diff --git a/Dockerfile b/Dockerfile index ff2d440a1..69e4bfab2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,48 +1,64 @@ -FROM python:3.13-alpine +FROM python:3.13-slim EXPOSE 8080 -VOLUME /etc/searxng ARG SEARXNG_GID=977 ARG SEARXNG_UID=977 -RUN addgroup -g ${SEARXNG_GID} searxng && \ - adduser -u ${SEARXNG_UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng +RUN groupadd -g ${SEARXNG_GID} searxng && \ + useradd -u ${SEARXNG_UID} -d /usr/local/searxng -s /bin/sh -g searxng searxng ENV INSTANCE_NAME=searxng \ - AUTOCOMPLETE= \ - BASE_URL= \ - SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml \ - UWSGI_SETTINGS_PATH=/etc/searxng/uwsgi.ini \ - UWSGI_WORKERS=%k \ - UWSGI_THREADS=4 + AUTOCOMPLETE= \ + BASE_URL= \ + SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml \ + UWSGI_SETTINGS_PATH=/etc/searxng/uwsgi.ini \ + UWSGI_WORKERS=%k \ + UWSGI_THREADS=4 WORKDIR /usr/local/searxng # install necessary runtime packages -RUN apk add --no-cache brotli openssl mailcap libxml2 libxslt pcre && rm -rf /root/.cache +RUN apt-get update && apt-get install -y --no-install-recommends \ + brotli \ + openssl \ + mailcap \ + libxml2 \ + libxslt1.1 \ + libpcre3 COPY requirements.txt ./requirements.txt # build and install uwsgi and necessary python packages -RUN apk add --no-cache -t build-dependencies build-base libffi-dev libxml2-dev libxslt-dev pcre-dev \ -&& pip install --no-cache "uwsgi~=2.0.0" \ -&& pip install --no-cache -r requirements.txt \ -&& apk del build-dependencies \ -&& rm -rf /root/.cache +RUN --mount=type=cache,target=/root/.cache/pip apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + zlib1g-dev \ + libffi-dev \ + libxml2-dev \ + libxslt-dev \ + libpcre3-dev && \ + pip install "uwsgi~=2.0.0" && \ + pip install -r requirements.txt && \ + apt-get purge -y build-essential libffi-dev libxml2-dev libxslt1-dev libpcre3-dev && \ + apt-get autoremove -y && \ + rm -rf /var/lib/apt/lists/* COPY --chown=searxng:searxng dockerfiles ./dockerfiles COPY --chown=searxng:searxng searx ./searx +RUN mkdir /etc/searxng && chown searxng:searxng /etc/searxng + ARG TIMESTAMP_SETTINGS=0 ARG TIMESTAMP_UWSGI=0 ARG VERSION_GITCOMMIT=unknown -RUN su searxng -c "/usr/local/bin/python3 -m compileall -q searx" \ - && touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml \ - && touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini \ - && find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' \ - -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ - -type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+ +USER searxng + +RUN python3 -m compileall -q searx \ +&& touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml \ +&& touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini \ +&& find /usr/local/searxng/searx/static \( -name '*.html' -o -name '*.css' -o -name '*.js' \ + -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ + -type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+ # Keep these arguments at the end to prevent redundant layer rebuilds ARG LABEL_DATE= @@ -52,22 +68,22 @@ ARG SEARXNG_DOCKER_TAG=unknown ARG LABEL_VCS_REF= ARG LABEL_VCS_URL= LABEL maintainer="searxng <${GIT_URL}>" \ - description="A privacy-respecting, hackable metasearch engine." \ - version="${SEARXNG_GIT_VERSION}" \ - org.label-schema.schema-version="1.0" \ - org.label-schema.name="searxng" \ - org.label-schema.version="${SEARXNG_GIT_VERSION}" \ - org.label-schema.url="${LABEL_VCS_URL}" \ - org.label-schema.vcs-ref=${LABEL_VCS_REF} \ - org.label-schema.vcs-url=${LABEL_VCS_URL} \ - org.label-schema.build-date="${LABEL_DATE}" \ - org.label-schema.usage="https://github.com/searxng/searxng-docker" \ - org.opencontainers.image.title="searxng" \ - org.opencontainers.image.version="${SEARXNG_DOCKER_TAG}" \ - org.opencontainers.image.url="${LABEL_VCS_URL}" \ - org.opencontainers.image.revision=${LABEL_VCS_REF} \ - org.opencontainers.image.source=${LABEL_VCS_URL} \ - org.opencontainers.image.created="${LABEL_DATE}" \ - org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" - + description="A privacy-respecting, hackable metasearch engine." \ + version="${SEARXNG_GIT_VERSION}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.name="searxng" \ + org.label-schema.version="${SEARXNG_GIT_VERSION}" \ + org.label-schema.url="${LABEL_VCS_URL}" \ + org.label-schema.vcs-ref=${LABEL_VCS_REF} \ + org.label-schema.vcs-url=${LABEL_VCS_URL} \ + org.label-schema.build-date="${LABEL_DATE}" \ + org.label-schema.usage="https://github.com/searxng/searxng-docker" \ + org.opencontainers.image.title="searxng" \ + org.opencontainers.image.version="${SEARXNG_DOCKER_TAG}" \ + org.opencontainers.image.url="${LABEL_VCS_URL}" \ + org.opencontainers.image.revision=${LABEL_VCS_REF} \ + org.opencontainers.image.source=${LABEL_VCS_URL} \ + org.opencontainers.image.created="${LABEL_DATE}" \ + org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" + ENTRYPOINT ["/usr/local/searxng/dockerfiles/docker-entrypoint.sh"] diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 000000000..ff2d440a1 --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,73 @@ +FROM python:3.13-alpine +EXPOSE 8080 +VOLUME /etc/searxng + +ARG SEARXNG_GID=977 +ARG SEARXNG_UID=977 + +RUN addgroup -g ${SEARXNG_GID} searxng && \ + adduser -u ${SEARXNG_UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng + +ENV INSTANCE_NAME=searxng \ + AUTOCOMPLETE= \ + BASE_URL= \ + SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml \ + UWSGI_SETTINGS_PATH=/etc/searxng/uwsgi.ini \ + UWSGI_WORKERS=%k \ + UWSGI_THREADS=4 + +WORKDIR /usr/local/searxng + +# install necessary runtime packages +RUN apk add --no-cache brotli openssl mailcap libxml2 libxslt pcre && rm -rf /root/.cache + +COPY requirements.txt ./requirements.txt + +# build and install uwsgi and necessary python packages +RUN apk add --no-cache -t build-dependencies build-base libffi-dev libxml2-dev libxslt-dev pcre-dev \ +&& pip install --no-cache "uwsgi~=2.0.0" \ +&& pip install --no-cache -r requirements.txt \ +&& apk del build-dependencies \ +&& rm -rf /root/.cache + +COPY --chown=searxng:searxng dockerfiles ./dockerfiles +COPY --chown=searxng:searxng searx ./searx + +ARG TIMESTAMP_SETTINGS=0 +ARG TIMESTAMP_UWSGI=0 +ARG VERSION_GITCOMMIT=unknown + +RUN su searxng -c "/usr/local/bin/python3 -m compileall -q searx" \ + && touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml \ + && touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini \ + && find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' \ + -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ + -type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+ + +# Keep these arguments at the end to prevent redundant layer rebuilds +ARG LABEL_DATE= +ARG GIT_URL=unknown +ARG SEARXNG_GIT_VERSION=unknown +ARG SEARXNG_DOCKER_TAG=unknown +ARG LABEL_VCS_REF= +ARG LABEL_VCS_URL= +LABEL maintainer="searxng <${GIT_URL}>" \ + description="A privacy-respecting, hackable metasearch engine." \ + version="${SEARXNG_GIT_VERSION}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.name="searxng" \ + org.label-schema.version="${SEARXNG_GIT_VERSION}" \ + org.label-schema.url="${LABEL_VCS_URL}" \ + org.label-schema.vcs-ref=${LABEL_VCS_REF} \ + org.label-schema.vcs-url=${LABEL_VCS_URL} \ + org.label-schema.build-date="${LABEL_DATE}" \ + org.label-schema.usage="https://github.com/searxng/searxng-docker" \ + org.opencontainers.image.title="searxng" \ + org.opencontainers.image.version="${SEARXNG_DOCKER_TAG}" \ + org.opencontainers.image.url="${LABEL_VCS_URL}" \ + org.opencontainers.image.revision=${LABEL_VCS_REF} \ + org.opencontainers.image.source=${LABEL_VCS_URL} \ + org.opencontainers.image.created="${LABEL_DATE}" \ + org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" + +ENTRYPOINT ["/usr/local/searxng/dockerfiles/docker-entrypoint.sh"] diff --git