273 lines
5.3 KiB
Plaintext
273 lines
5.3 KiB
Plaintext
## SearXNG
|
|
|
|
Metabuscador
|
|
|
|
Instalación en un servidor Ubuntu 20.04 nuevo. Ya debes de tener un dominio o subdominio apuntando a la IP de tu servidor.
|
|
|
|
### Configuración inicial
|
|
|
|
* Actualizar el sistema
|
|
|
|
```
|
|
sudo apt update
|
|
sudo apt upgrade
|
|
```
|
|
|
|
* Configuración basica
|
|
```
|
|
localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
|
|
|
|
vim /etc/environment
|
|
|
|
LANG=en_US.UTF-8
|
|
LC_ALL=en_US.UTF-8
|
|
|
|
dpkg-reconfigure locales
|
|
|
|
hostnamectl set-hostname buscar.cuates.net
|
|
|
|
vim /etc/hosts
|
|
|
|
127.0.0.1 buscar.cuates.net localhost
|
|
|
|
chmod -x /etc/update-motd.d/50-motd-news
|
|
chmod -x /etc/update-motd.d/00-header
|
|
chmod -x /etc/update-motd.d/10-help-text
|
|
|
|
vim /etc/security/limits.conf
|
|
|
|
* soft nofile 20480
|
|
|
|
vim .bashrc
|
|
|
|
PS1="┌─[\e[0;32m\H\e[m][\e[1;31m\u\e[m]->{\[\e[34;1m\]\w\[\e[0;1m\]}\n└──> \[\e[0m\]"
|
|
|
|
source .bashrc
|
|
```
|
|
|
|
* Instalar requisitos previos.
|
|
|
|
```
|
|
apt install python3-dev python3-babel python3-venv uwsgi uwsgi-plugin-python3 git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev shellcheck
|
|
```
|
|
|
|
* Agregar usuario
|
|
|
|
```
|
|
useradd --shell /bin/bash --system --home-dir "/usr/local/searx" --comment 'Privacy-respecting metasearch engine' searx
|
|
|
|
mkdir /usr/local/searx
|
|
|
|
chown -R searx:searx /usr/local/searx
|
|
|
|
su searx
|
|
```
|
|
|
|
* Clonamos SearXNG
|
|
|
|
```
|
|
git clone https://github.com/searxng/searxng /usr/local/searx/searx-src
|
|
```
|
|
|
|
* Creamos entorno virtual
|
|
|
|
```
|
|
python3 -m venv /usr/local/searx/searx-pyenv
|
|
|
|
source /usr/local/searx/searx-pyenv/bin/activate
|
|
```
|
|
|
|
* Actualizamos e instalamos dependencias
|
|
|
|
```
|
|
pip install -U pip setuptools wheel pyyaml
|
|
|
|
cd "/usr/local/searx/searx-src"
|
|
|
|
pip install -e .
|
|
|
|
deactivate
|
|
|
|
exit
|
|
```
|
|
|
|
* Configuramos
|
|
|
|
```
|
|
mkdir -p "/etc/searxng"
|
|
|
|
cp "/usr/local/searx/searx-src/utils/templates/etc/searxng/settings.yml" "/etc/searxng/settings.yml"
|
|
|
|
sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "/etc/searxng/settings.yml"
|
|
```
|
|
|
|
* Probamos
|
|
|
|
```
|
|
sudo -H sed -i -e "s/debug: false/debug: true/g" "/etc/searxng/settings.yml"
|
|
|
|
su searx
|
|
|
|
source /usr/local/searx/searx-pyenv/bin/activate
|
|
|
|
cd /usr/local/searx/searx-src
|
|
|
|
export SEARXNG_SETTINGS_PATH="/etc/searxng/settings.yml"
|
|
|
|
python searx/webapp.py
|
|
```
|
|
|
|
* Si no se obtiene ningún error.
|
|
|
|
```
|
|
CTRL+C
|
|
|
|
deactivate
|
|
|
|
exit
|
|
|
|
sudo -H sed -i -e "s/debug: true/debug: false/g" "/etc/searxng/settings.yml"
|
|
```
|
|
|
|
* Instalar herramientas restantes
|
|
|
|
```
|
|
cd /usr/local/searx/searx-src
|
|
|
|
./utils/filtron.sh install all
|
|
|
|
./utils/morty.sh install all
|
|
```
|
|
|
|
### Instalamos Certbot
|
|
|
|
* Usa un correo que puedas consultar para registrarte, es importante para las notificaciones de vencimiento del certificado.
|
|
|
|
```
|
|
apt install certbot
|
|
|
|
certbot register --agree-tos -m YOUR_EMAIL
|
|
```
|
|
|
|
* Solicitamos el certificado, reemplaza DOMAIN por el dominio de tu foro.
|
|
|
|
```
|
|
certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN
|
|
|
|
/etc/letsencrypt/live/DOMAIN/fullchain.pem
|
|
/etc/letsencrypt/live/DOMAIN/privkey.pem
|
|
```
|
|
|
|
* Generamos el archivo: ssl-dhparams.pem
|
|
|
|
```
|
|
openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
|
|
```
|
|
|
|
* Creamos el archivo: options-ssl-nginx.conf
|
|
|
|
```
|
|
vim /etc/letsencrypt/options-ssl-nginx.conf
|
|
|
|
ssl_session_cache shared:le_nginx_SSL:10m;
|
|
ssl_session_timeout 1440m;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; preload";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Permissions-Policy interest-cohort=();
|
|
```
|
|
|
|
* Creamos el archivo: certbot.conf
|
|
|
|
```
|
|
vim /etc/letsencrypt/certbot.conf
|
|
|
|
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
```
|
|
|
|
|
|
### Instalamos Nginx
|
|
|
|
```
|
|
sudo apt install nginx
|
|
```
|
|
|
|
* Configuración general
|
|
|
|
```
|
|
sudo vim /etc/nginx/nginx.conf
|
|
|
|
user www-data;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 20480;
|
|
pid /run/nginx.pid;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
events {
|
|
worker_connections 5120;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
server_tokens off;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
include /etc/nginx/sites-enabled/*.conf;
|
|
|
|
disable_symlinks off;
|
|
|
|
client_max_body_size 100M;
|
|
|
|
}
|
|
```
|
|
|
|
* Validamos la configuración.
|
|
|
|
```
|
|
nginx -t
|
|
|
|
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
|
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
|
```
|
|
|
|
No continues si obtienes cualquier error.
|
|
|
|
* Reinicia nginx
|
|
|
|
```
|
|
systemctl restart nginx
|
|
```
|
|
|
|
* En tu navegador ver a la URL
|
|
|
|
```
|
|
https://buscar.cuates.net
|
|
```
|
|
|
|
|
|
|
|
=> gemini://elmau.net/chuletas.gmi Regresar el índice
|
|
=> gemini://elmau.net Regresar el inicio
|
|
|