search

searx / searx-docker

Create a searx instance using Docker
GNU Affero General Public License v3.0
406 stars 67 forks source link

"Rate limit exceeded" on localhost #77

Closed MudcrabDev closed 3 years ago

MudcrabDev commented 3 years ago

I recently updated my system and have encountered this error ever since. Reinstalled via instructions (clone git to /usr/local, cd, set Morty key, run ./start.sh) and error still occurs.

$  sudo ./start.sh 
use docker-compose.yaml
Removing caddy   ... done
Removing morty   ... done
Removing searx   ... done
Removing filtron ... done
Removing network searx-docker_searx
No stopped containers
Creating network "searx-docker_searx" with the default driver
Creating morty   ... done
Creating caddy   ... done
Creating filtron ... done
Creating searx   ... done
Attaching to caddy, searx, filtron, morty
caddy      | {"level":"info","ts":1617765685.311266,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
morty      | WARNING: no logs are available with the 'none' log driver
caddy      | {"level":"warn","ts":1617765685.3156552,"logger":"admin","msg":"admin endpoint disabled"}
caddy      | {"level":"info","ts":1617765685.3160853,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000379ab0"}
caddy      | {"level":"info","ts":1617765685.3693092,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy      | {"level":"info","ts":1617765685.369344,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy      | {"level":"warn","ts":1617765685.4564917,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
caddy      | 2021/04/07 03:21:25 Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
caddy      | 2021/04/07 03:21:25 define JAVA_HOME environment variable to use the Java trust
filtron    | 2021/04/07 03:21:27 15 rules loaded from /etc/filtron/rules.json
filtron    | 2021/04/07 03:21:27 API listens on 0.0.0.0:4041
filtron    | 2021/04/07 03:21:27 Proxy listens on 0.0.0.0:4040
caddy      | 2021/04/07 03:21:25 certificate installed properly in linux trusts
caddy      | {"level":"info","ts":1617765685.8220997,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["localhost"]}
caddy      | {"level":"info","ts":1617765685.8624566,"logger":"tls","msg":"cleaned up storage units"}
caddy      | {"level":"warn","ts":1617765685.8715765,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [localhost]: no OCSP server specified in certificate"}
caddy      | {"level":"info","ts":1617765685.8717706,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
caddy      | {"level":"info","ts":1617765685.8717864,"msg":"serving initial configuration"}
searx      | searx version 1.0.0-38-dd2b106f
searx      | 
searx      | Create /etc/searx/uwsgi.ini
searx      | Create /etc/searx/settings.yml
searx      | Listen on 0.0.0.0:8080
searx      | [uWSGI] getting INI configuration from /etc/searx/uwsgi.ini
searx      | [uwsgi-static] added mapping for /static => /usr/local/searx/searx/static

Firefox 87 on Pop! OS 20.04 (based on Ubuntu). I've determined this rule is the culprit:

           {
                "name": "IP limit",
                "interval": 3,
                "limit": 3,
                "aggregations": ["Header:X-Forwarded-For"],
                "actions": [
                    {"name": "block",
                     "params": {"message": "Rate limit exceeded, try again later."}}
                ]
            },

But I don't know how to fix it. Increasing interval and limit or deleting the rule altogether causes "The page isn’t redirecting properly" in Firefox. In Brave browser I get "Rate limit exceeded, try again later." this time caused by this rule:

    {
        "name": "IP limit, all paths",
        "interval": 3,
        "limit": 25,
        "aggregations": ["Header:X-Forwarded-For"],
        "actions": [
            {"name": "block",
             "params": {"message": "Rate limit exceeded, try again later."}}
        ]
    },
avpnusr commented 3 years ago

Hey @MudcrabDev

ran into the same problem with my istance. In the git-cloned folder on your system, check for the file "settings.yml" file in .../searx-docker/searx/settings.yml Open the file with an editor of your choice and look for this text-block:

server:
    port : 8888
    bind_address : "127.0.0.1" # address to listen on
    secret_key : "<here will be your own secret key>" # change this!
    base_url : https://your-domain.com # Set custom base_url. Possible values: False or "https://your.custom.host/location/"
    image_proxy : True # Proxying image results through searx
    http_protocol_version : "1.0"  # 1.0 and 1.1 are supported
    method: "POST" # POST queries are more secure as they don't show up in history but may cause problems when using Firefox 
[...]

Important part is the base_url : https://your-domain.com part. Make sure, there is no trailing "/" behind the "your-domain.com", or it will infinitely loop through redirects and you get the rate limit message. Issue is also opened on the searx main-repository and will be fixed soon, I think.

Regards,

avpnusr

unixfox commented 3 years ago

duplicate of https://github.com/searx/searx/issues/2729

MudcrabDev commented 3 years ago

Your fix worked! Thank you @avpnusr