a/Dockerfile.multistage b/Dockerfile.multistage new file mode 100644 index 000000000..6f8c6f9c5 --- /dev/null +++ b/Dockerfile.multistage @@ -0,0 +1,97 @@ +FROM python:3.13-slim AS builder + +RUN mkdir /usr/local/searxng +WORKDIR /usr/local/searxng + +RUN python3 -m venv /venv +ENV PATH=/venv/bin:$PATH + +COPY requirements.txt ./requirements.txt + +# Install build dependencies and Python packages +RUN apt-get update && apt-get install -y --no-install-recommends build-essential libpcre3-dev libxml2-dev libxslt1-dev zlib1g-dev +RUN --mount=type=cache,target=/root/.cache/pip pip install "uwsgi~=2.0.0" +RUN --mount=type=cache,target=/root/.cache/pip pip install -r requirements.txt + +COPY dockerfiles ./dockerfiles +COPY searx ./searx + +ARG TIMESTAMP_SETTINGS=0 +ARG TIMESTAMP_UWSGI=0 +ARG VERSION_GITCOMMIT=unknown + +RUN python3 -m compileall -q searx \ + && touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml \ + && touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini + +# Final image stage +FROM python:3.13-slim + +EXPOSE 8080 +VOLUME /etc/searxng + +ARG SEARXNG_GID=977 +ARG SEARXNG_UID=977 + +RUN groupadd -g ${SEARXNG_GID} searxng && \ + useradd -u ${SEARXNG_UID} -d /usr/local/searxng -s /bin/sh -g searxng searxng + +ENV INSTANCE_NAME=searxng \ + AUTOCOMPLETE= \ + BASE_URL= \ + SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml \ + UWSGI_SETTINGS_PATH=/etc/searxng/uwsgi.ini \ + UWSGI_WORKERS=%k \ + UWSGI_THREADS=4 + +WORKDIR /usr/local/searxng + +# Install necessary runtime packages +RUN apt-get update && apt-get install -y --no-install-recommends \ + brotli \ +# openssl \ + mailcap \ + libxml2 \ + libxslt1.1 \ + libpcre3 && \ + rm -rf /var/lib/apt/lists/* + +# Copy only the necessary files from the builder stage +COPY --from=builder --chown=searxng:searxng /usr/local/searxng /usr/local/searxng +COPY --from=builder --chown=searxng:searxng /venv /venv + +ENV PATH=/venv/bin:$PATH + +USER searxng + +RUN find /usr/local/searxng/searx/static \( -name '*.html' -o -name '*.css' -o -name '*.js' \ + -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ + -type f -exec gzip -9 -k {} + -exec brotli --best {} + + +# Keep these arguments at the end to prevent redundant layer rebuilds +ARG LABEL_DATE= +ARG GIT_URL=unknown +ARG SEARXNG_GIT_VERSION=unknown +ARG SEARXNG_DOCKER_TAG=unknown +ARG LABEL_VCS_REF= +ARG LABEL_VCS_URL= +LABEL maintainer="searxng <${GIT_URL}>" \ + description="A privacy-respecting, hackable metasearch engine." \ + version="${SEARXNG_GIT_VERSION}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.name="searxng" \ + org.label-schema.version="${SEARXNG_GIT_VERSION}" \ + org.label-schema.url="${LABEL_VCS_URL}" \ + org.label-schema.vcs-ref=${LABEL_VCS_REF} \ + org.label-schema.vcs-url=${LABEL_VCS_URL} \ + org.label-schema.build-date="${LABEL_DATE}" \ + org.label-schema.usage="https://github.com/searxng/searxng-docker" \ + org.opencontainers.image.title="searxng" \ + org.opencontainers.image.version="${SEARXNG_DOCKER_TAG}" \ + org.opencontainers.image.url="${LABEL_VCS_URL}" \ + org.opencontainers.image.revision=${LABEL_VCS_REF} \ + org.opencontainers.image.source=${LABEL_VCS_URL} \ + org.opencontainers.image.created="${LABEL_DATE}" \ + org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" + +ENTRYPOINT ["/usr/local/searxng/dockerfiles/docker-entrypoint.sh"] diff --git a/dockerfiles/docker-entrypoint.sh b/dockerfiles/docker-entrypoint.sh index 9e15b4cfa..0bad97b15 100755 --- a/dockerfiles/docker-entrypoint.sh +++ b/dockerfiles/docker-entrypoint.sh @@ -81,7 +81,7 @@ patch_searxng_settings() { -e "s|base_url: false|base_url: ${BASE_URL}|g" \ -e "s/instance_name: \"SearXNG\"/instance_name: \"${INSTANCE_NAME}\"/g" \ -e "s/autocomplete: \"\"/autocomplete: \"${AUTOCOMPLETE}\"/g" \ - -e "s/ultrasecretkey/$(openssl rand -hex 32)/g" \ + -e "s/ultrasecretkey/$(head -c 32 /dev/urandom | od -An -tx1 | tr -d ' \n')/g" \ "${CONF}" # Morty configuration