.. _installation apache: =================== Install with apache =================== .. _Apache: https://httpd.apache.org/ .. _Apache Debian: https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout#DistrosDefaultLayout-Debian,Ubuntu(Apachehttpd2.x): .. _README.Debian: https://salsa.debian.org/apache-team/apache2/raw/master/debian/apache2.README.Debian .. _Apache Arch Linux: https://wiki.archlinux.org/index.php/Apache_HTTP_Server .. _Apache Fedora: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-apache-http-server/index.html .. _Apache directives: https://httpd.apache.org/docs/trunk/mod/directives.html .. _Getting Started: https://httpd.apache.org/docs/current/en/getting-started.html .. _Terms Used to Describe Directives: https://httpd.apache.org/docs/current/en/mod/directive-dict.html .. _Configuration Files: https://httpd.apache.org/docs/current/en/configuring.html .. _ProxyPreserveHost: https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypreservehost .. _LoadModule: https://httpd.apache.org/docs/2.4/mod/mod_so.html#loadmodule .. _DocumentRoot: https://httpd.apache.org/docs/trunk/mod/core.html#documentroot .. _Location: https://httpd.apache.org/docs/trunk/mod/core.html#location .. _uWSGI Apache support: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html .. _mod_proxy_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi .. sidebar:: further read - `Apache Arch Linux`_ - `Apache Debian`_ and `README.Debian`_ - `Apache Fedora`_ - `Apache directives`_ .. contents:: Contents :depth: 2 :local: :backlinks: entry ---- **Install** :ref:`apache searx site` using :ref:`filtron.sh ` .. code:: bash $ sudo -H ./utils/filtron.sh apache install **Install** :ref:`apache searx site` using :ref:`morty.sh ` .. code:: bash $ sudo -H ./utils/morty.sh apache install ---- The apache HTTP server ====================== If Apache_ is not installed, install it now. If apache_ is new to you, the `Getting Started`_, `Configuration Files`_ and `Terms Used to Describe Directives`_ documentation gives first orientation. There is also a list of `Apache directives`_ *to keep in the pocket*. .. tabs:: .. group-tab:: Ubuntu / debian .. code:: sh sudo -H apt-get install apache2 .. group-tab:: Arch Linux .. code:: sh sudo -H pacman -S apache sudo -H systemctl enable httpd sudo -H systemctl start http .. group-tab:: Fedora / RHEL .. code:: sh sudo -H dnf install httpd sudo -H systemctl enable httpd sudo -H systemctl start httpd Now at http://localhost you should see any kind of *Welcome* or *Test* page. How this default intro site is configured, depends on the linux distribution (compare `Apache directives`_). .. tabs:: .. group-tab:: Ubuntu / debian .. code:: sh less /etc/apache2/sites-enabled/000-default.conf In this file, there is a line setting the `DocumentRoot`_ directive: .. code:: apache DocumentRoot /var/www/html And the *welcome* page is the HTML file at ``/var/www/html/index.html``. .. group-tab:: Arch Linux .. code:: sh less /etc/httpd/conf/httpd.conf In this file, there is a line setting the `DocumentRoot`_ directive: .. code:: apache DocumentRoot "/srv/http" Options Indexes FollowSymLinks AllowOverride None Require all granted The *welcome* page of Arch Linux is a page showing directory located at ``DocumentRoot``. This is *directory* page is generated by the Module `mod_autoindex `_: .. code:: apache LoadModule autoindex_module modules/mod_autoindex.so ... Include conf/extra/httpd-autoindex.conf .. group-tab:: Fedora / RHEL .. code:: sh less /etc/httpd/conf/httpd.conf In this file, there is a line setting the ``DocumentRoot`` directive: .. code:: apache DocumentRoot "/var/www/html" ... AllowOverride None # Allow open access: Require all granted On fresh installations, the ``/var/www`` is empty and the *default welcome page* is shown, the configuration is located at:: less /etc/httpd/conf.d/welcome.conf .. _apache searx site: Apache Reverse Proxy ==================== .. sidebar:: public to the internet? If your SearXNG instance is public, stop here and first install :ref:`filtron reverse proxy ` and :ref:`result proxy morty `, see :ref:`installation scripts`. If already done, follow setup: *SearXNG via filtron plus morty*. To setup a Apache revers proxy you have to enable the *headers* and *proxy* modules and create a `Location`_ configuration for the SearXNG site. In most distributions you have to un-comment the lines in the main configuration file, except in :ref:`The Debian Layout`. .. tabs:: .. group-tab:: Ubuntu / debian In the Apache setup, enable headers and proxy modules: .. code:: sh sudo -H a2enmod headers sudo -H a2enmod proxy sudo -H a2enmod proxy_http In :ref:`The Debian Layout` you create a ``searx.conf`` with the ```` directive and save this file in the *sites available* folder at ``/etc/apache2/sites-available``. To enable the ``searx.conf`` use :man:`a2ensite`: .. code:: sh sudo -H a2ensite searx.conf .. group-tab:: Arch Linux In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy modules (LoadModule_): .. code:: apache FIXME needs test LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so .. group-tab:: Fedora / RHEL In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy modules (LoadModule_): .. code:: apache FIXME needs test LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the proxied host. .. _apache searx via filtron plus morty: .. tabs:: .. group-tab:: SearXNG via filtron plus morty Use this setup, if your instance is public to the internet, compare figure: :ref:`architecture ` and :ref:`installation scripts`. 