From ee39a098acb2386abd5382de5c9476cc4ffe2e03 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Tue, 7 Apr 2020 18:31:51 +0200 Subject: [PATCH] apache: normalize installation (docs and script)s over all distros Signed-off-by: Markus Heiser --- docs/admin/installation-apache.rst | 219 ++++++++++-------- docs/admin/installation-searx.rst | 2 + utils/filtron.sh | 8 +- utils/lib.sh | 119 ++++++++-- utils/lxc.sh | 9 +- utils/makefile.include | 4 +- utils/morty.sh | 9 +- utils/searx.sh | 30 ++- utils/templates/etc/apache2 | 1 + .../apache2/sites-available/searx.conf:uwsgi | 27 --- .../sites-available/morty.conf | 14 +- .../sites-available/searx.conf:filtron | 16 +- .../httpd/sites-available/searx.conf:uwsgi | 27 +++ 13 files changed, 289 insertions(+), 196 deletions(-) create mode 120000 utils/templates/etc/apache2 delete mode 100644 utils/templates/etc/apache2/sites-available/searx.conf:uwsgi rename utils/templates/etc/{apache2 => httpd}/sites-available/morty.conf (51%) rename utils/templates/etc/{apache2 => httpd}/sites-available/searx.conf:filtron (57%) create mode 100644 utils/templates/etc/httpd/sites-available/searx.conf:uwsgi diff --git a/docs/admin/installation-apache.rst b/docs/admin/installation-apache.rst index da551c3a..0b6cc38d 100644 --- a/docs/admin/installation-apache.rst +++ b/docs/admin/installation-apache.rst @@ -30,8 +30,6 @@ Install with apache https://httpd.apache.org/docs/trunk/mod/core.html#location .. _uWSGI Apache support: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html -.. _apache uwsgi: - https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi .. _mod_proxy_uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/Apache.html#mod-proxy-uwsgi @@ -149,22 +147,6 @@ How this default intro site is configured, depends on the linux distribution less /etc/httpd/conf.d/welcome.conf -.. _The Debian Layout: - -The Debian Layout -================= - -Be aware that the Debian layout is quite different from the standard Apache -configuration. For details look at the README.Debian_ -(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on -Debian: - -* :man:`apache2ctl`: Apache HTTP server control interface -* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules -* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations -* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites - - .. _apache searx site: Apache Reverse Proxy @@ -179,8 +161,12 @@ Apache Reverse Proxy To setup a Apache revers proxy you have to enable the *headers* and *proxy* modules and create a `Location`_ configuration for the searx site. In most -distributions you have to uncomment the lines in the main configuration file, -except in the :ref:`The Debian Layout`. +distributions you have to un-comment the lines in the main configuration file, +except in :ref:`The Debian Layout`. + +To pass the HTTP HOST header +With ProxyPreserveHost_ the incoming Host HTTP request header is passed to the +proxied host. .. tabs:: @@ -210,6 +196,8 @@ except in the :ref:`The Debian Layout`. .. code:: apache + FIXME needs test + LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so @@ -221,7 +209,9 @@ except in the :ref:`The Debian Layout`. .. code:: apache - LoadModule headers_module modules/mod_headers.so + FIXME needs test + + LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so @@ -256,8 +246,7 @@ except in the :ref:`The Debian Layout`. 