Commit Graph

3021 Commits

Author SHA1 Message Date
Robin Schneider a1d9c81915
Fix Nginx subdir URL install docs which allowed download of settings.yml
Closes: #1617

There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:

```nginx
root /usr/local/searx;

location = /searx { rewrite ^ /searx/; }
        try_files $uri @searx;
}
location @searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_modifier1 30;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that  `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).

To fix this, I propose:

```nginx
location = /searx {
        rewrite ^ /searx/;
}

location /searx/static {
}

location /searx {
        uwsgi_param SCRIPT_NAME /searx;
        include uwsgi_params;
        uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```

And add

```
route-run = fixpathinfo:
```

to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action

I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).

https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:

> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
2019-12-31 14:24:27 +01:00
Markus Heiser f602cb8e4d docs(admin): moved settings description from wiki to docs
Move wiki entry https://github.com/asciimoo/searx/wiki/settings.yml
into admin section of the docs (#1785).

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 21:56:09 +01:00
Markus Heiser f9be534b2a docs(dev): fix minor markup typos
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 21:55:15 +01:00
Markus Heiser 10997a01e0 docs(admin): add weight & disabled cols to engine table
BTW: remove internal suspend_end_time

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-30 20:29:37 +01:00
Markus Heiser 754a10c1c1
Merge pull request #1661 from 0xhtml/fix-engine-spotify
Fix engine spotify

As you can read here https://developer.spotify.com/documentation/web-api/#authentication all requests to the spotify api require authentication. You can not test the api without credentials.
2019-12-30 07:44:31 +01:00
Markus Heiser 36e72a4619
Merge branch 'master' into fix-engine-spotify 2019-12-29 09:47:06 +01:00
Markus Heiser f6d66c0f6f
Merge pull request #1776 from return42/makefile-doc
doc: describe Makefile targets & add reST primer
2019-12-28 13:55:20 +01:00
Markus Heiser b91e07bbf1 docs(css): render HTML rst-example slightly more discreet
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:26:24 +01:00
Markus Heiser d1892b2112 docs(admin): add article 'Buildhosts' with system requirements
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:25:16 +01:00
Markus Heiser d6f2802e4b docs(dev): add more markups to reST primer
- Literal blocks
- Unicode substitution
- Horizontal list
- Math equations

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-28 01:01:11 +01:00
Markus Heiser 92afe68d65 doc(dev): reST/sphinx add tabbed views extension (sphinx_tabs.tabs)
See issue #1785:

  idea: in the doc, provide installation instructions with one tab per
  distrubution

preview (don't bookmark):

  https://return42.github.io/searx/dev/reST.html#tabbed-views

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-26 10:26:12 +01:00
Markus Heiser 62505f8982 docs(dev): add refs to to gitmoji and Semantic PR in contrib section
preview (don't bookmark):

  https://return42.github.io/searx/dev/contribution_guide.html#code

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-25 09:57:21 +01:00
Mathieu Brunot 359c18f9e6
Merge branch 'master' into docker/opencontainers 2019-12-24 21:38:07 +01:00
Markus Heiser 4ca8b69c81 doc(dev): add remarks about creating good commits (messages)
preview (don't bookmark):

  https://return42.github.io/searx/dev/contribution_guide.html#code

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-24 18:48:23 +01:00
Markus Heiser 5eb8cf4ebb Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc 2019-12-24 18:00:24 +01:00
Markus Heiser a52a638ba8
Merge pull request #1701 from CaffeinatedTech/patch-1
Update README.rst

for the future: please select meaningful commit messages. Here is a good summarize how a useful commit messages looks like: https://www.conventionalcommits.org/en/v1.0.0-beta.2/#summary

