294 lines
12 KiB
Bash
Executable File
294 lines
12 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# .---. . .
|
|
# | | |
|
|
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
|
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
|
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
|
#
|
|
# Freedom in the Cloud
|
|
#
|
|
# Searx engine application
|
|
#
|
|
# License
|
|
# =======
|
|
#
|
|
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
VARIANTS=''
|
|
|
|
SEARX_REPO="https://github.com/asciimoo/searx"
|
|
SEARX_COMMIT='fee556c9904637051a9ba874ba7e71cd9f10789f'
|
|
SEARX_PATH=/etc
|
|
SEARX_ONION_PORT=8094
|
|
SEARX_ONION_HOSTNAME=
|
|
SEARX_LOGIN_TEXT=$"Search engine login"
|
|
SEARX_PASSWORD=
|
|
|
|
searx_variables=(SEARX_REPO
|
|
SEARX_COMMIT
|
|
SEARX_PATH
|
|
SEARX_LOGIN_TEXT
|
|
MY_USERNAME
|
|
SYSTEM_TYPE)
|
|
|
|
function install_interactive_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function change_password_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function reconfigure_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function upgrade_searx {
|
|
set_repo_commit $SEARX_PATH/searx "Search engine commit" "$SEARX_COMMIT" $SEARX_REPO
|
|
if grep "Search engine key" $COMPLETION_FILE; then
|
|
if [ -f ${SEARX_PATH}/searx/searx/settings.yml ]; then
|
|
# note: this might change to a --tor option in a later version
|
|
if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
|
|
echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
fi
|
|
SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
|
|
sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
|
|
if [ -f /var/lib/tor/hidden_service_searx/hostname ]; then
|
|
SEARX_ONION_HOSTNAME=$(echo /var/lib/tor/hidden_service_searx/hostname)
|
|
sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function backup_local_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function restore_local_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function backup_remote_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function restore_remote_searx {
|
|
echo -n ''
|
|
}
|
|
|
|
function remove_searx {
|
|
if [[ $(app_is_installed searx) == "0" ]]; then
|
|
return
|
|
fi
|
|
systemctl stop searx
|
|
systemctl disable searx
|
|
rm /etc/systemd/system/searx.service
|
|
function_check remove_onion_service
|
|
remove_onion_service searx ${SEARX_ONION_PORT}
|
|
userdel -r searx
|
|
nginx_dissite searx
|
|
if [ -f /etc/nginx/sites-available/searx ]; then
|
|
rm /etc/nginx/sites-available/searx
|
|
fi
|
|
if [ -d ${SEARX_PATH}/searx ]; then
|
|
rm -rf ${SEARX_PATH}/searx
|
|
fi
|
|
sed -i '/install_searx/d' $COMPLETION_FILE
|
|
sed -i '/Search engine /d' $COMPLETION_FILE
|
|
}
|
|
|
|
function install_searx {
|
|
# Note: currently socks5 outgoing proxies to other search engines does not work
|
|
if [ ! -d /etc/nginx ]; then
|
|
echo $'Webserver is not installed'
|
|
exit 62429
|
|
fi
|
|
|
|
apt-get -y install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
|
|
apt-get -y install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi
|
|
|
|
pip install --upgrade pip
|
|
|
|
pip install certifi
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $'Failed to install certifi'
|
|
exit 737692
|
|
fi
|
|
|
|
pip install pyyaml
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $'Failed to install pyyaml'
|
|
exit 469242
|
|
fi
|
|
|
|
pip install flask --upgrade
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $'Failed to install flask'
|
|
exit 888575
|
|
fi
|
|
|
|
pip install flask_restless --upgrade
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $'Failed to install flask_restless'
|
|
exit 54835
|
|
fi
|
|
|
|
pip install flask_babel --upgrade
|
|
if [ ! "$?" = "0" ]; then
|
|
echo $'Failed to install flask_babel'
|
|
exit 63738
|
|
fi
|
|
|
|
if [ ! -d $SEARX_PATH ]; then
|
|
mkdir -p $SEARX_PATH
|
|
fi
|
|
|
|
# clone the repo
|
|
cd $SEARX_PATH
|
|
function_check git_clone
|
|
git_clone $SEARX_REPO searx
|
|
git checkout $SEARX_COMMIT -b $SEARX_COMMIT
|
|
if ! grep -q "Search engine commit" $COMPLETION_FILE; then
|
|
echo "Search engine commit:$SEARX_COMMIT" >> $COMPLETION_FILE
|
|
else
|
|
sed -i "s/Search engine commit.*/Search engine commit:$SEARX_COMMIT/g" $COMPLETION_FILE
|
|
fi
|
|
|
|
# create an onion service
|
|
SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
|
|
|
|
# an unprivileged user to run as
|
|
useradd -d ${SEARX_PATH}/searx/ -s /bin/false searx
|
|
adduser searx debian-tor
|
|
|
|
# daemon
|
|
echo '[Unit]' > /etc/systemd/system/searx.service
|
|
echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
|
|
echo 'After=syslog.target' >> /etc/systemd/system/searx.service
|
|
echo 'After=network.target' >> /etc/systemd/system/searx.service
|
|
echo '' >> /etc/systemd/system/searx.service
|
|
echo '[Service]' >> /etc/systemd/system/searx.service
|
|
echo 'Type=simple' >> /etc/systemd/system/searx.service
|
|
echo 'User=searx' >> /etc/systemd/system/searx.service
