Merge pull request #2618 from thezeroalpha/master

Fix security vulnerabilities in provided nginx configuration
author: Alexandre Flament <alex@al-f.net> 2021-03-04 11:27:03 +0100
committer: GitHub <noreply@github.com> 2021-03-04 11:27:03 +0100
commit: 1d10ae175c0929d383d268f56bfadb304365ccf2 (patch)
tree: 7cee11f8cae196a2764d319f0736cba1877abb4e
parent: 6ba37777f732d0538be342511e68494d75e3627b (diff)
parent: 8736f5bd70dea715717c641df25870c40d4a42b9 (diff)
download: searxng-1d10ae175c0929d383d268f56bfadb304365ccf2.tar.gz
searxng-1d10ae175c0929d383d268f56bfadb304365ccf2.zip
4 files changed, 13 insertions, 13 deletions
diff --git a/docs/admin/filtron.rst b/docs/admin/filtron.rst
index 503a4d51d..41c4a31d6 100644
--- a/docs/admin/filtron.rst
+++ b/docs/admin/filtron.rst
@@ -173,7 +173,7 @@ Use it along with ``nginx`` with the following example configuration.
    location /searx {
        proxy_pass         http://127.0.0.1:4004/;
 
-       proxy_set_header   Host             $http_host;
+       proxy_set_header   Host             $host;
        proxy_set_header   Connection       $http_connection;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
diff --git a/docs/admin/installation-nginx.rst b/docs/admin/installation-nginx.rst
index 430ebbcce..97966c8c4 100644
--- a/docs/admin/installation-nginx.rst
+++ b/docs/admin/installation-nginx.rst
@@ -182,7 +182,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
 	 location /searx {
 	     proxy_pass         http://127.0.0.1:4004/;
 
-	     proxy_set_header   Host             $http_host;
+	     proxy_set_header   Host             $host;
 	     proxy_set_header   Connection       $http_connection;
 	     proxy_set_header   X-Real-IP        $remote_addr;
 	     proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
@@ -190,8 +190,8 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
 	     proxy_set_header   X-Script-Name    /searx;
 	 }
 
-	 location /searx/static {
-	     alias /usr/local/searx/searx-src/searx/static;
+	 location /searx/static/ {
+	     alias /usr/local/searx/searx-src/searx/static/;
 	 }
 
 
@@ -205,7 +205,7 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
 	 location /morty {
              proxy_pass         http://127.0.0.1:3000/;
 
-             proxy_set_header   Host             $http_host;
+             proxy_set_header   Host             $host;
              proxy_set_header   Connection       $http_connection;
              proxy_set_header   X-Real-IP        $remote_addr;
              proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
@@ -309,8 +309,8 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
              proxy_buffering off;
          }
 
-         location /searx/static {
-             alias /usr/local/searx/searx-src/searx/static;
+         location /searx/static/ {
+             alias /usr/local/searx/searx-src/searx/static/;
          }
 
       The ``X-Script-Name /searx`` is needed by the searx implementation to
@@ -328,8 +328,8 @@ Started wiki`_ is always a good resource *to keep in the pocket*.
              uwsgi_pass unix:/run/uwsgi/app/searx/socket;
          }
 
-         location /searx/static {
-             alias /usr/local/searx/searx-src/searx;
+         location /searx/static/ {
+             alias /usr/local/searx/searx-src/searx/;
          }
 
       For searx to work correctly the ``base_url`` must be set in the
diff --git a/utils/templates/etc/nginx/default.apps-available/morty.conf b/utils/templates/etc/nginx/default.apps-available/morty.conf
index e7ffa27e2..51f083985 100644
--- a/utils/templates/etc/nginx/default.apps-available/morty.conf
+++ b/utils/templates/etc/nginx/default.apps-available/morty.conf
@@ -3,7 +3,7 @@
 location /morty {
     proxy_pass         http://127.0.0.1:3000/;
 
-    proxy_set_header   Host             \$http_host;
+    proxy_set_header   Host             \$host;
     proxy_set_header   Connection       \$http_connection;
     proxy_set_header   X-Real-IP        \$remote_addr;
     proxy_set_header   X-Forwarded-For  \$proxy_add_x_forwarded_for;
diff --git a/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron b/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron
index d3137e42d..a89aa38b3 100644
--- a/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron
+++ b/utils/templates/etc/nginx/default.apps-available/searx.conf:filtron
@@ -3,7 +3,7 @@
 location ${SEARX_URL_PATH} {
     proxy_pass         http://127.0.0.1:4004/;
 
-    proxy_set_header   Host             \$http_host;
+    proxy_set_header   Host             \$host;
     proxy_set_header   Connection       \$http_connection;
     proxy_set_header   X-Real-IP        \$remote_addr;
     proxy_set_header   X-Forwarded-For  \$proxy_add_x_forwarded_for;
@@ -11,6 +11,6 @@ location ${SEARX_URL_PATH} {
     proxy_set_header   X-Script-Name    ${SEARX_URL_PATH};
 }
 
-location ${SEARX_URL_PATH}/static {
-    alias ${SEARX_SRC}/searx/static;
+location ${SEARX_URL_PATH}/static/ {
+    alias ${SEARX_SRC}/searx/static/;
 }
author	Alexandre Flament <alex@al-f.net>	2021-03-04 11:27:03 +0100
committer	GitHub <noreply@github.com>	2021-03-04 11:27:03 +0100
commit	1d10ae175c0929d383d268f56bfadb304365ccf2 (patch)
tree	7cee11f8cae196a2764d319f0736cba1877abb4e
parent	6ba37777f732d0538be342511e68494d75e3627b (diff)
parent	8736f5bd70dea715717c641df25870c40d4a42b9 (diff)
download	searxng-1d10ae175c0929d383d268f56bfadb304365ccf2.tar.gz searxng-1d10ae175c0929d383d268f56bfadb304365ccf2.zip