Commit Graph

14 Commits

Author SHA1 Message Date
Robin Schneider 3e5a3ee4e4
Let Nginx deliver static files directory in all examples 2019-12-31 14:43:14 +01:00
Robin Schneider 088337295a
Simply Nginx example by using alias directive for subdirectory URL
We explicitly specific the static directory here using alias to allow to
host from a other subdirectory than "searx" which just so happens to
match the source code directory.
2019-12-31 14:41:27 +01:00
Robin Schneider a1d9c81915
Fix Nginx subdir URL install docs which allowed download of settings.yml
Closes: #1617

There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:

```nginx
root /usr/local/searx;

location = /searx { rewrite ^ /searx/; }
        try_files $uri @searx;
}
location @searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_modifier1 30;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that  `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).

To fix this, I propose:

```nginx
location = /searx {
        rewrite ^ /searx/;
}

location /searx/static {
}

location /searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

And add

```
route-run = fixpathinfo:
```

to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action

I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).

https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:

> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Markus Heiser d1892b2112 docs(admin): add article 'Buildhosts' with system requirements
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:25:16 +01:00
Markus Heiser 90174e215c doc: add plugin section to admin section (template)
- Plugins configured at built time (defaults)

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:26:06 +01:00
Markus Heiser aa3b0265e7 doc: add 'Architecture' article to admin section
Herein we add some hints and suggestions about typical architectures of
searx infrastructures.  We start with a contribution from @dalf

- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320

thanks @dalf !!

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:05:33 +01:00
Markus Heiser d1154202bc doc: add reST templating // incl. generic engine tabe
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-21 17:13:38 +01:00
Markus Heiser 04eeeb53a1 doc: moved reST sources in the right folder (much clearer)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-12 19:48:42 +01:00
Markus Heiser e9fff4fde6 doc: proofread of the all reST sources (no content change)
Normalize reST sources with best practice and KISS in mind.

to name a few points:

- simplify reST tables
- make use of ``literal`` markup for monospace rendering
- fix code-blocks for better rendering in HTML
- normalize section header markup
- limit all lines to a maximum of 79 characters
- add option -H to the sudo command used in code blocks
- drop useless indentation of lists
- ...

[1] https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-12 19:20:56 +01:00
Markus Heiser 0a7479f194 doc: [fix] WARNING: Could not lex literal_block as "json"
docs/admin/filtron.rst:24: \
   WARNING: Could not lex literal_block as "json". Highlighting skipped.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-12 13:24:18 +01:00
Adam Tauber 6cc9f56949 [enh] add morty documentation 2017-08-08 15:23:17 +02:00
Noémi Ványi dca4d276a4 add sample config of filtron 2016-10-30 01:01:22 +02:00
Noémi Ványi 013139b036 add embedded search to docs 2016-09-06 18:16:29 +02:00
Noemi Vanyi 2ad8715b32 better API docs && more features in list 2016-07-09 22:31:21 +02:00