Initial commit
This commit is contained in:
Dalf
parent
f3be3c76f2
commit
fe312fdae9
|
|
@ -0,0 +1,4 @@
|
||||||
|
LETSENCRYPT_EMAIL=email@example.com
|
||||||
|
SEARX_HOSTNAME=localhost
|
||||||
|
# use openssl rand -base64 33
|
||||||
|
MORTY_KEY=RemplaceThisBase64KeySharedBetweenMortyAndSearxByARealKey
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
*~
|
||||||
|
|
@ -0,0 +1,51 @@
|
||||||
|
{$SEARX_HOSTNAME} {
|
||||||
|
tls self_signed
|
||||||
|
gzip
|
||||||
|
root /srv
|
||||||
|
|
||||||
|
header / {
|
||||||
|
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
|
||||||
|
# connect via HTTPS
|
||||||
|
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
|
||||||
|
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||||
|
X-XSS-Protection "1; mode=block"
|
||||||
|
|
||||||
|
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
|
X-Content-Type-Options "nosniff"
|
||||||
|
|
||||||
|
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||||
|
X-Frame-Options "SAMEORIGIN"
|
||||||
|
|
||||||
|
# CSP
|
||||||
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
|
||||||
|
X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
|
||||||
|
X-WebKit-CSP "default-src 'self'; script-src 'self' 'unsafe-inline' overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; object-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com; media-src overpass-api.de *.tile.openstreetmap.org www.youtube-nocookie.com player.vimeo.com www.dailymotion.com"
|
||||||
|
|
||||||
|
#
|
||||||
|
Access-Control-Allow-Methods "GET, POST, OPTIONS"
|
||||||
|
Access-Control-Allow-Origin "*"
|
||||||
|
|
||||||
|
# Disable some features
|
||||||
|
Feature-Policy "accelerometer 'none';autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';notifications 'none';payment 'none';push 'none';speaker 'none';sync-xhr 'none';usb 'none';vibrate 'none';vr 'none'"
|
||||||
|
|
||||||
|
# Cache
|
||||||
|
Cache-Control "private, no-store"
|
||||||
|
Pragma "no-cache"
|
||||||
|
|
||||||
|
# Referer
|
||||||
|
Referrer-Policy "no-referrer"
|
||||||
|
|
||||||
|
# Remove Server header
|
||||||
|
-Server
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy / searx:8080 {
|
||||||
|
except /morty
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy /morty morty:3000 {
|
||||||
|
transparent
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,55 @@
|
||||||
|
version: '3.7'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
caddy:
|
||||||
|
image: abiosoft/caddy:no-stats
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
networks:
|
||||||
|
searx:
|
||||||
|
ipv4_address: 10.10.10.2
|
||||||
|
command: -email ${LETSENCRYPT_EMAIL} -agree=true -log stdout -host ${SEARX_HOSTNAME} -conf /etc/Caddyfile
|
||||||
|
restart: always
|
||||||
|
# -quic=true -http2=true
|
||||||
|
volumes:
|
||||||
|
- ./Caddyfile:/etc/Caddyfile
|
||||||
|
- ./caddy:/root/.caddy
|
||||||
|
|
||||||
|
# filtron:
|
||||||
|
# image: filtron
|
||||||
|
# hostname: filtron
|
||||||
|
# networks:
|
||||||
|
# searx:
|
||||||
|
# ipv4_address: 10.10.10.3
|
||||||
|
|
||||||
|
searx:
|
||||||
|
image: searx
|
||||||
|
hostname: searx
|
||||||
|
networks:
|
||||||
|
searx:
|
||||||
|
ipv4_address: 10.10.10.4
|
||||||
|
volumes:
|
||||||
|
- ./searx:/etc/searx
|
||||||
|
environment:
|
||||||
|
- BASE_URL=http://${SEARX_HOSTNAME}/
|
||||||
|
- MORTY_URL=http://${SEARX_HOSTNAME}/morty/
|
||||||
|
- MORTY_KEY=${MORTY_KEY}
|
||||||
|
|
||||||
|
morty:
|
||||||
|
image: morty
|
||||||
|
hostname: morty
|
||||||
|
networks:
|
||||||
|
searx:
|
||||||
|
ipv4_address: 10.10.10.5
|
||||||
|
command: -listen 10.10.10.5:3000 -key ${MORTY_KEY}
|
||||||
|
environment:
|
||||||
|
- MORTY_KEY=${MORTY_KEY}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
searx:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: 10.10.10.0/24
|
||||||
Loading…
Reference in New Issue