From fbe40001d35ea5cf74c92f35d76c642a480a5c9f Mon Sep 17 00:00:00 2001
From: Dalf <alex@al-f.net>
Date: Sat, 29 Jun 2019 11:59:13 +0200
Subject: Update Docker image

See #1561 , use uwsgi and Alpine Linux

Volume:
/var/log/uwsgi contains error log for 2 days (file uwsgi.log)
/etc/searx contains the settings.yml and uwsgi.ini files.
The docker image creates them if they don't exist.
The two files can be modified after the first run. See below.

Environement variables:
MORTY_URL : external URL of Morty
MORTY_KEY : base64 encoded key
BASE_URL : external URL of Searx
BIND_ADDRESS : internal HTTP port to listen to

Labels : org.label-schema.schema.*

Parameters:
-h : display this help
-d : will update the settings and quit immediately (settings.yml and uwsgi.ini)
-f : always update the settings (previous version saved with suffix .old).
     without this parameter, the new settings are copied with suffix .new

When the Docker image contains newer settings:
- without -f parameter: the new versions are copied to /etc/searx/settings.yml.new and /etc/searx/uwsgi.ini.new.
- with -f parameter:  the old versions are renamed with .old suffix. The new version replaces /etc/searx/settings.yml and /etc/searx/uwsgi.ini

Build using "./manage.sh docker_build", add "push" as parameter also push the Docker image.
The script requires a git repository to work (it makes sure that the last git tag matches searx/version.py)
"git describe" is used to create a meaningful version.
Example : 0.15.0-90-49c5bcb4-dirty (dirty means that the docker image was made with uncommited changes).

Use "docker inspect -f {{.Config.Labels.version}} searx" to get the version of an existing image.

.dockerignore based on .gitignore

.travis.yml: include docker stage
---
 dockerfiles/docker-entrypoint.sh | 128 +++++++++++++++++++++++++++++++++++++++
 dockerfiles/uwsgi.ini            |  33 ++++++++++
 2 files changed, 161 insertions(+)
 create mode 100755 dockerfiles/docker-entrypoint.sh
 create mode 100644 dockerfiles/uwsgi.ini

(limited to 'dockerfiles')

