Mirabellette.eu

A blog about digital independence and autonomy

Digital independence

Héberger les marques pages Firefox - French version

Written by Mirabellette / 21 may 2018 / no comments

I received some demands to translate in French the article I made about hosting Firefox bookmarks with Syncserver. You can find below the French version of this article.

Introduction

Afin d'avancer dans mon projet d'indépendance numérique, j'ai décidé d'héberger moi même les marques-pages Firefox. J'utilise le navigateur Firefox de la fondation Mozilla et la fondation a mis à disposition sur Github le dépôt qui contient le nécessaire pour héberger les marques pages. Syncserver héberge uniquement les marques pages, il ne s'occupe pas de l'authentification. Cela signifie qu'en utilisant Syncserver, vous devrez toujours vous authentifiez auprès de Firefox puis vous récupérerez les marques-pages sur le serveur de votre choix. Pour également gérer le processus d'authentification, il faut installer Firefox Accounts Server.

firefox_logo

Syncserver a été assez pénible à déployer pour deux raisons. La première est que l'on ne trouve pas beaucoup d'information sur son fonctionnement, sur ce qu'il fait avec un dépôt Github assez brut de fonderie. La seconde est qu'il manque des éléments basique qui rendent le travail de déploiement un peu fastidieux. Pour déployer Syncserver correctement et faire ce tutorial, cela m'a pris environ 15 heures. Dans tous les cas, cela fonctionne désormais et vous avez désormais la possibilité de lire cet article. J'espère que vous le trouverai utile. :)

Le dépôt Github n'est pas très active, une version en 2018, 2017, 2016 et deux versions en 2015 et 2014. Pour suivre les mises-à-jours, vous pouvez ajouter le lien dudépôt à votre agrégateur RSS. Si l'on se réfère au passé, les mises-à-jours ne devraient pas être trop fréquentes.

Configurer Syncserver

  • L'installation a été faite sur une Debian Stretch 9.1
  • Pour compiler l'application, vous devez pouvoir vous connectez à internet ou à un dépôt Python afin de télécharger toutes les dépendances présentes dans le fichier requirements.txt
  • Installation des dépendences

    adduser --system --shell /usr/sbin/nologin --no-create-home firefox
    apt-get install python-dev git-core python-virtualenv g++ sqlite
    cd /opt
    sudo -u firefox git clone https://github.com/mozilla-services/syncserver

    Configuration de base

    La configuration de Syncserver se trouve dans le fichier syncserver.ini. Vous devez le modifier avant de compiler l'application sans quoi les paramètres ne seront pas pris en compte. Dans le fichier syncserver.ini, vous pouvez modifier la section [server:main] si le besoin s'en fait sentir. La configuration de base est fonctionnelle pour cette partie là. Afin de vous facilitez la vie, j'ai créé un fichier syncserver.ini presque bien configuré. Vous pouvez le trouver à cette adresse here (quelques modifications sont toujours nécessaires).

    Le paramètre public_url. Modifiez ce paramètre afin qu'il corresponde à l'url publique à travers laquelle sera accessible Syncserver même s'il s'agit d'une machine virtuelle ou un conteneur placé derrière un reverse proxy.

    public_url = https://example.com

    Le paramètre sqluri. J'ai décidé d'utiliser une base de données de type Sqlite pour conserver les marques pages car il utilise un moteur de base de données facile à sauvegarder. Vous pouvez choisir la base de données avec le moteur que vous voulez. Attention, si vous n'en définissez aucun, les marques pages seront stockés en mémoire RAM et supprimer au redémarrage de la machine. Pour utiliser une base de données Sqlite, vous devez remplacer le paramètre sqluri = sqlite:////tmp/syncserver.db by :

    sqluri = sqlite:////opt/syncserver/syncserver_data.db
    *//// signifie chemin absolu

    Le paramètre secret. Il est très vivement recommandé de générer une clé secrête. Cette clé est utilisé par les tokens d'authentification. Si vous ne le faites pas, Syncserver générera lui-même cette clé à chaque démarrage. Il peut arriver que la clé générée automatiquement soit faible, en cas de faible disponibilité de valeurs aléatoires. Pour générer une clé de façon solide, vous pouvez utiliser la commande suivante.

