update config add ssl for cf
This commit is contained in:
parent
92f65b909e
commit
f7a1581289
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,5 +1,4 @@
|
||||||
.idea
|
.idea
|
||||||
.vscode
|
.vscode
|
||||||
docker-compose.test.yml
|
docker-compose.test.yml
|
||||||
ssl
|
|
||||||
.env
|
.env
|
||||||
|
|
24
Makefile
24
Makefile
|
@ -1,11 +1,24 @@
|
||||||
whoogle=secven/whoogle
|
whoogle=secven/whoogle
|
||||||
bunkerized=secven/bunkerized
|
bunkerized=secven/bunkerized
|
||||||
|
|
||||||
|
DC_CF=docker-compose.cloudflare.yml
|
||||||
|
DC_PROD=docker-compose.prod.yml
|
||||||
|
DC_CFSSL=docker-compose.cfssl.yml
|
||||||
|
|
||||||
|
install:
|
||||||
|
sudo apt -y install docker docker-compose nano git curl
|
||||||
|
sudo groupadd docker
|
||||||
|
sudo usermod -aG docker $USER
|
||||||
|
newgrp docker
|
||||||
|
|
||||||
cf:
|
cf:
|
||||||
docker-compose -f docker-compose.cloudflare.yml up -d
|
docker-compose -f $(DC_CF) up -d
|
||||||
|
|
||||||
prod:
|
prod:
|
||||||
docker-compose -f docker-compose.prod.yml up -d
|
docker-compose -f $(DC_PROD) up -d
|
||||||
|
|
||||||
|
cfssl:
|
||||||
|
docker-compose -f $(DC_CFSSL) up -d
|
||||||
|
|
||||||
build:
|
build:
|
||||||
docker build -t bunkerized-nginx -f src/bunkerized-nginx/Dockerfile .
|
docker build -t bunkerized-nginx -f src/bunkerized-nginx/Dockerfile .
|
||||||
|
@ -16,3 +29,10 @@ push:
|
||||||
docker push $(whoogle)
|
docker push $(whoogle)
|
||||||
docker tag bunkerized-nginx $(bunkerized)
|
docker tag bunkerized-nginx $(bunkerized)
|
||||||
docker push $(bunkerized)
|
docker push $(bunkerized)
|
||||||
|
|
||||||
|
prune:
|
||||||
|
docker system prune -a
|
||||||
|
|
||||||
|
stop:
|
||||||
|
docker-compose -f $(DC_CF) stop
|
||||||
|
docker-compose -f $(DC_PROD) stop
|
||||||
|
|
34
README.md
34
README.md
|
@ -1,7 +1,8 @@
|
||||||
<!-- PROJECT LOGO -->
|
<!-- PROJECT LOGO -->
|
||||||
![logo](./logo.png)
|
![logo](img/logo.png)
|
||||||
|
|
||||||
<h1 align="center">Welcome to search-privacy 🥳🥳🥳</h1>
|
<h1 align="center">Welcome to search-privacy 🥳🥳🥳</h1>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<img alt="Version" src="https://img.shields.io/badge/version-1.0-blue.svg?cacheSeconds=2592000" />
|
<img alt="Version" src="https://img.shields.io/badge/version-1.0-blue.svg?cacheSeconds=2592000" />
|
||||||
<a href="#" target="_blank">
|
<a href="#" target="_blank">
|
||||||
|
@ -20,15 +21,18 @@
|
||||||
### ✨ [Demo SearX](https://search.secven.me/)
|
### ✨ [Demo SearX](https://search.secven.me/)
|
||||||
|
|
||||||
#### Docker and Docker compose install
|
#### Docker and Docker compose install
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
# https://docs.docker.com/engine/install/debian/
|
||||||
|
|
||||||
~$ sudo apt update && apt upgrade -y
|
~$ sudo apt update && apt upgrade -y
|
||||||
~$ sudo apt install docker docker-compose nano make -y
|
~$ sudo make install
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Редактируем наш конфиг на ваши данные
|
#### Редактируем наш конфиг на ваши данные
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
|
||||||
|
~$ cd search-privacy
|
||||||
~$ cp .env.example .env
|
~$ cp .env.example .env
|
||||||
~$ nano .env
|
~$ nano .env
|
||||||
````
|
````
|
||||||
|
@ -42,6 +46,16 @@
|
||||||
* Добавьте ваш домен в днс - https://i.imgur.com/AwRymuh.png
|
* Добавьте ваш домен в днс - https://i.imgur.com/AwRymuh.png
|
||||||
* Настройка SSL/TLS - https://i.imgur.com/WQCy0RC.png
|
* Настройка SSL/TLS - https://i.imgur.com/WQCy0RC.png
|
||||||
|
|
||||||
|
```sh
|
||||||
|
~$ make cf
|
||||||
|
```
|
||||||
|
|
||||||
|
### Install Search-privacy default server prod
|
||||||
