capsula-gemini/source/notes/searxng.gmi

## SearXNG

Metabuscador

Instalación en un servidor Ubuntu 20.04 nuevo. Ya debes de tener un dominio o subdominio apuntando a la IP de tu servidor.

### Configuración inicial

* Actualizar el sistema

```
sudo apt update
sudo apt upgrade
```

* Configuración basica
```
localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"

vim /etc/environment

    LANG=en_US.UTF-8
    LC_ALL=en_US.UTF-8

dpkg-reconfigure locales

hostnamectl set-hostname buscar.cuates.net

vim /etc/hosts

    127.0.0.1   buscar.cuates.net    localhost

chmod -x /etc/update-motd.d/50-motd-news
chmod -x /etc/update-motd.d/00-header
chmod -x /etc/update-motd.d/10-help-text

vim /etc/security/limits.conf

    *       soft    nofile  20480

vim .bashrc

    PS1="┌─[\e[0;32m\H\e[m][\e[1;31m\u\e[m]->{\[\e[34;1m\]\w\[\e[0;1m\]}\n└──> \[\e[0m\]"

source .bashrc
```

* Instalar requisitos previos.

```
apt install python3-dev python3-babel python3-venv uwsgi uwsgi-plugin-python3 git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev shellcheck
```

* Agregar usuario

```
useradd --shell /bin/bash --system --home-dir "/usr/local/searx" --comment 'Privacy-respecting metasearch engine' searx

mkdir /usr/local/searx

chown -R searx:searx /usr/local/searx

su searx
```

* Clonamos SearXNG

```
git clone https://github.com/searxng/searxng /usr/local/searx/searx-src
```

* Creamos entorno virtual

```
python3 -m venv /usr/local/searx/searx-pyenv

source /usr/local/searx/searx-pyenv/bin/activate
```

* Actualizamos e instalamos dependencias

```
pip install -U pip setuptools wheel pyyaml

cd "/usr/local/searx/searx-src"

pip install -e .

deactivate

exit
```

* Configuramos

```
mkdir -p "/etc/searxng"

cp "/usr/local/searx/searx-src/utils/templates/etc/searxng/settings.yml" "/etc/searxng/settings.yml"

sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "/etc/searxng/settings.yml"
```

* Probamos

```
sudo -H sed -i -e "s/debug: false/debug: true/g" "/etc/searxng/settings.yml"

su searx

source /usr/local/searx/searx-pyenv/bin/activate

cd /usr/local/searx/searx-src

export SEARXNG_SETTINGS_PATH="/etc/searxng/settings.yml"

python searx/webapp.py
```

* Si no se obtiene ningún error.

```
CTRL+C

deactivate

exit

sudo -H sed -i -e "s/debug: true/debug: false/g" "/etc/searxng/settings.yml"
```

* Instalar herramientas restantes

```
cd /usr/local/searx/searx-src

./utils/filtron.sh install all

./utils/morty.sh install all
```

### Instalamos Certbot

* Usa un correo que puedas consultar para registrarte, es importante para las notificaciones de vencimiento del certificado.

```
apt install certbot

certbot register --agree-tos -m YOUR_EMAIL
```

* Solicitamos el certificado, reemplaza DOMAIN por el dominio de tu foro.

```
certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN

    /etc/letsencrypt/live/DOMAIN/fullchain.pem
    /etc/letsencrypt/live/DOMAIN/privkey.pem
```

* Generamos el archivo: ssl-dhparams.pem

```
openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
```

* Creamos el archivo: options-ssl-nginx.conf

```
vim /etc/letsencrypt/options-ssl-nginx.conf

    ssl_session_cache shared:le_nginx_SSL:10m;
    ssl_session_timeout 1440m;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";

    add_header Strict-Transport-Security "max-age=63072000; preload";
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Permissions-Policy interest-cohort=();
```

* Creamos el archivo: certbot.conf

```
vim /etc/letsencrypt/certbot.conf

    ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
```


### Instalamos Nginx

```
sudo apt install nginx
```

* Configuración general

```
sudo vim /etc/nginx/nginx.conf

    user  www-data;
    worker_processes  auto;
    worker_rlimit_nofile 20480;
    pid /run/nginx.pid;

    error_log  /var/log/nginx/error.log warn;

    events {
        worker_connections  5120;
    }

    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;

        server_tokens off;
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

        access_log  /var/log/nginx/access.log  main;

        sendfile        on;

        keepalive_timeout  65;

        include /etc/nginx/sites-enabled/*.conf;

        disable_symlinks off;

        client_max_body_size 100M;

    }
```

* Validamos la configuración.

```
nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```

No continues si obtienes cualquier error.

* Reinicia nginx

```
systemctl restart nginx
```

* En tu navegador ver a la URL

```
https://buscar.cuates.net
```



=> gemini://elmau.net/chuletas.gmi Regresar el índice
=> gemini://elmau.net Regresar el inicio