mirror of
https://github.com/searxng/searxng-docker.git
synced 2026-07-17 21:41:27 +00:00
Deprecation notice
Templates moved to https://github.com/searxng/searxng/tree/master/container Documentation moved to https://docs.searxng.org/admin/installation-docker.html
This commit is contained in:
7
.env
7
.env
@@ -1,7 +0,0 @@
|
|||||||
# By default listen on https://localhost
|
|
||||||
# To change this:
|
|
||||||
# * uncomment SEARXNG_HOSTNAME, and replace <host> by the SearXNG hostname
|
|
||||||
# * uncomment LETSENCRYPT_EMAIL, and replace <email> by your email (require to create a Let's Encrypt certificate)
|
|
||||||
|
|
||||||
# SEARXNG_HOSTNAME=<host>
|
|
||||||
# LETSENCRYPT_EMAIL=<email>
|
|
||||||
6
.gitignore
vendored
6
.gitignore
vendored
@@ -1,6 +0,0 @@
|
|||||||
*~
|
|
||||||
|
|
||||||
searxng-docker.service
|
|
||||||
caddy
|
|
||||||
srv
|
|
||||||
searxng/uwsgi.ini
|
|
||||||
91
Caddyfile
91
Caddyfile
@@ -1,91 +0,0 @@
|
|||||||
{
|
|
||||||
admin off
|
|
||||||
|
|
||||||
log {
|
|
||||||
output stderr
|
|
||||||
format filter {
|
|
||||||
# Preserves first 8 bits from IPv4 and 32 bits from IPv6
|
|
||||||
request>remote_ip ip_mask 8 32
|
|
||||||
request>client_ip ip_mask 8 32
|
|
||||||
|
|
||||||
# Remove identificable information
|
|
||||||
request>remote_port delete
|
|
||||||
request>headers delete
|
|
||||||
request>uri query {
|
|
||||||
delete url
|
|
||||||
delete h
|
|
||||||
delete q
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
servers {
|
|
||||||
client_ip_headers X-Forwarded-For X-Real-IP
|
|
||||||
|
|
||||||
# Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
|
|
||||||
# https://caddyserver.com/docs/caddyfile/options#trusted-proxies
|
|
||||||
trusted_proxies static private_ranges
|
|
||||||
trusted_proxies_strict
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
{$SEARXNG_HOSTNAME}
|
|
||||||
|
|
||||||
tls {$SEARXNG_TLS}
|
|
||||||
|
|
||||||
encode zstd gzip
|
|
||||||
|
|
||||||
@api {
|
|
||||||
path /config
|
|
||||||
path /healthz
|
|
||||||
path /stats/errors
|
|
||||||
path /stats/checker
|
|
||||||
}
|
|
||||||
|
|
||||||
@static {
|
|
||||||
path /static/*
|
|
||||||
}
|
|
||||||
|
|
||||||
@imageproxy {
|
|
||||||
path /image_proxy
|
|
||||||
}
|
|
||||||
|
|
||||||
header {
|
|
||||||
# CSP (https://content-security-policy.com)
|
|
||||||
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
|
|
||||||
|
|
||||||
# Disable browser features
|
|
||||||
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
|
|
||||||
|
|
||||||
# Only allow same-origin requests
|
|
||||||
Referrer-Policy "same-origin"
|
|
||||||
|
|
||||||
# Prevent MIME type sniffing from the declared Content-Type
|
|
||||||
X-Content-Type-Options "nosniff"
|
|
||||||
|
|
||||||
# Comment header to allow indexing by search engines
|
|
||||||
X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
|
|
||||||
|
|
||||||
# enable HSTS
|
|
||||||
# WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached.
|
|
||||||
|
|
||||||
# Strict-Transport-Security max-age=15768000;
|
|
||||||
|
|
||||||
# Remove "Server" header
|
|
||||||
-Server
|
|
||||||
}
|
|
||||||
|
|
||||||
header @api {
|
|
||||||
Access-Control-Allow-Methods "GET, OPTIONS"
|
|
||||||
Access-Control-Allow-Origin "*"
|
|
||||||
}
|
|
||||||
|
|
||||||
route {
|
|
||||||
# Cache policy
|
|
||||||
header Cache-Control "no-cache"
|
|
||||||
header @static Cache-Control "public, max-age=30, stale-while-revalidate=60"
|
|
||||||
header @imageproxy Cache-Control "public, max-age=3600"
|
|
||||||
}
|
|
||||||
|
|
||||||
# SearXNG
|
|
||||||
reverse_proxy localhost:8080
|
|
||||||
125
README.md
125
README.md
@@ -1,119 +1,8 @@
|
|||||||
# searxng-docker
|
> [!WARNING]
|
||||||
|
> *searxng-docker* repository is superseded.