|
|
||||||
|
```sh
|
||||||
|
~$ make prod
|
||||||
|
```
|
||||||
|
|
||||||
#### Заблокировать censys
|
#### Заблокировать censys
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
@ -49,20 +63,10 @@
|
||||||
~$ sudo iptables -A INPUT -s 47.205.232.0/21 -j DROP
|
~$ sudo iptables -A INPUT -s 47.205.232.0/21 -j DROP
|
||||||
```
|
```
|
||||||
|
|
||||||
```sh
|
#### Остановить все контейнеры
|
||||||
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
|
|
||||||
~$ cd search-privacy
|
|
||||||
|
|
||||||
~$ make cf
|
|
||||||
```
|
|
||||||
|
|
||||||
### Install Search-privacy default server prod
|
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
|
~$ make stop
|
||||||
~$ cd search-privacy
|
|
||||||
|
|
||||||
~$ make prod
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Author
|
### Author
|
||||||
|
|
75
docker-compose.cfssl.yml
Normal file
75
docker-compose.cfssl.yml
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
secven:
|
||||||
|
image: secven/bunkerized
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges
|
||||||
|
restart: always
|
||||||
|
depends_on:
|
||||||
|
- search
|
||||||
|
- whoogle
|
||||||
|
volumes:
|
||||||
|
- ./ssl:/letsencrypt:ro
|
||||||
|
environment:
|
||||||
|
- HTTP2=yes
|
||||||
|
- LISTEN_HTTP=no
|
||||||
|
- MULTISITE=yes
|
||||||
|
- REDIRECT_HTTP_TO_HTTPS=no
|
||||||
|
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
||||||
|
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} ${SERVER_IP}
|
||||||
|
- ALLOWED_METHODS=GET|POST|HEAD
|
||||||
|
- DISABLE_DEFAULT_SERVER=yes
|
||||||
|
- BLOCK_PROXIES=no
|
||||||
|
- BLOCK_ABUSERS=no
|
||||||
|
- BLOCK_USER_AGENT=yes
|
||||||
|
- BLOCK_TOR_EXIT_NODE=no
|
||||||
|
- BLOCK_REFERRER=yes
|
||||||
|
- USE_MODSECURITY=yes
|
||||||
|
- USE_ANTIBOT=no
|
||||||
|
- USE_DNSBL=yes
|
||||||
|
- USE_BAD_BEHAVIOR=yes
|
||||||
|
- BAD_BEHAVIOR_THRESHOLD=8
|
||||||
|
- USE_LIMIT_CONN=yes
|
||||||
|
- USE_LIMIT_REQ=yes
|
||||||
|
- USE_REMOTE_API=no
|
||||||
|
- LIMIT_CONN_MAX=60
|
||||||
|
- LIMIT_REQ_RATE=2r/s
|
||||||
|
- LIMIT_REQ_BURST=5
|
||||||
|
- USE_BROTLI=yes
|
||||||
|
- USE_PROXY_CACHE=yes
|
||||||
|
- USE_CLIENT_CACHE=yes
|
||||||
|
- USE_GZIP=yes
|
||||||
|
- USE_REVERSE_PROXY=yes
|
||||||
|
- CONTENT_SECURITY_POLICY=
|
||||||
|
- PROXY_REAL_IP=yes
|
||||||
|
- PROXY_REAL_IP_FROM=173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 172.64.0.0/13 131.0.72.0/22 104.16.0.0/13 104.24.0.0/14
|
||||||
|
- ${SEARX_DOMAIN}_REVERSE_PROXY_URL=/
|
||||||
|
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
|
||||||
|
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
|
||||||
|
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
|
||||||
|
- USE_CUSTOM_HTTPS=yes
|
||||||
|
- CUSTOM_HTTPS_CERT=/letsencrypt/cert.pem
|
||||||
|
- CUSTOM_HTTPS_KEY=/letsencrypt/key.pem
|
||||||
|
ports:
|
||||||
|
- 80:8080
|
||||||
|
- 443:8443
|
||||||
|
|
||||||
|
search:
|
||||||
|
image: secven/searxng
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- BASE_URL=https://${SEARX_DOMAIN}/
|
||||||
|
ports:
|
||||||
|
- 6060:8080
|
||||||
|
|
||||||
|
whoogle:
|
||||||
|
image: secven/whoogle
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- WHOOGLE_CONFIG_DISABLE=true
|
||||||
|
ports:
|
||||||
|
- 5050:5000
|
|
@ -12,8 +12,6 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- search
|
- search
|
||||||
- whoogle
|
- whoogle
|
||||||
ports:
|
|
||||||
- 80:8080
|
|
||||||
environment:
|
environment:
|
||||||
- MULTISITE=yes
|
- MULTISITE=yes
|
||||||
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
|
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
|
||||||
|
@ -47,14 +45,16 @@ services:
