librewolf
/
search-privacy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update config add ssl for cf

This commit is contained in:
Secven 2021-11-07 08:46:21 +00:00
parent 92f65b909e
commit f7a1581289
9 changed files with 148 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,5 +1,4 @@
.idea
.vscode
docker-compose.test.yml
ssl
.env

24
Makefile
View File

@ -1,11 +1,24 @@
whoogle=secven/whoogle
bunkerized=secven/bunkerized
DC_CF=docker-compose.cloudflare.yml
DC_PROD=docker-compose.prod.yml
DC_CFSSL=docker-compose.cfssl.yml
install:
sudo apt -y install docker docker-compose nano git curl
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
cf:
docker-compose -f docker-compose.cloudflare.yml up -d
docker-compose -f $(DC_CF) up -d
prod:
docker-compose -f docker-compose.prod.yml up -d
docker-compose -f $(DC_PROD) up -d
cfssl:
docker-compose -f $(DC_CFSSL) up -d
build:
docker build -t bunkerized-nginx -f src/bunkerized-nginx/Dockerfile .
@ -16,3 +29,10 @@ push:
docker push $(whoogle)
docker tag bunkerized-nginx $(bunkerized)
docker push $(bunkerized)
prune:
docker system prune -a
stop:
docker-compose -f $(DC_CF) stop
docker-compose -f $(DC_PROD) stop

34
README.md
View File

@ -1,7 +1,8 @@
<!-- PROJECT LOGO -->
![logo](./logo.png)
![logo](img/logo.png)
<h1 align="center">Welcome to search-privacy 🥳🥳🥳</h1>
<p>
<img alt="Version" src="https://img.shields.io/badge/version-1.0-blue.svg?cacheSeconds=2592000" />
<a href="#" target="_blank">
@ -20,15 +21,18 @@
### ✨ [Demo SearX](https://search.secven.me/)
#### Docker and Docker compose install
```sh
# https://docs.docker.com/engine/install/debian/
~$ sudo apt update && apt upgrade -y
~$ sudo apt install docker docker-compose nano make -y
~$ sudo make install
```
#### Редактируем наш конфиг на ваши данные
```sh
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
~$ cd search-privacy
~$ cp .env.example .env
~$ nano .env
````
@ -42,6 +46,16 @@
* Добавьте ваш домен в днс - https://i.imgur.com/AwRymuh.png
* Настройка SSL/TLS - https://i.imgur.com/WQCy0RC.png
```sh
~$ make cf
```
### Install Search-privacy default server prod
```sh
~$ make prod
```
#### Заблокировать censys
```sh
@ -49,20 +63,10 @@
~$ sudo iptables -A INPUT -s 47.205.232.0/21 -j DROP
```
```sh
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
~$ cd search-privacy
~$ make cf
```
### Install Search-privacy default server prod
#### Остановить все контейнеры
```sh
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
~$ cd search-privacy
~$ make prod
~$ make stop
```
### Author

75
docker-compose.cfssl.yml Normal file
View File

@ -0,0 +1,75 @@
version: '3'
services:
secven:
image: secven/bunkerized
cap_drop:
- ALL
security_opt:
- no-new-privileges
restart: always
depends_on:
- search
- whoogle
volumes:
- ./ssl:/letsencrypt:ro
environment:
- HTTP2=yes
- LISTEN_HTTP=no
- MULTISITE=yes
- REDIRECT_HTTP_TO_HTTPS=no
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} ${SERVER_IP}
- ALLOWED_METHODS=GET|POST|HEAD
- DISABLE_DEFAULT_SERVER=yes
- BLOCK_PROXIES=no
- BLOCK_ABUSERS=no
- BLOCK_USER_AGENT=yes
- BLOCK_TOR_EXIT_NODE=no
- BLOCK_REFERRER=yes
- USE_MODSECURITY=yes
- USE_ANTIBOT=no
- USE_DNSBL=yes
- USE_BAD_BEHAVIOR=yes
- BAD_BEHAVIOR_THRESHOLD=8
- USE_LIMIT_CONN=yes
- USE_LIMIT_REQ=yes
- USE_REMOTE_API=no
- LIMIT_CONN_MAX=60
- LIMIT_REQ_RATE=2r/s
- LIMIT_REQ_BURST=5
- USE_BROTLI=yes
- USE_PROXY_CACHE=yes
- USE_CLIENT_CACHE=yes
- USE_GZIP=yes
- USE_REVERSE_PROXY=yes
- CONTENT_SECURITY_POLICY=
- PROXY_REAL_IP=yes
- PROXY_REAL_IP_FROM=173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 172.64.0.0/13 131.0.72.0/22 104.16.0.0/13 104.24.0.0/14
- ${SEARX_DOMAIN}_REVERSE_PROXY_URL=/
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
- USE_CUSTOM_HTTPS=yes
- CUSTOM_HTTPS_CERT=/letsencrypt/cert.pem
- CUSTOM_HTTPS_KEY=/letsencrypt/key.pem
ports:
- 80:8080
- 443:8443
search:
image: secven/searxng
restart: always
environment:
- BASE_URL=https://${SEARX_DOMAIN}/
ports:
- 6060:8080
whoogle:
image: secven/whoogle
restart: always
environment:
- WHOOGLE_CONFIG_DISABLE=true
ports:
- 5050:5000

8
docker-compose.cloudflare.yml
View File

@ -12,8 +12,6 @@ services:
depends_on:
- search
- whoogle
ports:
- 80:8080
environment:
- MULTISITE=yes
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
@ -47,14 +45,16 @@ services:
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
ports:
- 80:8080
search:
image: secven/searxng
restart: always
ports:
- 6060:8080
environment:
- BASE_URL=https://${SEARX_DOMAIN}/
ports:
- 6060:8080
whoogle:
image: secven/whoogle

4
docker-compose.prod.yml
View File

@ -19,7 +19,7 @@ services:
- MULTISITE=yes
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
- HTTP2=yes
- LISTEN_HTTP=no
- LISTEN_HTTP=yes
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
- REDIRECT_HTTP_TO_HTTPS=yes
- ALLOWED_METHODS=GET|POST|HEAD
@ -52,6 +52,7 @@ services:
- 6060:8080
environment:
- BASE_URL=https://${SEARX_DOMAIN}/ #your domain name
network_mode: host
whoogle:
image: secven/whoogle
@ -60,3 +61,4 @@ services:
- WHOOGLE_CONFIG_DISABLE=true
ports:
- 5050:5000
network_mode: host

0
logo.png → img/logo.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 KiB

After

Width:  |  Height:  |  Size: 170 KiB

20
ssl/cert.pem Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDNjCCAtygAwIBAgIUbyvMQi1XCaQhF3Rei2oPaK06+lEwCgYIKoZIzj0EAwIw
gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL
Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0yMTExMDYyMDMzMDBaFw0zNjExMDIyMDMzMDBaMGIxGTAXBgNVBAoTEENs
b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw
JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABPGhy4avVl5jqkROvLlQXsDLEH6QGVg98LPODnVyDmVv
12D4i2HYgYaAL9AS4xRmaWotNv6Gq9Uq84h/Va8n3z2jggFAMIIBPDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFD5kePgLCZXwOFfyuAsufJL7x349MB8GA1UdIwQYMBaA
FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw
AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTA5BgNV
HREEMjAwghBzZWFyY2guc2VjdmVuLm1lgglzZWN2ZW4ubWWCEXdob29nbGUuc2Vj
dmVuLm1lMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5j
b20vb3JpZ2luX2VjY19jYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIhALue4rHxUmXl
2VWtldmfxmCzaxqSbXNLCnb84zZgb45kAiB8XpnK2bS8CQxqOh6mZQ7oUWwbsK4+
YYarc8F4yzG7cg==
-----END CERTIFICATE-----

5
ssl/key.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgg6kUJu1t2HPzdlHz
9Wnuca6dxKPEkPCBH5tzRpJy09uhRANCAATxocuGr1ZeY6pETry5UF7AyxB+kBlY
PfCzzg51cg5lb9dg+Ith2IGGgC/QEuMUZmlqLTb+hqvVKvOIf1WvJ989
-----END PRIVATE KEY-----