Beanz/searxng
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[mod] activate limiter & link_token method (aka CSS ping) by default

Browse Source 
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2023-09-22 10:58:40 +02:00 committed by Markus Heiser
parent 597c68b4aa
commit 3af629ec09
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
utils/searxng.sh
View File

@ -23,6 +23,7 @@ SEARXNG_STATIC="${SEARXNG_SRC}/searx/static"
SEARXNG_PYENV="${SERVICE_HOME}/searx-pyenv" SEARXNG_PYENV="${SERVICE_HOME}/searx-pyenv"
SEARXNG_SETTINGS_PATH="/etc/searxng/settings.yml" SEARXNG_SETTINGS_PATH="/etc/searxng/settings.yml"
LIMITER_SETTINGS_PATH="/etc/searxng/limiter.toml"
SEARXNG_UWSGI_APP="searxng.ini" SEARXNG_UWSGI_APP="searxng.ini"
SEARXNG_INTERNAL_HTTP="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}" SEARXNG_INTERNAL_HTTP="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}"
@ -131,7 +132,7 @@ install|remove:
all : complete (de-) installation of the SearXNG service all : complete (de-) installation of the SearXNG service
user : service user '${SERVICE_USER}' (${SERVICE_HOME}) user : service user '${SERVICE_USER}' (${SERVICE_HOME})
pyenv : virtualenv (python) in ${SEARXNG_PYENV} pyenv : virtualenv (python) in ${SEARXNG_PYENV}
settings : settings from ${SEARXNG_SETTINGS_PATH} settings : settings from $(dirname "${SEARXNG_SETTINGS_PATH}")
uwsgi : SearXNG's uWSGI app ${SEARXNG_UWSGI_APP} uwsgi : SearXNG's uWSGI app ${SEARXNG_UWSGI_APP}
redis : build & install or remove a local redis server ${REDIS_HOME}/run/redis.sock redis : build & install or remove a local redis server ${REDIS_HOME}/run/redis.sock
nginx : HTTP site ${NGINX_APPS_AVAILABLE}/${NGINX_SEARXNG_SITE} nginx : HTTP site ${NGINX_APPS_AVAILABLE}/${NGINX_SEARXNG_SITE}
@ -522,7 +523,7 @@ EOF
} }
searxng.install.settings() { searxng.install.settings() {
rst_title "install ${SEARXNG_SETTINGS_PATH}" section rst_title "install $(dirname "${SEARXNG_SETTINGS_PATH}")" section
if ! [[ -f "${SEARXNG_SRC}/.git/config" ]]; then if ! [[ -f "${SEARXNG_SRC}/.git/config" ]]; then
die "Before install settings, first install SearXNG." die "Before install settings, first install SearXNG."
@ -531,6 +532,11 @@ searxng.install.settings() {
mkdir -p "$(dirname "${SEARXNG_SETTINGS_PATH}")" mkdir -p "$(dirname "${SEARXNG_SETTINGS_PATH}")"
DEFAULT_SELECT=1 \
install_template --no-eval \
"${LIMITER_SETTINGS_PATH}" \
"${SERVICE_USER}" "${SERVICE_GROUP}"
DEFAULT_SELECT=1 \ DEFAULT_SELECT=1 \
install_template --no-eval \ install_template --no-eval \
"${SEARXNG_SETTINGS_PATH}" \ "${SEARXNG_SETTINGS_PATH}" \
@ -545,6 +551,7 @@ searxng.remove.settings() {
rst_title "remove ${SEARXNG_SETTINGS_PATH}" section rst_title "remove ${SEARXNG_SETTINGS_PATH}" section
if ask_yn "Do you want to delete the SearXNG settings?" Yn; then if ask_yn "Do you want to delete the SearXNG settings?" Yn; then
rm -f "${SEARXNG_SETTINGS_PATH}" rm -f "${SEARXNG_SETTINGS_PATH}"
rm -f "${LIMITER_SETTINGS_PATH}"
fi fi
} }
@ -575,6 +582,12 @@ pip install -U wheel
pip install -U pyyaml pip install -U pyyaml
pip install -U -e . pip install -U -e .
EOF EOF
rst_para "update instance's limiter.toml from ${LIMITER_SETTINGS_PATH}"
DEFAULT_SELECT=2 \
install_template --no-eval \
"${LIMITER_SETTINGS_PATH}" \
"${SERVICE_USER}" "${SERVICE_GROUP}"
rst_para "update instance's settings.yml from ${SEARXNG_SETTINGS_PATH}" rst_para "update instance's settings.yml from ${SEARXNG_SETTINGS_PATH}"
DEFAULT_SELECT=2 \ DEFAULT_SELECT=2 \
install_template --no-eval \ install_template --no-eval \

13
utils/templates/etc/searxng/limiter.toml Normal file
View File

@ -0,0 +1,13 @@
# Limiter configuration / bot protection & IP rate limitation
[real_ip]
# number of values to trust for X-Forwarded-For
# https://docs.searxng.org/admin/searx.botdetection.html#searx.botdetection.get_real_ip
x_for = 1
[botdetection.ip_limit]
# activate link_token method in the ip_limit method
# https://docs.searxng.org/admin/searx.botdetection.html#method-ip-limit
link_token = true