utils/filtron.sh

To simplify installation and maintenance of a filtron instance you can use the script git://utils/filtron.sh. In most cases you will install filtron simply by running the command:

sudo -H ./utils/filtron.sh install all

The script adds a ${SERVICE_USER} (default:filtron) and installs filtron into this user account:

  1. Create a separated user account (filtron).

  2. Download and install Go binary in user’s $HOME (~filtron).

  3. Install filtron with the package management from Go (go get -v -u github.com/asciimoo/filtron)

  4. Setup a proper rule configuration [ref] (/etc/filtron/rules.json).

  5. Setup a systemd service unit [ref] (/lib/systemd/system/filtron.service).

Create user

$ sudo -H useradd --shell /bin/bash --system \
    --home-dir "/usr/local/filtron" \
    --comment "Privacy-respecting metasearch engine" filtron

$ sudo -H mkdir "/usr/local/filtron"
$ sudo -H chown -R "filtron:filtron" "/usr/local/filtron"

Install go

$ cat > "/usr/local/filtron/.go_env" <<EOF
export GOPATH=/usr/local/filtron/go-apps
export PATH=$PATH:/usr/local/filtron/local/go/bin:$GOPATH/bin
EOF
$ sudo -i -u "filtron"
(filtron) $ echo 'source /usr/local/filtron/.go_env' >> ~/.profile
(filtron) $ mkdir /usr/local/filtron/local
(filtron) $ wget --progress=bar -O "go1.13.5.linux-amd64.tar.gz" \
            "https://dl.google.com/go/go1.13.5.linux-amd64.tar.gz"
(filtron) $ tar -C /usr/local/filtron/local -xzf "go1.13.5.linux-amd64.tar.gz"
(filtron) $ which go
/usr/local/filtron/local/go/bin/go

Install filtron

Install rules.json at /etc/filtron/rules.json (see Sample configuration of filtron) and install filtron software and systemd unit:

$ sudo -i -u "filtron"
(filtron) $ go get -v -u github.com/asciimoo/filtron
[Unit]

Description=filtron
After=syslog.target
After=network.target

[Service]

Type=simple
User=filtron
Group=filtron
WorkingDirectory=/usr/local/filtron
ExecStart=/usr/local/filtron/go-apps/bin/filtron -api '127.0.0.1:4005' -listen '127.0.0.1:4004' -rules '/etc/filtron/rules.json' -target '127.0.0.1:8888'

Restart=always
Environment=USER=filtron HOME=/usr/local/filtron

# Some distributions may not support these hardening directives.  If you cannot
# start the service due to an unknown option, comment out the ones not supported
# by your version of systemd.

ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true

[Install]

WantedBy=multi-user.target

Overview

The --help output of the script is largely self-explanatory (Common commands & environment):

INFO:  not yet cloned: /usr/local/searx/searx-src
usage::
  filtron.sh shell
  filtron.sh install    [all|user|rules]
  filtron.sh update     [filtron]
  filtron.sh remove     [all]
  filtron.sh activate   [service]
  filtron.sh deactivate [service]
  filtron.sh inspect    [service]
  filtron.sh option     [debug-on|debug-off]
  filtron.sh apache     [install|remove]
  filtron.sh nginx      [install|remove]

shell
  start interactive shell from user filtron
install / remove
  :all:        complete setup of filtron service
  :user:       add/remove service user 'filtron' (/usr/local/filtron)
  :rules:      reinstall filtron rules /etc/filtron/rules.json
update filtron
  Update filtron installation (/usr/local/filtron)
activate service
  activate and start service daemon (systemd unit)
deactivate service
  stop and deactivate service daemon (systemd unit)
inspect service
  show service status and log
option
  set one of the available options
apache (http://fv-az91-955)
  :install: apache site with a reverse proxy (ProxyPass)
  :remove:  apache site searx.conf
nginx (http://fv-az91-955)
  :install: nginx site with a reverse proxy (ProxyPass)
  :remove:  nginx site searx.conf
filtron rules: /home/runner/work/searxng/searxng/utils/templates/etc/filtron/rules.json
---- sourced /home/runner/work/searxng/searxng/.config.sh :
  SERVICE_USER        : filtron
  SERVICE_HOME        : /usr/local/filtron
  FILTRON_TARGET      : 127.0.0.1:8888
  FILTRON_API         : 127.0.0.1:4005
  FILTRON_LISTEN      : 127.0.0.1:4004
  FILTRON_URL_PATH    : /
---- SearXNG instance setup (status: missing-searx-clone)
  SEARXNG_SETTINGS_PATH : /etc/searxng/settings.yml
  SSEARX_PYENV        : /usr/local/searx/searx-pyenv
  SEARX_SRC           : /usr/local/searx/searx-src
  SEARX_URL           : http://fv-az91-955