diff --git a/.gitignore b/.gitignore index 95b88cd..6bef668 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ .idea .vscode docker-compose.test.yml -ssl .env diff --git a/Makefile b/Makefile index 0bd411d..94b7273 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,24 @@ whoogle=secven/whoogle bunkerized=secven/bunkerized +DC_CF=docker-compose.cloudflare.yml +DC_PROD=docker-compose.prod.yml +DC_CFSSL=docker-compose.cfssl.yml + +install: + sudo apt -y install docker docker-compose nano git curl + sudo groupadd docker + sudo usermod -aG docker $USER + newgrp docker + cf: - docker-compose -f docker-compose.cloudflare.yml up -d + docker-compose -f $(DC_CF) up -d prod: - docker-compose -f docker-compose.prod.yml up -d + docker-compose -f $(DC_PROD) up -d + +cfssl: + docker-compose -f $(DC_CFSSL) up -d build: docker build -t bunkerized-nginx -f src/bunkerized-nginx/Dockerfile . @@ -16,3 +29,10 @@ push: docker push $(whoogle) docker tag bunkerized-nginx $(bunkerized) docker push $(bunkerized) + +prune: + docker system prune -a + +stop: + docker-compose -f $(DC_CF) stop + docker-compose -f $(DC_PROD) stop diff --git a/README.md b/README.md index 4ddd63b..45e0b75 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ -![logo](./logo.png) +![logo](img/logo.png)

