summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/utils/index.rst16
-rw-r--r--docs/utils/lxc.sh.rst6
-rwxr-xr-xutils/filtron.sh7
-rwxr-xr-xutils/lib.sh61
-rwxr-xr-xutils/lxc.sh1
-rwxr-xr-xutils/morty.sh14
-rwxr-xr-xutils/searx.sh10
-rw-r--r--utils/templates/etc/httpd/sites-available/morty.conf2
-rw-r--r--utils/templates/etc/httpd/sites-available/searx.conf:filtron2
-rw-r--r--utils/templates/etc/uwsgi/apps-archlinux/searx.ini4
-rw-r--r--utils/templates/etc/uwsgi/apps-archlinux/searx.ini:socket80
-rw-r--r--utils/templates/etc/uwsgi/apps-available/searx.ini4
-rw-r--r--utils/templates/etc/uwsgi/apps-available/searx.ini:socket79
13 files changed, 262 insertions, 24 deletions
diff --git a/docs/utils/index.rst b/docs/utils/index.rst
index 088586e43..13914af28 100644
--- a/docs/utils/index.rst
+++ b/docs/utils/index.rst
@@ -19,20 +19,28 @@ developers.
.. _toolboxing common:
-Common commands
-===============
+Common commands & environment
+=============================
Scripts to maintain services often dispose of common commands and environments.
-``shell``:
+``shell`` : command
Opens a shell from the service user ``${SERVICE_USSR}``, very helpful for
troubleshooting.
-``inspect service``:
+``inspect service`` : command
Shows status and log of the service, most often you have a option to enable
more verbose debug logs. Very helpful for debugging, but be careful not to
enable debugging in a production environment!
+``FORCE_TIMEOUT`` : environment
+ Sets timeout for interactive prompts. If you want to run a script in batch
+ job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a
+ reverse proxy for filtron on all containers of the :ref:`searx suite
+ <lxc-searx.env>` use ::
+
+ sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh apache install
+
.. _toolboxing setup:
Tooling box setup
diff --git a/docs/utils/lxc.sh.rst b/docs/utils/lxc.sh.rst
index fcddfb340..44ab79030 100644
--- a/docs/utils/lxc.sh.rst
+++ b/docs/utils/lxc.sh.rst
@@ -88,7 +88,11 @@ WEB-Browser::
[searx-fedora31] INFO: (eth0) filtron: http://n.n.n.18:4004/
[searx-archlinux] INFO: (eth0) filtron: http://n.n.n.12:4004/
-
+To install a reverse proxy for filtron and morty use::
+
+ sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh apache install
+ sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/morty.sh apache install
+
Running commands
================
diff --git a/utils/filtron.sh b/utils/filtron.sh
index 0fbf74787..d24b6c39e 100755
--- a/utils/filtron.sh
+++ b/utils/filtron.sh
@@ -23,7 +23,6 @@ FILTRON_URL_PATH="${FILTRON_URL_PATH:-$(echo "${PUBLIC_URL}" \
[[ "${FILTRON_URL_PATH}" == "${PUBLIC_URL}" ]] && FILTRON_URL_PATH=/
FILTRON_ETC="/etc/filtron"
-
FILTRON_RULES="$FILTRON_ETC/rules.json"
FILTRON_API="${FILTRON_API:-127.0.0.1:4005}"
@@ -447,7 +446,8 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_FILTRON_SIT
install_apache
fi
- echo
+ "${REPO_ROOT}/utils/searx.sh" install uwsgi
+
apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}"
info_msg "testing public url .."
@@ -465,11 +465,12 @@ This removes apache site ${APACHE_FILTRON_SITE}."
! apache_is_installed && err_msg "Apache is not installed."