    head -c 20 /dev/urandom | sha1sum

    Le paramètre allowed_issuers. Dans le cas où vous utilisez le système d'authentification par défaut, vous pouvez n'autoriser que celui de Firefox ou bien le votre si vous en avez un à disposition.

    allowed_issuers = api.accounts.firefox.com

    Le paramètre force_wsgi_environ. J'ai configuré le serveur derrière un reverse proxy Apache2. J'ai fais quelques essais avec la valeur false mais cela ne fonctionnait pas. J'ai par conséquence créé une erreur sur le dépôt Github officiel du projet. On m'a alors conseillé de changer la valeur pour true, cela a fonctionne pour moi.

    force_wsgi_environ = true

    Compilation de l'application

    Rappel surement inutile, pensez bien à configurer Syncserver.ini avant de compiler l'application.

    cd /opt/syncserver
    sudo -u firefox make build
    sudo -u firefox make test

    Après cela, si vous executez la commande sudo -u firefox make serve, vous devriez voir quelques lignes indiquant que Syncserver est correctement lancé et écoute sur le port par défaut (si c'est le cas). Pour information, vous ne verrez pas de texte si la synchronisation de vos marques pages fonctionne ou non.

    Mise-à-jour

    Après avoir compilé l'application, vous devriez mainteant voir deux répertoires: syncserver.egg-info et local. Dans le cas où vous souhaitez mettre à jour Syncserver, vous devrez pensé à bien les supprimer.

    rm -r syncserver.egg-info
    rm -r local

    Apache2 virtualhost

    J'ai créé un virtualhost basique de type reverse proxy avec Apache2. Il redirige juste les flux vers l'adresse ip de votre choix. Vous pouvez trouver le script ici. Je n'ai pas eu besoin de le configurer avec wsgi car je redirige tous les flux directement vers le daemon python.

    Configuration du navigateur

    La procédure varie un petit peu selon que vous utilisiez Firefox sur mobile ou ordinateur de bureau. Cela peut également ne pas fonctionner pour les versions très anciennes du navigateur. Je vais uniquement présenté le processus pour la version bureau. Plus d'informations pour la configuration des autres versions accessibles ici

    • Saissisez “about:config” dans le champs url de votre navigateur

      about_config

      Vous devriez voir un écran d'avertissement, confirmer votre choix.

      warranty

    • Faite une recherche pour la clé qui porte le nom “identity.sync.tokenserver.uri”. Double cliquer sur la ligne et remplacer la valeur attribuée à cette clé par la valeur selon l'image et le texte ci-dessous.

      tokenserver_uri

      La syntaxe de la valeur doit être la suivante https://example.com/token/1.0/sync/1.5. Bien que la version actuelle soit la version 1.8, le chemin vers le fichier est resté avec la valeur 1.0/sync/1.5 ... * en cas de soucis, la valeur originale de votre navigateur est celle qui est affichée dans l'image ci-dessus: https://token.services.mozilla.com/1.0/sync/1.5

    • Déconnectez vous de votre compte Firefox puis redémarrez Mozilla Firefox afin que les modifications soient prises en compte. Une fois que la navigateur a redémarré, reconnectez-vous à votre compte firefox.

    Durcissement de la configuration et nettoyage

    Verrouillage de Syncserver

    Comme vous pouvez le voir, vous pouvez désormais enregistrer vos marques-pages sur le Syncserver de votre choix. Il est probable que vous souhaitiez limité l'accès à Syncserver à vous-même. Pour éviter qu'une autre personne puisse enregistrer ses données sur votre Syncserver, vous devez modifier le fichier syncserver.ini en modifiant le paramètre allow_new_users = false, supprimer les deux répetoires syncserver.egg-info et local et compilez une nouvelle fois l'application.

    vim syncserver.ini
    rm -r syncserver.egg-info
    rm -r local
    sudo -u firefox make build

    Script Systemd

    De façon surprenante, il n'y a pas de script Systemd, there is no Systemd script mis-à-disposition par le dépôt officiel. Vous pouvez utiliser celui que j'ai créé ici. Vous devez le mettre dans le répertoire /etc/systemd/system/ et executer systemctl daemon-reload then systemctl enable syncserver.service pour l'activer. Après cela, Syncserver démarrera automatiquement à chaque démarrage de la machine.

