Update Docker image

See #1561 , use uwsgi and Alpine Linux

Volume:
/var/log/uwsgi contains error log for 2 days (file uwsgi.log)
/etc/searx contains the settings.yml and uwsgi.ini files.
The docker image creates them if they don't exist.
The two files can be modified after the first run. See below.

Environement variables:
MORTY_URL : external URL of Morty
MORTY_KEY : base64 encoded key
BASE_URL : external URL of Searx
BIND_ADDRESS : internal HTTP port to listen to

Labels : org.label-schema.schema.*

Parameters:
-h : display this help
-d : will update the settings and quit immediately (settings.yml and uwsgi.ini)
-f : always update the settings (previous version saved with suffix .old).
     without this parameter, the new settings are copied with suffix .new

When the Docker image contains newer settings:
- without -f parameter: the new versions are copied to /etc/searx/settings.yml.new and /etc/searx/uwsgi.ini.new.
- with -f parameter:  the old versions are renamed with .old suffix. The new version replaces /etc/searx/settings.yml and /etc/searx/uwsgi.ini

Build using "./manage.sh docker_build", add "push" as parameter also push the Docker image.
The script requires a git repository to work (it makes sure that the last git tag matches searx/version.py)
"git describe" is used to create a meaningful version.
Example : 0.15.0-90-49c5bcb4-dirty (dirty means that the docker image was made with uncommited changes).

Use "docker inspect -f {{.Config.Labels.version}} searx" to get the version of an existing image.

.dockerignore based on .gitignore

.travis.yml: include docker stage

1 files changed, 61 insertions, 41 deletions

diff --git a/Dockerfile b/Dockerfile
index 95e21813f..03c4b76a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,57 +1,77 @@
-FROM alpine:3.8
-LABEL maintainer="searx <https://github.com/asciimoo/searx>"
-LABEL description="A privacy-respecting, hackable metasearch engine."
+FROM alpine:3.10
+
+ARG VERSION_GITCOMMIT=unknow
+ARG SEARX_GIT_VERSION=unknow
+
+ARG SEARX_GID=1000
+ARG SEARX_UID=1000
+
+ARG TIMESTAMP_SETTINGS=0
+ARG TIMESTAMP_UWSGI=0
+ARG LABEL_VCS_REF=
+ARG LABEL_VCS_URL=
+
+ENV BASE_URL= \
+    MORTY_KEY= \
+    MORTY_URL=
+EXPOSE 8080
+VOLUME /etc/searx
+VOLUME /var/log/uwsgi
 
-ENV BASE_URL=False IMAGE_PROXY=False HTTP_PROXY_URL= HTTPS_PROXY_URL=
-EXPOSE 8888
 WORKDIR /usr/local/searx
-CMD ["/sbin/tini","--","/usr/local/searx/run.sh"]
-
-RUN adduser -D -h /usr/local/searx -s /bin/sh searx searx \
- && echo '#!/bin/sh' >> run.sh \
- && echo 'sed -i "s|base_url : False|base_url : $BASE_URL|g" searx/settings.yml' >> run.sh \
- && echo 'sed -i "s/image_proxy : False/image_proxy : $IMAGE_PROXY/g" searx/settings.yml' >> run.sh \
- && echo 'sed -i "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml' >> run.sh \
- && echo 'if [ -n "$HTTP_PROXY_URL" ] || [ -n "$HTTPS_PROXY_URL" ]; then' >> run.sh \
- && echo '  sed -i "s~^#    proxies :~    proxies:\\n      http: ${HTTP_PROXY_URL}\\n      https: ${HTTPS_PROXY_URL}\\n~" searx/settings.yml' >> run.sh \
- && echo 'fi' >> run.sh \
- && echo 'python searx/webapp.py' >> run.sh \
- && chmod +x run.sh
+
+RUN addgroup -g ${SEARX_GID} searx && \
+    adduser -u ${SEARX_UID} -D -h /usr/local/searx -s /bin/sh -G searx searx
 
 COPY requirements.txt ./requirements.txt
 
-RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
- && apk -U add \
-    build-base \
-    python \
-    python-dev \
-    py-pip \
-    libxml2 \
-    libxml2-dev \
-    libxslt \
-    libxslt-dev \
-    libffi-dev \
-    openssl \
-    openssl-dev \
-    ca-certificates \
-    tini@commuedge \
- && pip install --upgrade pip \
- && pip install --no-cache -r requirements.txt \
- && apk del \
+RUN apk -U upgrade \
+ && apk add -t build-dependencies \
     build-base \
-    python-dev \
+    py3-setuptools \
+    python3-dev \
     libffi-dev \
-    openssl-dev \
     libxslt-dev \
     libxml2-dev \
     openssl-dev \
+    tar \
+    git \
+ && apk add \
     ca-certificates \
+    su-exec \
+    python3 \
+    libxml2 \
+    libxslt \
+    openssl \
+    tini \
+    uwsgi \
+    uwsgi-python3 \
+ && pip3 install --upgrade pip \
+ && pip3 install --no-cache -r requirements.txt \
+ && apk del build-dependencies \
  && rm -f /var/cache/apk/*
 
-COPY . .
+COPY --chown=searx:searx . .
 
-RUN chown -R searx:searx *
+RUN su searx -c "/usr/bin/python3 -m compileall -q searx"; \
+    touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml; \
+    touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini; \
+    if [ ! -z $VERSION_GITCOMMIT ]; then\
+      echo "VERSION_STRING = VERSION_STRING + \"-$VERSION_GITCOMMIT\"" >> /usr/local/searx/searx/version.py; \
+    fi
 
-USER searx
+ENTRYPOINT ["/sbin/tini","--","/usr/local/searx/dockerfiles/docker-entrypoint.sh"]
 
-RUN sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml
+# Keep this argument at the end since it change each time
+ARG LABEL_DATE=
+LABEL maintainer="searx <https://github.com/asciimoo/searx>" \
+      description="A privacy-respecting, hackable metasearch engine." \
+      version="${SEARX_GIT_VERSION}" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.name="searx" \
+      org.label-schema.schema-version="${SEARX_GIT_VERSION}" \
+      org.label-schema.url="${LABEL_VCS_URL}" \
+      org.label-schema.vcs-ref=${LABEL_VCS_REF} \
+      org.label-schema.vcs-url=${LABEL_VCS_URL} \
+      org.label-schema.build-date="${LABEL_DATE}" \
+      org.label-schema.usage="https://github.com/searx/searx-docker"