Compare commits

...

2 commits

Author SHA1 Message Date
6a5b086d10
feat!: copy config into container
It is no longer recommended to mount /etc/searxng to a directory for configuration files. Instead, only mount /etc/searxng/auth for the tokens.txt file
2025-03-08 21:44:17 +11:00
bf26096ec7
chore: bump ver to 73d50f5 2025-03-08 21:36:07 +11:00
4 changed files with 201 additions and 5 deletions

View file

@ -1,7 +1,7 @@
# use alpine as base for searx and set workdir as well as env vars
FROM alpine:3.20 AS base
ENV GID=991 UID=991 UWSGI_WORKERS=1 UWSGI_THREADS=16 UPSTREAM_COMMIT=28d1240fce945a48a2c61c29fff83336410c4c77
ENV GID=991 UID=991 UWSGI_WORKERS=1 UWSGI_THREADS=16 UPSTREAM_COMMIT=73d50f57481cfe2951c3231b2f5dfd70c0e6b49f
COPY ./requirements.txt .
@ -45,15 +45,15 @@ RUN addgroup -g ${GID} searxng \
&& chown -R searxng:searxng . \
&& su searxng -c "/usr/bin/python3 -m searx.version freeze"
# copy run.sh
COPY ./src/run.sh /usr/local/bin/run.sh
# include patches for authorized api access
COPY ./src/auth/auth.py searx/auth.py
RUN sed -i -e "/if output_format not in settings\\['search'\\]\\['formats'\\]:/a\\ from searx.auth import valid_api_key\\n if (not valid_api_key(request)):" -e 's|flask.abort(403)| flask.abort(403)|' /usr/local/searxng/searx/webapp.py \
&& sed -i "/return Response('', mimetype='text\/css')/a \\\\n@app.route('/<key>/search', methods=['GET', 'POST'])\\ndef search_key(key=None):\\n from searx.auth import auth_search_key\\n return auth_search_key(request, key)" /usr/local/searxng/searx/webapp.py \
&& sed -i "/3\. If the IP is not in either list, the request is not blocked\./a\\ from searx.auth import valid_api_key\\n if (valid_api_key(request)):\\n return None" searx/limiter.py
# copy run.sh
COPY ./src/run.sh /usr/local/bin/run.sh
# make run.sh executable, copy uwsgi server ini, set default settings, precompile static theme files
RUN cp -r -v dockerfiles/uwsgi.ini /etc/uwsgi/; \
chmod +x /usr/local/bin/run.sh; \
@ -61,6 +61,11 @@ su searxng -c "/usr/bin/python3 -m compileall -q searx"; \
find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+
# copy searxng settings
COPY ./config/settings.yml /etc/searxng/settings.yml
# copy limiter settings
COPY ./config/limiter.toml /etc/searxng/limiter.toml
# expose port and set tini as CMD; default user is searxng
USER searxng
EXPOSE 8080

17
config/limiter.toml Normal file
View file

@ -0,0 +1,17 @@
[real_ip]
x_for = 2
# bans on ipv6 apply to the whole /40 block
# households typically get /32 to /64 so this is a good compromise
ipv6_prefix = 40
[botdetection.ip_lists]
pass_ip = [
'51.159.53.89/32', # Allow https://cryptcheck.fr
'2001:bc8:1200:4:208:a2ff:fe0c:67ea/64' # Allow https://cryptcheck.fr
]
pass_searxng_org = true
[botdetection.ip_limit]
link_token = true

174
config/settings.yml Normal file
View file

@ -0,0 +1,174 @@
general:
debug: false
instance_name: "Astrial Search",
privacypolicy_url: "https://astrial.org/privacy"
donation_url: false
contact_url: "https://astrial.org"
enable_metrics: true
brand:
new_issue_url: https://github.com/searxng/searxng/issues/new
docs_url: https://docs.searxng.org/
public_instances: https://searx.space
wiki_url: https://github.com/searxng/searxng/wiki
issue_url: https://github.com/searxng/searxng/issues
search:
# 0: none, 1: moderate, 2: strict
safe_search: 0
autocomplete: ""
favicon_resolver: ""
default_lang: "auto"
ban_time_on_fail: 5 # seconds
max_ban_timeon_fail: 60 # seconds
suspended_times:
# Engine suspension time after error (in seconds; set to 0 to disable)
# For error "Access denied" and "HTTP error [402, 403]"
SearxEngineAccessDenied: 86400
# For error "CAPTCHA"
SearxEngineCaptcha: 86400
# For error "Too many request" and "HTTP error 429"
SearxEngineTooManyRequests: 3600
# Cloudflare CAPTCHA
cf_SearxEngineCaptcha: 1296000
cf_SearxEngineAccessDenied: 86400
# ReCAPTCHA
recaptcha_SearxEngineCaptcha: 604800
# [html, csv, json, rss]
formats:
- html
- json
server:
port: 8080
bind_address: "0.0.0.0"
base_url: "https://search.astrial.org/"
limiter: true
public_instance: true
secret_key: '' # overwritten by ${SEARXNG_SECRET_KEY}
image_proxy: true
# 1.0 or 1.1
http_protocol_version: "1.1"
method: "POST"
default_http_headers:
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Robots-Tag: noindex, nofollow
Referrer-Policy: no-referrer
redis:
url: '' # overwritten by ${SEARXNG_REDIS_URL}
ui:
static_path: ''
# cache busting
static_use_hash: true
templates_path: ''
query_in_title: false
infinite_scroll: false
default_theme: "simple"
center_alignment: false
default_locale: ""
theme_args:
simple_style: auto
search_on_category_select: true
# default, vim
hotkeys: default
# pretty, full, host
url_formatting: pretty
# lock settings on preference page
preferences:
lock: [autocomplete]
outgoing:
request_timeout: 3 # seconds
useragent_suffix: "+webmaster [at] astrial [dot] org"
# max concurrent connections
pool_connections: 100
# max keepalive connections
pool_maxsize: 20
enable_http2: true
categories_as_tabs:
general:
images:
videos:
news:
map:
music:
it:
science:
files:
social media:
### Engines ###
engines:
- name: wikipedia
engine: wikipedia
shortcut: wiki
display_type: [infobox, list]
categories: [general]
- name: wikinews
engine: mediawiki
shortcut: wikin
categories: [news]
base_url: "https://{language}.wikinews.org/"
search_type: text
srsort: create_timestamp_desc
about:
website: "https://www.wikinews.org/"
wikidata_id: Q964
- name: wiktionary
engine: mediawiki
shortcut: wikit
categories: [dictionaries, wikimedia]
base_url: "https://{language}.wiktionary.org/"
search_type: text
about:
website: https://www.wiktionary.org/
wikidata_id: Q151
- name: bing
engine: bing
shortcut: b
- name: bing images
engine: bing_images
shortcut: bii
- name: bing news
engine: bing_news
shortcut: bin
- name: bing videos
engine: bing_videos
shortcut: biv
- name: google
engine: google
shortcut: g
- name: google images
engine: google_images
shortcut: goi
- name: google news
engine: google_news
shortcut: gon
- name: google scholar
engine: google_scholar
shortcut: gos
- name: youtube
engine: youtube_noapi
shortcut: yt
# Art Institute of Chicago
- name: artic
engine: artic
shortcut: arc

View file

@ -13,7 +13,7 @@ def get_tokens():
global valid_tokens_set
if valid_tokens_set is None:
try:
with open("/etc/searxng/auth_tokens.txt") as file:
with open("/etc/searxng/auth/tokens.txt") as file:
valid_tokens_set = {line.strip() for line in file}
except Exception:
valid_tokens_set = set()