Install with apache¶
Install Apache Reverse Proxy using filtron.sh
$ sudo -H ./utils/filtron.sh apache install
Install Apache Reverse Proxy using morty.sh
$ sudo -H ./utils/morty.sh apache install
The apache HTTP server¶
If Apache is not installed, install it now. If apache is new to you, the Getting Started, Configuration Files and Terms Used to Describe Directives documentation gives first orientation. There is also a list of Apache directives to keep in the pocket.
sudo -H apt-get install apache2
sudo -H pacman -S apache
sudo -H systemctl enable httpd
sudo -H systemctl start http
sudo -H dnf install httpd
sudo -H systemctl enable httpd
sudo -H systemctl start httpd
Now at http://localhost you should see any kind of Welcome or Test page. How this default intro site is configured, depends on the linux distribution (compare Apache directives).
less /etc/apache2/sites-enabled/000-default.conf
In this file, there is a line setting the DocumentRoot directive:
DocumentRoot /var/www/html
And the welcome page is the HTML file at /var/www/html/index.html
.
less /etc/httpd/conf/httpd.conf
In this file, there is a line setting the DocumentRoot directive:
DocumentRoot "/srv/http"
<Directory "/srv/http">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
The welcome page of Arch Linux is a page showing directory located at
DocumentRoot
. This is directory page is generated by the Module
mod_autoindex:
LoadModule autoindex_module modules/mod_autoindex.so
...
Include conf/extra/httpd-autoindex.conf
less /etc/httpd/conf/httpd.conf
In this file, there is a line setting the DocumentRoot
directive:
DocumentRoot "/var/www/html"
...
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
On fresh installations, the /var/www
is empty and the default
welcome page is shown, the configuration is located at:
less /etc/httpd/conf.d/welcome.conf
Apache Reverse Proxy¶
To setup a Apache revers proxy you have to enable the headers and proxy modules and create a Location configuration for the SearXNG site. In most distributions you have to un-comment the lines in the main configuration file, except in The Debian Layout.
In the Apache setup, enable headers and proxy modules:
sudo -H a2enmod headers
sudo -H a2enmod proxy
sudo -H a2enmod proxy_http
In The Debian Layout you create a searxng.conf
with the
<Location /searx >
directive and save this file in the sites
available folder at /etc/apache2/sites-available
. To enable the
searxng.conf
use a2ensite:
sudo -H a2ensite searxng.conf
In the /etc/httpd/conf/httpd.conf
file, activate headers and proxy
modules (LoadModule):
FIXME needs test
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
In the /etc/httpd/conf/httpd.conf
file, activate headers and proxy
modules (LoadModule):
FIXME needs test
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
With ProxyPreserveHost the incoming Host HTTP request header is passed to the proxied host.
Use this setup, if your instance is public to the internet, compare figure: architecture and Installation scripts.
Configure a reverse proxy for filtron, listening on localhost 4004 (Route request through filtron):
<Location /searx >
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
Require all granted
Order deny,allow
Deny from all
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass http://127.0.0.1:4004
RequestHeader set X-Script-Name /searx
</Location>
2. Configure reverse proxy for morty, listening on localhost 3000
ProxyPreserveHost On
<Location /morty >
# SetEnvIf Request_URI "/morty" dontlog
# CustomLog /dev/null combined env=dontlog
Require all granted
Order deny,allow
Deny from all
#Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPass http://127.0.0.1:3000
RequestHeader set X-Script-Name /morty
</Location>
For a fully result proxification add morty’s public URL to your git://searx/settings.yml:
result_proxy:
# replace example.org with your server's public name
url : https://example.org/morty
key : !!binary "insert_your_morty_proxy_key_here"
server:
image_proxy : True
uWSGI support¶
Be warned, with this setup, your instance isn’t protected, nevertheless it is good enough for intranet usage. In modern Linux distributions, the mod_proxy_uwsgi is compiled into the normal apache package and you need to install only the uWSGI package:
sudo -H apt-get install uwsgi
# Ubuntu =< 18.04
sudo -H apt-get install libapache2-mod-proxy-uwsgi
sudo -H pacman -S uwsgi
sudo -H dnf install uwsgi
The next example shows a configuration using the uWSGI Apache support via unix sockets and mod_proxy_uwsgi.
For socket communication, you have to activate socket =
/run/uwsgi/app/searx/socket
and comment out the http = 127.0.0.1:8888
configuration in your uwsgi ini file. If not
already exists, create a folder for the unix sockets, which can be used by the
SearXNG account (see Create user):
sudo -H mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/
If the server is public; to limit access to your intranet replace Allow from
all
directive and replace 192.168.0.0/16
with your subnet IP/class.
LoadModule headers_module /usr/lib/apache2/mod_headers.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
</Location>
FIXME needs test
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
</Location>
FIXME needs test
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
<IfModule proxy_uwsgi_module>
# SetEnvIf Request_URI /searx dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
ProxyPreserveHost On
ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/
</Location>
</IfModule>
We show this only for historical reasons, DON’T USE mod_uwsgi. ANYMORE!
<IfModule mod_uwsgi.c>
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searx >
Require all granted
Options FollowSymLinks Indexes
SetHandler uwsgi-handler
uWSGISocket /run/uwsgi/app/searx/socket
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
</Location>
</IfModule>
Restart service¶
sudo -H systemctl restart apache2
sudo -H service uwsgi restart searx
sudo -H systemctl restart httpd
sudo -H systemctl restart uwsgi@searx
sudo -H systemctl restart httpd
sudo -H touch /etc/uwsgi.d/searxng.ini
disable logs¶
For better privacy you can disable Apache logs. In the examples above activate one of the lines and restart apache:
# SetEnvIf Request_URI "/searx" dontlog
# CustomLog /dev/null combined env=dontlog
The CustomLog
directive disable logs for the whole (virtual) server, use it
when the URL of the service does not have a path component (/searx
) / is
located at root (/
).
The Debian Layout¶
Be aware that the Debian layout is quite different from the standard Apache
configuration. For details look at the README.Debian
(/usr/share/doc/apache2/README.Debian.gz
). Some commands you should know on
Debian: