fix] revert searxng/searxng#4699 due to breaking issues (#4720)

This reverts commit 2e74d863210c0d21b9e0a64576dcd24237f23f8c.

Dockerfile

@@ -1,104 +1,92 @@
-FROM --platform=$TARGETPLATFORM docker.io/library/python:3.13-slim AS builder
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    build-essential \
-    brotli \
-    # lxml
-    libxml2-dev \
-    libxslt1-dev \
-    zlib1g-dev \
-    # uwsgi
-    libpcre3-dev \
- && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /usr/local/searxng/
-
-COPY ./requirements.txt ./requirements.txt
-
-RUN --mount=type=cache,id=pip,target=$HOME/.cache/pip python -m venv ./venv \
- && . ./venv/bin/activate \
- && pip install -r requirements.txt \
- && pip install "uwsgi~=2.0"
-
-COPY ./searx/ ./searx/
-
-ARG TIMESTAMP_SETTINGS=0
-ARG TIMESTAMP_UWSGI=0
-
-RUN python -m compileall -q searx \
- && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
- && touch -c --date=@$TIMESTAMP_UWSGI ./dockerfiles/uwsgi.ini \
- && find /usr/local/searxng/searx/static \
-    \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-    -type f -exec gzip -9 -k {} + -exec brotli --best {} +
+FROM alpine:3.20
+ENTRYPOINT ["/sbin/tini","--","/usr/local/searxng/dockerfiles/docker-entrypoint.sh"]
+EXPOSE 8080
+VOLUME /etc/searxng
 
-ARG SEARXNG_UID=977
 ARG SEARXNG_GID=977
+ARG SEARXNG_UID=977
 
-RUN grep -m1 root /etc/group > /tmp/.searxng.group \
- && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \
- && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \
- && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd
-
-FROM --platform=$TARGETPLATFORM docker.io/library/python:3.13-slim
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    # uwsgi
-    libpcre3 \
-    libxml2 \
-    mailcap \
- && rm -rf /var/lib/apt/lists/*
-
-COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd
-COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group
-
-ARG LABEL_DATE="0001-01-01T00:00:00Z"
-ARG GIT_URL="unspecified"
-ARG SEARXNG_GIT_VERSION="unspecified"
-ARG LABEL_VCS_REF="unspecified"
-ARG LABEL_VCS_URL="unspecified"
-
-WORKDIR /usr/local/searxng/
-
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
-COPY --chown=searxng:searxng ./dockerfiles/ ./dockerfiles/
-
-LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
-      org.opencontainers.image.created=$LABEL_DATE \
-      org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \
-      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \
-      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
-      org.opencontainers.image.revision=$LABEL_VCS_REF \
-      org.opencontainers.image.source=$LABEL_VCS_URL \
-      org.opencontainers.image.title="searxng" \
-      org.opencontainers.image.url=$LABEL_VCS_URL \
-      org.opencontainers.image.version=$SEARXNG_GIT_VERSION
-
-ENV CONFIG_PATH=/etc/searxng \
-    DATA_PATH=/var/cache/searxng
+RUN addgroup -g ${SEARXNG_GID} searxng && \
+    adduser -u ${SEARXNG_UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng
 
-ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \
-    INSTANCE_NAME=searxng \
-    AUTOCOMPLETE="" \
-    BASE_URL="" \
+ENV INSTANCE_NAME=searxng \
+    AUTOCOMPLETE= \
+    BASE_URL= \
     BIND_ADDRESS=[::]:8080 \
-    MORTY_KEY="" \
-    MORTY_URL="" \
-    SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \
-    UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \
+    MORTY_KEY= \
+    MORTY_URL= \
+    SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml \
+    UWSGI_SETTINGS_PATH=/etc/searxng/uwsgi.ini \
     UWSGI_WORKERS=%k \
     UWSGI_THREADS=4
 