    Nettoyage

    Si vous avez installé le programme make et g++ pour compiler l'application, vous pouvez désormais le supprimer.

    apt purge make g++

    Bien sur, configurer le pare-feu correctement

    Sources

    Réseaux sociaux

    Si vous avez trouvé cet article interessant, vous pouvez vous abonnez au flux rss du blog et de me suivre sur Mastodon. Comme à l'usage, si vous pensez que cela peut intéresser une personne, vous pouvez le lui partager.

    Host Firefox booksmarks with syncserver

    Written by Mirabellette / 01 may 2018 / 4 comments

    Introduction

    In order to be more and more independent about my digital ecosystem. I decided to manage my bookmarks by myself. I use the browser Mozilla Firefox and Mozilla allows you to manage your own synchronization server. Syncserver stores only bookmarks, it didn't manage your Firefox account or the authentication mechanism. This could be done in installing Firefox Accounts Server but it is not the purpose of this tutorial.

    firefox_logo

    It was pretty annoying to deploy it because there aren't a lot of information available and it requires to me to do some basic stuff by myself. It took me something like 10 or 15 hours to make this article. By the way, it works now and you can read this tutorial and I hope you will find it useful :)

    The Github repository isn't very active, one release in 2017 and 2016, two release in 2015 and 2014. Just add the Github repository to your RSS agregator to get news about update. If we trust the past, it shouldn't be done very often.

    Configure the Firefox Synchronization Server

  • This setup was made on Debian stretch
  • To build the application, you need to be able to access to internet or to the python repository in order to download all dependencies includes in requirements.txt
  • Dependencies

    adduser --system --shell /usr/sbin/nologin --no-create-home firefox
    apt-get install python-dev git-core python-virtualenv g++ sqlite
    cd /opt
    sudo -u firefox git clone https://github.com/mozilla-services/syncserver

    Basic configuration

    The server is configured using an .ini file to specify various runtime settings. The file “syncserver.ini” is this file for the application. There is some setting that you must specify before building the application. Feel free to adjust the [server:main] part to your configuration. You can find the final syncserver.ini file here (some adjustment still required).

    The parameter public_url. You should modify it in order to match the interface where syncserver will be accessed by. Even if you run it inside a container or a virtual machine, you have to setup the public url.

    public_url = https://example.com

    The parameter sqluri. I choose to use a Sqlite database to store bookmarks because it is easy to backup. Feel free to use the one you want and modify the syncserver.ini. If you don't specify a Sql database, your bookmarks will be store in RAM and be reset each time you restart the server.Replace sqluri = sqlite:////tmp/syncserver.db by :

    sqluri = sqlite:////opt/syncserver/syncserver_data.db
    *//// means absolute path

    The parameter secret. It is better to generate a secret key for signing authentication tokens. If you don't, the server will generate it each time it start. That could mean a weak key if the random generator seed isn't good enough. Uncomment the parameter and set the value with the result of the next command:

    head -c 20 /dev/urandom | sha1sum

    The parameter allowed_issuers. If you are using the account system offered by Mozilla Firefox, you may want to restrict access to just that domain like so:

    allowed_issuers = api.accounts.firefox.com

    The parameter force_wsgi_environ. I setup the server behind an Apache2 reverse proxy. I make some try with false but it didn't work. I even open an issue in the official Github repository. The only to make it works was to set the force_wsgi_environ to true.

    force_wsgi_environ = true

    Build

    Don't skip the configuration step or your syncserver will not work as expected. As you build the application, you should configure syncserver.ini BEFORE build the application. If you don't, the modifications did to syncserver.ini will not be read.

    cd /opt/syncserver
    sudo -u firefox make build
    sudo -u firefox make test

    After that, if you run sudo -u firefox make serve, you should be able to see some lines about syncserver listening. It could tell you if something go wrong.

    Update

    After building the application, you could now see two new folder : syncserver.egg-info and local. You should delete them to be able to build the server again, for example for an update.

    rm -r syncserver.egg-info
    rm -r local

    Apache2 virtualhost

    I create a classic reverse proxy Apache2 virtual host. It just redirects flux to the virtual machine interface. You can find the script here.

