diff options
| author | Dalf <alex@al-f.net> | 2019-06-29 11:59:13 +0200 |
|---|---|---|
| committer | Dalf <alex@al-f.net> | 2019-07-13 15:49:59 +0200 |
| commit | fbe40001d35ea5cf74c92f35d76c642a480a5c9f (patch) | |
| tree | d4ec5decab9282ce7b7f40f5e4c7311af0e53614 /Dockerfile | |
| parent | 3faaf34e25db09988b113f74feb6227d3df3db95 (diff) | |
Update Docker image
See #1561 , use uwsgi and Alpine Linux
Volume:
/var/log/uwsgi contains error log for 2 days (file uwsgi.log)
/etc/searx contains the settings.yml and uwsgi.ini files.
The docker image creates them if they don't exist.
The two files can be modified after the first run. See below.
Environement variables:
MORTY_URL : external URL of Morty
MORTY_KEY : base64 encoded key
BASE_URL : external URL of Searx
BIND_ADDRESS : internal HTTP port to listen to
Labels : org.label-schema.schema.*
Parameters:
-h : display this help
-d : will update the settings and quit immediately (settings.yml and uwsgi.ini)
-f : always update the settings (previous version saved with suffix .old).
without this parameter, the new settings are copied with suffix .new
When the Docker image contains newer settings:
- without -f parameter: the new versions are copied to /etc/searx/settings.yml.new and /etc/searx/uwsgi.ini.new.
- with -f parameter: the old versions are renamed with .old suffix. The new version replaces /etc/searx/settings.yml and /etc/searx/uwsgi.ini
Build using "./manage.sh docker_build", add "push" as parameter also push the Docker image.
The script requires a git repository to work (it makes sure that the last git tag matches searx/version.py)
"git describe" is used to create a meaningful version.
Example : 0.15.0-90-49c5bcb4-dirty (dirty means that the docker image was made with uncommited changes).
Use "docker inspect -f {{.Config.Labels.version}} searx" to get the version of an existing image.
.dockerignore based on .gitignore
.travis.yml: include docker stage
Diffstat (limited to 'Dockerfile')
| -rw-r--r-- | Dockerfile | 102 |
1 files changed, 61 insertions, 41 deletions
@@ -1,57 +1,77 @@ -FROM alpine:3.8 -LABEL maintainer="searx <https://github.com/asciimoo/searx>" -LABEL description="A privacy-respecting, hackable metasearch engine." +FROM alpine:3.10 + +ARG VERSION_GITCOMMIT=unknow +ARG SEARX_GIT_VERSION=unknow + +ARG SEARX_GID=1000 +ARG SEARX_UID=1000 + +ARG TIMESTAMP_SETTINGS=0 +ARG TIMESTAMP_UWSGI=0 +ARG LABEL_VCS_REF= +ARG LABEL_VCS_URL= + +ENV BASE_URL= \ + MORTY_KEY= \ + MORTY_URL= +EXPOSE 8080 +VOLUME /etc/searx +VOLUME /var/log/uwsgi -ENV BASE_URL=False IMAGE_PROXY=False HTTP_PROXY_URL= HTTPS_PROXY_URL= -EXPOSE 8888 WORKDIR /usr/local/searx -CMD ["/sbin/tini","--","/usr/local/searx/run.sh"] - -RUN adduser -D -h /usr/local/searx -s /bin/sh searx searx \ - && echo '#!/bin/sh' >> run.sh \ - && echo 'sed -i "s|base_url : False|base_url : $BASE_URL|g" searx/settings.yml' >> run.sh \ - && echo 'sed -i "s/image_proxy : False/image_proxy : $IMAGE_PROXY/g" searx/settings.yml' >> run.sh \ - && echo 'sed -i "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml' >> run.sh \ - && echo 'if [ -n "$HTTP_PROXY_URL" ] || [ -n "$HTTPS_PROXY_URL" ]; then' >> run.sh \ - && echo ' sed -i "s~^# proxies :~ proxies:\\n http: ${HTTP_PROXY_URL}\\n https: ${HTTPS_PROXY_URL}\\n~" searx/settings.yml' >> run.sh \ - && echo 'fi' >> run.sh \ - && echo 'python searx/webapp.py' >> run.sh \ - && chmod +x run.sh + +RUN addgroup -g ${SEARX_GID} searx && \ + adduser -u ${SEARX_UID} -D -h /usr/local/searx -s /bin/sh -G searx searx COPY requirements.txt ./requirements.txt -RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ - && apk -U add \ - build-base \ - python \ - python-dev \ - py-pip \ - libxml2 \ - libxml2-dev \ - libxslt \ - libxslt-dev \ - libffi-dev \ - openssl \ - openssl-dev \ - ca-certificates \ - tini@commuedge \ - && pip install --upgrade pip \ - && pip install --no-cache -r requirements.txt \ - && apk del \ +RUN apk -U upgrade \ + && apk add -t build-dependencies \ build-base \ - python-dev \ + py3-setuptools \ + python3-dev \ libffi-dev \ - openssl-dev \ libxslt-dev \ libxml2-dev \ openssl-dev \ + tar \ + git \ + && apk add \ ca-certificates \ + su-exec \ + python3 \ + libxml2 \ + libxslt \ + openssl \ + tini \ + uwsgi \ + uwsgi-python3 \ + && pip3 install --upgrade pip \ + && pip3 install --no-cache -r requirements.txt \ + && apk del build-dependencies \ && rm -f /var/cache/apk/* -COPY . . +COPY --chown=searx:searx . . -RUN chown -R searx:searx * +RUN su searx -c "/usr/bin/python3 -m compileall -q searx"; \ + touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml; \ + touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini; \ + if [ ! -z $VERSION_GITCOMMIT ]; then\ + echo "VERSION_STRING = VERSION_STRING + \"-$VERSION_GITCOMMIT\"" >> /usr/local/searx/searx/version.py; \ + fi -USER searx +ENTRYPOINT ["/sbin/tini","--","/usr/local/searx/dockerfiles/docker-entrypoint.sh"] -RUN sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml +# Keep this argument at the end since it change each time +ARG LABEL_DATE= +LABEL maintainer="searx <https://github.com/asciimoo/searx>" \ + description="A privacy-respecting, hackable metasearch engine." \ + version="${SEARX_GIT_VERSION}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.name="searx" \ + org.label-schema.schema-version="${SEARX_GIT_VERSION}" \ + org.label-schema.url="${LABEL_VCS_URL}" \ + org.label-schema.vcs-ref=${LABEL_VCS_REF} \ + org.label-schema.vcs-url=${LABEL_VCS_URL} \ + org.label-schema.build-date="${LABEL_DATE}" \ + org.label-schema.usage="https://github.com/searx/searx-docker" |