1
0
mirror of https://github.com/searx/searx synced 2024-12-21 13:54:19 +01:00
3 Searx with haproxy
Arthur Țițeică edited this page 2016-10-30 10:41:56 +02:00

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Sample configuration

frontend http
  mode http
  bind <public_ip>:80
  bind <public_ip>:443

  # acl to catch the domain name where searx is served.
  acl host_searx  hdr(host) -i searx.example.com

  # force HTTPS
  redirect scheme https code 301 if !{ ssl_fc }

  # use the searx backend if it matches the correct domain name
  use_backend  searx if host_searx

  # use another backend for other subdomains.
  default_backend other_site

backend searx
  mode http
  server python2_searx 127.0.0.1:8888 maxconn 50 check inter 5m rise 1 fastinter 1s downinter 1s

backend other_site
   server nginx [...]

127.0.0.1:8888 is the address/port where searx is listening for connections.

The maxconn parameter defines the the concurrent connection limit that haproxy will accept in order to prevent abuse. For a single user searx instance maxconn 10 will suffice.

Static asset compression

Modify the searx backend declared in haproxy by adding the following

backend searx
   [...]
   compression algo gzip
   compression type text/html text/plain text/css application/javascript

Security

backend searx
   [...]
   http-response set-header Strict-Transport-Security max-age=15768000
   http-response set-header X-Frame-Options SAMEORIGIN
   http-response set-header X-Content-Type-Options nosniff
   http-response set-header X-XSS-Protection "1; mode=block"
   http-response set-header Content-Security-Policy "default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'"

Change the server header response.

By default the 'Server' header of Searx is: "Server: Werkzeug/0.11.11-dev Python/2.7.12".

You may change this to anything else with

backend searx
   http-response set-header Server Apache-Nginx