update config add ssl for cf
This commit is contained in:
parent
92f65b909e
commit
f7a1581289
9 changed files with 148 additions and 23 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,5 +1,4 @@
|
|||
.idea
|
||||
.vscode
|
||||
docker-compose.test.yml
|
||||
ssl
|
||||
.env
|
||||
|
|
24
Makefile
24
Makefile
|
@ -1,11 +1,24 @@
|
|||
whoogle=secven/whoogle
|
||||
bunkerized=secven/bunkerized
|
||||
|
||||
DC_CF=docker-compose.cloudflare.yml
|
||||
DC_PROD=docker-compose.prod.yml
|
||||
DC_CFSSL=docker-compose.cfssl.yml
|
||||
|
||||
install:
|
||||
sudo apt -y install docker docker-compose nano git curl
|
||||
sudo groupadd docker
|
||||
sudo usermod -aG docker $USER
|
||||
newgrp docker
|
||||
|
||||
cf:
|
||||
docker-compose -f docker-compose.cloudflare.yml up -d
|
||||
docker-compose -f $(DC_CF) up -d
|
||||
|
||||
prod:
|
||||
docker-compose -f docker-compose.prod.yml up -d
|
||||
docker-compose -f $(DC_PROD) up -d
|
||||
|
||||
cfssl:
|
||||
docker-compose -f $(DC_CFSSL) up -d
|
||||
|
||||
build:
|
||||
docker build -t bunkerized-nginx -f src/bunkerized-nginx/Dockerfile .
|
||||
|
@ -16,3 +29,10 @@ push:
|
|||
docker push $(whoogle)
|
||||
docker tag bunkerized-nginx $(bunkerized)
|
||||
docker push $(bunkerized)
|
||||
|
||||
prune:
|
||||
docker system prune -a
|
||||
|
||||
stop:
|
||||
docker-compose -f $(DC_CF) stop
|
||||
docker-compose -f $(DC_PROD) stop
|
||||
|
|
34
README.md
34
README.md
|
@ -1,7 +1,8 @@
|
|||
<!-- PROJECT LOGO -->
|
||||
![logo](./logo.png)
|
||||
![logo](img/logo.png)
|
||||
|
||||
<h1 align="center">Welcome to search-privacy 🥳🥳🥳</h1>
|
||||
|
||||
<p>
|
||||
<img alt="Version" src="https://img.shields.io/badge/version-1.0-blue.svg?cacheSeconds=2592000" />
|
||||
<a href="#" target="_blank">
|
||||
|
@ -20,15 +21,18 @@
|
|||
### ✨ [Demo SearX](https://search.secven.me/)
|
||||
|
||||
#### Docker and Docker compose install
|
||||
|
||||
```sh
|
||||
# https://docs.docker.com/engine/install/debian/
|
||||
|
||||
~$ sudo apt update && apt upgrade -y
|
||||
~$ sudo apt install docker docker-compose nano make -y
|
||||
~$ sudo make install
|
||||
```
|
||||
|
||||
#### Редактируем наш конфиг на ваши данные
|
||||
|
||||
```sh
|
||||
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
|
||||
~$ cd search-privacy
|
||||
~$ cp .env.example .env
|
||||
~$ nano .env
|
||||
````
|
||||
|
@ -42,6 +46,16 @@
|
|||
* Добавьте ваш домен в днс - https://i.imgur.com/AwRymuh.png
|
||||
* Настройка SSL/TLS - https://i.imgur.com/WQCy0RC.png
|
||||
|
||||
```sh
|
||||
~$ make cf
|
||||
```
|
||||
|
||||
### Install Search-privacy default server prod
|
||||
|
||||
```sh
|
||||
~$ make prod
|
||||
```
|
||||
|
||||
#### Заблокировать censys
|
||||
|
||||
```sh
|
||||
|
@ -49,20 +63,10 @@
|
|||
~$ sudo iptables -A INPUT -s 47.205.232.0/21 -j DROP
|
||||
```
|
||||
|
||||
```sh
|
||||
