mirror of
https://github.com/searxng/searxng.git
synced 2025-08-12 06:46:47 +02:00
c607e77fe9
The configuration in Granian is handled with ENVs, much more convenient and practical for updating. The settings have been tested for over two months in a production instance, being usable on small to somewhat large instances without having to modify anything. It also removes the patch functions and ENVs abstraction from the entrypoint, this makes it possible to run the container with immutable configuration. In some setups, It may be desired to have the volumes/files under a specific uid/gid (other than searxng:searxng), if the entrypoint has root permissions it will chown automatically on every start, which may not be desired. Explicitly setting the new ENV `FORCE_OWNERSHIP=false` will prevent ownership from being modified. No manual migration is necessary **unless** the user has changed the default uWSGI configuration or has a very specific setup. Closes https://github.com/searxng/searxng/issues/4894 Closes https://github.com/searxng/searxng/issues/4818 Closes https://github.com/searxng/searxng/issues/4802 Supersedes https://github.com/searxng/searxng/pull/4596 Related https://github.com/searxng/searxng/discussions/4479
130 lines
2.5 KiB
Bash
Executable file
130 lines
2.5 KiB
Bash
Executable file
#!/bin/sh
|
|
# shellcheck shell=dash
|
|
set -u
|
|
|
|
# Check if it's a valid file
|
|
check_file() {
|
|
local target="$1"
|
|
|
|
if [ ! -f "$target" ]; then
|
|
cat <<EOF
|
|
!!!
|
|
!!! ERROR
|
|
!!! "$target" is not a valid file, exiting...
|
|
!!!
|
|
EOF
|
|
exit 127
|
|
fi
|
|
}
|
|
|
|
# Check if it's a valid directory
|
|
check_directory() {
|
|
local target="$1"
|
|
|
|
if [ ! -d "$target" ]; then
|
|
cat <<EOF
|
|
!!!
|
|
!!! ERROR
|
|
!!! "$target" is not a valid directory, exiting...
|
|
!!!
|
|
EOF
|
|
exit 127
|
|
fi
|
|
}
|
|
|
|
setup_ownership() {
|
|
local target="$1"
|
|
local type="$2"
|
|
|
|
case "$type" in
|
|
file | directory) ;;
|
|
*)
|
|
cat <<EOF
|
|
!!!
|
|
!!! ERROR
|
|
!!! "$type" is not a valid type, exiting...
|
|
!!!
|
|
EOF
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
target_ownership=$(stat -c %U:%G "$target")
|
|
|
|
if [ "$target_ownership" != "searxng:searxng" ]; then
|
|
if [ "${FORCE_OWNERSHIP:-true}" = true ] && [ "$(id -u)" -eq 0 ]; then
|
|
chown -R searxng:searxng "$target"
|
|
else
|
|
cat <<EOF
|
|
!!!
|
|
!!! WARNING
|
|
!!! "$target" $type is not owned by "searxng:searxng"
|
|
!!! This may cause issues when running SearXNG
|
|
!!!
|
|
!!! Expected "searxng:searxng"
|
|
!!! Got "$target_ownership"
|
|
!!!
|
|
EOF
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Handle volume mounts
|
|
volume_handler() {
|
|
local target="$1"
|
|
|
|
check_directory "$target"
|
|
setup_ownership "$target" "directory"
|
|
}
|
|
|
|
# Handle configuration file updates
|
|
config_handler() {
|
|
local target="$1"
|
|
local template="$2"
|
|
local new_template_target="$target.new"
|
|
|
|
# Create/Update the configuration file
|
|
if [ -f "$target" ]; then
|
|
setup_ownership "$target" "file"
|
|
|
|
if [ "$template" -nt "$target" ]; then
|
|
cp -pfT "$template" "$new_template_target"
|
|
|
|
cat <<EOF
|
|
...
|
|
... INFORMATION
|
|
... Update available for "$target"
|
|
... It is recommended to update the configuration file to ensure proper functionality
|
|
...
|
|
... New version placed at "$new_template_target"
|
|
... Please review and merge changes
|
|
...
|
|
EOF
|
|
fi
|
|
else
|
|
cat <<EOF
|
|
...
|
|
... INFORMATION
|
|
... "$target" does not exist, creating from template...
|
|
...
|
|
EOF
|
|
cp -pfT "$template" "$target"
|
|
|
|
sed -i "s/ultrasecretkey/$(head -c 24 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9')/g" "$target"
|
|
fi
|
|
|
|
check_file "$target"
|
|
}
|
|
|
|
cat <<EOF
|
|
SearXNG $SEARXNG_VERSION
|
|
EOF
|
|
|
|
# Check for volume mounts
|
|
volume_handler "$CONFIG_PATH"
|
|
volume_handler "$DATA_PATH"
|
|
|
|
# Check for files
|
|
config_handler "$SEARXNG_SETTINGS_PATH" "/usr/local/searxng/searx/settings.yml"
|
|
|
|
exec /usr/local/searxng/venv/bin/granian searx.webapp:app
|