|
||||||
|
>
|
||||||
|
> For [**NEW installations**](https://docs.searxng.org/admin/installation-docker.html#compose-instancing)
|
||||||
|
>
|
||||||
|
> For [**EXISTING installations**](https://docs.searxng.org/admin/installation-docker.html#migrate-from-searxng-docker)
|
||||||
|
|
||||||
Create a new SearXNG instance in five minutes using Docker
|
Continue to [*searxng-docker*](https://github.com/searxng/searxng-docker/tree/0c7875a42942e916ab39b171d69cab7d170ddb60) (deprecated)
|
||||||
|
|
||||||
## What is included?
|
|
||||||
|
|
||||||
| Name | Description | Docker image | Dockerfile |
|
|
||||||
|-----------------------------------------------|----------------------------------------------------------------|------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|
||||||
| [Caddy](https://github.com/caddyserver/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [docker.io/library/caddy:2-alpine](https://hub.docker.com/_/caddy) | [Dockerfile](https://github.com/caddyserver/caddy-docker/blob/master/Dockerfile.tmpl) |
|
|
||||||
| [SearXNG](https://github.com/searxng/searxng) | SearXNG by itself | [docker.io/searxng/searxng:latest](https://hub.docker.com/r/searxng/searxng) | [builder.dockerfile](https://github.com/searxng/searxng/blob/master/container/builder.dockerfile) [dist.dockerfile](https://github.com/searxng/searxng/blob/master/container/dist.dockerfile) |
|
|
||||||
| [Valkey](https://github.com/valkey-io/valkey) | In-memory database | [docker.io/valkey/valkey:8-alpine](https://hub.docker.com/r/valkey/valkey) | [Dockerfile](https://github.com/valkey-io/valkey-container/blob/mainline/Dockerfile.template) |
|
|
||||||
|
|
||||||
## How to use it
|
|
||||||
|
|
||||||
There are two ways to host SearXNG. The first one doesn't require any prior knowledge about self-hosting and thus is
|
|
||||||
recommended for beginners. It includes caddy as a reverse proxy and automatically deals with the TLS certificates for
|
|
||||||
you. The second one is recommended for more advanced users that already have their own reverse proxy (e.g. Nginx,
|
|
||||||
HAProxy, ...) and probably some other services running on their machine. The first few steps are the same for both
|
|
||||||
installation methods however.
|
|
||||||
|
|
||||||
1. [Install docker](https://docs.docker.com/install/)
|
|
||||||
2. Get searxng-docker
|
|
||||||
|
|
||||||
```shell
|
|
||||||
cd /usr/local
|
|
||||||
git clone https://github.com/searxng/searxng-docker.git
|
|
||||||
cd searxng-docker
|
|
||||||
```
|
|
||||||
|
|
||||||
3. Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
|
|
||||||
4. Generate the secret key `sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
|
|
||||||
On a Mac: `sed -i '' "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
|
|
||||||
5. Edit [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) according to
|
|
||||||
your needs
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Windows users can use the following powershell script to generate the secret key:
|
|
||||||
> ```powershell
|
|
||||||
> $randomBytes = New-Object byte[] 32
|
|
||||||
> (New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
|
|
||||||
> $secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
|
|
||||||
> (Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml
|
|
||||||
> ```
|
|
||||||
|
|
||||||
### Method 1: With Caddy included (recommended for beginners)
|
|
||||||
|
|
||||||
6. Run SearXNG in the background: `docker compose up -d`
|
|
||||||
|
|
||||||
### Method 2: Bring your own reverse proxy (experienced users)
|
|
||||||
|
|
||||||
6. Remove the caddy related parts in `docker-compose.yaml` such as the caddy service and its volumes.
|
|
||||||
7. Point your reverse proxy to the port set for the `searxng` service in `docker-compose.yml` (8080 by default).
|
|
||||||
8. Generate and configure the required TLS certificates with the reverse proxy of your choice.
|
|
||||||
9. Run SearXNG in the background: `docker compose up -d`
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host`
|
|
||||||
> network mode) with the `BIND_ADDRESS` environment variable (defaults to `[::]:8080`). The environment variable can be
|
|
||||||
> set directly inside `docker-compose.yaml`.
|
|
||||||
|
|
||||||
## Troubleshooting - How to access the logs
|
|
||||||
|
|
||||||
To access the logs from all the containers use: `docker compose logs -f`.
|
|
||||||
|
|
||||||
To access the logs of one specific container:
|
|
||||||
|
|
||||||
- Caddy: `docker compose logs -f caddy`
|
|
||||||
- SearXNG: `docker compose logs -f searxng`
|
|
||||||
- Valkey: `docker compose logs -f redis`
|
|
||||||
|
|
||||||
### Start SearXNG with systemd
|
|
||||||
|
|
||||||
You can skip this step if you don't use systemd.