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
|
||||
~$ cd search-privacy
|
||||
|
||||
~$ make cf
|
||||
```
|
||||
|
||||
### Install Search-privacy default server prod
|
||||
#### Остановить все контейнеры
|
||||
|
||||
```sh
|
||||
~$ git clone https://git.disroot.org/librewolf/search-privacy.git
|
||||
~$ cd search-privacy
|
||||
|
||||
~$ make prod
|
||||
~$ make stop
|
||||
```
|
||||
|
||||
### Author
|
||||
|
|
75
docker-compose.cfssl.yml
Normal file
75
docker-compose.cfssl.yml
Normal file
|
@ -0,0 +1,75 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
secven:
|
||||
image: secven/bunkerized
|
||||
cap_drop:
|
||||
- ALL
|
||||
security_opt:
|
||||
- no-new-privileges
|
||||
restart: always
|
||||
depends_on:
|
||||
- search
|
||||
- whoogle
|
||||
volumes:
|
||||
- ./ssl:/letsencrypt:ro
|
||||
environment:
|
||||
- HTTP2=yes
|
||||
- LISTEN_HTTP=no
|
||||
- MULTISITE=yes
|
||||
- REDIRECT_HTTP_TO_HTTPS=no
|
||||
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
||||
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} ${SERVER_IP}
|
||||
- ALLOWED_METHODS=GET|POST|HEAD
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- BLOCK_PROXIES=no
|
||||
- BLOCK_ABUSERS=no
|
||||
- BLOCK_USER_AGENT=yes
|
||||
- BLOCK_TOR_EXIT_NODE=no
|
||||
- BLOCK_REFERRER=yes
|
||||
- USE_MODSECURITY=yes
|
||||
- USE_ANTIBOT=no
|
||||
- USE_DNSBL=yes
|
||||
- USE_BAD_BEHAVIOR=yes
|
||||
- BAD_BEHAVIOR_THRESHOLD=8
|
||||
- USE_LIMIT_CONN=yes
|
||||
- USE_LIMIT_REQ=yes
|
||||
- USE_REMOTE_API=no
|
||||
- LIMIT_CONN_MAX=60
|
||||
- LIMIT_REQ_RATE=2r/s
|
||||
- LIMIT_REQ_BURST=5
|
||||
- USE_BROTLI=yes
|
||||
- USE_PROXY_CACHE=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- CONTENT_SECURITY_POLICY=
|
||||
- PROXY_REAL_IP=yes
|
||||
- PROXY_REAL_IP_FROM=173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 172.64.0.0/13 131.0.72.0/22 104.16.0.0/13 104.24.0.0/14
|
||||
- ${SEARX_DOMAIN}_REVERSE_PROXY_URL=/
|
||||
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
|
||||
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
|
||||
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
|
||||
- USE_CUSTOM_HTTPS=yes
|
||||
- CUSTOM_HTTPS_CERT=/letsencrypt/cert.pem
|
||||
- CUSTOM_HTTPS_KEY=/letsencrypt/key.pem
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
||||
search:
|
||||
image: secven/searxng
|
||||
restart: always
|
||||
environment:
|
||||
- BASE_URL=https://${SEARX_DOMAIN}/
|
||||
ports:
|
||||
- 6060:8080
|
||||
|
||||
whoogle:
|
||||
image: secven/whoogle
|
||||
restart: always
|
||||
environment:
|
||||
- WHOOGLE_CONFIG_DISABLE=true
|
||||
ports:
|
||||
- 5050:5000
|
|
@ -12,8 +12,6 @@ services:
|
|||
depends_on:
|
||||
- search
|
||||
- whoogle
|
||||
ports:
|
||||
- 80:8080
|
||||
environment:
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
|
||||
|
@ -47,14 +45,16 @@ services:
|
|||
