Self-Hosting searxNG with Docker
This is a step-by-step guide on how to self-host your own instance of searxNG using docker, with full TLS support with certbot. For those of you who are unaware of searxNG, it's a free and open-source privacy-respecting metasearch engine that aggregates the results from multiple search engines for the user. Visiting searx.space, you can find public instances of searxNG which are hosted by people. If you also want to do the same, read on.
This guide assumes you're using a debian-based system.
1. Installing necessary packages
You need to install a few packages before starting the setup.
sudo apt update && sudo apt upgrade
sudo apt install docker docker-compose nginx python3-certbot python3-certbot-nginx2. Setting up
Download the necessary files for searxNG.
mkdir -p searxng/core-config
cd searxng
curl -fsSL \
-O https://raw.githubusercontent.com/searxng/searxng/master/container/docker-compose.yml \
-O https://raw.githubusercontent.com/searxng/searxng/master/container/.env.example
Make a .env file with the following contents:
SEARXNG_VERSION=latest
SEARXNG_HOST=[::]
SEARXNG_PORT=8080
docker-compose.yml file or use the modified one below if you face any issues
version: '3.8'
services:
core:
container_name: searxng-core
image: docker.io/searxng/searxng:${SEARXNG_VERSION:-latest}
restart: always
ports:
- "8080:8080"
env_file: ./.env
volumes:
- ./core-config/:/etc/searxng/:Z
- core-data:/var/cache/searxng/
valkey:
container_name: searxng-valkey
image: docker.io/valkey/valkey:9-alpine
command: valkey-server --save 30 1 --loglevel warning
restart: always
volumes:
- valkey-data:/data/
volumes:
core-data:
valkey-data:
Finally, you can bring up the containers.
docker-compose up -dIf you have followed the tutorial meticulously thus far, you should have an instance of searxNG running on http://yourdomain.com:8080 (provided that you've correctly configured the DNS records.)
If you can't access it, make sure there are no firewall rules blocking inbound requests to that port.
3. Configuring searxNG
If you want to change the defaults for searxNG, you can do so by editing the file core-config/settings.yml. Configuring involves changing the default search engines, enhancing privacy and all.
Here's a link to my settings.yml incase you want to use it.
When you make a change to your settings.yml file, make sure to restart the containers for the change to take effect.
docker-compose down
docker-compose up -dIt is also a good idea to setup rate limiting for your searxNG instance to reduce bot activities and abuse. To do so, create a file under core-config/ with the name limiter.toml and the following as contents.
[botdetection.ip_limit]
link_token = trueAlso change the value of limiter to true under the server: block in settings.yml.
4. Setting up SSL/TLS with certbot and nginx
Save the following nginx config to /etc/nginx/sites-available/searxng
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}sudo ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/Test the config and reload nginx
sudo nginx -t && sudo systemctl reload nginxNow, you use certbot to request a certificate for your domain(s) by following the prompts.
certbot --nginxAt the end of it, you should have SSL/TLS setup for your searxNG instance. Visit https://yourdomain.com and you should see your own self-hosted searxNG instance.