Rely on searxng/settings.yml
This commit is contained in:
parent
8952fad37e
commit
0a1db38e21
7
.env
7
.env
|
@ -5,10 +5,3 @@
|
||||||
|
|
||||||
# SEARXNG_HOSTNAME=<host>
|
# SEARXNG_HOSTNAME=<host>
|
||||||
# LETSENCRYPT_EMAIL=<email>
|
# LETSENCRYPT_EMAIL=<email>
|
||||||
|
|
||||||
# automatically update settings to the new version
|
|
||||||
# comment this line if you made / will make some modifications to the settings
|
|
||||||
SEARXNG_COMMAND=-f
|
|
||||||
|
|
||||||
# use openssl rand -base64 33
|
|
||||||
SEARXNG_SECRET=ultrasecretkey
|
|
||||||
|
|
|
@ -3,4 +3,4 @@
|
||||||
searxng-docker.service
|
searxng-docker.service
|
||||||
caddy
|
caddy
|
||||||
srv
|
srv
|
||||||
searx
|
searxng/uwsgi.ini
|
||||||
|
|
23
Caddyfile
23
Caddyfile
|
@ -11,13 +11,19 @@
|
||||||
|
|
||||||
@api {
|
@api {
|
||||||
path /config
|
path /config
|
||||||
path /status
|
path /healthz
|
||||||
|
path /stats/errors
|
||||||
|
path /stats/checker
|
||||||
}
|
}
|
||||||
|
|
||||||
@static {
|
@static {
|
||||||
path /static/*
|
path /static/*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@notstatic {
|
||||||
|
not path /static/*
|
||||||
|
}
|
||||||
|
|
||||||
@imageproxy {
|
@imageproxy {
|
||||||
path /image_proxy
|
path /image_proxy
|
||||||
}
|
}
|
||||||
|
@ -26,11 +32,6 @@
|
||||||
not path /image_proxy
|
not path /image_proxy
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@notstatic {
|
|
||||||
not path /static/*
|
|
||||||
}
|
|
||||||
|
|
||||||
header {
|
header {
|
||||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
@ -41,11 +42,8 @@
|
||||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
X-Content-Type-Options "nosniff"
|
X-Content-Type-Options "nosniff"
|
||||||
|
|
||||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
|
||||||
X-Frame-Options "SAMEORIGIN"
|
|
||||||
|
|
||||||
# Disable some features
|
# Disable some features
|
||||||
Permissions-Policy "accelerometer=();ambient-light-sensor=(); autoplay=();camera=();encrypted-media=();focus-without-user-activation=(); geolocation=();gyroscope=();magnetometer=();microphone=();midi=();payment=();picture-in-picture=(); speaker=();sync-xhr=();usb=();vr=()"
|
Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
|
||||||
|
|
||||||
# Disable some features (legacy)
|
# Disable some features (legacy)
|
||||||
Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
|
Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
|
||||||
|
@ -87,16 +85,13 @@
|
||||||
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
|
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Searx
|
# SearXNG
|
||||||
handle {
|
handle {
|
||||||
encode zstd gzip
|
encode zstd gzip
|
||||||
|
|
||||||
reverse_proxy localhost:8080 {
|
reverse_proxy localhost:8080 {
|
||||||
header_up X-Forwarded-Port {http.request.port}
|
header_up X-Forwarded-Port {http.request.port}
|
||||||
header_up X-Forwarded-Proto {http.request.scheme}
|
header_up X-Forwarded-Proto {http.request.scheme}
|
||||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
|
||||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
|
||||||
header_up X-Forwarded-HttpsProto {proto}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,8 +20,9 @@ Create a new SearXNG instance in five minutes using Docker
|
||||||
git clone https://github.com/searxng/searxng-docker.git
|
git clone https://github.com/searxng/searxng-docker.git
|
||||||
cd searxng-docker
|
cd searxng-docker
|
||||||
```
|
```
|
||||||
- Generate the secret key ```sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" .env```
|
- Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
|
||||||
- Edit the other settings in [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file according to your need
|
- Generate the secret key ```sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml```
|
||||||
|
- Edit the [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) file according to your need
|
||||||
- Check everything is working: ```./start.sh```
|
- Check everything is working: ```./start.sh```
|
||||||
- ```cp searxng-docker.service.template searxng-docker.service```
|
- ```cp searxng-docker.service.template searxng-docker.service```
|
||||||
- edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is different from /usr/local/searxng-docker)
|
- edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is different from /usr/local/searxng-docker)
|
||||||
|
|
|
@ -34,21 +34,18 @@ services:
|
||||||
- SETUID
|
- SETUID
|
||||||
- DAC_OVERRIDE
|
- DAC_OVERRIDE
|
||||||
|
|
||||||
searx:
|
searxng:
|
||||||
container_name: searx
|
container_name: searxng
|
||||||
image: searxng/searxng
|
image: searxng/searxng:latest
|
||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
- searxng
|
- searxng
|
||||||
command: ${SEARX_COMMAND:-}
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:8080:8080"
|
- "127.0.0.1:8080:8080"
|
||||||
volumes:
|
volumes:
|
||||||
- ./searxng:/etc/searx:rw
|
- ./searxng:/etc/searxng:rw
|
||||||
environment:
|
environment:
|
||||||
- BIND_ADDRESS=0.0.0.0:8080
|
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
|
||||||
- BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
|
|
||||||
- SEARXNG_SECRET=${SEARXNG_SECRET}
|
|
||||||
cap_drop:
|
cap_drop:
|
||||||
- ALL
|
- ALL
|
||||||
cap_add:
|
cap_add:
|
||||||
|
@ -56,7 +53,11 @@ services:
|
||||||
- SETGID
|
- SETGID
|
||||||
- SETUID
|
- SETUID
|
||||||
- DAC_OVERRIDE
|
- DAC_OVERRIDE
|
||||||
|
logging:
|
||||||
|
driver: "json-file"
|
||||||
|
options:
|
||||||
|
max-size: "1m"
|
||||||
|
max-file: "1"
|
||||||
networks:
|
networks:
|
||||||
searxng:
|
searxng:
|
||||||
ipam:
|
ipam:
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
|
# see https://docs.searxng.org/admin/engines/settings.html#use-default-settings
|
||||||
use_default_settings: true
|
use_default_settings: true
|
||||||
server:
|
server:
|
||||||
limiter: true
|
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
|
||||||
|
secret_key: "ultrasecretkey" # change this!
|
||||||
|
limiter: true # can be disabled for a private instance
|
||||||
image_proxy: true
|
image_proxy: true
|
||||||
redis:
|
redis:
|
||||||
url: redis://redis:6379/0
|
url: redis://redis:6379/0
|
||||||
|
|
Loading…
Reference in New Issue