Further read: https://wiki.openstack.org/wiki/GitCommitMessages#Information_in_commit_messages
2019-12-24 17:56:24 +01:00
Markus Heiser ecb054a7a0
Merge branch 'master' into patch-1 2019-12-24 17:45:13 +01:00
Markus Heiser 5a0a66e9bc
Merge pull request #1615 from Nachtalb/ne/fix-infinite_scroll-with-vim_bindings
Fix not jumping to results loaded by infinite scroll
2019-12-24 17:34:33 +01:00
Markus Heiser 38dad2e8e3
Merge branch 'master' into ne/fix-infinite_scroll-with-vim_bindings 2019-12-24 15:42:05 +01:00
Markus Heiser a395fb4a8d
Merge pull request #1694 from finn0/libgen
Fix broken Library Gensis Engine
2019-12-24 13:37:29 +01:00
Markus Heiser fb668e2075
Merge branch 'master' into libgen 2019-12-24 13:33:07 +01:00
Markus Heiser 46dd51afad
Merge branch 'master' into makefile-doc 2019-12-24 12:27:36 +01:00
Markus Heiser 6d232e9b69
Merge pull request #1787 from finn0/fix/infobox
[Fix] oscar: no HTML escaping prior to output
2019-12-24 11:37:33 +01:00
Vipul 8bea927bb0 [Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-24 15:11:48 +05:30
Markus Heiser 70f7142824
Merge branch 'master' into bug/oscar-theme 2019-12-23 18:47:23 +01:00
Markus Heiser 07c8ca87e6
Merge branch 'master' into makefile-doc 2019-12-23 13:58:53 +00:00
Markus Heiser 3e14bf4d27
Merge pull request #1686 from MarcAbonce/wiki_infobox_fixes
Infobox fixes
2019-12-23 12:31:31 +00:00
Markus Heiser c8645d6e37 doc: reST-primer -- imrpove desription of definition lists
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-23 09:37:51 +01:00
Markus Heiser d3e4e81faf makefile.sphinx: fix gh-pages / pull before add commits
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:28:07 +01:00
Markus Heiser 90174e215c doc: add plugin section to admin section (template)
- Plugins configured at built time (defaults)

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 23:26:06 +01:00
Vipul f407dd8ef4
Switch to https for some domains 2019-12-22 13:39:00 +00:00
Markus Heiser 31db843c9c doc: CSS - fix alignment of code block in figure blocks
BTW: minor profread of reST.rst

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:08:57 +01:00
Markus Heiser aa3b0265e7 doc: add 'Architecture' article to admin section
Herein we add some hints and suggestions about typical architectures of
searx infrastructures.  We start with a contribution from @dalf

- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320

thanks @dalf !!

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 14:05:33 +01:00
Vipul ee6781d777
[Fix] Libgen engine
Libgen has switched to new domain (i.e https://libgen.is) with TLS
support and older domain (i.e. http://libgen.io) is no longer
accessible. See, https://en.wikipedia.org/wiki/Library_Genesis, for more
information.

Resolves: #1693
2019-12-22 13:04:46 +00:00
Markus Heiser 5bdca1a5bf doc: improved HTML table layout (CSS)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-22 11:46:03 +01:00
Markus Heiser aea4667fbc Merge branch 'master' of https://github.com/asciimoo/searx into makefile-doc 2019-12-22 10:12:33 +01:00
Marc Abonce Seguin 495ae59b31 hide suggestions box if empty
This bug happens only in python3
because map returns an iterator.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin 5706c12fba remove empty parenthesis in wikipedia's summary
They're usually IPA pronunciations which are removed
by the API.
2019-12-21 22:47:08 -06:00
Marc Abonce Seguin c18048e045 exclude disambiguation pages from wikipedia infobox 2019-12-21 22:47:08 -06:00
Vipul 6a5aae6530
[Fix] oscar: no HTML escaping prior to output
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.

This change addresses the issue by using "safe" filter feature provided by
Django. See,
  - https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
  - Searx issue tracker (issue #1649), for more information.

Resolves: #1649
2019-12-22 02:27:45 +00:00
Vipul 36ca2dcc56
[Fix] oscar: move info box at top of the page
In low width devices like mobile, tablet etc, info box is present at
bottom of the page.

This change addresses the issue by rearranging column grids for low
width devices and move side bar at top of the page. See
  - https://getbootstrap.com/docs/3.3/css/#grid-column-ordering.
  - and Searx issue tracker (issue#1777), for more information.

Effect: Along with Info, Suggestion and Link boxes also move to top of
the page.

Resolves: #1777
2019-12-22 02:27:42 +00:00
Adam Tauber 34ad3d6b34 [enh] display error message if gigablast extra param expired 2019-12-21 21:25:50 +01:00
Adam Tauber 52ccaa7acc [mod] remove useless engine unit tests
These tests are not able to detect engine errors if the upstream
site changes.
2019-12-21 21:15:09 +01:00
Adam Tauber fc457569f7 [fix] pep8 2019-12-21 21:13:43 +01:00
Adam Tauber 00512e36c1 [fix] handle empty response from wikipedia engine - closes #1114 2019-12-21 21:01:08 +01:00
Adam Tauber f8713512be [fix] convert byte query to string in osm engine - fixes #1220 2019-12-21 20:56:38 +01:00
Adam Tauber e5305f886c [fix] fetch extra search param of gigablast - fixes #1293 2019-12-21 20:51:30 +01:00
Adam Tauber 8850036ded [fix] add explicit useragent header to requests - closes #1459 2019-12-21 20:25:39 +01:00
Markus Heiser d1154202bc doc: add reST templating // incl. generic engine tabe
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-21 17:13:38 +01:00
Markus Heiser c2b9aa0c2f docs: reST-primer describe table markup (WIP)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2019-12-20 20:39:14 +01:00