Araa

Documentation

Araa installation guide

To write this guide, I was using Ubuntu Server 22.04 LTS. This guide assumes you're using sudo or root.


Install required packages:

apt install nginx nginx-extras python3-pip certbot python3-certbot-nginx gunicorn

Clone Araa:

git clone https://github.com/Extravi/araa-search.git

Configure opensearch.xml by replacing http://127.0.0.1:5000/ with https://araa.yourdomain.com/ make sure to replace http:// with https://:

cd araa-search/
cd static/
mv opensearch.xml.example opensearch.xml
nano opensearch.xml

Once you've done that, cd back into the Araa directory and install the required packages:

cd ~/araa-search
pip install flask lxml bs4

Configure nginx by replacing araa.yourdomain.com with your own domain:

cd /etc/nginx/sites-enabled/
rm default
wget -O araa https://raw.githubusercontent.com/Extravi/araa-docs/main/config/araa
nano araa

Now cd into /etc/nginx/ and replace nginx.conf; this will disable logging and improve server security:

cd /etc/nginx/
rm nginx.conf
wget -O nginx.conf https://raw.githubusercontent.com/Extravi/araa-docs/main/config/nginx.conf
nginx -t && nginx -s reload

Expected output:

root@ubuntu-s-1vcpu-1gb-tor1-01:/etc/nginx# nginx -t && nginx -s reload
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@ubuntu-s-1vcpu-1gb-tor1-01:/etc/nginx#

Obtain an SSL/TLS certificate, but before doing so, make sure you have an A record pointed to your server for that domain:

certbot --nginx -d araa.yourdomain.com

Once you've done that, open the crontab file:

crontab -e

Then paste this at the bottom of the crontab file. This will automatically renew your Let’s Encrypt certificate:

0 12 * * * /usr/bin/certbot renew --quiet

Setup a firewall with UFW:

ufw default deny
ufw allow ssh
ufw allow https
ufw allow http
ufw enable

Run the status command:

ufw status verbose

You should see an output like this:

root@ubuntu-s-1vcpu-1gb-tor1-01:~/araa-search# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
                    
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
                    
root@ubuntu-s-1vcpu-1gb-tor1-01:~/araa-search#

Now we need to disable IPv6 because many websites, like Google, are more likely to block IPv6:

bash -c 'cat <> /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF'

Now you need to configure your SSH daemon to only listen over IPv4:

echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config

Now cd back into the Araa directory:

cd ~/araa-search

Run this command to start Araa:

gunicorn -w 4 __init__:app