    Configure your browser

    The procedure varies a little between desktop and mobile Firefox, and may not work on older versions of the browser. I will only describe the process for desktop version of firefox. Feel free to find more informations here

    • Enter “about:config” in the URL bar picture.

      about_config

      You should display this warranty screen, confirm your choice to continue.

      warranty

    • Made a research for “identity.sync.tokenserver.uri” as name. Double click on the line and replace the string by your public URL.

      tokenserver_uri

      The syntax should be like this https://example.com/token/1.0/sync/1.5.The current version is 1.7 but the endpoint didn't change ... * the original one is the one display in the previous picture https://token.services.mozilla.com/1.0/sync/1.5

    • Restart Firefox for the change to take effect.

    Note that this must be set prior to loading the sign-up or sign-in page in order to take effect, and its effects are reset on sign-out.

    Hardening and clean up

    Lock the instance for your own usage

    As you can see, you now use your own server to store your bookmarks. To avoid someone else could do that, you have to set the parameter allow_new_users to false in syncserver.ini and build the application again.

    vim syncserver.ini
    rm -r syncserver.egg-info
    rm -r local
    sudo -u firefox make build

    Systemd script

    Astonishingly, there is no Systemd script provides by the official tutorial. You could find the one I created here. You have to put it in /etc/systemd/system/ and execute systemctl daemon-reload then systemctl enable syncserver.service. It will start syncserver at each boot.

    Cleanup

    If you install make and g++ just for building this application, feel free to remove them.

    apt purge make g++

    Of course, setup the firewall in the correct way.

    Sources

    Social media

    If you find this article interesting, feel free to subscribe to my RSS flux and to follow me on Mastodon. Don't hesitate to share it if you think he could interest someone else.

    Installing and configuring Ethercalc in a LXC container

    Written by Mirabellette / 09 february 2018 / no comments

    Disclaimer
    Installing and configuring a server is not something easy. It requires time, perseverance, money and knowledge. Don't forget that your server , Raspberry or I don't know stuff could be compromised and used, for example, against yourself or in a botnet network (like Mirai).

    Since years, I used an instance of Ethercalc hosted by framasoft. EtherCalc is a web spreadsheet wh ich could be used by multiple user. It is quite powerful and you can, for example, manage most of your accountability with it. If you want to know more, yo u can test Ethercalc here.

    If you have to give it back, feel free to do a little donation to Framasoft. They host a lot of very usefull services and works to empowered people. Even 10 (dollars, euros, something) could make a difference. You can also help in developing Ethercalc features in or helping to fix bugs.

    In order to understand and control services I use, I decided to install an instance of Ethercalc. To give back to the community, I create this article in order to explain how I did.

    System Configuration:
    @host Debian Stretch (with apache as reverse proxy)
    @installation_container Installation container (lxc)
    @production_container Production container (lxc)

    It is quite similar if you only have once environment.

    Advices

    • Test this tutorial in a local network which is not directly connected to internet. I mean, protected by firewall.
    • Use a dedicated machine to do all of your test. A dedicated machine could be an unused computer, a virtual machine or a container. Be ready to reinstall your system, this could happened, especially when you begin with computer science.
    • I recommended to use another Linux container to build an application. In general, you have to avoid to install compilator and building application in a production machine. You must only have in production what it is required to work, nothing more! This reduce significantly the risk to be hacked.
    • In a container, I copy everything I need in /opt. It helps me to easily administrate container because I know everything I need to run the application is stored here.
    • All variable that you have to change are prefixed with $, you have to remove the $ too.

    Let's get started!
    First of all, before installing Ethercalc, it is recommended to use a Redis server to manage Ethercalc data.

    Information

    All information stored by Redis are stored in clear. That means if someone is able to access to the dump.rdb file, he will be able to read all informations stored in your Ethercalc. I didn't find a solution to encrypt data from Redis and it doesn't seem to be developed yet.

    # @installation_container

    cd /opt
    apt install xz-utils gcc make tar
    wget http://download.redis.io/releases/redis-4.0.7.tar.gz
    tar xvf redis-4.0.7.tar.gz
    cd redis-4.0.7
    cd deps
    make hiredis jemalloc linenoise lua geohash-int
    cd ..
    make install

    cd /opt
    wget https://nodejs.org/dist/v8.9.4/node-v8.9.4-linux-x64.tar.xz
    tar xvf node-v8.9.4-linux-x64.tar.xz
    ln -s /opt/node-v8.9.4-linux-x64/bin/node /bin/node
    /opt/node-v8.9.4-linux-x64/bin/npm install ethercalc
    vim /opt/node-v8.9.4-linux-x64/lib/node_modules/ethercalc/bin/ethercalc
    replace #!/bin/node by /opt/node-v8.9.4-linux-x64/bin/node/bin/node
    # we don't need that node is available for all now, we will delete the symbolic link. rm /bin/node

    mkdir /container_path/opt/redis-4.0.7 cp -r /opt/redis-4.0.7/src/redis-server /container_path/opt/redis-4.0.7/
    cp -r /opt/node-v8.9.4-linux-x64/ /container_path/opt/node-v8.9.4-linux-x64/
    # you can delete original source instead of just copying it

