diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2023-09-22 10:58:40 +0200 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarIT.de> | 2023-09-23 14:00:03 +0200 |
| commit | 3af629ec090d1ab135fbd7c9b45088c8ca4e541e (patch) | |
| tree | 30c98b670ccf78286df5f6e444b5579c944cce2d /utils | |
| parent | 597c68b4aad0338b87e5d3443764d7866c86bd6d (diff) | |
[mod] activate limiter & link_token method (aka CSS ping) by default
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/searxng.sh | 17 | ||||
| -rw-r--r-- | utils/templates/etc/searxng/limiter.toml | 13 |
2 files changed, 28 insertions, 2 deletions
diff --git a/utils/searxng.sh b/utils/searxng.sh index e04f87e1..670e121e 100755 --- a/utils/searxng.sh +++ b/utils/searxng.sh @@ -23,6 +23,7 @@ SEARXNG_STATIC="${SEARXNG_SRC}/searx/static" SEARXNG_PYENV="${SERVICE_HOME}/searx-pyenv" SEARXNG_SETTINGS_PATH="/etc/searxng/settings.yml" +LIMITER_SETTINGS_PATH="/etc/searxng/limiter.toml" SEARXNG_UWSGI_APP="searxng.ini" SEARXNG_INTERNAL_HTTP="${SEARXNG_BIND_ADDRESS}:${SEARXNG_PORT}" @@ -131,7 +132,7 @@ install|remove: all : complete (de-) installation of the SearXNG service user : service user '${SERVICE_USER}' (${SERVICE_HOME}) pyenv : virtualenv (python) in ${SEARXNG_PYENV} - settings : settings from ${SEARXNG_SETTINGS_PATH} + settings : settings from $(dirname "${SEARXNG_SETTINGS_PATH}") uwsgi : SearXNG's uWSGI app ${SEARXNG_UWSGI_APP} redis : build & install or remove a local redis server ${REDIS_HOME}/run/redis.sock nginx : HTTP site ${NGINX_APPS_AVAILABLE}/${NGINX_SEARXNG_SITE} @@ -522,7 +523,7 @@ EOF } searxng.install.settings() { - rst_title "install ${SEARXNG_SETTINGS_PATH}" section + rst_title "install $(dirname "${SEARXNG_SETTINGS_PATH}")" section if ! [[ -f "${SEARXNG_SRC}/.git/config" ]]; then die "Before install settings, first install SearXNG." @@ -533,6 +534,11 @@ searxng.install.settings() { DEFAULT_SELECT=1 \ install_template --no-eval \ + "${LIMITER_SETTINGS_PATH}" \ + "${SERVICE_USER}" "${SERVICE_GROUP}" + + DEFAULT_SELECT=1 \ + install_template --no-eval \ "${SEARXNG_SETTINGS_PATH}" \ "${SERVICE_USER}" "${SERVICE_GROUP}" @@ -545,6 +551,7 @@ searxng.remove.settings() { rst_title "remove ${SEARXNG_SETTINGS_PATH}" section if ask_yn "Do you want to delete the SearXNG settings?" Yn; then rm -f "${SEARXNG_SETTINGS_PATH}" + rm -f "${LIMITER_SETTINGS_PATH}" fi } @@ -575,6 +582,12 @@ pip install -U wheel pip install -U pyyaml pip install -U -e . EOF + rst_para "update instance's limiter.toml from ${LIMITER_SETTINGS_PATH}" + DEFAULT_SELECT=2 \ + install_template --no-eval \ + "${LIMITER_SETTINGS_PATH}" \ + "${SERVICE_USER}" "${SERVICE_GROUP}" + rst_para "update instance's settings.yml from ${SEARXNG_SETTINGS_PATH}" DEFAULT_SELECT=2 \ install_template --no-eval \ diff --git a/utils/templates/etc/searxng/limiter.toml b/utils/templates/etc/searxng/limiter.toml new file mode 100644 index 00000000..f6247000 --- /dev/null +++ b/utils/templates/etc/searxng/limiter.toml @@ -0,0 +1,13 @@ +# Limiter configuration / bot protection & IP rate limitation + +[real_ip] + +# number of values to trust for X-Forwarded-For +# https://docs.searxng.org/admin/searx.botdetection.html#searx.botdetection.get_real_ip +x_for = 1 + +[botdetection.ip_limit] + +# activate link_token method in the ip_limit method +# https://docs.searxng.org/admin/searx.botdetection.html#method-ip-limit +link_token = true
\ No newline at end of file |