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:6060
|
||||
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
|
||||
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://${SERVER_IP}:5050
|
||||
ports:
|
||||
- 80:8080
|
||||
|
||||
search:
|
||||
image: secven/searxng
|
||||
restart: always
|
||||
ports:
|
||||
- 6060:8080
|
||||
environment:
|
||||
- BASE_URL=https://${SEARX_DOMAIN}/
|
||||
ports:
|
||||
- 6060:8080
|
||||
|
||||
whoogle:
|
||||
image: secven/whoogle
|
||||
|
|
|
@ -19,7 +19,7 @@ services:
|
|||
- MULTISITE=yes
|
||||
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN}
|
||||
- HTTP2=yes
|
||||
- LISTEN_HTTP=no
|
||||
- LISTEN_HTTP=yes
|
||||
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
||||
- REDIRECT_HTTP_TO_HTTPS=yes
|
||||
- ALLOWED_METHODS=GET|POST|HEAD
|
||||
|
@ -52,6 +52,7 @@ services:
|
|||
- 6060:8080
|
||||
environment:
|
||||
- BASE_URL=https://${SEARX_DOMAIN}/ #your domain name
|
||||
network_mode: host
|
||||
|
||||
whoogle:
|
||||
image: secven/whoogle
|
||||
|
@ -60,3 +61,4 @@ services:
|
|||
- WHOOGLE_CONFIG_DISABLE=true
|
||||
ports:
|
||||
- 5050:5000
|
||||
network_mode: host
|
||||
|
|
Before Width: | Height: | Size: 170 KiB After Width: | Height: | Size: 170 KiB |
20
ssl/cert.pem
Normal file
20
ssl/cert.pem
Normal file
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDNjCCAtygAwIBAgIUbyvMQi1XCaQhF3Rei2oPaK06+lEwCgYIKoZIzj0EAwIw
|
||||
gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
|
||||
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL
|
||||
Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0
|
||||
eTAeFw0yMTExMDYyMDMzMDBaFw0zNjExMDIyMDMzMDBaMGIxGTAXBgNVBAoTEENs
|
||||
b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw
|
||||
JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
|
||||
AgEGCCqGSM49AwEHA0IABPGhy4avVl5jqkROvLlQXsDLEH6QGVg98LPODnVyDmVv
|
||||
12D4i2HYgYaAL9AS4xRmaWotNv6Gq9Uq84h/Va8n3z2jggFAMIIBPDAOBgNVHQ8B
|
||||
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
|
||||
/wQCMAAwHQYDVR0OBBYEFD5kePgLCZXwOFfyuAsufJL7x349MB8GA1UdIwQYMBaA
|
||||
FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw
|
||||
AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTA5BgNV
|
||||
HREEMjAwghBzZWFyY2guc2VjdmVuLm1lgglzZWN2ZW4ubWWCEXdob29nbGUuc2Vj
|
||||
dmVuLm1lMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5j
|
||||
b20vb3JpZ2luX2VjY19jYS5jcmwwCgYIKoZIzj0EAwIDSAAwRQIhALue4rHxUmXl
|
||||
2VWtldmfxmCzaxqSbXNLCnb84zZgb45kAiB8XpnK2bS8CQxqOh6mZQ7oUWwbsK4+
|
||||
YYarc8F4yzG7cg==
|
||||
-----END CERTIFICATE-----
|
5
ssl/key.pem
Normal file
5
ssl/key.pem
Normal file
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgg6kUJu1t2HPzdlHz
|
||||
9Wnuca6dxKPEkPCBH5tzRpJy09uhRANCAATxocuGr1ZeY6pETry5UF7AyxB+kBlY
|
||||
PfCzzg51cg5lb9dg+Ith2IGGgC/QEuMUZmlqLTb+hqvVKvOIf1WvJ989
|
||||
-----END PRIVATE KEY-----
|
Loading…
Reference in a new issue