|
||||||
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
|
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
|
||||||
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
|
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
|
||||||
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
|
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
|
||||||
|
ports:
|
||||||
|
- 80:8080
|
||||||
|
|
||||||
search:
|
search:
|
||||||
image: secven/searxng
|
image: secven/searxng
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
|
||||||
- 6060:8080
|
|
||||||
environment:
|
environment:
|
||||||
- BASE_URL=https://${SEARX_DOMAIN}/
|
- BASE_URL=https://${SEARX_DOMAIN}/
|
||||||
|
ports:
|
||||||
|
- 6060:8080
|
||||||
|
|
||||||
whoogle:
|
whoogle:
|
||||||
image: secven/whoogle
|
image: secven/whoogle
|
||||||
|
|
|
@ -19,7 +19,7 @@ services:
|
||||||
- MULTISITE=yes
|
- MULTISITE=yes
|
||||||
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
|
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
|
||||||
- HTTP2=yes
|
- HTTP2=yes
|
||||||
- LISTEN_HTTP=no
|
- LISTEN_HTTP=yes
|
||||||
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
||||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||||
- ALLOWED_METHODS=GET|POST|HEAD
|
- ALLOWED_METHODS=GET|POST|HEAD
|
||||||
|
@ -52,6 +52,7 @@ services:
|
||||||
- 6060:8080
|
- 6060:8080
|
||||||
environment:
|
environment:
|
||||||
- BASE_URL=https://${SEARX_DOMAIN}/ #your domain name
|
- BASE_URL=https://${SEARX_DOMAIN}/ #your domain name
|
||||||
|
network_mode: host
|
||||||
|
|
||||||
whoogle:
|
whoogle:
|
||||||
image: secven/whoogle
|
image: secven/whoogle
|
||||||
|
@ -60,3 +61,4 @@ services:
|
||||||
- WHOOGLE_CONFIG_DISABLE=true
|
- WHOOGLE_CONFIG_DISABLE=true
|
||||||
ports:
|
ports:
|
||||||
- 5050:5000
|
- 5050:5000
|
||||||
|
network_mode: host
|
||||||
|
|
Before Width: | Height: | Size: 170 KiB After Width: | Height: | Size: 170 KiB |
20
ssl/cert.pem
Normal file
20
ssl/cert.pem
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDNjCCAtygAwIBAgIUbyvMQi1XCaQhF3Rei2oPaK06+lEwCgYIKoZIzj0EAwIw
|
||||||
|
gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
|
||||||
|
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL
|
||||||
|
Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0
|
||||||
|
eTAeFw0yMTExMDYyMDMzMDBaFw0zNjExMDIyMDMzMDBaMGIxGTAXBgNVBAoTEENs
|
||||||
|
b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw
|
||||||
|
JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
|
||||||
|
AgEGCCqGSM49AwEHA0IABPGhy4avVl5jqkROvLlQXsDLEH6QGVg98LPODnVyDmVv
|
||||||
|
12D4i2HYgYaAL9AS4xRmaWotNv6Gq9Uq84h/Va8n3z2jggFAMIIBPDAOBgNVHQ8B
|
||||||
|
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
|
||||||
|
/wQCMAAwHQYDVR0OBBYEFD5kePgLCZXwOFfyuAsufJL7x349MB8GA1UdIwQYMBaA
|
||||||
|
FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw
|
||||||
|
AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTA5BgNV
|
||||||
|
HREEMjAwghBzZWFyY2guc2VjdmVuLm1lgglzZWN2ZW4ubWWCEXdob29nbGUuc2Vj
|
||||||
|
dmVuLm1lMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5j
|
||||||
|
b20vb3JpZ2luX2VjY19jYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIhALue4rHxUmXl
|
||||||
|
2VWtldmfxmCzaxqSbXNLCnb84zZgb45kAiB8XpnK2bS8CQxqOh6mZQ7oUWwbsK4+
|
||||||
|
YYarc8F4yzG7cg==
|
||||||
|
-----END CERTIFICATE-----
|
5
ssl/key.pem
Normal file
5
ssl/key.pem
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgg6kUJu1t2HPzdlHz
|
||||||
|
9Wnuca6dxKPEkPCBH5tzRpJy09uhRANCAATxocuGr1ZeY6pETry5UF7AyxB+kBlY
|
||||||
|
PfCzzg51cg5lb9dg+Ith2IGGgC/QEuMUZmlqLTb+hqvVKvOIf1WvJ989
|
||||||
|
-----END PRIVATE KEY-----
|
Loading…
Reference in a new issue