2. Configure reverse proxy for :ref:`morty `, listening on - *localhost 3000* (FYI: ``ProxyPreserveHost On`` is already set, see - above): + *localhost 3000* .. code:: apache @@ -297,10 +286,9 @@ uWSGI support ============= Be warned, with this setup, your instance isn't :ref:`protected `. Nevertheless it is good enough for intranet usage and it -demonstrates: *how different the uwsgi support is, depending on the -distribution*. To enable :ref:`uWSGI ` support you need to install -the apache `apache uwsgi`_ support: +filtron>`, nevertheless it is good enough for intranet usage. In modern Linux +distributions, the `mod_proxy_uwsgi`_ is compiled into the *normal* apache +package and you need to install only the :ref:`uWSGI ` package: .. tabs:: @@ -308,8 +296,10 @@ the apache `apache uwsgi`_ support: .. code:: sh - sudo -H apt-get install libapache2-mod-uwsgi - sudo -H a2enmod uwsgi + sudo -H apt-get install uwsgi + + # Ubuntu =< 18.04 + sudo -H apt-get install libapache2-mod-proxy-uwsgi .. group-tab:: Arch Linux @@ -317,43 +307,113 @@ the apache `apache uwsgi`_ support: sudo -H pacman -S uwsgi - In the ``/etc/httpd/conf/httpd.conf`` file, activate headers and proxy - modules (LoadModule_): - - .. code:: apache - - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so - .. group-tab:: Fedora / RHEL .. code:: sh sudo -H dnf install uwsgi - FIXME: enable uwsgi in apache The next example shows a configuration using the `uWSGI Apache support`_ via -unix sockets. For socket communication, you have to activate ``socket = -/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` -configuration in your :ref:`uwsgi ini file `. +unix sockets and `mod_proxy_uwsgi`_. -If not already exists, create a folder for the unix sockets, which can be -used by the searx account: +For socket communication, you have to activate ``socket = +/run/uwsgi/app/searx/socket`` and comment out the ``http = 127.0.0.1:8888`` +configuration in your :ref:`uwsgi ini file `. If not +already exists, create a folder for the unix sockets, which can be used by the +searx account (see :ref:`create searx user`): .. code:: bash sudo -H mkdir -p /run/uwsgi/app/searx/ sudo -H chown -R searx:searx /run/uwsgi/app/searx/ -To limit acces to your intranet replace ``Allow from all`` directive and replace -``192.168.0.0/16`` with your subnet IP/class. +If the server is public; to limit access to your intranet replace ``Allow from +all`` directive and replace ``192.168.0.0/16`` with your subnet IP/class. .. tabs:: .. group-tab:: Ubuntu / debian - Debian uses the (old) `mod_uwsgi + .. code:: apache + + LoadModule headers_module /usr/lib/apache2/mod_headers.so + LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so + LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so + + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog + + + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + + + + .. group-tab:: Arch Linux + + .. code:: apache + + FIXME needs test + + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so + + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog + + + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + + + + .. group-tab:: Fedora / RHEL + + .. code:: apache + + FIXME needs test + + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so + + + # SetEnvIf Request_URI /searx dontlog + # CustomLog /dev/null combined env=dontlog + + + + Require all granted + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ + + + + + + .. group-tab:: old mod_wsgi + + We show this only for historical reasons, DON'T USE `mod_uwsgi `_. + ANYMORE! .. code:: apache @@ -379,58 +439,6 @@ To limit acces to your intranet replace ``Allow from all`` directive and replace - .. group-tab:: Arch Linux - - Arch Linux uses the (recommend) `mod_proxy_uwsgi`_. - - .. code:: apache - - - - # SetEnvIf Request_URI /searx dontlog - # CustomLog /dev/null combined env=dontlog - - - - Require all