- if ! ask_yn "Do you really want to continue?"; then
+ if ! ask_yn "Do you really want to continue?" Yn; then
return
fi
apache_remove_site "$APACHE_FILTRON_SITE"
+
}
rst-doc() {
diff --git a/utils/lib.sh b/utils/lib.sh
index 2c0c179bb..a032d0465 100755
--- a/utils/lib.sh
+++ b/utils/lib.sh
@@ -389,7 +389,7 @@ install_template() {
local chmod="${pos_args[4]-644}"
info_msg "install (eval=$do_eval): ${dst}"
- [[ -n $variant ]] && info_msg "variant: ${variant}"
+ [[ -n $variant ]] && info_msg "variant --> ${variant}"
if [[ ! -f "${template_origin}" ]] ; then
err_msg "${template_origin} does not exists"
@@ -777,6 +777,7 @@ apache_dissable_site() {
ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}"
;;
esac
+ apache_reload
}
# uWSGI
@@ -846,7 +847,7 @@ uWSGI_restart() {
if uWSGI_app_available "${CONF}"; then
systemctl restart "uwsgi@${CONF%.*}"
else
- info_msg "in systemd template mode: ${CONF} not installed (nothing to restart)"
+ info_msg "[uWSGI:systemd-template] ${CONF} not installed (no need to restart)"
fi
;;
fedora-*)
@@ -854,7 +855,7 @@ uWSGI_restart() {
if uWSGI_app_enabled "${CONF}"; then
touch "${uWSGI_APPS_ENABLED}/${CONF}"
else
- info_msg "in uWSGI emperor mode: ${CONF} not installed (nothing to restart)"
+ info_msg "[uWSGI:emperor] ${CONF} not installed (no need to restart)"
fi
;;
*)
@@ -864,6 +865,32 @@ uWSGI_restart() {
esac
}
+uWSGI_prepare_app() {
+
+ # usage: uWSGI_prepare_app <myapp.ini>
+
+ local APP="${1%.*}"
+ if [[ -z $APP ]]; then
+ err_msg "uWSGI_prepare_app: missing arguments"
+ return 42
+ fi
+
+ case $DIST_ID-$DIST_VERS in
+ fedora-*)
+ # in emperor mode, the uwsgi user is the owner of the sockets
+ info_msg "prepare (uwsgi:uwsgi) /run/uwsgi/app/${APP}"
+ mkdir -p "/run/uwsgi/app/${APP}"
+ chown -R "uwsgi:uwsgi" "/run/uwsgi/app/${APP}"
+ ;;
+ *)
+ info_msg "prepare (${SERVICE_USER}:${SERVICE_GROUP}) /run/uwsgi/app/${APP}"
+ mkdir -p "/run/uwsgi/app/${APP}"
+ chown -R "${SERVICE_USER}:${SERVICE_GROUP}" "/run/uwsgi/app/${APP}"
+ ;;
+ esac
+}
+
+
uWSGI_app_available() {
# usage: uWSGI_app_available <myapp.ini>
local CONF="$1"
@@ -888,6 +915,7 @@ uWSGI_install_app() {
*) pos_args+=("$i");;
esac
done
+ uWSGI_prepare_app "${pos_args[1]}"
mkdir -p "${uWSGI_APPS_AVAILABLE}"
install_template "${template_opts[@]}" \
"${uWSGI_APPS_AVAILABLE}/${pos_args[1]}" \
@@ -1281,3 +1309,30 @@ global_IPs(){
ip -o addr show | sed -nr 's/[0-9]*:\s*([a-z0-9]*).*inet[6]?\s*([a-z0-9.:]*).*scope global.*/\1|\2/p'
}
+
+primary_ip() {
+
+ case $DIST_ID in
+ arch)
+ echo "$(ip -o addr show \
+ | sed -nr 's/[0-9]*:\s*([a-z0-9]*).*inet[6]?\s*([a-z0-9.:]*).*scope global.*/\2/p' \
+ | head -n 1)"
+ ;;
+ *) echo "$(hostname -I | cut -d' ' -f1)" ;;
+ esac
+}
+
+# URL
+# ---
+
+url_replace_hostname(){
+
+ # usage: url_replace_hostname <url> <new hostname>
+
+ # to replace hostname by primary IP::
+ #
+ # url_replace_hostname http://searx-ubu1604/morty $(primary_ip)
+ # http://10.246.86.250/morty
+
+ echo "$1" | sed "s|\(http[s]*://\)[^/]*\(.*\)|\1$2\2|"
+}
diff --git a/utils/lxc.sh b/utils/lxc.sh
index 6a26f80eb..6a8dce94f 100755
--- a/utils/lxc.sh
+++ b/utils/lxc.sh
@@ -438,7 +438,6 @@ lxc_cmd() {
else
info_msg "lxc $* $i"
lxc "$@" "$i" | prefix_stdout "[${_BBlue}${i}${_creset}] "
- echo
fi
done
}
diff --git a/utils/morty.sh b/utils/morty.sh
index 4de411999..34d792dbe 100755
--- a/utils/morty.sh
+++ b/utils/morty.sh
@@ -14,12 +14,16 @@ in_container && lxc_set_suite_env
# config
# ----------------------------------------------------------------------------
-PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
-PUBLIC_HOST="${PUBLIC_HOST:-$(echo "$PUBLIC_URL" | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')}"
+MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}"
PUBLIC_URL_PATH_MORTY="${PUBLIC_URL_PATH_MORTY:-/morty}"
-PUBLIC_URL_MORTY="$(echo "$PUBLIC_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}"
-MORTY_LISTEN="${MORTY_LISTEN:-127.0.0.1:3000}"
+SEARX_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
+PUBLIC_URL_MORTY="$(echo "$SEARX_URL" | sed -e's,^\(.*://[^/]*\).*,\1,g')${PUBLIC_URL_PATH_MORTY}"
+if in_container; then
+ # container hostnames do not have a DNS entry, use primary IP
+ PUBLIC_URL_MORTY="$(url_replace_hostname "$PUBLIC_URL_MORTY" "$(primary_ip)")"
+fi
+
# shellcheck disable=SC2034
MORTY_TIMEOUT=5
@@ -425,7 +429,7 @@ This removes apache site ${APACHE_MORTY_SITE}."