|
|
||||||
|
|
||||||
1. Copy the service template file:
|
|
||||||
```sh
|
|
||||||
cp searxng-docker.service.template searxng-docker.service
|
|
||||||
```
|
|
||||||
|
|
||||||
2. Edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is
|
|
||||||
different from ```/usr/local/searxng-docker```)
|
|
||||||
|
|
||||||
3. Enable the service:
|
|
||||||
```sh
|
|
||||||
systemctl enable $(pwd)/searxng-docker.service
|
|
||||||
```
|
|
||||||
|
|
||||||
4. Start the service:
|
|
||||||
```sh
|
|
||||||
systemctl start searxng-docker.service
|
|
||||||
```
|
|
||||||
|
|
||||||
**Note:** Ensure the service file path matches your installation directory before enabling it.
|
|
||||||
|
|
||||||
## Multi Architecture Docker images
|
|
||||||
|
|
||||||
Supported architecture:
|
|
||||||
|
|
||||||
- amd64
|
|
||||||
- arm64
|
|
||||||
- arm/v7
|
|
||||||
|
|
||||||
## How to update ?
|
|
||||||
|
|
||||||
To update the SearXNG stack:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
git pull
|
|
||||||
docker compose pull
|
|
||||||
docker compose up -d
|
|
||||||
```
|
|
||||||
|
|
||||||
Or the old way (with the old docker-compose version):
|
|
||||||
|
|
||||||
```sh
|
|
||||||
git pull
|
|
||||||
docker-compose pull
|
|
||||||
docker-compose up -d
|
|
||||||
```
|
|
||||||
|
|||||||
@@ -1,61 +0,0 @@
|
|||||||
services:
|
|
||||||
caddy:
|
|
||||||
container_name: caddy
|
|
||||||
image: docker.io/library/caddy:2-alpine
|
|
||||||
network_mode: host
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
||||||
- caddy-data:/data:rw
|
|
||||||
- caddy-config:/config:rw
|
|
||||||
environment:
|
|
||||||
- SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost}
|
|
||||||
- SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
|
|
||||||
logging:
|
|
||||||
driver: "json-file"
|
|
||||||
options:
|
|
||||||
max-size: "1m"
|
|
||||||
max-file: "1"
|
|
||||||
|
|
||||||
redis:
|
|
||||||
container_name: redis
|
|
||||||
image: docker.io/valkey/valkey:8-alpine
|
|
||||||
command: valkey-server --save 30 1 --loglevel warning
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- searxng
|
|
||||||
volumes:
|
|
||||||
- valkey-data2:/data
|
|
||||||
logging:
|
|
||||||
driver: "json-file"
|
|
||||||
options:
|
|
||||||
max-size: "1m"
|
|
||||||
max-file: "1"
|
|
||||||
|
|
||||||
searxng:
|
|
||||||
container_name: searxng
|
|
||||||
image: docker.io/searxng/searxng:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- searxng
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:8080:8080"
|
|
||||||
volumes:
|
|
||||||
- ./searxng:/etc/searxng:rw
|
|
||||||
- searxng-data:/var/cache/searxng:rw
|
|
||||||
environment:
|
|
||||||
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
|
|
||||||
logging:
|
|
||||||
driver: "json-file"
|
|
||||||
options:
|
|
||||||
max-size: "1m"
|
|
||||||
max-file: "1"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
searxng:
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
caddy-data:
|
|
||||||
caddy-config:
|
|
||||||
valkey-data2:
|
|
||||||
searxng-data:
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=SearXNG service
|
|
||||||
Requires=docker.service
|
|
||||||
After=docker.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Restart=on-failure
|
|
||||||
|
|
||||||
Environment=SEARXNG_DOCKERCOMPOSEFILE=docker-compose.yaml
|
|
||||||
|
|
||||||
WorkingDirectory=/usr/local/searxng-docker
|
|
||||||
ExecStart=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans
|
|
||||||
ExecStop=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} down
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
# This configuration file updates the default configuration file
|
|
||||||
# See https://github.com/searxng/searxng/blob/master/searx/limiter.toml
|
|
||||||
|
|
||||||
[botdetection.ip_limit]
|
|
||||||
# activate advanced bot protection
|
|
||||||
# enable this when running the instance for a public usage on the internet
|
|
||||||
link_token = false
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
|
|
||||||
use_default_settings: true
|
|
||||||
server:
|
|
||||||
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
|
|
||||||
secret_key: "ultrasecretkey" # change this!
|
|
||||||
limiter: false # enable this when running the instance for a public usage on the internet
|
|
||||||
image_proxy: true
|
|
||||||
redis:
|
|
||||||
url: redis://redis:6379/0
|
|
||||||
Reference in New Issue
Block a user