first commit

2025-06-26 15:38:10 +03:30
commit e928faf6d2
899 changed files with 403713 additions and 0 deletions
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -0,0 +1,65 @@
+FROM ghcr.io/searxng/base:searxng-builder AS builder
+
+COPY ./requirements.txt ./requirements.txt
+
+RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \
+ && . ./venv/bin/activate \
+ && pip install -r requirements.txt \
+ && pip install "uwsgi~=2.0"
+
+COPY ./searx/ ./searx/
+
+ARG TIMESTAMP_SETTINGS="0"
+
+RUN python -m compileall -q searx \
+ && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
+ && find ./searx/static \
+    \( -name "*.html" -o -name "*.css" -o -name "*.js" -o -name "*.svg" -o -name "*.ttf" -o -name "*.eot" \) \
+    -type f -exec gzip -9 -k {} + -exec brotli --best {} +
+
+FROM ghcr.io/searxng/base:searxng AS dist
+
+ARG LABEL_DATE="0001-01-01T00:00:00Z"
+ARG GIT_URL="unspecified"
+ARG SEARXNG_GIT_VERSION="unspecified"
+ARG LABEL_VCS_REF="unspecified"
+ARG LABEL_VCS_URL="unspecified"
+
+COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
+COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
+COPY --chown=searxng:searxng ./container/config/ ./.template/
+COPY --chown=searxng:searxng ./container/entrypoint.sh ./entrypoint.sh
+
+ARG TIMESTAMP_UWSGI="0"
+
+RUN touch -c --date=@$TIMESTAMP_UWSGI ./.template/uwsgi.ini
+
+LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
+      org.opencontainers.image.created="$LABEL_DATE" \
+      org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \
+      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \
+      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
+      org.opencontainers.image.revision="$LABEL_VCS_REF" \
+      org.opencontainers.image.source="$LABEL_VCS_URL" \
+      org.opencontainers.image.title="searxng" \
+      org.opencontainers.image.url="$LABEL_VCS_URL" \
+      org.opencontainers.image.version="$SEARXNG_GIT_VERSION"
+
+ENV SEARXNG_VERSION="$SEARXNG_GIT_VERSION" \
+    INSTANCE_NAME="SearXNG" \
+    AUTOCOMPLETE="" \
+    BASE_URL="" \
+    BIND_ADDRESS="[::]:8080" \
+    SEARXNG_SETTINGS_PATH="$CONFIG_PATH/settings.yml" \
+    UWSGI_SETTINGS_PATH="$CONFIG_PATH/uwsgi.ini" \
+    UWSGI_WORKERS="%k" \
+    UWSGI_THREADS="4"
+
+VOLUME $CONFIG_PATH
+VOLUME $DATA_PATH
+
+EXPOSE 8080
+
+HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
+
+ENTRYPOINT ["/usr/local/searxng/entrypoint.sh"]
--- a/container/base-builder.yml
+++ b/container/base-builder.yml
@@ -0,0 +1,31 @@
+contents:
+  repositories:
+    - https://mirrors.edge.kernel.org/alpine/edge/main
+    - https://mirrors.edge.kernel.org/alpine/edge/community
+  packages:
+    - alpine-base
+    - build-base
+    - python3-dev
+    - py3-pip
+    - brotli
+    # lxml (armv7)
+    - libxml2-dev
+    - libxslt-dev
+    - zlib-dev
+    # uwsgi
+    - libffi-dev
+
+entrypoint:
+  command: /bin/sh -l
+
+work-dir: /usr/local/searxng/
+
+environment:
+  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
+  HISTFILE: /dev/null
+
+archs:
+  - x86_64
+  - aarch64
+  - armv7
--- a/container/base.yml
+++ b/container/base.yml
@@ -0,0 +1,63 @@
+contents:
+  repositories:
+    - https://mirrors.edge.kernel.org/alpine/edge/main
+  packages:
+    - alpine-baselayout
+    - ca-certificates-bundle
+    - busybox
+    - python3
+    # healthcheck
+    - wget
+    # lxml (armv7)
+    - libxslt
+    # uwsgi
+    - libxml2
+    - mailcap
+
+entrypoint:
+  command: /bin/sh -l
+
+work-dir: /usr/local/searxng/
+
+accounts:
+  groups:
+    - groupname: searxng
+      gid: 977
+  users:
+    - username: searxng
+      uid: 977
+      shell: /bin/ash
+
+environment:
+  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
+  HISTFILE: /dev/null
+  CONFIG_PATH: /etc/searxng
+  DATA_PATH: /var/cache/searxng
+
+paths:
+  # Workdir
+  - path: /usr/local/searxng/
+    type: directory
+    uid: 977
+    gid: 977
+    permissions: 0o555
+
+  # Config volume
+  - path: /etc/searxng/
+    type: directory
+    uid: 977
+    gid: 977
+    permissions: 0o755
+
+  # Data volume
+  - path: /var/cache/searxng/
+    type: directory
+    uid: 977
+    gid: 977
+    permissions: 0o755
+
+archs:
+  - x86_64
+  - aarch64
+  - armv7
--- a/container/config/uwsgi.ini
+++ b/container/config/uwsgi.ini
@@ -0,0 +1,55 @@
+[uwsgi]
+# Listening address
+# default value: [::]:8080 (see Dockerfile)
+http-socket = $(BIND_ADDRESS)
+
+# Who will run the code
+uid = searxng
+gid = searxng
+
+# Number of workers (usually CPU count)
+# default value: %k (= number of CPU core, see Dockerfile)
+workers = $(UWSGI_WORKERS)
+
+# Number of threads per worker
+# default value: 4 (see Dockerfile)
+threads = $(UWSGI_THREADS)
+
+# The right granted on the created socket
+chmod-socket = 666
+
+# Plugin to use and interpreter config
+single-interpreter = true
+master = true
+lazy-apps = true
+enable-threads = true
+
+# Module to import
+module = searx.webapp
+
+# Virtualenv and python path
+pythonpath = /usr/local/searxng/
+chdir = /usr/local/searxng/searx/
+
+# automatically set processes name to something meaningful
+auto-procname = true
+
+# Disable request logging for privacy
+disable-logging = true
+log-5xx = true
+
+# Set the max size of a request (request-body excluded)
+buffer-size = 8192
+
+# No keep alive
+# See https://github.com/searx/searx-docker/issues/24
+add-header = Connection: close
+
+# Follow SIGTERM convention
+# See https://github.com/searxng/searxng/issues/3427
+die-on-term
+
+# uwsgi serves the static files
+static-map = /static=/usr/local/searxng/searx/static
+static-gzip-all = True
+offload-threads = %k
--- a/container/entrypoint.sh
+++ b/container/entrypoint.sh
@@ -0,0 +1,166 @@
+#!/bin/sh
+# shellcheck shell=dash
+set -u
+
+check_file() {
+    local target="$1"
+
+    if [ ! -f "$target" ]; then
+        cat <<EOF
+!!!
+!!! ERROR
+!!! "$target" is not a valid file, exiting...
+!!!
+EOF
+        exit 127
+    fi
+}
+
+check_directory() {
+    local target="$1"
+
+    if [ ! -d "$target" ]; then
+        cat <<EOF
+!!!
+!!! ERROR
+!!! "$target" is not a valid directory, exiting...
+!!!
+EOF
+        exit 127
+    fi
+}
+
+setup_ownership() {
+    local target="$1"
+    local type="$2"
+
+    case "$type" in
+    file | directory) ;;
+    *)
+        cat <<EOF
+!!!
+!!! ERROR
+!!! "$type" is not a valid type, exiting...
+!!!