! apache_is_installed && err_msg "Apache is not installed."
- if ! ask_yn "Do you really want to continue?"; then
+ if ! ask_yn "Do you really want to continue?" Yn; then
return
fi
diff --git a/utils/searx.sh b/utils/searx.sh
index 6a8588c23..681b9a0e3 100755
--- a/utils/searx.sh
+++ b/utils/searx.sh
@@ -748,6 +748,10 @@ excessively bot queries."
apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}"
+ rst_title "Install searx's uWSGI app (searx.ini)" section
+ echo
+ uWSGI_install_app --variant=socket "$SEARX_UWSGI_APP"
+
if ! service_is_available "${PUBLIC_URL}"; then
err_msg "Public service at ${PUBLIC_URL} is not available!"
fi
@@ -762,11 +766,15 @@ This removes apache site ${APACHE_SEARX_SITE}."
! apache_is_installed && err_msg "Apache is not installed."
- if ! ask_yn "Do you really want to continue?"; then
+ if ! ask_yn "Do you really want to continue?" Yn; then
return
fi
apache_remove_site "${APACHE_SEARX_SITE}"
+
+ rst_title "Remove searx's uWSGI app (searx.ini)" section
+ echo
+ uWSGI_remove_app "$SEARX_UWSGI_APP"
}
rst-doc() {
diff --git a/utils/templates/etc/httpd/sites-available/morty.conf b/utils/templates/etc/httpd/sites-available/morty.conf
index 326fcc755..daeb3635a 100644
--- a/utils/templates/etc/httpd/sites-available/morty.conf
+++ b/utils/templates/etc/httpd/sites-available/morty.conf
@@ -2,7 +2,7 @@
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
-LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so
+LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog
diff --git a/utils/templates/etc/httpd/sites-available/searx.conf:filtron b/utils/templates/etc/httpd/sites-available/searx.conf:filtron
index 11dd360bc..379d47e24 100644
--- a/utils/templates/etc/httpd/sites-available/searx.conf:filtron
+++ b/utils/templates/etc/httpd/sites-available/searx.conf:filtron
@@ -2,7 +2,7 @@
LoadModule headers_module ${APACHE_MODULES}/mod_headers.so
LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so
-LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so
+LoadModule proxy_http_module ${APACHE_MODULES}/mod_proxy_http.so
#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so
# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog
diff --git a/utils/templates/etc/uwsgi/apps-archlinux/searx.ini b/utils/templates/etc/uwsgi/apps-archlinux/searx.ini
index 8d3349c58..51f659d0f 100644
--- a/utils/templates/etc/uwsgi/apps-archlinux/searx.ini
+++ b/utils/templates/etc/uwsgi/apps-archlinux/searx.ini
@@ -74,7 +74,7 @@ http = ${SEARX_INTERNAL_HTTP}
#
# On some distributions you need to create the app folder for the sockets::
#
-# mkdir -p /run/uwsgi/app/searx/socket
-# chmod -R ${SERVICE_USER}:${SERVICE_GROUP} /run/uwsgi/app/searx/socket
+# mkdir -p /run/uwsgi/app/searx
+# chown -R ${SERVICE_USER}:${SERVICE_GROUP} /run/uwsgi/app/searx
#
# socket = /run/uwsgi/app/searx/socket \ No newline at end of file
diff --git a/utils/templates/etc/uwsgi/apps-archlinux/searx.ini:socket b/utils/templates/etc/uwsgi/apps-archlinux/searx.ini:socket
new file mode 100644
index 000000000..eeabb3715
--- /dev/null
+++ b/utils/templates/etc/uwsgi/apps-archlinux/searx.ini:socket
@@ -0,0 +1,80 @@
+[uwsgi]
+
+# uWSGI core
+# ----------
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
+
+# Who will run the code
+uid = ${SERVICE_USER}
+gid = ${SERVICE_GROUP}
+
+# chdir to specified directory before apps loading
+chdir = ${SEARX_SRC}/searx
+
+# searx configuration (settings.yml)
+env = SEARX_SETTINGS_PATH=${SEARX_SETTINGS_PATH}
+
+# disable logging for privacy
+logger = systemd
+disable-logging = true
+
+# The right granted on the created socket
+chmod-socket = 666
+
+# Plugin to use and interpretor config
+single-interpreter = true
+
+# enable master process
+master = true
+
+# load apps in each worker instead of the master
+lazy-apps = true
+
+# load uWSGI plugins
+plugin = python
+
+# By default the Python plugin does not initialize the GIL. This means your
+# app-generated threads will not run. If you need threads, remember to enable
+# them with enable-threads. Running uWSGI in multithreading mode (with the
+# threads options) will automatically enable threading support. This *strange*
+# default behaviour is for performance reasons.