granted - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ - - - - - - .. group-tab:: Fedora / RHEL - - RHEL uses the (recommend) `mod_proxy_uwsgi`_. - - .. code:: apache - - - - # SetEnvIf Request_URI /searx dontlog - # CustomLog /dev/null combined env=dontlog - - - - Require all granted - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - ProxyPreserveHost On - ProxyPass unix:/run/uwsgi/app/searx/socket|uwsgi://uwsgi-uds-searx/ - - - - - .. _restart apache: Restart service @@ -473,3 +481,18 @@ one of the lines and `restart apache`_:: The ``CustomLog`` directive disable logs for the whole (virtual) server, use it when the URL of the service does not have a path component (``/searx``) / is located at root (``/``). + +.. _The Debian Layout: + +The Debian Layout +================= + +Be aware that the Debian layout is quite different from the standard Apache +configuration. For details look at the README.Debian_ +(``/usr/share/doc/apache2/README.Debian.gz``). Some commands you should know on +Debian: + +* :man:`apache2ctl`: Apache HTTP server control interface +* :man:`a2enmod`, :man:`a2dismod`: switch on/off modules +* :man:`a2enconf`, :man:`a2disconf`: switch on/off configurations +* :man:`a2ensite`, :man:`a2dissite`: switch on/off sites diff --git a/docs/admin/installation-searx.rst b/docs/admin/installation-searx.rst index 91891d85..d5c0063e 100644 --- a/docs/admin/installation-searx.rst +++ b/docs/admin/installation-searx.rst @@ -25,6 +25,8 @@ Install packages This installs also the packages needed by :ref:`searx uwsgi` +.. _create searx user: + Create user =========== diff --git a/utils/filtron.sh b/utils/filtron.sh index 6c58b07a..0fbf7478 100755 --- a/utils/filtron.sh +++ b/utils/filtron.sh @@ -441,14 +441,12 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_FILTRON_SIT ! apache_is_installed && err_msg "Apache is not installed." - if ! ask_yn "Do you really want to continue?"; then + if ! ask_yn "Do you really want to continue?" Yn; then return + else + install_apache fi - a2enmod headers - a2enmod proxy - a2enmod proxy_http - echo apache_install_site --variant=filtron "${APACHE_FILTRON_SITE}" diff --git a/utils/lib.sh b/utils/lib.sh index aaeb5093..2c0c179b 100755 --- a/utils/lib.sh +++ b/utils/lib.sh @@ -627,21 +627,56 @@ EOF # Apache # ------ -# FIXME: Arch Linux & RHEL should be added +apache_distro_setup() { + # shellcheck disable=SC2034 + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + # debian uses the /etc/apache2 path, while other distros use + # the apache default at /etc/httpd + APACHE_SITES_AVAILABLE="/etc/apache2/sites-available" + APACHE_SITES_ENABLED="/etc/apache2/sites-enabled" + APACHE_MODULES="/usr/lib/apache2/modules" + APACHE_PACKAGES="apache2" + ;; + arch-*) + APACHE_SITES_AVAILABLE="/etc/httpd/sites-available" + APACHE_SITES_ENABLED="/etc/httpd/sites-enabled" + APACHE_MODULES="modules" + APACHE_PACKAGES="apache" + ;; + fedora-*) + APACHE_SITES_AVAILABLE="/etc/httpd/sites-available" + APACHE_SITES_ENABLED="/etc/httpd/sites-enabled" + APACHE_MODULES="modules" + APACHE_PACKAGES="httpd" + ;; + *) + err_msg "$DIST_ID-$DIST_VERS: apache not yet implemented" + ;; + esac +} -if [[ -z "${APACHE_SITES_AVAILABE}" ]]; then - APACHE_SITES_AVAILABE="/etc/apache2/sites-available" -fi +apache_distro_setup + +install_apache(){ + info_msg "installing apache ..." + pkg_install "$APACHE_PACKAGES" + case $DIST_ID-$DIST_VERS in + arch-*|fedora-*) + if ! grep "IncludeOptional sites-enabled" "/etc/httpd/conf/httpd.conf"; then + echo "IncludeOptional sites-enabled/*.conf" >> "/etc/httpd/conf/httpd.conf" + fi + systemctl enable httpd + systemctl start httpd + ;; + esac +} apache_is_installed() { case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) - (command -v apachectl \ - && command -v a2ensite \ - && command -v a2dissite ) &>/dev/null - ;; - arch) (command -v httpd) ;; - fedora) (command -v httpd) ;; + ubuntu-*|debian-*) (command -v apachectl) &>/dev/null;; + arch-*) (command -v httpd) &>/dev/null;; + fedora-*) (command -v httpd) &>/dev/null;; esac } @@ -649,8 +684,16 @@ apache_reload() { info_msg "reload apache .." echo - sudo -H apachectl configtest - sudo -H service apache2 force-reload + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + sudo -H apachectl configtest + sudo -H systemctl force-reload apache2 + ;; + arch-*| fedora-*) + sudo -H httpd -t + sudo -H systemctl force-reload httpd + ;; + esac } apache_install_site() { @@ -670,9 +713,8 @@ apache_install_site() { done install_template "${template_opts[@]}" \ - "${APACHE_SITES_AVAILABE}/${pos_args[1]}" \ + "${APACHE_SITES_AVAILABLE}/${pos_args[1]}" \ root root 644 - apache_enable_site "${pos_args[1]}" info_msg "installed apache site: ${pos_args[1]}" } @@ -683,15 +725,32 @@ apache_remove_site() { info_msg "remove apache site: $1" apache_dissable_site "$1" - rm -f "${APACHE_SITES_AVAILABE}/$1" + rm -f "${APACHE_SITES_AVAILABLE}/$1" } apache_enable_site() { # usage: apache_enable_site - info_msg "enable apache site: $1" - sudo -H a2ensite -q "$1" + local CONF="$1" + + info_msg "enable apache site: ${CONF}" + + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + sudo -H a2ensite -q "${CONF}" + ;; + arch-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + fedora-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + esac apache_reload } @@ -699,9 +758,25 @@ apache_dissable_site() { # usage: apache_disable_site - info_msg "disable apache site: $1" - sudo -H a2dissite -q "$1" - apache_reload + local CONF="$1" + + info_msg "disable apache site: ${CONF}" + + case $DIST_ID-$DIST_VERS in + ubuntu-*|debian-*) + sudo -H a2dissite -q "${CONF}" + ;; + arch-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + fedora-*) + mkdir -p "${APACHE_SITES_ENABLED}" + rm -f "${APACHE_SITES_ENABLED}/${CONF}" + ln -s "${APACHE_SITES_AVAILABLE}/${CONF}" "${APACHE_SITES_ENABLED}/${CONF}" + ;; + esac } # uWSGI @@ -741,7 +816,7 @@ uWSGI_distro_setup() { uWSGI_GROUP="uwsgi" ;; *) - info_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented" + err_msg "$DIST_ID-$DIST_VERS: uWSGI not yet implemented" ;; esac } diff --git a/utils/lxc.sh b/utils/lxc.sh index 9eb28f49..6a26f80e 100755 --- a/utils/lxc.sh +++ b/utils/lxc.sh @@ -98,7 +98,7 @@ start/stop show :info: show info of all (or ) containers from LXC suite :config: show config of all (or ) containers from the LXC suite - :suite: show services of all the containers from the LXC suite + :suite: show services of all (or ) containers from the LXC suite :images: show information of local images cmd use single qoutes to evaluate in container's bash, e.g. 'echo $(hostname)' @@ -294,11 +294,9 @@ main() { build_all_containers() { rst_title "Build all LXC containers of suite" + echo usage_containers lxc_copy_images_localy - echo - rst_title "build containers" section - echo lxc_init_all_containers lxc_config_all_containers lxc_boilerplate_all_containers @@ -368,7 +366,6 @@ remove_containers() { lxc_copy_images_localy() { rst_title "copy images" section - echo for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do lxc_image_copy "${LXC_SUITE[i]}" "${LXC_SUITE[i+1]}" done @@ -477,7 +474,7 @@ lxc_init_all_containers() { local container_name for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do - lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${image_name}" + lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}" done } diff --git a/utils/makefile.include b/utils/makefile.include index 933d2b57..65aca70f 100644 --- a/utils/makefile.include +++ b/utils/makefile.include @@ -1,9 +1,11 @@ # -*- coding: utf-8; mode: makefile-gmake -*- ifeq (,$(wildcard /.lxcenv.mk)) -PHONY += lxc-activate +PHONY += lxc-activate lxc-purge lxc-activate: @$(MAKE) -s -f /share/searx/utils/makefile.lxc lxc-activate +lxc-purge: + $(Q)rm -rf ./lxc else include /.lxcenv.mk endif diff --git a/utils/morty.sh b/utils/morty.sh index 17039a05..4de41199 100755 --- a/utils/morty.sh +++ b/utils/morty.sh @@ -402,15 +402,12 @@ This installs a reverse proxy (ProxyPass) into apache site (${APACHE_MORTY_SITE} ! apache_is_installed && err_msg "Apache is not installed." - if ! ask_yn "Do you really want to continue?"; then + if ! ask_yn "Do you really want to continue?" Yn; then return + else + install_apache fi - a2enmod headers - a2enmod proxy - a2enmod proxy_http - - echo apache_install_site "${APACHE_MORTY_SITE}" info_msg "testing public url .." diff --git a/utils/searx.sh b/utils/searx.sh index 86b65169..6a8588c2 100755 --- a/utils/searx.sh +++ b/utils/searx.sh @@ -75,21 +75,23 @@ texlive-xetex-bin texlive-collection-fontsrecommended texlive-collection-latex dejavu-sans-fonts dejavu-serif-fonts dejavu-sans-mono-fonts" -case $DIST_ID in - ubuntu|debian) +case $DIST_ID-$DIST_VERS in + ubuntu-16.04|ubuntu-18.04) SEARX_PACKAGES="${SEARX_PACKAGES_debian}" BUILD_PACKAGES="${BUILD_PACKAGES_debian}" - APACHE_PACKAGES="libapache2-mod-uwsgi" + APACHE_PACKAGES="$APACHE_PACKAGES libapache2-mod-proxy-uwsgi" ;; - arch) + ubuntu-*|debian-*) + SEARX_PACKAGES="${SEARX_PACKAGES_debian}" + BUILD_PACKAGES="${BUILD_PACKAGES_debian}" + ;; + arch-*) SEARX_PACKAGES="${SEARX_PACKAGES_arch}" BUILD_PACKAGES="${BUILD_PACKAGES_arch}" - APACHE_PACKAGES="uwsgi" ;; - fedora) + fedora-*) SEARX_PACKAGES="${SEARX_PACKAGES_fedora}" BUILD_PACKAGES="${BUILD_PACKAGES_fedora}" - APACHE_PACKAGES="uwsgi" ;; esac @@ -462,6 +464,7 @@ EOF wait_key info_msg "install needed python packages" tee_stderr 0.1 <&1 | prefix_stdout "$_service_prefix" +pip install wheel ${SEARX_SRC}/manage.sh update_packages EOF } @@ -735,21 +738,14 @@ This installs the searx uwsgi app as apache site. If your server is public to the internet, you should instead use a reverse proxy (filtron) to block excessively bot queries." - case $DIST_ID-$DIST_VERS in - ubuntu-*|debian-*) : ;; - *) err_msg "sorry distro $DIST_ID $DIST_VERS not yet supported"; exit 42 ;; - esac - ! apache_is_installed && err_msg "Apache is not installed." - if ! ask_yn "Do you really want to install apache site for searx-uwsgi?"; then + if ! ask_yn "Do you really want to continue?" Yn; then return + else + install_apache fi - pkg_install "$APACHE_PACKAGES" - a2enmod uwsgi - - echo apache_install_site --variant=uwsgi "${APACHE_SEARX_SITE}" if ! service_is_available "${PUBLIC_URL}"; then diff --git a/utils/templates/etc/apache2 b/utils/templates/etc/apache2 new file mode 120000 index 00000000..558a9071 --- /dev/null +++ b/utils/templates/etc/apache2 @@ -0,0 +1 @@ +httpd \ No newline at end of file diff --git a/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi b/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi deleted file mode 100644 index 21e01ac4..00000000 --- a/utils/templates/etc/apache2/sites-available/searx.conf:uwsgi +++ /dev/null @@ -1,27 +0,0 @@ -# -*- coding: utf-8; mode: apache -*- - - - - # SetEnvIf Request_URI "${SEARX_URL_PATH}" dontlog - # CustomLog /dev/null combined env=dontlog - - - - - SecRuleEngine Off - - - Require all