~fmac/fmac.xyz-website

ca08eeee770dd142ed9483e963a2502c88e8ff68 — Francesco Camuffo 2 months ago 25bc443
Fix tabs
1 files changed, 43 insertions(+), 43 deletions(-)

M content/posts/Host Searx on OpenBSD.md
M content/posts/Host Searx on OpenBSD.md => content/posts/Host Searx on OpenBSD.md +43 -43
@@ 103,17 103,17 @@ pexp="/usr/local/bin/python.*${pexp}"

# For the PID file.
rc_pre() {
    if [[ ! -d /var/run/gunisearx ]]; then
        mkdir $RUN_DIR
        chown -R _searx:_searx $RUN_DIR
    fi
	if [[ ! -d /var/run/gunisearx ]]; then
		mkdir $RUN_DIR
		chown -R _searx:_searx $RUN_DIR
	fi
}

rc_stop() {
    if [[ -f $RUN_DIR/gunisearx.pid ]]; then
        kill $(cat $RUN_DIR/gunisearx.pid)
        rm $RUN_DIR/gunisearx.pid
    fi
	if [[ -f $RUN_DIR/gunisearx.pid ]]; then
		kill $(cat $RUN_DIR/gunisearx.pid)
		rm $RUN_DIR/gunisearx.pid
	fi
}

rc_cmd $1


@@ 180,42 180,42 @@ http {
...lots of things...

server {
        listen       443 ssl;
        listen       [::]:443 ssl;
        server_name  searx.fmac.xyz;
		listen		443 ssl;
		listen		[::]:443 ssl;
		server_name	searx.fmac.xyz;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers on;
		ssl_protocols	TLSv1.2 TLSv1.3;
		ssl_ciphers		ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		ssl_prefer_server_ciphers	on;

        ssl_certificate      /etc/ssl/searx.fmac.xyz.fullchain.pem;
        ssl_certificate_key  /etc/ssl/private/searx.fmac.xyz.key;
		ssl_certificate		/etc/ssl/searx.fmac.xyz.fullchain.pem;
		ssl_certificate_key	/etc/ssl/private/searx.fmac.xyz.key;

        ssl_session_timeout  1d;
        ssl_session_cache    shared:MozSSL:10m;
        ssl_session_tickets  off;
		ssl_session_timeout	1d;
		ssl_session_cache	shared:MozSSL:10m;
		ssl_session_tickets	off;

        location / {
            proxy_pass         http://127.0.0.1:4004/;
		location / {
			proxy_pass http://127.0.0.1:4004/;

            include /etc/nginx/searx-proxy-headers.conf;
            include /etc/nginx/searx-default-headers.conf;
            add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com" always;
        }
			include /etc/nginx/searx-proxy-headers.conf;
			include /etc/nginx/searx-default-headers.conf;
			add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com" always;
		}

        location /static/ {
            root /var/www/htdocs/searx/;
		location /static/ {
			root /var/www/htdocs/searx/;

            include /etc/nginx/searx-default-headers.conf;
            add_header Cache-Control "public, max-age=31536000" always;
        }
			include /etc/nginx/searx-default-headers.conf;
			add_header Cache-Control "public, max-age=31536000" always;
		}

		location /morty {
            proxy_pass http://127.0.0.1:3000/;
			proxy_pass http://127.0.0.1:3000/;

            include /etc/nginx/searx-proxy-headers.conf;
        }
    }
			include /etc/nginx/searx-proxy-headers.conf;
		}
	}
}
```
---


@@ 232,13 232,13 @@ add_header X-XSS-Protection "1" always;
---
`/etc/nginx/searx-proxy-headers.conf`
```
proxy_hide_header  Referrer-Policy;
proxy_hide_header  X-Content-Type-Options;
proxy_hide_header  X-Robots-Tag;
proxy_hide_header  X-Xss-Protection;
proxy_set_header   Host             $host;
proxy_set_header   Connection       $http_connection;
proxy_set_header   X-Real-IP        $remote_addr;
proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_set_header   X-Scheme         $scheme;
proxy_hide_header	Referrer-Policy;
proxy_hide_header	X-Content-Type-Options;
proxy_hide_header	X-Robots-Tag;
proxy_hide_header	X-Xss-Protection;
proxy_set_header	Host $host;
proxy_set_header	Connection $http_connection;
proxy_set_header	X-Real-IP $remote_addr;
proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header	X-Scheme $scheme;
```