From 5d95c19d3ed7cc0ba2030bf68b06cf7f810fb72c Mon Sep 17 00:00:00 2001 From: Chris Li Date: Mon, 19 May 2025 01:29:16 +0800 Subject: [PATCH] searxng restart problem - searxng was not able to start properly due to trying to create config files - removing cap_drop allows the container to more permissions to modify host folder/files, which appears to be required --- .gitignore | 2 ++ docker-compose.yml | 16 ++++++------- searxng/settings.yml | 15 ++++++++++++ searxng/uwsgi.ini | 55 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 80 insertions(+), 8 deletions(-) create mode 100644 .gitignore create mode 100644 searxng/settings.yml create mode 100644 searxng/uwsgi.ini diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..efa7daf0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.env +supabase diff --git a/docker-compose.yml b/docker-compose.yml index 0eebf3ec..2a786fd7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -133,8 +133,8 @@ services: - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-":8006"} - LANGFUSE_HOSTNAME=${LANGFUSE_HOSTNAME:-":8007"} - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL:-internal} - cap_drop: - - ALL + # cap_drop: + # - ALL # Temporarily commented out for first run cap_add: - NET_BIND_SERVICE logging: @@ -272,9 +272,9 @@ services: timeout: 3s retries: 10 environment: - POSTGRES_USER: postgres + POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - POSTGRES_DB: postgres + POSTGRES_DB: ${POSTGRES_DB} ports: - 127.0.0.1:5433:5432 volumes: @@ -287,8 +287,8 @@ services: restart: unless-stopped volumes: - valkey-data:/data - cap_drop: - - ALL + # cap_drop: + # - ALL # Temporarily commented out for first run cap_add: - SETGID - SETUID @@ -316,8 +316,8 @@ services: - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/ - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4} - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4} - cap_drop: - - ALL + # cap_drop: + # - ALL # Temporarily commented out for first run cap_add: - CHOWN - SETGID diff --git a/searxng/settings.yml b/searxng/settings.yml new file mode 100644 index 00000000..73b2ff85 --- /dev/null +++ b/searxng/settings.yml @@ -0,0 +1,15 @@ +# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings +use_default_settings: true +server: + # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml + secret_key: "070b432daf6a1faaa97f48c46ef4382677578a601314f8466ab84beeec06dfb8" # change this! + limiter: false + image_proxy: true +ui: + static_use_hash: true +redis: + url: redis://redis:6379/0 +search: + formats: + - html + - json \ No newline at end of file diff --git a/searxng/uwsgi.ini b/searxng/uwsgi.ini new file mode 100644 index 00000000..417b84a8 --- /dev/null +++ b/searxng/uwsgi.ini @@ -0,0 +1,55 @@ +[uwsgi] +# Listening address +# default value: [::]:8080 (see Dockerfile) +http-socket = $(BIND_ADDRESS) + +# Who will run the code +uid = searxng +gid = searxng + +# Number of workers (usually CPU count) +# default value: %k (= number of CPU core, see Dockerfile) +workers = $(UWSGI_WORKERS) + +# Number of threads per worker +# default value: 4 (see Dockerfile) +threads = $(UWSGI_THREADS) + +# The right granted on the created socket +chmod-socket = 666 + +# Plugin to use and interpreter config +single-interpreter = true +master = true +lazy-apps = true +enable-threads = true + +# Module to import +module = searx.webapp + +# Virtualenv and python path +pythonpath = /usr/local/searxng/ +chdir = /usr/local/searxng/searx/ + +# automatically set processes name to something meaningful +auto-procname = true + +# Disable request logging for privacy +disable-logging = true +log-5xx = true + +# Set the max size of a request (request-body excluded) +buffer-size = 8192 + +# No keep alive +# See https://github.com/searx/searx-docker/issues/24 +add-header = Connection: close + +# Follow SIGTERM convention +# See https://github.com/searxng/searxng/issues/3427 +die-on-term + +# uwsgi serves the static files +static-map = /static=/usr/local/searxng/searx/static +static-gzip-all = True +offload-threads = %k \ No newline at end of file