alpine-searx
Legacy Image
This image still uses the old-style format for Dockerfiles/makefile recipes, that may (or may not) be compatible with the newer image sources. The container should keep working as expected, but for building new images, a significant part of the code needs to be updated.
Container for Alpine Linux + S6 + Python3 + SearX
This image provides the Searx Metasearch Engine inside a Python3 container.
Based on Alpine Linux from the python3 image with the searx package installed in it. Versioned accordingly with releases from /asciimoo/searx.
Get the Image¶
Pull the image for your architecture if it's already available from Docker Hub.
Image Tags
The image is tagged respectively for the following architectures,
latest tag is retagged from x86_64, so pulling without any tag fetches you that image. For any other architectures specify the tag for that architecture. e.g. for armv8 or aarch64 host it is alpine-searx:aarch64.
non-x86_64 builds have embedded binfmt_misc support and contain the qemu-user-static binary that allows for running it also inside an x86_64 environment that has support for it.
Run¶
Running the container starts the service.
docker run --rm -it \
--name docker_searx \
-p 8888:8888 \
-v $PWD/data:/data \
woahbase/alpine-searx:x86_64
Multi-Arch Support
If you want to run images for other architectures on a x86_64 machine, you will need to have binfmt support configured for your machine before running the image. multiarch, has made it easy for us containing that into a docker container, just run
Now images built for other architectures will also be executable. This is optional though, without the above, you can still run the image that is made for your architecture.
Stop the container with a timeout, (defaults to 2 seconds)
Restart the container with
Removes the container, (always better to stop it first and -f only when needed most)
Shell access¶
Get a shell inside a already running container,
Optionally, login as a non-root user, (default is alpine)
Or set user/group id e.g 1000/100,
Logs¶
To check logs of a running container in real time
As-A-Service¶
Run the container as a service with the following as reference (and modify it as needed).
With docker-compose (alpine-searx.yml)
---
services:
searx:
container_name: searx
deploy:
resources:
limits:
cpus: '2.00'
memory: 1024M
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 5
window: 120s
environment:
PUID: ${PUID:-1000}
PGID: ${PGID:-100}
# TZ: ${TZ}
# healthcheck:
# interval: 2m
# retries: 5
# start_period: 5m
# test:
# - CMD-SHELL
# - >
# curl -f http://localhost:${SEARX_PORT:-8888}/ || exit 1
# timeout: 10s
hostname: searx
image: woahbase/alpine-searx:${SEARX_TAG:-latest}
network_mode: bridge
ports:
- protocol: tcp
host_ip: 0.0.0.0
published: '${SEARX_PORT:-8888}'
target: 8888
volumes:
# - type: bind
# source: ${SEARX_DIR:?err}/configs/searx
# target: /data
# bind:
# create_host_path: false
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
bind:
create_host_path: false
With HashiCorp Nomad (alpine-searx.hcl)
variables {
dc = "dc1" # to load the dc-local config file
pgid = 100 # gid for docker
puid = 1000 # uid for docker
version = "1.0.0"
}
# locals { var = yamldecode(file("${var.dc}.vars.yml")) } # load dc-local config file
job "searx" {
datacenters = [var.dc]
# namespace = local.var.namespace
# priority = 50
# region = local.var.region
type = "service"
group "docker" {
count = 1
restart {
attempts = 2
interval = "2m"
delay = "15s"
mode = "fail"
}
update {
max_parallel = 1
min_healthy_time = "10s"
healthy_deadline = "3m"
auto_revert = false
}
service {
name = NOMAD_JOB_NAME
port = "http"
tags = ["ins${NOMAD_ALLOC_INDEX}", attr.unique.hostname, "urlprefix-/search"]
canary_tags = ["canary${NOMAD_ALLOC_INDEX}", "urlprefix-/c/search"]
check {
name = "${NOMAD_JOB_NAME}@${attr.unique.hostname}:${NOMAD_HOST_PORT_http}"
type = "http"
path = "/"
interval = "60s"
timeout = "10s"
}
check_restart {
limit = 3
grace = "10s"
}
}
ephemeral_disk { size = 128 } # MB
network {
# dns { servers = local.var.dns_servers }
port "http" { static = 64888 }
}
task "searx" {
driver = "docker"
config {
healthchecks { disable = true }
hostname = NOMAD_JOB_NAME
image = "woahbase/alpine-searx:${var.version}"
network_mode = "host"
ports = ["http"]
logging {
type = "journald"
config {
mode = "non-blocking"
tag = NOMAD_JOB_NAME
}
}
# mount {
# source = "local/settings.yml"
# target = "/data/settings.yml"
# type = "bind"
# readonly = true
# }
mount {
type = "bind"
target = "/etc/localtime"
source = "/etc/localtime"
readonly = true
}
}
env {
PGID = var.pgid
PUID = var.puid
# TZ = local.var.tz
}
resources {
cpu = 1000 # MHz
memory = 512 # MB
}
# template {
# destination = "local/settings.yml"
# data = <<-EOC
# {{ key "nomad/${var.dc}/searx/settings.yml" }}
# EOC
# change_mode = "restart"
# perms = "644"
# error_on_missing_key = true
# }
}
}
}
Reverse Proxy¶
To proxy it through a web server, see below
The following snippet can be used to reverse-proxy the service using NGINX.
upstream proxy_search {
server your.host.local:<searx-port> fail_timeout=5;
}
## the following goes inside a server block
location /search { return 301 /search/; }
location /search/ {
proxy_pass http://proxy_search;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /search;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Remote-Port $remote_port;
# proxy_redirect off;
proxy_buffering off;
}
Build Your Own¶
Feel free to clone (or fork) the repository and customize it for your own usage, build the image for yourself on your own systems, and optionally, push it to your own public (or private) repository.
Here's how...
Setting up¶
Before we clone the /repository, we must have Git, GNU make, and Docker (optionally, with buildx plugin for multi-platform images) setup on the machine. Also, for multi-platform annotations, we might require enabling experimental features of Docker.
Clone the repo with,
Always Check Before You Make!
Did you know, we could check what any make target is going to execute before we actually run them, with
Build and Test¶
To create the image for your architecture, run the build and test target with
For building an image that targets another architecture, it is required to specify the ARCH parameter when building. e.g.
Make to Run¶
Running the image creates a container and either starts a service (for service images) or provides a shell (can be either a root-shell or usershell) to execute commands in, depending on the image. We can run the image with
But if we just need a root-shell in the container without any fance pre-tasks (e.g. for debug or to test something bespoke), we can run bash in the container with --entrypoint /bin/bash. This is wrapped in the makefile as
Nothing vs All vs Run vs Shell
By default, if make is run without any arguments, it calls the target all. In our case this is usually mapped to the target run (which in turn may be mapped to shell).
There may be more such targets defined as per the usage of the image. Check the makefile for more information.
Push the Image¶
If the build and test steps finish without any error, and we want to use the image on other machines, it is the next step push the image we built to a container image repository (like /hub), for that, run the push target with
If the built image targets another architecture then it is required to specify the ARCH parameter when pushing. e.g.
That's all folks! Happy containerizing!
Maintenance¶
Sources at Github. Images at Docker Hub.
Maintained (or sometimes a lack thereof?) by WOAHBase.