Apache¶
This section explains how to set up a SearXNG instance using the HTTP server Apache. If you did use the Installation Script and do not have any special preferences you can install the SearXNG site using searxng.sh:
$ sudo -H ./utils/searxng.sh install apache
If you have special interests or problems with setting up Apache, the following section might give you some guidance.
The Apache HTTP server¶
If Apache is not installed, install it now. If apache is new to you, the Getting Started, Configuration Files and Terms Used to Describe Directives documentation gives first orientation. There is also a list of Apache directives to keep in the pocket.
sudo -H apt-get install apache2
sudo -H pacman -S apache
sudo -H systemctl enable httpd
sudo -H systemctl start http
sudo -H dnf install httpd
sudo -H systemctl enable httpd
sudo -H systemctl start httpd
Now at http://localhost you should see some kind of Welcome or Test page. How this default site is configured, depends on the linux distribution (compare Apache directives).
less /etc/apache2/sites-enabled/000-default.conf
In this file, there is a line setting the DocumentRoot directive:
DocumentRoot /var/www/html
And the welcome page is the HTML file at /var/www/html/index.html.
less /etc/httpd/conf/httpd.conf
In this file, there is a line setting the DocumentRoot directive:
DocumentRoot "/srv/http"
<Directory "/srv/http">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
The welcome page of Arch Linux is a page showing the directory located
at DocumentRoot. This directory page is generated by the Module
mod_autoindex:
LoadModule autoindex_module modules/mod_autoindex.so
...
Include conf/extra/httpd-autoindex.conf
less /etc/httpd/conf/httpd.conf
In this file, there is a line setting the DocumentRoot directive:
DocumentRoot "/var/www/html"
...
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
On fresh installations, the /var/www is empty and the default
welcome page is shown, the configuration is located at:
less /etc/httpd/conf.d/welcome.conf
Debian’s Apache layout¶
Be aware, Debian’s Apache layout is quite different from the standard Apache
configuration. For details look at the apache2.README.Debian
(/usr/share/doc/apache2/README.Debian.gz). Some commands you should know on
Debian:
Apache modules¶
To load additional modules, in most distributions you have to uncomment the lines with the corresponding LoadModule directive, except in Debian’s Apache layout.
Debian’s Apache layout uses a2enmod and a2dismod to activate or disable modules:
sudo -H a2enmod ssl
sudo -H a2enmod headers
sudo -H a2enmod proxy
sudo -H a2enmod proxy_http
sudo -H a2enmod proxy_uwsgi
In the /etc/httpd/conf/httpd.conf file, activate LoadModule
directives:
LoadModule ssl_module modules/mod_ssl.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
In the /etc/httpd/conf/httpd.conf file, activate LoadModule
directives:
LoadModule ssl_module modules/mod_ssl.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
Apache sites¶
In Debian’s Apache layout you create a searxng.conf with the
<Location /searxng > directive and save this file in the sites
available folder at /etc/apache2/sites-available. To enable the
searxng.conf use a2ensite:
sudo -H a2ensite searxng.conf
In the /etc/httpd/conf/httpd.conf file add a IncludeOptional
directive:
IncludeOptional sites-enabled/*.conf
Create two folders, one for the available sites and one for the enabled sites:
mkdir -p /etc/httpd/sites-available
mkdir -p /etc/httpd/sites-enabled
Create configuration at /etc/httpd/sites-available and place a
symlink to sites-enabled:
sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
/etc/httpd/sites-enabled/searxng.conf
In the /etc/httpd/conf/httpd.conf file add a IncludeOptional
directive:
IncludeOptional sites-enabled/*.conf
Create two folders, one for the available sites and one for the enabled sites:
mkdir -p /etc/httpd/sites-available
mkdir -p /etc/httpd/sites-enabled
Create configuration at /etc/httpd/sites-available and place a
symlink to sites-enabled:
sudo -H ln -s /etc/httpd/sites-available/searxng.conf \
/etc/httpd/sites-enabled/searxng.conf
Apache’s SearXNG site¶
To proxy the incoming requests to the SearXNG instance Apache needs the mod_proxy module (Apache modules).
Depending on what your SearXNG installation is listening on, you need a http mod_proxy_http) or socket (mod_proxy_uwsgi) communication to upstream.
The Installation Script installs the reference setup and a uWSGI setup that listens on a socket by default.
You can install and activate your own searxng.conf like shown in
Apache sites.
# -*- coding: utf-8; mode: apache -*-
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
# LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
#
# SetEnvIf Request_URI /searxng dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searxng>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
# add the trailing slash
RedirectMatch 308 /searxng$ /searxng/
ProxyPreserveHost On
ProxyPass unix:/usr/local/searxng/run/socket|uwsgi://uwsgi-uds-searxng/
# see flaskfix.py
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
RequestHeader set X-Script-Name /searxng
# see limiter.py
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
</Location>
# uWSGI serves the static files and in settings.yml we use::
#
# ui:
# static_use_hash: true
#
# Alias /searxng/static/ /usr/local/searxng/searxng-src/searx/static/
# -*- coding: utf-8; mode: apache -*-
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
# LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
#
# SetEnvIf Request_URI /searxng dontlog
# CustomLog /dev/null combined env=dontlog
<Location /searxng>
Require all granted
Order deny,allow
Deny from all
# Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
Allow from all
# add the trailing slash
RedirectMatch 308 /searxng$ /searxng/
ProxyPreserveHost On
ProxyPass http://127.0.0.1:8888
# see flaskfix.py
RequestHeader set X-Scheme %{REQUEST_SCHEME}s
RequestHeader set X-Script-Name /searxng
# see limiter.py
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
</Location>
# uWSGI serves the static files and in settings.yml we use::
#
# ui:
# static_use_hash: true
#
# Alias /searxng/static/ /usr/local/searxng/searxng-src/searx/static/
Restart service:
sudo -H systemctl restart apache2
sudo -H service uwsgi restart searxng
sudo -H systemctl restart httpd
sudo -H systemctl restart uwsgi@searxng
sudo -H systemctl restart httpd
sudo -H touch /etc/uwsgi.d/searxng.ini
disable logs¶
For better privacy you can disable Apache logs. In the examples above activate one of the lines and restart apache:
SetEnvIf Request_URI "/searxng" dontlog
# CustomLog /dev/null combined env=dontlog
The CustomLog directive disables logs for the entire (virtual) server, use it
when the URL of the service does not have a path component (/searxng), so when
SearXNG is located at root (/).
