2: true
|
||||
|
||||
categories_as_tabs:
|
||||
general:
|
||||
images:
|
||||
videos:
|
||||
news:
|
||||
map:
|
||||
music:
|
||||
it:
|
||||
science:
|
||||
files:
|
||||
social media:
|
||||
|
||||
### Engines ###
|
||||
engines:
|
||||
- name: wikipedia
|
||||
engine: wikipedia
|
||||
shortcut: wiki
|
||||
display_type: [infobox, list]
|
||||
categories: [general]
|
||||
|
||||
- name: wikinews
|
||||
engine: mediawiki
|
||||
shortcut: wikin
|
||||
categories: [news]
|
||||
base_url: "https://{language}.wikinews.org/"
|
||||
search_type: text
|
||||
srsort: create_timestamp_desc
|
||||
about:
|
||||
website: "https://www.wikinews.org/"
|
||||
wikidata_id: Q964
|
||||
|
||||
- name: wiktionary
|
||||
engine: mediawiki
|
||||
shortcut: wikit
|
||||
categories: [dictionaries, wikimedia]
|
||||
base_url: "https://{language}.wiktionary.org/"
|
||||
search_type: text
|
||||
about:
|
||||
website: https://www.wiktionary.org/
|
||||
wikidata_id: Q151
|
||||
|
||||
- name: bing
|
||||
engine: bing
|
||||
shortcut: b
|
||||
|
||||
- name: bing images
|
||||
engine: bing_images
|
||||
shortcut: bii
|
||||
|
||||
- name: bing news
|
||||
engine: bing_news
|
||||
shortcut: bin
|
||||
|
||||
- name: bing videos
|
||||
engine: bing_videos
|
||||
shortcut: biv
|
||||
|
||||
- name: google
|
||||
engine: google
|
||||
shortcut: g
|
||||
|
||||
- name: google images
|
||||
engine: google_images
|
||||
shortcut: goi
|
||||
|
||||
- name: google news
|
||||
engine: google_news
|
||||
shortcut: gon
|
||||
|
||||
- name: google scholar
|
||||
engine: google_scholar
|
||||
shortcut: gos
|
||||
|
||||
- name: youtube
|
||||
engine: youtube_noapi
|
||||
shortcut: yt
|
||||
|
||||
# Art Institute of Chicago
|
||||
- name: artic
|
||||
engine: artic
|
||||
shortcut: arc
|
|
@ -13,7 +13,7 @@ def get_tokens():
|
|||
global valid_tokens_set
|
||||
if valid_tokens_set is None:
|
||||
try:
|
||||
with open("/etc/searxng/auth_tokens.txt") as file:
|
||||
with open("/etc/searxng/auth/tokens.txt") as file:
|
||||
valid_tokens_set = {line.strip() for line in file}
|
||||
except Exception:
|
||||
valid_tokens_set = set()
|
||||
|
|
Loading…
Reference in a new issue