    We are going to configure Redis in order to store data from Ethercalc where we want. As usual, I stored everything I need in /opt.

    mkdir /container_path/opt/redis_data
    wget http://download.redis.io/redis-stable/redis.conf -O /container_path/opt/redis.conf
    # replace dir ./ by dir /opt/redis.conf

    WARNING Redis doesn't implement server side encryption, that means that all your data are accessible from someone who can read the dump .rdb file.

    Now, we will create two systemd script to start Ethercalc and Redis automatically each time the container start. We also configure iptables in order to avoid that Redis server is accessible from everywhere.

    # @production_container

    useradd redis
    useradd nodejs
    # we will now modify /etc/passwd in order to reduce user right to the strict minimum.
    vim /etc/passwd
    nodejs:x:1000:1000::/opt/node-v8.9.4-linux-x64/bin/node:/bin/false
    redis:x:1001:1001::/opt/redis-4.0.7/redis-server:/bin/false

    cd /opt/
    chown redis:redis -R redis*
    chown nodejs:nodejs -R node-v8.9.4-linux-x64/

    vim /etc/systemd/system/redis.service
    [Unit]
    Description=Redis
    After=network.target
    [Service]
    Type=simple
    ExecStart=/opt/redis-4.0.7/redis-server /opt/redis.conf
    RemainAfterExit=yes
    User=nodejs
    Group=nodejs

    [Install]
    WantedBy=multi-user.target
    systemctl enable redis.service
    vim /etc/systemd/system/ethercalc.service
    [Unit]
    Description=Ethercalc
    After=network.target

    [Service]
    Type=simple
    ExecStart=/opt/node-v8.9.4-linux-x64/lib/node_modules/ethercalc/bin/ethercalc --host $container_ip
    RemainAfterExit=yes
    User=nodejs
    Group=nodejs

    [Install]
    WantedBy=multi-user.target

    systemctl enable redis.service
    # don't forget to change $container_ip by your own interface

    In order to have iptables automatically loads when the container start, you have to install the package iptables-persistent. Of course, we will configure it in order to only have Ethercalc accessible from outside.

    apt install iptables-persistent
    vim /etc/iptables/rules.v4
    *nat
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT

    *filter
    :INPUT DROP [1:328]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -s $container_ip -p tcp --dport 8000 -j ACCEPT
    -A INPUT -s $apt_cache_or_lxc_network -m conntrack --ctstate ESTABLISHED -j ACCEPT
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT

    Now we will configure the apache2 reverse proxy. I choose not to use HTTPS communication between $host and $production_container. The main reason is that both of them are hosted in the same computer. If $production_container was somewhere else on Internet, you MUST configure the proxy in order to have HTTPS communication between your container/virtual machine/whatever or all your traffic will be send in clear text on the network. I also added a web authentication in order to be the only one who can access to it. Feel free to change the $your_name by one of your choice. You have to change the appache2 configuration too. I will not explain how to deploy TLS on your web server, you can find a lot of tutorial in Internet.

    # @host
    # generate a password for $your_name
    htpasswd -c /etc/apache2/password_ethercalc $your_name

    vim /etc/apache2/site-available/ethercalc.conf
    <VirtualHost *:443>
     ServerName www.example.com

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined


      AuthType Basic
      AuthName "Restricted Files"
      AuthBasicProvider file
      AuthUserFile "/etc/apache2/password_ethercalc"
      Require user $your_name


     SSLEngine on
     SSLCertificateFile /path/to/apache/crt
     SSLCertificateKeyFile /path/to/apache/key

     ProxyPass / "http://$container_ip:8000/"
     ProxyPassReverse / "http://$container_ip:8000/"

    </VirtualHost>

    ln -s /etc/apache2/site-available/ethercalc.conf /etc/apache2/site-enabled/ethercalc.conf
    service apache2 reload

    It took me hours to make this article. I hope you will find it useful and interesting Don't hesitate to comment, even if it is about mistake or something that could be improved.
    Thank you for reading.

    sources

    Social media

    If you find this article interesting, feel free to subscribe to my RSS flux and to follow me on Mastodon. Don't hesitate to share it if you think he could interest someone else.

