Rely on searxng/settings.yml

2 years ago · 0a1db38e21
parent 8952fad37e
commit 0a1db38e21
6 changed files with 27 additions and 34 deletions
--- a/.env
+++ b/.env
@ -5,10 +5,3 @@

 # SEARXNG_HOSTNAME=<host>
 # LETSENCRYPT_EMAIL=<email>
-
-# automatically update settings to the new version
-# comment this line if you made / will make some modifications to the settings
-SEARXNG_COMMAND=-f
-
-# use openssl rand -base64 33
-SEARXNG_SECRET=ultrasecretkey
--- a/.gitignore
+++ b/.gitignore
@ -3,4 +3,4 @@
 searxng-docker.service
 caddy
 srv
-searx
+searxng/uwsgi.ini
--- a/23
+++ b/23
@ -11,13 +11,19 @@

  @api {
        path /config
-        path /status
+        path /healthz
+        path /stats/errors
+        path /stats/checker
  }

  @static {
        path /static/*
  }

+  @notstatic {
+        not path /static/*
+  }
+
  @imageproxy {
        path /image_proxy
  }
@ -26,11 +32,6 @@
        not path /image_proxy
  }

-
-  @notstatic {
-        not path /static/*
-  }
-
  header {
        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -41,11 +42,8 @@
        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
        X-Content-Type-Options "nosniff"

-        # Disallow the site to be rendered within a frame (clickjacking protection)
-        X-Frame-Options "SAMEORIGIN"
-
        # Disable some features
-        Permissions-Policy "accelerometer=();ambient-light-sensor=(); autoplay=();camera=();encrypted-media=();focus-without-user-activation=(); geolocation=();gyroscope=();magnetometer=();microphone=();midi=();payment=();picture-in-picture=(); speaker=();sync-xhr=();usb=();vr=()"
+        Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"

        # Disable some features (legacy)
        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
@ -87,16 +85,13 @@
        Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
  }

-  # Searx
+  # SearXNG
  handle {
        encode zstd gzip

        reverse_proxy localhost:8080 {
               header_up X-Forwarded-Port {http.request.port}
               header_up X-Forwarded-Proto {http.request.scheme}
-               header_up X-Forwarded-TlsProto {tls_protocol}
-               header_up X-Forwarded-TlsCipher {tls_cipher}
-               header_up X-Forwarded-HttpsProto {proto}
        }
  }

--- a/README.md
+++ b/README.md
@ -20,8 +20,9 @@ Create a new SearXNG  instance in five minutes using Docker
  git clone https://github.com/searxng/searxng-docker.git
  cd searxng-docker
  ```
- Generate the secret key ```sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" .env```
- Edit the other settings in [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file according to your need
+- Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
+- Generate the secret key ```sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml```
+- Edit the [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) file according to your need
 - Check everything is working: ```./start.sh```
 - ```cp searxng-docker.service.template searxng-docker.service```
 - edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is different from /usr/local/searxng-docker)
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -34,21 +34,18 @@ services:
      - SETUID
      - DAC_OVERRIDE

-  searx:
-    container_name: searx
-    image: searxng/searxng
+  searxng:
+    container_name: searxng
+    image: searxng/searxng:latest
    restart: always
    networks:
      - searxng
-    command: ${SEARX_COMMAND:-}
    ports:
     - "127.0.0.1:8080:8080"
    volumes:
-      - ./searxng:/etc/searx:rw
+      - ./searxng:/etc/searxng:rw
    environment:
-      - BIND_ADDRESS=0.0.0.0:8080
-      - BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
-      - SEARXNG_SECRET=${SEARXNG_SECRET}
+      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
    cap_drop:
      - ALL
    cap_add:
@ -56,7 +53,11 @@ services:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
-
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "1"
 networks:
  searxng:
    ipam:
--- a/searxng/settings.yml
+++ b/searxng/settings.yml
@ -1,6 +1,9 @@
+# see https://docs.searxng.org/admin/engines/settings.html#use-default-settings
 use_default_settings: true
 server:
-  limiter: true
+  # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
+  secret_key: "ultrasecretkey"  # change this!
+  limiter: true  # can be disabled for a private instance
  image_proxy: true
 redis:
  url: redis://redis:6379/0