Searx is a privacy respecting search proxy aggregating results from different Internet search engines. I have it running in a jail since some time now, and I wanted to upgrade to the latest version 0.17, but this version is not in FreeBSD ports, so I upgraded it manually. Here is a quick writeup how I did it.
1. Bootstrap a new jail
I like to do upgrades by rebuilding jail from scratch, reinstall all software, packages, then put back the data, if there is any. I’ll name the jail searx2, because the old version is still running in another one named searx.
1
| zfs clone rpool/poudriere/stable/12/dist-nokern-20200806@20200806 rpool/jail/searx2
|
Add new entry in /etc/jail.conf
1
| searx2 { ip4.addr = vlan2|192.168.X.X; }
|
Start the jail, enter it, and bootstrap pkg
1
2
3
| /etc/rc.d/jail start searx2
jexec searx2 sh
pkg
|
2. Prepare jail packages
1
2
3
4
| # Joe is my preferred editor, bash will be Searx service shell, we also need Git to pull the sources
pkg install bash joe git-lite
# Searx needs a few Python packages
pkg install py37-babel py37-requests py37-yaml py37-pygments py37-werkzeug py37-Flask py37-Flask-Babel py37-lxml py37-dateutil
|
3. Install Searx from source
Create service account
1
| NAME=searx ID=8888 && pw groupadd -n $NAME -g $ID && pw useradd -n $NAME -g $NAME -u $ID -s /usr/local/bin/bash -w no -d /home/$NAME -m -M 750
|
Prepare settings file
1
2
3
4
| fetch https://raw.githubusercontent.com/searx/searx/master/searx/settings.yml
mv settings.yml /usr/local/etc/searx-settings.yml
# edit settings, change secret_key, base_url (it runs behing rev.proxy)
joe /usr/local/etc/searx-settings.yml
|
Pull Searx sources and prepare settings
1
2
3
4
5
6
| su searx
cd
git clone https://github.com/searx/searx
cd searx
# start Searx manually to checks if it runs ok and nothing is missing
SEARX_SETTINGS_PATH=/usr/local/etc/searx-settings.yml ./searx/webapp.py
|
Install Searx as service
Startup rc script is already installed from previous ports version, lets reuse it, cp it from the old jail into new one.
1
2
| # as root on host, my jails are mounted under /jail
cp /jail/srx/usr/local/etc/rc.d/searx /jail/srx2/usr/local/etc/rc.d/
|
Then I will edit the rc file to adjust Python version, service account and settings file, here is the diff compared to the existing rc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| --- /jail/srx/usr/local/etc/rc.d/searx 2019-03-26 09:27:18.000000000 +0100
+++ /jail/srx2/usr/local/etc/rc.d/searx 2020-09-19 09:51:23.997346000 +0200
@@ -25,14 +25,15 @@
rcvar=searx_enable
: ${searx_enable:="NO"}
-: ${searx_user:="www"}
-: ${searx_group:="www"}
+: ${searx_user:="searx"}
+: ${searx_group:="searx"}
+: ${searx_conf:="/usr/local/etc/searx-settings.yml"}
: ${searx_flags:=""}
# daemon
pidfile="/var/run/${name}.pid"
-python="/usr/local/bin/python2.7"
-script_py="/usr/local/lib/python2.7/site-packages/${name}/webapp.py"
+python="/usr/local/bin/python3.7"
+script_py="/home/${name}/searx/searx/webapp.py"
command=/usr/sbin/daemon
procname="daemon"
command_args=" -c -f -P ${pidfile} ${python} ${script_py}"
@@ -41,6 +42,7 @@
searx_precmd()
{
install -o ${searx_user} /dev/null ${pidfile}
+ export SEARX_SETTINGS_PATH=${searx_conf}
}
load_rc_config $name
|
The full final rc startup file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
| #!/bin/sh
# $FreeBSD: head/www/searx/files/searx.in 463944 2018-03-09 08:34:57Z yuri $
# PROVIDE: searx
# REQUIRE: DAEMON NETWORKING
# BEFORE: LOGIN
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable searx:
# searx_enable="YES"
#
# searx_enable (bool): Set to YES to enable searx
# Default: NO
# searx_conf (str): searx configuration file
# Default: ${PREFIX}/etc/searx.conf
# searx_user (str): searx daemon user
# Default: searx
# searx_group (str): searx daemon group
# Default: searx
# searx_flags (str): Extra flags passed to searx
. /etc/rc.subr
name="searx"
rcvar=searx_enable
: ${searx_enable:="NO"}
: ${searx_user:="searx"}
: ${searx_group:="searx"}
: ${searx_conf:="/usr/local/etc/searx-settings.yml"}
: ${searx_flags:=""}
# daemon
pidfile="/var/run/${name}.pid"
python="/usr/local/bin/python3.7"
script_py="/home/${name}/searx/searx/webapp.py"
command=/usr/sbin/daemon
procname="daemon"
command_args=" -c -f -P ${pidfile} ${python} ${script_py}"
start_precmd="searx_precmd"
searx_precmd()
{
install -o ${searx_user} /dev/null ${pidfile}
export SEARX_SETTINGS_PATH=${searx_conf}
}
load_rc_config $name
run_rc_command "$1"
|
Enable Searx service to run automagically when jails starts
1
2
| sysrc search_enable=YES
/usr/local/etc/rc.d/searx start
|
4. Switch the jails
Now if all looks good, I can switch the jails. Get out from jail and do as root
1
2
3
4
5
6
7
| /etc/rc.d/jail stop srx srx2
zfs rename rpool/jail/srx rpool/jail/srx_old
zfs rename rpool/jail/srx2 rpool/jail/srx
# sometimes when jail runs for a long time, "zfs rename" could fail
# with "umount error" - in that case force it with "zfs umount -f .."
# before rename, then "zfs mount .." it afterwards
/etc/rc.d/jail start srx
|
5. H2O conf for Searx
Here is the H2O frontend configuration part for Searx, it’s not public, restricted with a few IP acls.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| "srx.uoga.net:80":
listen:
host: 192.168.Y.Y
port: 80
paths:
"/":
redirect:
status: 301
url: "https://srx.uoga.net/"
"/.well-known/acme-challenge":
file.dir: "/usr/local/www/dehydrated"
"srx.uoga.net:443":
listen:
host: 192.168.Y.Y
port: 443
ssl:
certificate-file: /usr/local/etc/dehydrated/certs/srx.uoga.net/fullchain.pem
key-file: /usr/local/etc/dehydrated/certs/srx.uoga.net/privkey.pem
paths:
"/":
mruby.handler: |
require "trie_addr.rb"
trie = TrieAddr.new.add(["192.168.A.A/24","192.168.B.B/24"])
acl {
allow { trie.match?(addr) }
allow { addr == "A.B.C.D" }
deny
}
proxy.reverse.url: http://192.168.X.X:8888
proxy.preserve-host: ON
|