-VOLUME $CONFIG_PATH
-VOLUME $DATA_PATH
+WORKDIR /usr/local/searxng
 
-EXPOSE 8080
+COPY requirements.txt ./requirements.txt
 
-USER searxng:searxng
+RUN apk add --no-cache -t build-dependencies \
+    build-base \
+    py3-setuptools \
+    python3-dev \
+    libffi-dev \
+    libxslt-dev \
+    libxml2-dev \
+    openssl-dev \
+    tar \
+    git \
+ && apk add --no-cache \
+    ca-certificates \
+    python3 \
+    py3-pip \
+    libxml2 \
+    libxslt \
+    openssl \
+    tini \
+    uwsgi \
+    uwsgi-python3 \
+    brotli \
+ && pip3 install --break-system-packages --no-cache -r requirements.txt \
+ && apk del build-dependencies \
+ && rm -rf /root/.cache
+
+COPY --chown=searxng:searxng dockerfiles ./dockerfiles
+COPY --chown=searxng:searxng searx ./searx
+
+ARG TIMESTAMP_SETTINGS=0
+ARG TIMESTAMP_UWSGI=0
+ARG VERSION_GITCOMMIT=unknown
+
+RUN su searxng -c "/usr/bin/python3 -m compileall -q searx" \
+ && touch -c --date=@${TIMESTAMP_SETTINGS} searx/settings.yml \
+ && touch -c --date=@${TIMESTAMP_UWSGI} dockerfiles/uwsgi.ini \
+ && find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' \
+    -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
+    -type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+
 
 HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
 
-ENTRYPOINT ["/usr/local/searxng/dockerfiles/docker-entrypoint.sh"]
+# Keep these arguments at the end to prevent redundant layer rebuilds
+ARG LABEL_DATE=
+ARG GIT_URL=unknown
+ARG SEARXNG_GIT_VERSION=unknown
+ARG SEARXNG_DOCKER_TAG=unknown
+ARG LABEL_VCS_REF=
+ARG LABEL_VCS_URL=
+LABEL maintainer="searxng <${GIT_URL}>" \
+      description="A privacy-respecting, hackable metasearch engine." \
+      version="${SEARXNG_GIT_VERSION}" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.name="searxng" \
+      org.label-schema.version="${SEARXNG_GIT_VERSION}" \
+      org.label-schema.url="${LABEL_VCS_URL}" \
+      org.label-schema.vcs-ref=${LABEL_VCS_REF} \
+      org.label-schema.vcs-url=${LABEL_VCS_URL} \
+      org.label-schema.build-date="${LABEL_DATE}" \
+      org.label-schema.usage="https://github.com/searxng/searxng-docker" \
+      org.opencontainers.image.title="searxng" \
+      org.opencontainers.image.version="${SEARXNG_DOCKER_TAG}" \
+      org.opencontainers.image.url="${LABEL_VCS_URL}" \
+      org.opencontainers.image.revision=${LABEL_VCS_REF} \
+      org.opencontainers.image.source=${LABEL_VCS_URL} \
+      org.opencontainers.image.created="${LABEL_DATE}" \
+      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker"

dockerfiles/docker-entrypoint.sh

@@ -43,7 +43,15 @@ do
     esac
 done
 
-echo "SearXNG version $SEARXNG_VERSION"
+get_searxng_version(){
+    su searxng -c \
+       'python3 -c "import six; import searx.version; six.print_(searx.version.VERSION_STRING)"' \
+       2>/dev/null
+}
+
+SEARXNG_VERSION="$(get_searxng_version)"
+export SEARXNG_VERSION
+echo "SearXNG version ${SEARXNG_VERSION}"
 
 # helpers to update the configuration files
 patch_uwsgi_settings() {
@@ -68,7 +76,7 @@ patch_searxng_settings() {
         -e "s|base_url: false|base_url: ${BASE_URL}|g" \
         -e "s/instance_name: \"SearXNG\"/instance_name: \"${INSTANCE_NAME}\"/g" \
         -e "s/autocomplete: \"\"/autocomplete: \"${AUTOCOMPLETE}\"/g" \
-        -e "s/ultrasecretkey/$(head -c 24 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9')/g" \
+        -e "s/ultrasecretkey/$(openssl rand -hex 32)/g" \
         "${CONF}"
 
     # Morty configuration
@@ -164,4 +172,4 @@ printf 'Listen on %s\n' "${BIND_ADDRESS}"
 
 # Start uwsgi
 # TODO: "--http-socket" will be removed in the future (see uwsgi.ini.new config file): https://github.com/searxng/searxng/pull/4578
-exec /usr/local/searxng/venv/bin/uwsgi --http-socket "${BIND_ADDRESS}" "${UWSGI_SETTINGS_PATH}"
+exec uwsgi --http-socket "${BIND_ADDRESS}" "${UWSGI_SETTINGS_PATH}"

dockerfiles/uwsgi.ini

@@ -3,6 +3,10 @@
 # default value: [::]:8080 (see Dockerfile)
 http-socket = $(BIND_ADDRESS)
 
+# Who will run the code
+uid = searxng
+gid = searxng
+
 # Number of workers (usually CPU count)
 # default value: %k (= number of CPU core, see Dockerfile)
 workers = $(UWSGI_WORKERS)
@@ -17,6 +21,7 @@ chmod-socket = 666
 # Plugin to use and interpreter config
 single-interpreter = true
 master = true
+plugin = python3
 lazy-apps = true
 enable-threads = true