+EOF
+        exit 1
+        ;;
+    esac
+
+    if [ "$(stat -c %U:%G "$target")" != "searxng:searxng" ]; then
+        if [ "$(id -u)" -eq 0 ]; then
+            chown -R searxng:searxng "$target"
+        else
+            cat <<EOF
+!!!
+!!! WARNING
+!!! "$target" $type is not owned by "searxng"
+!!! This may cause issues when running SearXNG
+!!!
+!!! Run the container as root to fix this issue automatically
+!!! Alternatively, you can chown the $type manually:
+!!! $ chown -R searxng:searxng "$target"
+!!!
+EOF
+        fi
+    fi
+}
+
+# Apply envs to uwsgi.ini
+setup_uwsgi() {
+    local timestamp
+
+    timestamp=$(stat -c %Y "$UWSGI_SETTINGS_PATH")
+
+    sed -i \
+        -e "s|workers = .*|workers = ${UWSGI_WORKERS:-%k}|g" \
+        -e "s|threads = .*|threads = ${UWSGI_THREADS:-4}|g" \
+        "$UWSGI_SETTINGS_PATH"
+
+    # Restore timestamp
+    touch -c -d "@$timestamp" "$UWSGI_SETTINGS_PATH"
+}
+
+# Apply envs to settings.yml
+setup_searxng() {
+    local timestamp
+
+    timestamp=$(stat -c %Y "$SEARXNG_SETTINGS_PATH")
+
+    # Ensure trailing slash in BASE_URL
+    # https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#Shell-Parameter-Expansion
+    export BASE_URL="${BASE_URL%/}/"
+
+    sed -i \
+        -e "s|base_url: false|base_url: ${BASE_URL:-false}|g" \
+        -e "s/instance_name: \"SearXNG\"/instance_name: \"${INSTANCE_NAME:-SearXNG}\"/g" \
+        -e "s/autocomplete: \"\"/autocomplete: \"${AUTOCOMPLETE:-}\"/g" \
+        -e "s/ultrasecretkey/$(head -c 24 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9')/g" \
+        "$SEARXNG_SETTINGS_PATH"
+
+    # Restore timestamp
+    touch -c -d "@$timestamp" "$SEARXNG_SETTINGS_PATH"
+}
+
+# Handle volume mounts
+volume_handler() {
+    local target="$1"
+
+    # Check if it's a valid directory
+    check_directory "$target"
+    setup_ownership "$target" "directory"
+}
+
+# Handle configuration file updates
+config_handler() {
+    local target="$1"
+    local template="$2"
+    local new_template_target="$target.new"
+
+    # Create/Update the configuration file
+    if [ -f "$target" ]; then
+        setup_ownership "$target" "file"
+
+        if [ "$template" -nt "$target" ]; then
+            cp -pfT "$template" "$new_template_target"
+
+            cat <<EOF
+...
+... INFORMATION
+... Update available for "$target"
+... It is recommended to update the configuration file to ensure proper functionality
+...
+... New version placed at "$new_template_target"
+... Please review and merge changes
+...
+EOF
+        fi
+    else
+        cat <<EOF
+...
+... INFORMATION
+... "$target" does not exist, creating from template...
+...
+EOF
+        cp -pfT "$template" "$target"
+    fi
+
+    # Check if it's a valid file
+    check_file "$target"
+}
+
+echo "SearXNG $SEARXNG_VERSION"
+
+# Check for volume mounts
+volume_handler "$CONFIG_PATH"
+volume_handler "$DATA_PATH"
+
+# Check for updates in files
+config_handler "$UWSGI_SETTINGS_PATH" "/usr/local/searxng/.template/uwsgi.ini"
+config_handler "$SEARXNG_SETTINGS_PATH" "/usr/local/searxng/searx/settings.yml"
+
+# Update files
+setup_uwsgi
+setup_searxng
+
+exec /usr/local/searxng/venv/bin/uwsgi --http-socket "$BIND_ADDRESS" "$UWSGI_SETTINGS_PATH"