diff --git a/dockerfiles/docker-entrypoint.sh b/dockerfiles/docker-entrypoint.sh
new file mode 100755
index 000000000..60e26fd94
--- /dev/null
+++ b/dockerfiles/docker-entrypoint.sh
@@ -0,0 +1,128 @@
+#!/bin/sh
+
+export SEARX_VERSION=$(su searx -c 'python3 -c "import six; import searx.version; six.print_(searx.version.VERSION_STRING)"')
+printf 'searx version %s\n\n' "${SEARX_VERSION}"
+
+export UWSGI_SETTINGS_PATH=/etc/searx/uwsgi.ini
+export SEARX_SETTINGS_PATH=/etc/searx/settings.yml
+
+if [ -z "${BIND_ADDRESS}" ]; then
+    export BIND_ADDRESS=":8080"
+fi
+
+# Parse command line
+FORCE_CONF_UPDATE=0
+DRY_RUN=0
+while getopts "fdh" option
+do
+    case $option in
+	f)
+	    FORCE_CONF_UPDATE=1
+	    ;;
+	d)
+	    DRY_RUN=1
+	    ;;
+	h)
+	    printf "Command line:\n\n"
+	    printf "  -h  Display this help\n"
+	    printf "  -d  Dry run to update the configuration files.\n"
+	    printf "  -f  Always update on the configuration files (existing files are renamed with the .old suffix)\n"
+	    printf "      Without this option, new configuration files are copied with the .new suffix\n"
+	    printf "\nEnvironment variables:\n\n"
+	    printf "  BASE_URL      settings.yml : server.base_url\n"
+	    printf "  MORTY_URL     settings.yml : result_proxy.url\n"
+	    printf "  MORTY_KEY     settings.yml : result_proxy.key\n"
+	    printf "  BIND_ADDRESS  where uwsgi will accept HTTP request (format : host:port)\n"
+	    exit 0
+    esac
+done
+
+# helpers to update the configuration files
+patch_uwsgi_settings() {
+    CONF="$1"
+
+    # Nothing
+}
+
+patch_searx_settings() {
+    CONF="$1"
+
+    # Make sure that there is trailing slash at the end of BASE_URL
+    # see http://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#Shell-Parameter-Expansion
+    export BASE_URL="${BASE_URL%/}/"
+
+    # update settings.yml
+    sed -i -e "s|base_url : False|base_url : ${BASE_URL}|g" \
+       -e "s/ultrasecretkey/$(openssl rand -hex 32)/g" \
+       "${CONF}"
+
+    # Morty configuration
+    if [ ! -z "${MORTY_KEY}" -a ! -z "${MORTY_URL}" ]; then
+	sed -i -e "s/image_proxy : False/image_proxy : True/g" \
+	    "${CONF}"
+	cat >> "${CONF}" <<-EOF
+
+# Morty configuration
+result_proxy:
+   url : ${MORTY_URL}
+   key : !!binary "${MORTY_KEY}"
+EOF
+    fi
+}
+
+update_conf() {
+    FORCE_CONF_UPDATE="$1"
+    CONF="$2"
+    NEW_CONF="${2}.new"
+    OLD_CONF="${2}.old"
+    REF_CONF="$3"
+    PATCH_REF_CONF="$4"
+
+    if [ -f "${CONF}" ]; then
+	if [ "${REF_CONF}" -nt "${CONF}" ]; then
+	    # There is a new version
+	    if [ $FORCE_CONF_UPDATE ]; then
+		# Replace the current configuration
+		printf '⚠️  Automaticaly update %s to the new version\n' "${CONF}"
+		if [ ! -f "${OLD_CONF}" ]; then
+		    printf 'The previous configuration is saved to %s\n' "${OLD_CONF}"
+		    mv "${CONF}" "${OLD_CONF}"
+		fi
+		cp "${REF_CONF}" "${CONF}"
+		$PATCH_REF_CONF "${CONF}"
+	    else
+		# Keep the current configuration
+		printf '⚠️  Check new version %s to make sure searx is working properly\n' "${NEW_CONF}"
+		cp "${REF_CONF}" "${NEW_CONF}"
+		$PATCH_REF_CONF "${NEW_CONF}"
+	    fi
+	else
+	    printf 'Use existing %s\n' "${CONF}"
+	fi
+    else
+	printf 'Create %s\n' "${CONF}"
+	cp "${REF_CONF}" "${CONF}"
+	$PATCH_REF_CONF "${CONF}"
+    fi
+}
+
+# make sure there are uwsgi settings
+update_conf "${FORCE_CONF_UPDATE}" "${UWSGI_SETTINGS_PATH}" "/usr/local/searx/dockerfiles/uwsgi.ini" "patch_uwsgi_settings"
+
+# make sure there are searx settings
+update_conf "${FORCE_CONF_UPDATE}" "${SEARX_SETTINGS_PATH}" "/usr/local/searx/searx/settings.yml" "patch_searx_settings"
+
+# dry run (to update configuration files, then inspect them)
+if [ $DRY_RUN -eq 1 ]; then
+    printf 'Dry run\n'
+    exit
+fi
+
+#
+touch /var/run/uwsgi-logrotate
+chown -R searx:searx /var/log/uwsgi /var/run/uwsgi-logrotate
+unset MORTY_KEY
+
+# Start uwsgi
+printf 'Listen on %s\n' "${BIND_ADDRESS}"
+exec su-exec searx:searx uwsgi --master --http-socket "${BIND_ADDRESS}" "${UWSGI_SETTINGS_PATH}"
diff --git a/dockerfiles/uwsgi.ini b/dockerfiles/uwsgi.ini
new file mode 100644
index 000000000..fa2fd6302
--- /dev/null
+++ b/dockerfiles/uwsgi.ini
@@ -0,0 +1,33 @@
+[uwsgi]
+# Who will run the code
+uid = searx
+gid = searx
+
+# Number of workers (usually CPU count)
+workers = 4
+
+# The right granted on the created socket
+chmod-socket = 666
+
+# Plugin to use and interpretor config
+single-interpreter = true
+master = true
+plugin = python3
+lazy-apps = true
+enable-threads = true
+
+# Module to import
+module = searx.webapp
+
+# Virtualenv and python path
+pythonpath = /usr/local/searx/
+chdir = /usr/local/searx/searx/
+
+# Disable logging for privacy
+disable-logging=True
+
+# But keep errors for 2 days
+touch-logrotate = /run/uwsgi-logrotate
+unique-cron = 15 0 -1 -1 -1 { touch /run/uwsgi-logrotate  }
+log-backupname = /var/log/uwsgi/uwsgi.log.1
+logto = /var/log/uwsgi/uwsgi.log
-- 
cgit v1.2.3-54-g00ecf