diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2020-01-21 18:38:57 +0100 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarit.de> | 2020-01-21 18:38:57 +0100 |
| commit | d171fcd56ea0444598c6ae6d6d089dd2488bd64d (patch) | |
| tree | 4af18bb016a633c979d2911a463e2715949823e1 /utils | |
| parent | af2f58fc5847756d20741bb4c782f07943b0af60 (diff) | |
| download | searxng-d171fcd56ea0444598c6ae6d6d089dd2488bd64d.tar.gz searxng-d171fcd56ea0444598c6ae6d6d089dd2488bd64d.zip | |
utils/searx.sh: add apache site searx.conf:uwsgi
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/lib.sh | 125 | ||||
| -rwxr-xr-x | utils/searx.sh | 42 | ||||
| -rw-r--r-- | utils/templates/etc/apache2/sites-available/searx.conf:uwsgi | 25 |
3 files changed, 132 insertions, 60 deletions
diff --git a/utils/lib.sh b/utils/lib.sh index 40ecbb92e..b89d4d2f9 100755 --- a/utils/lib.sh +++ b/utils/lib.sh @@ -274,41 +274,65 @@ install_template() { # usage: # - # install_template [--no-eval] {file} [{owner} [{group} [{chmod}]]] + # install_template [--no-eval] [--variant=<name>] \ + # {file} [{owner} [{group} [{chmod}]]] # - # install_template --no-eval /etc/updatedb.conf root root 644 + # E.g. the origin of variant 'raw' of /etc/updatedb.conf is:: + # + # ${TEMPLATES}/etc/updatedb.conf:raw + # + # To install variant 'raw' of /etc/updatedb.conf without evaluated + # replacements you can use:: + # + # install_template --variant=raw --no-eval \ + # /etc/updatedb.conf root root 644 - local do_eval=1 - if [[ "$1" == "--no-eval" ]]; then - do_eval=0; shift - fi - local dst="${1}" - local owner=${2-$(id -un)} - local group=${3-$(id -gn)} - local chmod=${4-644} local _reply="" + local do_eval=1 + local variant="" + local pos_args=("$0") + + for i in "$@"; do + case $i in + --no-eval) do_eval=0; shift ;; + --variant=*) variant=":${i#*=}"; shift ;; + *) pos_args+=("$i") ;; + esac + done - info_msg "install: ${dst}" + local dst="${pos_args[1]}" + local template_origin="${TEMPLATES}${dst}${variant}" + local template_file="${TEMPLATES}${dst}" - if [[ ! -f "${TEMPLATES}${dst}" ]] ; then - err_msg "${TEMPLATES}${dst} does not exists" - err_msg "... can't install $dst / exit installation with error 42" + local owner="${pos_args[2]-$(id -un)}" + local group="${pos_args[3]-$(id -gn)}" + local chmod="${pos_args[4]-644}" + + info_msg "install (eval=$do_eval): ${dst}" + [[ ! -z $variant ]] && info_msg "variant: ${variant}" + + if [[ ! -f "${template_origin}" ]] ; then + err_msg "${template_origin} does not exists" + err_msg "... can't install $dst" wait_key 30 return 42 fi - local template_file="${TEMPLATES}${dst}" if [[ "$do_eval" == "1" ]]; then + template_file="${CACHE}${dst}${variant}" info_msg "BUILD template ${template_file}" - if [[ -f "${TEMPLATES}${dst}" ]] ; then - template_file="${CACHE}${dst}" - mkdir -p "$(dirname "${template_file}")" - # shellcheck disable=SC2086 - eval "echo \"$(cat ${TEMPLATES}${dst})\"" > "${template_file}" + if [[ ! -z ${SUDO_USER} ]]; then + sudo -u "${SUDO_USER}" mkdir -p "$(dirname "${template_file}")" else - err_msg "failed ${template_file}" - return 42 + mkdir -p "$(dirname "${template_file}")" fi + # shellcheck disable=SC2086 + eval "echo \"$(cat ${template_origin})\"" > "${template_file}" + if [[ ! -z ${SUDO_USER} ]]; then + chown "${SUDO_USER}:${SUDO_USER}" "${template_file}" + fi + else + template_file=$template_origin fi mkdir -p "$(dirname "${dst}")" @@ -325,7 +349,7 @@ install_template() { return 0 fi - info_msg "file ${dst} allready exists on this host" + info_msg "diffrent file ${dst} allready exists on this host" while true; do choose_one _reply "choose next step with file $dst" \ @@ -349,7 +373,10 @@ install_template() { echo "// exit with CTRL-D" sudo -H -u "${owner}" -i $DIFF_CMD "${dst}" "${template_file}" - if ask_yn "did you edit ${template_file} to your needs?"; then + echo + echo "did you edit file ..." + printf " ${template_file}" + if ask_yn "... to your needs?"; then break fi ;; @@ -384,21 +411,27 @@ apache_reload() { apache_install_site() { - # usage: apache_install_site [--no-eval] <mysite.conf> + # usage: apache_install_site [<template option> ...] <mysite.conf> + # + # <template option>: see install_template - local no_eval="" - local CONF="$1" + local template_opts=() + local pos_args=("$0") - if [[ "$1" == "--no-eval" ]]; then - no_eval=$1; shift - fi + for i in "$@"; do + case $i in + -*) template_opts+=("$i");; + *) pos_args+=("$i");; + esac + done - # shellcheck disable=SC2086 - install_template $no_eval "${APACHE_SITES_AVAILABE}/${CONF}" root root 644 + install_template "${template_opts[@]}" \ + "${APACHE_SITES_AVAILABE}/${pos_args[1]}" \ + root root 644 - apache_enable_site "${CONF}" + apache_enable_site "${pos_args[1]}" apache_reload - info_msg "installed apache site: ${CONF}" + info_msg "installed apache site: ${pos_args[1]}" } apache_enable_site() { @@ -438,20 +471,24 @@ uWSGI_app_available() { uWSGI_install_app() { - # usage: uWSGI_install_app [--no-eval] <myapp.ini> + # usage: uWSGI_install_app [<template option> ...] <myapp.ini> + # + # <template option>: see install_template - local no_eval="" - local CONF="$1" + for i in "$@"; do + case $i in + -*) template_opts+=("$i");; + *) pos_args+=("$i");; + esac + done - if [[ "$1" == "--no-eval" ]]; then - no_eval=$1; shift - fi + install_template "${template_opts[@]}" \ + "${uWSGI_SETUP}/apps-available/${pos_args[1]}" \ + root root 644 - # shellcheck disable=SC2086 - install_template $no_eval "${uWSGI_SETUP}/apps-available/${CONF}" root root 644 - uWSGI_enable_app "${CONF}" + uWSGI_enable_app "${pos_args[1]}" uWSGI_restart - info_msg "installed uWSGI app: ${CONF}" + info_msg "installed uWSGI app: ${pos_args[1]}" } uWSGI_remove_app() { diff --git a/utils/searx.sh b/utils/searx.sh index a1b1140ed..bd847e549 100755 --- a/utils/searx.sh +++ b/utils/searx.sh @@ -32,8 +32,11 @@ SEARX_SRC="${SERVICE_HOME}/searx-src" SEARX_SETTINGS="${SEARX_SRC}/searx/settings.yml" SEARX_INSTANCE_NAME="${SEARX_INSTANCE_NAME:-searx@$(uname -n)}" SEARX_UWSGI_APP="searx.ini" +SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket" -APACHE_SITE="searx.conf" +# Apache Settings +SEARX_APACHE_URL="/searx" +SEARX_APACHE_SITE="searx.conf" # shellcheck disable=SC2034 CONFIG_FILES=( @@ -55,7 +58,7 @@ usage() { usage: $(basename "$0") shell - $(basename "$0") install [all|user|pyenv|searx-src] + $(basename "$0") install [all|user|pyenv|searx-src|apache] $(basename "$0") update [searx] $(basename "$0") remove [all|user|pyenv|searx-src] $(basename "$0") activate [service] @@ -69,7 +72,8 @@ install / remove all: complete (de-) installation of searx service user: add/remove service user '$SERVICE_USER' at $SERVICE_HOME searx-src: clone $SEARX_GIT_URL - pyenv: create/remove virtualenv (python) in $SEARX_PYENV + pyenv: create/remove virtualenv (python) in $SEARX_PYENV + apache: install apache site for searx-uwsgi app update searx Update searx installation of user ${SERVICE_USER} activate @@ -112,6 +116,7 @@ main() { user) assert_user ;; pyenv) create_pyenv ;; searx-src) clone_searx ;; + apache) install_apache_site ;; *) usage "$_usage"; exit 42;; esac ;; update) @@ -175,16 +180,6 @@ install_all() { else err_msg "URL http://$SEARX_URL not available, check searx & uwsgi setup!" fi - wait_key - if apache_is_installed; then - install_apache_site - wait_key - fi - - # ToDo ... - # test_public_searx - # info_msg "searX --> https://${SEARX_APACHE_DOMAIN}${SEARX_APACHE_URL}" - } update_searx() { @@ -236,6 +231,11 @@ EOF remove_all() { rst_title "De-Install $SERVICE_NAME (service)" + + rst_para "\ +It goes without saying that this script can only be used to remove +installations that were installed with this script." + if ! ask_yn "Do you really want to deinstall $SERVICE_NAME?"; then return fi @@ -491,10 +491,20 @@ show_service() { } install_apache_site() { - rst_title "Install Apache site $APACHE_SITE" section + rst_title "Install Apache site $SEARX_APACHE_SITE" + + rst_para "\ +This installs the searx uwsgi app as apache site. If your server ist public to +the internet you should instead use a reverse proxy (filtron) to block +excessively bot queries." + + ! apache_is_installed && err_msg "Apache is not installed." + + if ! ask_yn "Do you really want to install apache site for searx-uwsgi?"; then + return + fi echo - err_msg "not yet implemented (${APACHE_SITE})"; return 42 - # apache_install_site "${APACHE_SITE}" + apache_install_site --variant=uwsgi "${SEARX_APACHE_SITE}" } # ---------------------------------------------------------------------------- diff --git a/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi b/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi new file mode 100644 index 000000000..4147e8520 --- /dev/null +++ b/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi @@ -0,0 +1,25 @@ +# -*- coding: utf-8; mode: apache -*- + +<IfModule mod_uwsgi.c> + + # SetEnvIf Request_URI "${SEARX_APACHE_URL}" dontlog + # CustomLog /dev/null combined env=dontlog + + <Location ${SEARX_APACHE_URL}> + + <IfModule mod_security2.c> + SecRuleEngine Off + </IfModule> + + Options FollowSymLinks Indexes + SetHandler uwsgi-handler + uWSGISocket ${SEARX_UWSGI_SOCKET} + + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + </Location> + +</IfModule> |