+enable-threads = true
+
+
+# plugin: python
+# --------------
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-python
+
+# load a WSGI module
+module = searx.webapp
+
+# set PYTHONHOME/virtualenv
+virtualenv = ${SEARX_PYENV}
+
+# add directory (or glob) to pythonpath
+pythonpath = ${SEARX_SRC}
+
+
+# speak to upstream
+# -----------------
+#
+# Activate the 'http' configuration for filtron or activate the 'socket'
+# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
+
+# using IP:
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
+# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
+
+# http = ${SEARX_INTERNAL_HTTP}
+
+# using unix-sockets:
+#
+# On some distributions you need to create the app folder for the sockets::
+#
+# mkdir -p /run/uwsgi/app/searx
+# chown -R ${SERVICE_USER}:${SERVICE_GROUP} /run/uwsgi/app/searx
+#
+socket = /run/uwsgi/app/searx/socket \ No newline at end of file
diff --git a/utils/templates/etc/uwsgi/apps-available/searx.ini b/utils/templates/etc/uwsgi/apps-available/searx.ini
index 806f74439..9785d7cd1 100644
--- a/utils/templates/etc/uwsgi/apps-available/searx.ini
+++ b/utils/templates/etc/uwsgi/apps-available/searx.ini
@@ -73,7 +73,7 @@ http = ${SEARX_INTERNAL_HTTP}
#
# On some distributions you need to create the app folder for the sockets::
#
-# mkdir -p /run/uwsgi/app/searx/socket
-# chmod -R ${SERVICE_USER}:${SERVICE_GROUP} /run/uwsgi/app/searx/socket
+# mkdir -p /run/uwsgi/app/searx
+# chmod -R ${SERVICE_USER}:${SERVICE_GROUP} /run/uwsgi/app/searx
#
# socket = /run/uwsgi/app/searx/socket \ No newline at end of file
diff --git a/utils/templates/etc/uwsgi/apps-available/searx.ini:socket b/utils/templates/etc/uwsgi/apps-available/searx.ini:socket
new file mode 100644
index 000000000..88436e5eb
--- /dev/null
+++ b/utils/templates/etc/uwsgi/apps-available/searx.ini:socket
@@ -0,0 +1,79 @@
+[uwsgi]
+
+# uWSGI core
+# ----------
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#uwsgi-core
+
+# Who will run the code
+uid = ${SERVICE_USER}
+gid = ${SERVICE_GROUP}
+
+# chdir to specified directory before apps loading
+chdir = ${SEARX_SRC}/searx
+
+# searx configuration (settings.yml)
+env = SEARX_SETTINGS_PATH=${SEARX_SETTINGS_PATH}
+
+# disable logging for privacy
+disable-logging = true
+
+# The right granted on the created socket
+chmod-socket = 666
+
+# Plugin to use and interpretor config
+single-interpreter = true
+
+# enable master process
+master = true
+
+# load apps in each worker instead of the master
+lazy-apps = true
+
+# load uWSGI plugins
+plugin = python3,http
+
+# By default the Python plugin does not initialize the GIL. This means your
+# app-generated threads will not run. If you need threads, remember to enable
+# them with enable-threads. Running uWSGI in multithreading mode (with the
+# threads options) will automatically enable threading support. This *strange*
+# default behaviour is for performance reasons.
+enable-threads = true
+
+
+# plugin: python
+# --------------
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-python
+
+# load a WSGI module
+module = searx.webapp
+
+# set PYTHONHOME/virtualenv
+virtualenv = ${SEARX_PYENV}
+
+# add directory (or glob) to pythonpath
+pythonpath = ${SEARX_SRC}
+
+
+# speak to upstream
+# -----------------
+#
+# Activate the 'http' configuration for filtron or activate the 'socket'
+# configuration if you setup your HTTP server to use uWSGI protocol via sockets.
+
+# using IP:
+#
+# https://uwsgi-docs.readthedocs.io/en/latest/Options.html#plugin-http
+# Native HTTP support: https://uwsgi-docs.readthedocs.io/en/latest/HTTP.html
+
+# http = ${SEARX_INTERNAL_HTTP}
+
+# using unix-sockets:
+#
+# On some distributions you need to create the app folder for the sockets::
+#
+# mkdir -p /run/uwsgi/app/searx
+# chown -R ${SERVICE_USER}:${SERVICE_GROUP} /run/uwsgi/app/searx
+#
+socket = /run/uwsgi/app/searx/socket \ No newline at end of file