73 lines
2.0 KiB
YAML
73 lines
2.0 KiB
YAML
version: '3'
|
|
|
|
services:
|
|
|
|
secven:
|
|
image: secven/bunkerized
|
|
cap_drop:
|
|
- ALL
|
|
security_opt:
|
|
- no-new-privileges
|
|
restart: always
|
|
depends_on:
|
|
- search
|
|
- whoogle
|
|
volumes:
|
|
- ./ssl:/letsencrypt:ro
|
|
environment:
|
|
- MULTISITE=yes
|
|
- WORKER_CONNECTIONS=65536
|
|
- REDIRECT_HTTP_TO_HTTPS=no
|
|
- HTTP2=yes
|
|
- HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
|
- SERVER_NAME=${SEARX_DOMAIN} ${WHOOGLE_DOMAIN} ${SERVER_IP}
|
|
- ALLOWED_METHODS=GET|POST|HEAD
|
|
- DISABLE_DEFAULT_SERVER=yes
|
|
- BLOCK_PROXIES=no
|
|
- BLOCK_ABUSERS=no
|
|
- BLOCK_USER_AGENT=yes
|
|
- BLOCK_TOR_EXIT_NODE=no
|
|
- BLOCK_REFERRER=yes
|
|
- USE_MODSECURITY=yes
|
|
- USE_ANTIBOT=no
|
|
- USE_DNSBL=yes
|
|
- USE_BAD_BEHAVIOR=yes
|
|
- BAD_BEHAVIOR_THRESHOLD=8
|
|
- USE_LIMIT_CONN=yes
|
|
- USE_LIMIT_REQ=yes
|
|
- USE_REMOTE_API=no
|
|
- LIMIT_CONN_MAX=60
|
|
- LIMIT_REQ_RATE=2r/s
|
|
- LIMIT_REQ_BURST=5
|
|
- USE_BROTLI=yes
|
|
- USE_PROXY_CACHE=yes
|
|
- USE_CLIENT_CACHE=yes
|
|
- USE_GZIP=yes
|
|
- USE_REVERSE_PROXY=yes
|
|
- CONTENT_SECURITY_POLICY=
|
|
- PROXY_REAL_IP=yes
|
|
- PROXY_REAL_IP_FROM=173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 172.64.0.0/13 131.0.72.0/22 104.16.0.0/13 104.24.0.0/14
|
|
- ${SEARX_DOMAIN}_REVERSE_PROXY_URL=/
|
|
- ${SEARX_DOMAIN}_REVERSE_PROXY_HOST=http://search:8080
|
|
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_URL=/
|
|
- ${WHOOGLE_DOMAIN}_REVERSE_PROXY_HOST=http://whoogle:5000
|
|
- USE_CUSTOM_HTTPS=yes
|
|
- CUSTOM_HTTPS_CERT=/letsencrypt/cert.pem
|
|
- CUSTOM_HTTPS_KEY=/letsencrypt/key.pem
|
|
ports:
|
|
- 80:8080
|
|
- 443:8443
|
|
|
|
search:
|
|
image: secven/searxng
|
|
restart: always
|
|
environment:
|
|
- BASE_URL=https://${SEARX_DOMAIN}/
|
|
|
|
whoogle:
|
|
image: secven/whoogle
|
|
restart: always
|
|
environment:
|
|
- WHOOGLE_CONFIG_DISABLE=true
|
|
- WHOOGLE_CONFIG_THEME=light
|