granted - - Options FollowSymLinks Indexes - SetHandler uwsgi-handler - uWSGISocket ${SEARX_UWSGI_SOCKET} - - Order deny,allow - Deny from all - # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 - Allow from all - - - - diff --git a/utils/templates/etc/apache2/sites-available/morty.conf b/utils/templates/etc/httpd/sites-available/morty.conf similarity index 51% rename from utils/templates/etc/apache2/sites-available/morty.conf rename to utils/templates/etc/httpd/sites-available/morty.conf index 4421cdd5..326fcc75 100644 --- a/utils/templates/etc/apache2/sites-available/morty.conf +++ b/utils/templates/etc/httpd/sites-available/morty.conf @@ -1,6 +1,12 @@ # -*- coding: utf-8; mode: apache -*- -ProxyPreserveHost On +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so +#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so + +# SetEnvIf Request_URI "${PUBLIC_URL_PATH_MORTY}" dontlog +# CustomLog /dev/null combined env=dontlog @@ -15,12 +21,8 @@ ProxyPreserveHost On #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all + ProxyPreserveHost On ProxyPass http://${MORTY_LISTEN} RequestHeader set X-Script-Name ${PUBLIC_URL_PATH_MORTY} - # In Apache it seems, that setting HTTP_HOST header directive here does have - # no effect. I needed to set 'ProxyPreserveHost On' (see above). - - # RequestHeader set Host ${PUBLIC_HOST} - diff --git a/utils/templates/etc/apache2/sites-available/searx.conf:filtron b/utils/templates/etc/httpd/sites-available/searx.conf:filtron similarity index 57% rename from utils/templates/etc/apache2/sites-available/searx.conf:filtron rename to utils/templates/etc/httpd/sites-available/searx.conf:filtron index 2d6af788..11dd360b 100644 --- a/utils/templates/etc/apache2/sites-available/searx.conf:filtron +++ b/utils/templates/etc/httpd/sites-available/searx.conf:filtron @@ -1,6 +1,12 @@ # -*- coding: utf-8; mode: apache -*- -ProxyPreserveHost On +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy_http.so +#LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so + +# SetEnvIf Request_URI "${FILTRON_URL_PATH}" dontlog +# CustomLog /dev/null combined env=dontlog # SecRuleRemoveById 981054 # SecRuleRemoveById 981059 @@ -20,14 +26,8 @@ ProxyPreserveHost On #Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 Allow from all + ProxyPreserveHost On ProxyPass http://${FILTRON_LISTEN} RequestHeader set X-Script-Name ${FILTRON_URL_PATH} - # In Apache it seems, that setting HTTP_HOST header directive here does have - # no effect. I needed to set 'ProxyPreserveHost On' (see above). HTTP_HOST - # (ProxyPreserveHost On) is needed by searx to render correct *Search URL* - # in the *Link* box and *saved preference*. - - # RequestHeader set Host ${PUBLIC_HOST} - diff --git a/utils/templates/etc/httpd/sites-available/searx.conf:uwsgi b/utils/templates/etc/httpd/sites-available/searx.conf:uwsgi new file mode 100644 index 00000000..ef702de3 --- /dev/null +++ b/utils/templates/etc/httpd/sites-available/searx.conf:uwsgi @@ -0,0 +1,27 @@ +# -*- coding: utf-8; mode: apache -*- + +LoadModule headers_module ${APACHE_MODULES}/mod_headers.so +LoadModule proxy_module ${APACHE_MODULES}/mod_proxy.so +LoadModule proxy_uwsgi_module ${APACHE_MODULES}/mod_proxy_uwsgi.so +# LoadModule setenvif_module ${APACHE_MODULES}/mod_setenvif.so + +# SetEnvIf Request_URI "${SEARX_URL_PATH}" dontlog +# CustomLog /dev/null combined env=dontlog + + + + + SecRuleEngine Off + + + Require all granted + + Order deny,allow + Deny from all + # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1 + Allow from all + + ProxyPreserveHost On + ProxyPass unix:${SEARX_UWSGI_SOCKET}|uwsgi://uwsgi-uds-searx/ + +