primemover/onepush
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity

1 release 1 tag

RSS feed
  • 1 1504d66a69

    1 Stable

    first released this 2025-07-23 22:07:31 +00:00 | 1 commits to master since this release

    A single, robust, and intelligent shell script to fully automate the deployment of Open WebUI and an optional, private SearXNG instance on a Debian server. This script transforms a manual setup process into a production-ready, one-shot command, complete with security hardening and full life-cycle automation.

    This project was born from an iterative process of converting a manual guide into a fully automated script, adding features and fixing real-world deployment issues like Let's Encrypt rate limits, firewall pre-configurations, fragile cron jobs, and complex multi-container networking and configuration bugs.

    Features

    • Fully Automated Deployment: Runs non-interactively after an initial prompt for configuration details.
    • Optional SearXNG Stack:
      • Deploys a private SearXNG instance on a secure Docker network.
      • Exposes it publicly on a separate subdomain with Basic Auth protection.
      • Allows internal access from Open WebUI tools without authentication for fast, secure searching.
      • Supports an optional Brave Search API key for enhanced, ad-free results.
      • Adds a custom JSON engine to SearXNG for advanced integrations.
    • Security First:
      • Firewall Aware: Intelligently detects and manages UFW.
      • Brute-Force Protection: Installs and configures Fail2Ban to protect the Open WebUI login.
    • Robust Service Management: Deploys services via Docker on a shared private network, the recommended method.
    • Automatic HTTPS: Uses Nginx as a reverse proxy and Certbot to automatically obtain and renew free Let's Encrypt SSL certificates.
    • Production-Ready Automation:
      • System Updates: Configures unattended-upgrades.
      • Container Updates: Deploys Watchtower for automatic container updates.
      • Scheduled Reboots: Implements a robust weekly reboot via a cron.d file.

    Prerequisites

    Before running the script, you will need:

    1. A server running Debian 11 or 12.
    2. sudo or root access.
    3. A domain for Open WebUI (e.g., ai.example.com) with a DNS A record pointing to your server's IP.
    4. If deploying SearXNG, a second domain (e.g., search.example.com) also pointing to your server's IP. (The script uses search.example.com by default but the variable can be changed).

    Usage

    1. Download the script to your Debian server: 
      curl -fsSL -o onepush.sh https://git.r21.io/primemover/onepush/releases/download/1/onepush.sh
    2. Make the script executable: 
      chmod +x onepush.sh
    3. Run the script with sudo: 
      sudo ./onepush.sh

    SearXNG PR
    #1 (comment)

    Downloads