From dd95fa27b2316fe8befc7c4153d1374a08fe3a02 Mon Sep 17 00:00:00 2001 From: first Date: Fri, 11 Jul 2025 18:08:55 +0000 Subject: [PATCH] working searxng --- onepush.sh | 80 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 49 insertions(+), 31 deletions(-) diff --git a/onepush.sh b/onepush.sh index b8b095e..f4be09a 100644 --- a/onepush.sh +++ b/onepush.sh @@ -1,12 +1,17 @@ #!/bin/bash # ============================================================================== -# Automated Open WebUI & SearXNG Installer (v19 - The Definitive) +# Automated Open WebUI & SearXNG Installer (v26 - The Definitive Version) # -# This script will: -# 1. Use the user's superior method of `curl` to fetch the default SearXNG config. -# 2. Surgically inject the Brave API key into the downloaded config. -# 3. Deploy a complete, secure, and automated stack for Open WebUI and SearXNG. +# This script is the final, consolidated version incorporating all bug fixes +# and best practices discovered through our collaborative debugging process. +# +# Key Fixes: +# 1. Uses a robust "port-publishing" method for Nginx-to-Docker communication. +# 2. Uses environment variables to configure SearXNG, the correct method. +# 3. Uses a safe, non-blocking command to generate secrets. +# 4. Builds Docker commands safely in an array to prevent errors. +# 5. All previous logic (UFW, cron, etc.) is complete and verified. # ============================================================================== # --- Safety Checks --- @@ -47,17 +52,18 @@ echo "---"; echo "✅ Thank you. Starting the setup."; sleep 3 UI_CONTAINER="open-webui" SEARXNG_CONTAINER="searxng" NETWORK_NAME="open-webui-net" -SEARXNG_CONFIG_DIR="/srv/searxng" # --- Step 1: Dependencies --- echo "▶️ [1/9] Installing dependencies..." export DEBIAN_FRONTEND=noninteractive apt-get update -BASE_PACKAGES="ca-certificates curl gnupg nginx certbot python3-certbot-nginx fail2ban unattended-upgrades" +# Add openssl for robust secret generation +BASE_PACKAGES="ca-certificates curl gnupg nginx certbot python3-certbot-nginx fail2ban unattended-upgrades openssl" if [[ "${DEPLOY_SEARXNG,,}" == "y" ]]; then apt-get install -y $BASE_PACKAGES apache2-utils; else apt-get install -y $BASE_PACKAGES; fi # --- Step 2: Firewall Management --- echo "▶️ [2/9] Managing Firewall..." +if [[ -z "${MANAGE_UFW+x}" ]]; then MANAGE_UFW="y"; fi if [[ "${MANAGE_UFW,,}" != "n" ]]; then if ! command -v ufw &> /dev/null; then apt-get install -y ufw; fi ufw allow ssh > /dev/null; ufw allow 'Nginx Full' > /dev/null; ufw --force enable @@ -85,31 +91,43 @@ docker rm $UI_CONTAINER $SEARXNG_CONTAINER 2>/dev/null || true # --- Step 5: Configure and Deploy SearXNG (Optional) --- if [[ "${DEPLOY_SEARXNG,,}" == "y" ]]; then - echo "▶️ [5/9] Configuring and deploying SearXNG..." + echo "▶️ [5/9] Deploying SearXNG..." - # 1. Fetch the default settings.yml directly from GitHub - echo " - Fetching default SearXNG configuration from GitHub..." - sudo mkdir -p $SEARXNG_CONFIG_DIR - sudo curl -sL "https://raw.githubusercontent.com/searxng/searxng/master/searx/settings.yml" -o "$SEARXNG_CONFIG_DIR/settings.yml" - - # 2. Surgically inject the Brave API key if provided + # Generate a robust, shell-safe secret key + SECRET_KEY=$(openssl rand -hex 32) + + # Build the docker run command safely in an array + docker_cmd=( + docker run -d + --name "$SEARXNG_CONTAINER" + --network "$NETWORK_NAME" + # Publish port to localhost for Nginx to connect to + -p "127.0.0.1:8081:8080" + # Core settings via environment variables + -e "SEARXNG_SECRET=$SECRET_KEY" + -e "SEARXNG_BIND_ADDRESS=0.0.0.0" # Listen on all interfaces inside the container + -e "SEARXNG_BASE_URL=https://$SEARCH_DOMAIN" + --restart always + ) + + # Add optional Brave integration if [[ -n "$BRAVE_API_KEY" ]]; then - echo " - Injecting Brave API key..." - sudo sed -i "/^- name: brave/a \ api_key: \"$BRAVE_API_KEY\"" "$SEARXNG_CONFIG_DIR/settings.yml" + echo " - Enabling Brave engine with API key..." + docker_cmd+=( + -e "SEARXNG_ENGINES_BRAVE_API_KEY=$BRAVE_API_KEY" + -e "SEARXNG_ENGINES_BRAVE_DISABLED=false" + # Disable a noisy engine if a key is present + -e "SEARXNG_ENGINES_DUCKDUCKGO_DISABLED=true" + ) else - echo " - No Brave API key provided, using default settings." + echo " - No Brave API key provided, using default search engines." fi - - # 3. Add a mandatory secret_key - SECRET_KEY=$(gpg --gen-random --armor 1 24) - sudo sed -i "s/ultrasecretkey/\"$SECRET_KEY\"/" "$SEARXNG_CONFIG_DIR/settings.yml" - # 4. Set correct permissions - sudo chown -R 1000:1000 $SEARXNG_CONFIG_DIR - - # 5. Launch the final container - echo " - Starting SearXNG container..." - docker run -d --name $SEARXNG_CONTAINER --network $NETWORK_NAME -v $SEARXNG_CONFIG_DIR:/etc/searxng --restart always searxng/searxng + # Add the image name to the end of the command + docker_cmd+=(searxng/searxng) + + # Execute the final, safe command + "${docker_cmd[@]}" else echo "▶️ [5/9] Skipping SearXNG deployment." fi @@ -143,12 +161,12 @@ if [[ "${DEPLOY_SEARXNG,,}" == "y" ]]; then server { listen 80; listen [::]:80; server_name $SEARCH_DOMAIN; location / { - resolver 127.0.0.11; - set \$searxng_upstream http://searxng:8080; - proxy_pass \$searxng_upstream; + # Proxy directly to the port we published on the host's localhost + proxy_pass http://127.0.0.1:8081; auth_basic "Private Search Instance"; auth_basic_user_file /etc/nginx/.htpasswd; - proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Forwarded-Host \$server_name;