1. Configure a reverse proxy for :ref:`filtron `, listening on *localhost 4004* (:ref:`filtron route request`): .. code:: apache # SetEnvIf Request_URI "/searx" dontlog # CustomLog /dev/null combined env=dontlog Require all granted Order deny,allow Deny from all #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all ProxyPreserveHost On ProxyPass http://127.0.0.1:4004 RequestHeader set X-Script-Name /searx 2. Configure reverse proxy for :ref:`morty `, listening on *localhost 3000* .. code:: apache ProxyPreserveHost On # SetEnvIf Request_URI "/morty" dontlog # CustomLog /dev/null combined env=dontlog Require all granted Order deny,allow Deny from all #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all ProxyPass http://127.0.0.1:3000 RequestHeader set X-Script-Name /morty For a fully result proxification add :ref:`morty's ` **public URL** to your :origin:`searx/settings.yml`: .. code:: yaml result_proxy: # replace example.org with your server's public name url : https://example.org/morty key : !!binary "insert_your_morty_proxy_key_here" server: image_proxy : True uWSGI support ============= Be warned, with this setup, your instance isn't :ref:`protected `, nevertheless it is good enough for intranet usage. In modern Linux distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache package and you need to install only the :ref:`uWSGI ` package: .. tabs:: .. group-tab:: Ubuntu / debian .. code:: sh sudo -H apt-get install uwsgi # Ubuntu =< 18.04 sudo -H apt-get install libapache2-mod-proxy-uwsgi .. group-tab:: Arch Linux .. code:: sh sudo -H pacman -S uwsgi .. group-tab:: Fedora / RHEL .. code:: sh sudo -H dnf install uwsgi The next example shows a configuration using the `uWSGI Apache support`_ via unix sockets and `mod_proxy_uwsgi`_. For socket communication, you have to activate ``socket = /run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` configuration in your :ref:`uwsgi ini file `. If not already exists, create a folder for the unix sockets, which can be used by the searx account (see :ref:`create searx user`): .. code:: bash sudo -H mkdir -p /run/uwsgi/app/searx/ sudo -H chown -R searx:searx /run/uwsgi/app/searx/ If the server is public; to limit access to your intranet replace ``Allow from all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class. .. tabs:: .. group-tab:: Ubuntu / debian .. code:: apache LoadModule headers_module /usr/lib/apache2/mod_headers.so LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so # SetEnvIf Request_URI /searx dontlog # CustomLog /dev/null combined env=dontlog Require all granted Order deny,allow Deny from all # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all ProxyPreserveHost On ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ .. group-tab:: Arch Linux .. code:: apache FIXME needs test LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so # SetEnvIf Request_URI /searx dontlog # CustomLog /dev/null combined env=dontlog Require all granted Order deny,allow Deny from all # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all ProxyPreserveHost On ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ .. group-tab:: Fedora / RHEL .. code:: apache FIXME needs test LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so # SetEnvIf Request_URI /searx dontlog # CustomLog /dev/null combined env=dontlog Require all granted Order deny,allow Deny from all # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all ProxyPreserveHost On ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ .. group-tab:: old mod_wsgi We show this only for historical reasons, DON'T USE `mod_uwsgi `_. ANYMORE! .. code:: apache # SetEnvIf Request_URI "/searx" dontlog # CustomLog /dev/null combined env=dontlog Require all granted Options FollowSymLinks Indexes SetHandler uwsgi-handler uWSGISocket /run/uwsgi/app/searx/socket Order deny,allow Deny from all # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all .. _restart apache: Restart service =============== .. tabs:: .. group-tab:: Ubuntu / debian .. code:: sh sudo -H systemctl restart apache2 sudo -H service uwsgi restart searx .. group-tab:: Arch Linux .. code:: sh sudo -H systemctl restart httpd sudo -H systemctl restart uwsgi@searx .. group-tab:: Fedora / RHEL .. code:: sh sudo -H systemctl restart httpd sudo -H touch /etc/uwsgi.d/searxng.ini disable logs ============ For better privacy you can disable Apache logs. In the examples above activate one of the lines and `restart apache`_:: # SetEnvIf Request_URI "/searx" dontlog # CustomLog /dev/null combined env=dontlog The ``CustomLog`` directive disable logs for the whole (virtual) server, use it when the URL of the service does not have a path component (``/searx``) / is located at root (``/``). .. _The Debian Layout: The Debian Layout ================= Be aware that the Debian layout is quite different from the standard Apache configuration. For details look at the README.Debian_ (``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on Debian: * :man:`apache2ctl`: Apache HTTP server control interface * :man:`a2enmod`, :man:`a2dismod`: switch on/off modules * :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations * :man:`a2ensite`, :man:`a2dissite`: switch on/off sites