Self-Hosting searxNG with Docker

+ +

This is a step-by-step guide on how to self-host your own instance of searxNG using docker, with full TLS support with certbot. For those of you who are unaware of searxNG, it's a free and open-source privacy-respecting metasearch engine that aggregates the results from multiple search engines for the user. Visiting searx.space, you can find public instances of searxNG which are hosted by people. If you also want to do the same, read on.

+ +

This guide assumes you're using a debian-based system.

+ + + +

1. Installing necessary packages

You need to install a few packages before starting the setup.

sudo apt update && sudo apt upgrade
+sudo apt install docker docker-compose nginx python3-certbot python3-certbot-nginx

+ +

2. Setting up

Download the necessary files for searxNG.

mkdir -p searxng/core-config
+cd searxng
+curl -fsSL \ 
+    -O https://raw.githubusercontent.com/searxng/searxng/master/container/docker-compose.yml \
+    -O https://raw.githubusercontent.com/searxng/searxng/master/container/.env.example
+

Make a .env file with the following contents: +

SEARXNG_VERSION=latest
+SEARXNG_HOST=[::]
+SEARXNG_PORT=8080
+

+You can use the downloaded docker-compose.yml file or use the modified one below if you face any issues +

version: '3.8'
+
+services:
+  core:
+    container_name: searxng-core
+    image: docker.io/searxng/searxng:${SEARXNG_VERSION:-latest}
+    restart: always
+    ports:
+      - "8080:8080"
+    env_file: ./.env
+    volumes:
+      - ./core-config/:/etc/searxng/:Z
+      - core-data:/var/cache/searxng/
+
+  valkey:
+    container_name: searxng-valkey
+    image: docker.io/valkey/valkey:9-alpine
+    command: valkey-server --save 30 1 --loglevel warning
+    restart: always
+    volumes:
+      - valkey-data:/data/
+
+volumes:
+  core-data:
+  valkey-data:
+

Finally, you can bring up the containers.

docker-compose up -d

If you have followed the tutorial meticulously thus far, you should have an instance of searxNG running on http://yourdomain.com:8080 (provided that you've correctly configured the DNS records.)

If you can't access it, make sure there are no firewall rules blocking inbound requests to that port.

+ +

3. Configuring searxNG

If you want to change the defaults for searxNG, you can do so by editing the file core-config/settings.yml. Configuring involves changing the default search engines, enhancing privacy and all.

Here's a link to my settings.yml incase you want to use it.

When you make a change to your settings.yml file, make sure to restart the containers for the change to take effect.

docker-compose down
+docker-compose up -d

It is also a good idea to setup rate limiting for your searxNG instance to reduce bot activities and abuse. To do so, create a file under core-config/ with the name limiter.toml and the following as contents. +

[botdetection.ip_limit]
+link_token = true

Also change the value of limiter to true under the server: block in settings.yml. + +

4. Setting up SSL/TLS with certbot and nginx

Save the following nginx config to /etc/nginx/sites-available/searxng

server {
+    listen 80;
+    listen [::]:80;
+    server_name yourdomain.com www.yourdomain.com;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    location / {
+        proxy_pass         http://127.0.0.1:8080;
+        proxy_http_version 1.1;
+
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_set_header   Upgrade           $http_upgrade;
+        proxy_set_header   Connection        "upgrade";
+    }
+}

Create the symlink to tell nginx to use it

sudo ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/

Test the config and reload nginx

sudo nginx -t && sudo systemctl reload nginx

Now, you use certbot to request a certificate for your domain(s) by following the prompts.

certbot --nginx

At the end of it, you should have SSL/TLS setup for your searxNG instance. Visit https://yourdomain.com and you should see your own self-hosted searxNG instance.