Welcome to search-privacy 🥳🥳🥳

+

Version @@ -20,15 +21,18 @@ ### ✨ [Demo SearX](https://search.secven.me/) #### Docker and Docker compose install - ```sh +# https://docs.docker.com/engine/install/debian/ + ~$ sudo apt update && apt upgrade -y -~$ sudo apt install docker docker-compose nano make -y +~$ sudo make install ``` #### Редактируем наш конфиг на ваши данные ```sh +~$ git clone https://git.disroot.org/librewolf/search-privacy.git +~$ cd search-privacy ~$ cp .env.example .env ~$ nano .env ```` @@ -42,6 +46,16 @@ * Добавьте ваш домен в днс - https://i.imgur.com/AwRymuh.png * Настройка SSL/TLS - https://i.imgur.com/WQCy0RC.png +```sh +~$ make cf +``` + +### Install Search-privacy default server prod + +```sh +~$ make prod +``` + #### Заблокировать censys ```sh @@ -49,20 +63,10 @@ ~$ sudo iptables -A INPUT -s 47.205.232.0/21 -j DROP ``` -```sh -~$ git clone https://git.disroot.org/librewolf/search-privacy.git -~$ cd search-privacy - -~$ make cf -``` - -### Install Search-privacy default server prod +#### Остановить все контейнеры ```sh -~$ git clone https://git.disroot.org/librewolf/search-privacy.git -~$ cd search-privacy - -~$ make prod +~$ make stop ``` ### Author diff --git a/docker-compose.cfssl.yml b/docker-compose.cfssl.yml new file mode 100644 index 0000000..820a194 --- /dev/null +++ b/docker-compose.cfssl.yml @@ -0,0 +1,75 @@ +version: '3' + +services: + + secven: + image: secven/bunkerized + cap_drop: + - ALL + security_opt: + - no-new-privileges + restart: always + depends_on: + - search + - whoogle + volumes: + - ./ssl:/letsencrypt:ro + environment: + - HTTP2=yes + - LISTEN_HTTP=no + - MULTISITE=yes + - REDIRECT_HTTP_TO_HTTPS=no + - HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3 + - SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} ${SERVER_IP} + - ALLOWED_METHODS=GET|POST|HEAD + - DISABLE_DEFAULT_SERVER=yes + - BLOCK_PROXIES=no + - BLOCK_ABUSERS=no + - BLOCK_USER_AGENT=yes + - BLOCK_TOR_EXIT_NODE=no + - BLOCK_REFERRER=yes + - USE_MODSECURITY=yes + - USE_ANTIBOT=no + - USE_DNSBL=yes + - USE_BAD_BEHAVIOR=yes + - BAD_BEHAVIOR_THRESHOLD=8 + - USE_LIMIT_CONN=yes + - USE_LIMIT_REQ=yes + - USE_REMOTE_API=no + - LIMIT_CONN_MAX=60 + - LIMIT_REQ_RATE=2r/s + - LIMIT_REQ_BURST=5 + - USE_BROTLI=yes + - USE_PROXY_CACHE=yes + - USE_CLIENT_CACHE=yes + - USE_GZIP=yes + - USE_REVERSE_PROXY=yes + - CONTENT_SECURITY_POLICY= + - PROXY_REAL_IP=yes + - PROXY_REAL_IP_FROM=173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 172.64.0.0/13 131.0.72.0/22 104.16.0.0/13 104.24.0.0/14 + - ${SEARX_DOMAIN}_REVERSE_PROXY_URL=/ + - ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060 + - ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/ + - ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050 + - USE_CUSTOM_HTTPS=yes + - CUSTOM_HTTPS_CERT=/letsencrypt/cert.pem + - CUSTOM_HTTPS_KEY=/letsencrypt/key.pem + ports: + - 80:8080 + - 443:8443 + + search: + image: secven/searxng + restart: always + environment: + - BASE_URL=https://${SEARX_DOMAIN}/ + ports: + - 6060:8080 + + whoogle: + image: secven/whoogle + restart: always + environment: + - WHOOGLE_CONFIG_DISABLE=true + ports: + - 5050:5000 diff --git a/docker-compose.cloudflare.yml b/docker-compose.cloudflare.yml index 9c7759c..d47730f 100644 --- a/docker-compose.cloudflare.yml +++ b/docker-compose.cloudflare.yml @@ -12,8 +12,6 @@ services: depends_on: - search - whoogle - ports: - - 80:8080 environment: - MULTISITE=yes - SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} @@ -47,14 +45,16 @@ services: - ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060 - ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/ - ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050 + ports: + - 80:8080 search: image: secven/searxng restart: always - ports: - - 6060:8080 environment: - BASE_URL=https://${SEARX_DOMAIN}/ + ports: + - 6060:8080 whoogle: image: secven/whoogle diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 849f9fe..6d260c7 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -19,7 +19,7 @@ services: - MULTISITE=yes - SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} - HTTP2=yes - - LISTEN_HTTP=no + - LISTEN_HTTP=yes - HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3 - REDIRECT_HTTP_TO_HTTPS=yes - ALLOWED_METHODS=GET|POST|HEAD @@ -52,6 +52,7 @@ services: - 6060:8080 environment: - BASE_URL=https://${SEARX_DOMAIN}/ #your domain name + network_mode: host whoogle: image: secven/whoogle @@ -60,3 +61,4 @@ services: - WHOOGLE_CONFIG_DISABLE=true ports: - 5050:5000 + network_mode: host diff --git a/logo.png b/img/logo.png similarity index 100% rename from logo.png rename to img/logo.png diff --git a/ssl/cert.pem b/ssl/cert.pem new file mode 100644 index 0000000..8c4ec91 --- /dev/null +++ b/ssl/cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAtygAwIBAgIUbyvMQi1XCaQhF3Rei2oPaK06+lEwCgYIKoZIzj0EAwIw +gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T +YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL +Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0 +eTAeFw0yMTExMDYyMDMzMDBaFw0zNjExMDIyMDMzMDBaMGIxGTAXBgNVBAoTEENs +b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw +JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABPGhy4avVl5jqkROvLlQXsDLEH6QGVg98LPODnVyDmVv +12D4i2HYgYaAL9AS4xRmaWotNv6Gq9Uq84h/Va8n3z2jggFAMIIBPDAOBgNVHQ8B +Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB +/wQCMAAwHQYDVR0OBBYEFD5kePgLCZXwOFfyuAsufJL7x349MB8GA1UdIwQYMBaA +FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw +AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTA5BgNV +HREEMjAwghBzZWFyY2guc2VjdmVuLm1lgglzZWN2ZW4ubWWCEXdob29nbGUuc2Vj +dmVuLm1lMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5j +b20vb3JpZ2luX2VjY19jYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIhALue4rHxUmXl +2VWtldmfxmCzaxqSbXNLCnb84zZgb45kAiB8XpnK2bS8CQxqOh6mZQ7oUWwbsK4+ +YYarc8F4yzG7cg== +-----END CERTIFICATE----- diff --git a/ssl/key.pem b/ssl/key.pem new file mode 100644 index 0000000..6d0fc91 --- /dev/null +++ b/ssl/key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgg6kUJu1t2HPzdlHz +9Wnuca6dxKPEkPCBH5tzRpJy09uhRANCAATxocuGr1ZeY6pETry5UF7AyxB+kBlY +PfCzzg51cg5lb9dg+Ith2IGGgC/QEuMUZmlqLTb+hqvVKvOIf1WvJ989 +-----END PRIVATE KEY-----