-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathDockerfile
163 lines (148 loc) · 8.26 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# use alpine as base for searx and set workdir as well as env vars
FROM alpine:3.20 AS base
ENV GID=991 UID=991 UWSGI_WORKERS=1 UWSGI_THREADS=16 IMAGE_PROXY=true REDIS_URL= LIMITER= BASE_URL= CAPTCHA= AUTHORIZED_API= NAME= SEARCH_DEFAULT_LANG= SEARCH_ENGINE_ACCESS_DENIED= PUBLIC_INSTANCE= \
GOOGLE_DEFAULT=true BING_DEFAULT= \
OPENMETRICS_PASSWORD= \
PRIVACYPOLICY= \
DONATION_URL= \
CONTACT=https://vojk.au \
FOOTER_MESSAGE= \
ISSUE_URL=https://github.com/privau/searxng/issues GIT_URL=https://github.com/privau/searxng GIT_BRANCH=main \
UPSTREAM_COMMIT=6324a9752a2b21a1dcb709c7fb643e361189163e
COPY ./requirements.txt .
# install build deps and git clone searxng as well as setting the version
RUN apk -U upgrade \
&& apk add --no-cache -t build-dependencies \
build-base \
py3-setuptools \
python3-dev \
libffi-dev \
libxslt-dev \
libxml2-dev \
openssl-dev \
tar \
&& apk add --no-cache \
ca-certificates \
python3 \
py3-pip \
libxml2 \
libxslt \
openssl \
tini \
uwsgi \
uwsgi-python3 \
git \
brotli \
&& pip install --no-cache --break-system-packages -r requirements.txt \
&& apk del build-dependencies \
&& rm -rf /var/cache/apk/* /root/.cache
FROM base AS searxng
WORKDIR /usr/local/searxng
# install build deps and git clone searxng as well as setting the version
RUN addgroup -g ${GID} searxng \
&& adduser -u ${UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng \
&& git config --global --add safe.directory /usr/local/searxng \
&& git clone https://github.com/searxng/searxng . \
&& git reset --hard ${UPSTREAM_COMMIT} \
&& chown -R searxng:searxng . \
&& su searxng -c "/usr/bin/python3 -m searx.version freeze"
# copy custom simple themes
COPY ./out/css/* searx/static/themes/simple/css/
COPY ./out/js/* searx/static/themes/simple/js/
# copy run.sh, limiter.toml and favicons.toml
COPY ./src/run.sh /usr/local/bin/run.sh
COPY ./src/limiter.toml /etc/searxng/limiter.toml
COPY ./src/favicons.toml /etc/searxng/favicons.toml
# make our patches to searxng's code to allow for the custom theming
RUN sed -i "/'simple_style': EnumStringSetting(/,/choices=\['', 'auto', 'light', 'dark', 'black'\]/s/choices=\['', 'auto', 'light', 'dark', 'black'\]/choices=\['', 'light', 'dark', 'black', 'paulgo', 'latte', 'frappe', 'macchiato', 'mocha', 'kagi', 'brave', 'moa', 'night', 'dracula'\]/" /usr/local/searxng/searx/preferences.py \
&& sed -i "s/SIMPLE_STYLE = ('auto', 'light', 'dark', 'black')/SIMPLE_STYLE = ('light', 'dark', 'black', 'paulgo', 'latte', 'frappe', 'macchiato', 'mocha', 'kagi', 'brave', 'moa', 'night', 'dracula')/" /usr/local/searxng/searx/settings_defaults.py \
&& sed -i "s/{%- for name in \['auto', 'light', 'dark', 'black'\] -%}/{%- for name in \['light', 'dark', 'black', 'paulgo', 'latte', 'frappe', 'macchiato', 'mocha', 'kagi', 'brave', 'moa', 'night', 'dracula'\] -%}/" /usr/local/searxng/searx/templates/simple/preferences/theme.html
# make patch to allow the privacy policy page
COPY ./src/privacy-policy/privacy-policy.html searx/templates/simple/privacy-policy.html
RUN sed -i "/@app\.route('\/client<token>\.css', methods=\['GET', 'POST'\])/i \ \[email protected]('\/privacy', methods=\['GET'\])\ndef privacy_policy():return render('privacy-policy.html')\n" /usr/local/searxng/searx/webapp.py
# include patches for captcha
COPY ./src/captcha/captcha.html searx/templates/simple/captcha.html
COPY ./src/captcha/captcha.py searx/captcha.py
RUN sed -i '/search = SearchWithPlugins(search_query, request.user_plugins, request)/i\ from searx.captcha import handle_captcha\n if (captcha_response := handle_captcha(request, settings["server"]["secret_key"], raw_text_query, search_query, selected_locale, render)):\n return captcha_response\n' /usr/local/searxng/searx/webapp.py
# include patches for authorized api access
COPY ./src/auth/auth.py searx/auth.py
RUN sed -i -e "/if output_format not in settings\\['search'\\]\\['formats'\\]:/a\\ from searx.auth import valid_api_key\\n if (not valid_api_key(request)):" -e 's|flask.abort(403)| flask.abort(403)|' /usr/local/searxng/searx/webapp.py \
