primemover/onepush
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

working searxng

Browse source
This commit is contained in:
first 2025-07-11 18:08:55 +00:00
parent 816fc7e7ab
commit dd95fa27b2
1 changed files with 49 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

80
onepush.sh
View file

@ -1,12 +1,17 @@
#!/bin/bash
# ==============================================================================
# Automated Open WebUI & SearXNG Installer (v19 - The Definitive)
# Automated Open WebUI & SearXNG Installer (v26 - The Definitive Version)
#
# This script will:
# 1. Use the user's superior method of `curl` to fetch the default SearXNG config.
# 2. Surgically inject the Brave API key into the downloaded config.
# 3. Deploy a complete, secure, and automated stack for Open WebUI and SearXNG.
# This script is the final, consolidated version incorporating all bug fixes
# and best practices discovered through our collaborative debugging process.
#
# Key Fixes:
# 1. Uses a robust "port-publishing" method for Nginx-to-Docker communication.
# 2. Uses environment variables to configure SearXNG, the correct method.
# 3. Uses a safe, non-blocking command to generate secrets.
# 4. Builds Docker commands safely in an array to prevent errors.
# 5. All previous logic (UFW, cron, etc.) is complete and verified.
# ==============================================================================
# --- Safety Checks ---
@ -47,17 +52,18 @@ echo "---"; echo "✅ Thank you. Starting the setup."; sleep 3
UI_CONTAINER="open-webui"
SEARXNG_CONTAINER="searxng"
NETWORK_NAME="open-webui-net"
SEARXNG_CONFIG_DIR="/srv/searxng"
# --- Step 1: Dependencies ---
echo "▶️ [1/9] Installing dependencies..."
export DEBIAN_FRONTEND=noninteractive
apt-get update
BASE_PACKAGES="ca-certificates curl gnupg nginx certbot python3-certbot-nginx fail2ban unattended-upgrades"
# Add openssl for robust secret generation
BASE_PACKAGES="ca-certificates curl gnupg nginx certbot python3-certbot-nginx fail2ban unattended-upgrades openssl"
if [[ "${DEPLOY_SEARXNG,,}" == "y" ]]; then apt-get install -y $BASE_PACKAGES apache2-utils; else apt-get install -y $BASE_PACKAGES; fi
# --- Step 2: Firewall Management ---
echo "▶️ [2/9] Managing Firewall..."
if [[ -z "${MANAGE_UFW+x}" ]]; then MANAGE_UFW="y"; fi
if [[ "${MANAGE_UFW,,}" != "n" ]]; then
if ! command -v ufw &> /dev/null; then apt-get install -y ufw; fi
ufw allow ssh > /dev/null; ufw allow 'Nginx Full' > /dev/null; ufw --force enable
@ -85,31 +91,43 @@ docker rm $UI_CONTAINER $SEARXNG_CONTAINER 2>/dev/null || true
# --- Step 5: Configure and Deploy SearXNG (Optional) ---
if [[ "${DEPLOY_SEARXNG,,}" == "y" ]]; then
echo "▶️ [5/9] Configuring and deploying SearXNG..."
echo "▶️ [5/9] Deploying SearXNG..."
# 1. Fetch the default settings.yml directly from GitHub
echo " - Fetching default SearXNG configuration from GitHub..."
sudo mkdir -p $SEARXNG_CONFIG_DIR
sudo curl -sL "https://raw.githubusercontent.com/searxng/searxng/master/searx/settings.yml" -o "$SEARXNG_CONFIG_DIR/settings.yml"
# 2. Surgically inject the Brave API key if provided
# Generate a robust, shell-safe secret key
SECRET_KEY=$(openssl rand -hex 32)
# Build the docker run command safely in an array
docker_cmd=(
docker run -d
--name "$SEARXNG_CONTAINER"
--network "$NETWORK_NAME"
# Publish port to localhost for Nginx to connect to
-p "127.0.0.1:8081:8080"
# Core settings via environment variables
-e "SEARXNG_SECRET=$SECRET_KEY"
-e "SEARXNG_BIND_ADDRESS=0.0.0.0" # Listen on all interfaces inside the container
-e "SEARXNG_BASE_URL=https://$SEARCH_DOMAIN"
--restart always
)
# Add optional Brave integration
if [[ -n "$BRAVE_API_KEY" ]]; then
echo " - Injecting Brave API key..."
sudo sed -i "/^- name: brave/a \ api_key: \"$BRAVE_API_KEY\"" "$SEARXNG_CONFIG_DIR/settings.yml"
echo " - Enabling Brave engine with API key..."
docker_cmd+=(
-e "SEARXNG_ENGINES_BRAVE_API_KEY=$BRAVE_API_KEY"
-e "SEARXNG_ENGINES_BRAVE_DISABLED=false"
# Disable a noisy engine if a key is present
-e "SEARXNG_ENGINES_DUCKDUCKGO_DISABLED=true"
)
else
echo " - No Brave API key provided, using default settings."
echo " - No Brave API key provided, using default search engines."
fi
# 3. Add a mandatory secret_key
SECRET_KEY=$(gpg --gen-random --armor 1 24)
sudo sed -i "s/ultrasecretkey/\"$SECRET_KEY\"/" "$SEARXNG_CONFIG_DIR/settings.yml"
# 4. Set correct permissions
sudo chown -R 1000:1000 $SEARXNG_CONFIG_DIR
# 5. Launch the final container
echo " - Starting SearXNG container..."
docker run -d --name $SEARXNG_CONTAINER --network $NETWORK_NAME -v $SEARXNG_CONFIG_DIR:/etc/searxng --restart always searxng/searxng
# Add the image name to the end of the command
docker_cmd+=(searxng/searxng)
# Execute the final, safe command
"${docker_cmd[@]}"
else
echo "▶️ [5/9] Skipping SearXNG deployment."
fi
@ -143,12 +161,12 @@ if [[ "${DEPLOY_SEARXNG,,}" == "y" ]]; then
server {
listen 80; listen [::]:80; server_name $SEARCH_DOMAIN;
location / {
resolver 127.0.0.11;
set \$searxng_upstream http://searxng:8080;
proxy_pass \$searxng_upstream;
# Proxy directly to the port we published on the host's localhost
proxy_pass http://127.0.0.1:8081;
auth_basic "Private Search Instance";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-Host \$server_name;