    Searx 0.12 to 0.13.1 and configuration

    Written by Mirabellette / 18 december 2017 / no comments

    Hello everyone,

    I just upgraded the version of Searx from 0.12 to 0.13.1. The upgrade was quite easy, it needed me around 30 minutes to upgrade it and to verify if everything was ok. If you followed the standard installation, you just have to follow these steps bellow to upgrade it:

    sudo -u searx -i
    cd /usr/local/searx
    mv searx/settings.yml searx/settings.yml.old #(to keep your previous configuration
    git pull
    # copy your own settings from searx/settings.yml.old to searx/settings.yml
    rm searx/settings.yml.old #not needed anymore virtualenv searx-ve
    . ./searx-ve/bin/activate
    pip install -r requirements.txt
    python setup.py install
    #exit the virtual_env

    Now your application is upgraded, you just have to restart the service with:

    sudo /etc/init.d/uwsgi restart

    I also add some search engine which respect privacy enable by default like duckduckgo, xquick, qwant, startpage, ixquick.

    I hope this article was useful for you to upgrade your version of Searx. I am aware I have a Captcha issue with Google, I am working on it.

    Have a nice day

    Social media

    If you find this article interesting, feel free to subscribe to my RSS flux and to follow me on Mastodon. Don't hesitate to share it if you think he could interest someone else.

    Two new services available for you: Lufi and Searx

    Written by Mirabellette / 30 november 2017 / no comments

    Hello everyone,

    Some months since I hadn't published anything, I know that is a very long time ago. :( I had a lot of things to do. Of course, I work and learn new things. For myself and in order to continue to be autonomous about services I used, I hosted two new services for myself. Lufi and Searx.
    If I hosted them for myself, I had to share access them to others, It just normal I think, give and receive. You can access to the instances

    Lufi

    *from the official git repository
    Lufi means Let's Upload that FIle. Lufi is tested and working on the following browsers / devices :
    • Firefox
    • Chrome
    • Internet Explorer 11
    • Microsoft Edge
    • Safari
    • iOS devices (ipad, iphone)
    • Android devices (Galaxy tab, Galaxy S8)

    It stores files and allows you to download them. Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-)

    To install it, I mainly used a tutorial created by Framasoft and these contributors. In parallel, I always see the official installation guide before doing anything. Lufi is not so easy to install because it uses Websocket and it is very painful to configure the web server correctly.
    configuration
    I deliberately choose to allow storage to one week. My Lufi instance must no be dedicated to store files for a long period but to exchange them quickly and securely.
    sources

    Searx

    Searx is a free metasearch engine with the aim of protecting the privacy of its users. If you want to choose searx as default search engine to Firefox, you have to install add-to-search addon.

    At the end of the installation, you can get a page which tell you page not found. You can find a solution here, you just have to add a rewrite rule to apache2.
    RewriteEngine on
    RewriteRule "^/$" "/searx/" [R]
    <Location /searx>
     Options FollowSymLinks Indexes
     SetHandler uwsgi-handler
     uWSGISocket /run/uwsgi/app/searx/socket
    </Location>
    configuration
    Searx can also be used as web proxy in order to replace your IP by the server's IP. I disable this feature to avoid any problem because If my IP server was associated to a questionable navigation.
    sources

    Other maintenance stuff and improvements

    I upgrade the Privatebin instance from 1.0.1 to 1.1.1. This update fix an security issue. Even if the version available is not vulnerable, I take no risk and upgrade it. Moreover, application version currently deployed are now display in the services page. I know it is not recommend because it helps attacker to know the version but there are a lot of other way to discover it. I hope users will check before using services in order to see if they are updated or not and choose to use them knowing that. You can also found the date of availability.

    Disclaimer

    The same last words. Could you please didn't forget to not do anything wrong or use them in an abusing way; I hope you will enjoy these news services as I do. Have a good day,
    Mirabellette