&& sed -i "/return Response('', mimetype='text\/css')/a \\\\[email protected]('/<key>/search', methods=['GET', 'POST'])\\ndef search_key(key=None):\\n from searx.auth import auth_search_key\\n return auth_search_key(request, key)" /usr/local/searxng/searx/webapp.py \
&& sed -i "/3\. If the IP is not in either list, the request is not blocked\./a\\ from searx.auth import valid_api_key\\n if (valid_api_key(request)):\\n return None" searx/limiter.py
# fix opensearch autocompleter (force method of autocompleter to use GET reuqests)
RUN sed -i '/{% if autocomplete %}/,/{% endif %}/s|method="{{ opensearch_method }}"|method="GET"|g' searx/templates/simple/opensearch.xml
# make run.sh executable, copy uwsgi server ini, set default settings, precompile static theme files
RUN cp -r -v dockerfiles/uwsgi.ini /etc/uwsgi/; \
chmod +x /usr/local/bin/run.sh; \
sed -i -e "/safe_search:/s/0/1/g" \
-e "/autocomplete:/s/\"\"/\"google\"/g" \
-e "/autocomplete_min:/s/4/0/g" \
-e "/favicon_resolver:/s/\"\"/\"google\"/g" \
-e "/port:/s/8888/8080/g" \
-e "/simple_style:/s/auto/macchiato/g" \
-e "/infinite_scroll:/s/false/true/g" \
-e "/query_in_title:/s/false/true/g" \
-e "s+donation_url: https://docs.searxng.org/donate.html+donation_url: false+g" \
-e "/bind_address:/s/127.0.0.1/0.0.0.0/g" \
-e '/default_lang:/s/ ""/ en/g' \
-e "/http_protocol_version:/s/1.0/1.1/g" \
-e "/X-Content-Type-Options: nosniff/d" \
-e "/X-XSS-Protection: 1; mode=block/d" \
-e "/X-Robots-Tag: noindex, nofollow/d" \
-e "/Referrer-Policy: no-referrer/d" \
-e "/news:/{n;s/.*//}" \
-e "/files:/d" \
-e "/social media:/d" \
-e "/static_use_hash:/s/false/true/g" \
-e "s/ use_mobile_ui: false/ use_mobile_ui: true/g" \
-e "/disabled: false/d" \
-e "/name: wikipedia/s/$/\n disabled: false/g" \
-e "/name: wikidata/s/$/\n disabled: true/g" \
-e "/name: wikispecies/s/$/\n disabled: true/g" \
-e "/name: wikinews/s/$/\n disabled: true/g" \
-e "/name: wikibooks/s/$/\n disabled: true/g" \
-e "/name: wikivoyage/s/$/\n disabled: true/g" \
-e "/name: wikiversity/s/$/\n disabled: true/g" \
-e "/name: wikiquote/s/$/\n disabled: true/g" \
-e "/name: wikisource/s/$/\n disabled: true/g" \
-e "/name: wikicommons.images/s/$/\n disabled: true/g" \
-e "/name: duckduckgo/s/$/\n disabled: true/g" \
-e "/name: pinterest/s/$/\n disabled: true/g" \
-e "/name: piped/s/$/\n disabled: true/g" \
-e "/name: piped.music/s/$/\n disabled: true/g" \
-e "/name: bandcamp/s/$/\n disabled: true/g" \
-e "/name: radio browser/s/$/\n disabled: true/g" \
-e "/name: mixcloud/s/$/\n disabled: true/g" \
-e "/name: hoogle/s/$/\n disabled: true/g" \
-e "/name: currency/s/$/\n disabled: true/g" \
-e "/name: qwant/s/$/\n disabled: true/g" \
-e "/name: btdigg/s/$/\n disabled: true/g" \
-e "/name: sepiasearch/s/$/\n disabled: true/g" \
-e "/name: dailymotion/s/$/\n disabled: true/g" \
-e "/name: deviantart/s/$/\n disabled: true/g" \
-e "/name: vimeo/s/$/\n disabled: true/g" \
-e "/name: openairepublications/s/$/\n disabled: true/g" \
-e "/name: library of congress/s/$/\n disabled: true/g" \
-e "/name: dictzone/s/$/\n disabled: true/g" \
-e "/name: brave/s/$/\n disabled: true/g" \
-e "/name: lingva/s/$/\n disabled: true/g" \
-e "/name: genius/s/$/\n disabled: true/g" \
-e "/name: wallhaven/s/$/\n disabled: true/g" \
-e "/name: artic/s/$/\n disabled: true/g" \
-e "/name: flickr/s/$/\n disabled: true/g" \
-e "/name: unsplash/s/$/\n disabled: true/g" \
-e "/name: gentoo/s/$/\n disabled: true/g" \
-e "/name: openverse/s/$/\n disabled: true/g" \
-e "/name: google videos/s/$/\n disabled: true/g" \
-e "/name: yahoo news/s/$/\n disabled: true/g" \
-e "/name: bing news/s/$/\n disabled: true/g" \
-e "/name: tineye/s/$/\n disabled: true/g" \
-e "/shortcut: fd/{n;s/.*/ disabled: false/}" \
searx/settings.yml; \
su searxng -c "/usr/bin/python3 -m compileall -q searx"; \
find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+
# expose port and set tini as CMD; default user is searxng
USER searxng
EXPOSE 8080
CMD ["/sbin/tini","--","run.sh"]