|
|
echo 'Group=searx' >> /etc/systemd/system/searx.service
|
|
echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
|
|
echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
|
|
echo 'Restart=always' >> /etc/systemd/system/searx.service
|
|
echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
|
|
echo '' >> /etc/systemd/system/searx.service
|
|
echo '[Install]' >> /etc/systemd/system/searx.service
|
|
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
|
|
|
|
# create a webserver file
|
|
echo 'server {' > /etc/nginx/sites-available/searx
|
|
echo " listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
|
|
echo " root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
|
|
echo " server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
|
|
echo ' access_log off;' >> /etc/nginx/sites-available/searx
|
|
echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
|
|
echo '' >> /etc/nginx/sites-available/searx
|
|
function_check nginx_disable_sniffing
|
|
nginx_disable_sniffing searx
|
|
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
|
|
echo '' >> /etc/nginx/sites-available/searx
|
|
echo ' location / {' >> /etc/nginx/sites-available/searx
|
|
function_check nginx_limits
|
|
nginx_limits searx '1M'
|
|
echo ' proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
|
|
echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/searx
|
|
echo ' proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/searx
|
|
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/searx
|
|
echo ' proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
|
|
echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
|
|
echo ' proxy_redirect off;' >> /etc/nginx/sites-available/searx
|
|
|
|
echo " auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
|
|
echo ' auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
|
|
echo ' }' >> /etc/nginx/sites-available/searx
|
|
echo '' >> /etc/nginx/sites-available/searx
|
|
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
|
|
echo '' >> /etc/nginx/sites-available/searx
|
|
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
|
|
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
|
|
echo '' >> /etc/nginx/sites-available/searx
|
|
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/searx
|
|
echo ' allow all;' >> /etc/nginx/sites-available/searx
|
|
echo ' log_not_found off;' >> /etc/nginx/sites-available/searx
|
|
echo ' access_log off;' >> /etc/nginx/sites-available/searx
|
|
echo ' }' >> /etc/nginx/sites-available/searx
|
|
echo '}' >> /etc/nginx/sites-available/searx
|
|
|
|
# replace the secret key
|
|
if ! grep "Search engine key" $COMPLETION_FILE; then
|
|
SEARX_SECRET_KEY="$(create_password 30)"
|
|
echo "Search engine key:${SEARX_SECRET_KEY}" >> $COMPLETION_FILE
|
|
else
|
|
SEARX_SECRET_KEY=$(cat $COMPLETION_FILE | grep "Search engine key" | awk -F ':' '{print $2}')
|
|
fi
|
|
sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings.yml
|
|
sed -i "s|secret_key.*|secret_key : \"${SEARX_SECRET_KEY}\"|g" ${SEARX_PATH}/searx/searx/settings_robot.yml
|
|
sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings.yml
|
|
sed -i '0,/RE/s/base_url.*/base_url : \"http://${SEARX_ONION_HOSTNAME}\/' ${SEARX_PATH}/searx/searx/settings_robot.yml
|
|
|
|
# note: this might change to a --tor option in a later version
|
|
if ! grep 'socks5://127.0.0.1:9050' ${SEARX_PATH}/searx/searx/settings.yml; then
|
|
echo 'outgoing: # communication with search engines' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
echo ' proxies:' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
echo ' http : socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
echo ' https: socks5://127.0.0.1:9050' >> ${SEARX_PATH}/searx/searx/settings.yml
|
|
fi
|
|
|
|
chown -R searx:searx ${SEARX_PATH}/searx
|
|
|
|
# enable the site
|
|
nginx_ensite searx
|
|
|
|
# restart the web server
|
|
systemctl restart php5-fpm
|
|
systemctl restart nginx
|
|
|
|
# start the daemon
|
|
systemctl enable searx.service
|
|
systemctl daemon-reload
|
|
systemctl start searx.service
|
|
|
|
if ! grep -q "Your search engine password is" /home/$MY_USERNAME/README; then
|
|
if [ ${#SEARX_PASSWORD} -lt 8 ]; then
|
|
if [ -f $IMAGE_PASSWORD_FILE ]; then
|
|
SEARX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
|
|
else
|
|
SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
|
|
fi
|
|
fi
|
|
echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
|
|
echo '' >> /home/$MY_USERNAME/README
|
|
echo '' >> /home/$MY_USERNAME/README
|
|
echo $'Search Engine' >> /home/$MY_USERNAME/README
|
|
echo '=============' >> /home/$MY_USERNAME/README
|
|
echo $"Search engine onion domain: ${SEARX_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
|
|
echo $"Your search engine password is: $SEARX_PASSWORD" >> /home/$MY_USERNAME/README
|
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
|
|
chmod 600 /home/$MY_USERNAME/README
|
|
fi
|
|
}
|
|
|
|
# NOTE: deliberately no exit 0
|