mirror of
https://github.com/searxng/searxng-docker.git
synced 2026-07-17 21:41:27 +00:00
Deprecation notice
Templates moved to https://github.com/searxng/searxng/tree/master/container Documentation moved to https://docs.searxng.org/admin/installation-docker.html
This commit is contained in:
7
.env
7
.env
@@ -1,7 +0,0 @@
|
||||
# By default listen on https://localhost
|
||||
# To change this:
|
||||
# * uncomment SEARXNG_HOSTNAME, and replace <host> by the SearXNG hostname
|
||||
# * uncomment LETSENCRYPT_EMAIL, and replace <email> by your email (require to create a Let's Encrypt certificate)
|
||||
|
||||
# SEARXNG_HOSTNAME=<host>
|
||||
# LETSENCRYPT_EMAIL=<email>
|
||||
6
.gitignore
vendored
6
.gitignore
vendored
@@ -1,6 +0,0 @@
|
||||
*~
|
||||
|
||||
searxng-docker.service
|
||||
caddy
|
||||
srv
|
||||
searxng/uwsgi.ini
|
||||
91
Caddyfile
91
Caddyfile
@@ -1,91 +0,0 @@
|
||||
{
|
||||
admin off
|
||||
|
||||
log {
|
||||
output stderr
|
||||
format filter {
|
||||
# Preserves first 8 bits from IPv4 and 32 bits from IPv6
|
||||
request>remote_ip ip_mask 8 32
|
||||
request>client_ip ip_mask 8 32
|
||||
|
||||
# Remove identificable information
|
||||
request>remote_port delete
|
||||
request>headers delete
|
||||
request>uri query {
|
||||
delete url
|
||||
delete h
|
||||
delete q
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
servers {
|
||||
client_ip_headers X-Forwarded-For X-Real-IP
|
||||
|
||||
# Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
|
||||
# https://caddyserver.com/docs/caddyfile/options#trusted-proxies
|
||||
trusted_proxies static private_ranges
|
||||
trusted_proxies_strict
|
||||
}
|
||||
}
|
||||
|
||||
{$SEARXNG_HOSTNAME}
|
||||
|
||||
tls {$SEARXNG_TLS}
|
||||
|
||||
encode zstd gzip
|
||||
|
||||
@api {
|
||||
path /config
|
||||
path /healthz
|
||||
path /stats/errors
|
||||
path /stats/checker
|
||||
}
|
||||
|
||||
@static {
|
||||
path /static/*
|
||||
}
|
||||
|
||||
@imageproxy {
|
||||
path /image_proxy
|
||||
}
|
||||
|
||||
header {
|
||||
# CSP (https://content-security-policy.com)
|
||||
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
|
||||
|
||||
# Disable browser features
|
||||
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
|
||||
|
||||
# Only allow same-origin requests
|
||||
Referrer-Policy "same-origin"
|
||||
|
||||
# Prevent MIME type sniffing from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
|
||||
# Comment header to allow indexing by search engines
|
||||
X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
|
||||
|
||||
# enable HSTS
|
||||
# WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached.
|
||||
|
||||
# Strict-Transport-Security max-age=15768000;
|
||||
|
||||
# Remove "Server" header
|
||||
-Server
|
||||
}
|
||||
|
||||
header @api {
|
||||
Access-Control-Allow-Methods "GET, OPTIONS"
|
||||
Access-Control-Allow-Origin "*"
|
||||
}
|
||||
|
||||
route {
|
||||
# Cache policy
|
||||
header Cache-Control "no-cache"
|
||||
header @static Cache-Control "public, max-age=30, stale-while-revalidate=60"
|
||||
header @imageproxy Cache-Control "public, max-age=3600"
|
||||
}
|
||||
|
||||
# SearXNG
|
||||
reverse_proxy localhost:8080
|
||||
125
README.md
125
README.md
@@ -1,119 +1,8 @@
|
||||
# searxng-docker
|
||||
> [!WARNING]
|
||||
> *searxng-docker* repository is superseded.
|
||||
>
|
||||
> For [**NEW installations**](https://docs.searxng.org/admin/installation-docker.html#compose-instancing)
|
||||
>
|
||||
> For [**EXISTING installations**](https://docs.searxng.org/admin/installation-docker.html#migrate-from-searxng-docker)
|
||||
|
||||
Create a new SearXNG instance in five minutes using Docker
|
||||
|
||||
## What is included?
|
||||
|
||||
| Name | Description | Docker image | Dockerfile |
|
||||
|-----------------------------------------------|----------------------------------------------------------------|------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [Caddy](https://github.com/caddyserver/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [docker.io/library/caddy:2-alpine](https://hub.docker.com/_/caddy) | [Dockerfile](https://github.com/caddyserver/caddy-docker/blob/master/Dockerfile.tmpl) |
|
||||
| [SearXNG](https://github.com/searxng/searxng) | SearXNG by itself | [docker.io/searxng/searxng:latest](https://hub.docker.com/r/searxng/searxng) | [builder.dockerfile](https://github.com/searxng/searxng/blob/master/container/builder.dockerfile) [dist.dockerfile](https://github.com/searxng/searxng/blob/master/container/dist.dockerfile) |
|
||||
| [Valkey](https://github.com/valkey-io/valkey) | In-memory database | [docker.io/valkey/valkey:8-alpine](https://hub.docker.com/r/valkey/valkey) | [Dockerfile](https://github.com/valkey-io/valkey-container/blob/mainline/Dockerfile.template) |
|
||||
|
||||
## How to use it
|
||||
|
||||
There are two ways to host SearXNG. The first one doesn't require any prior knowledge about self-hosting and thus is
|
||||
recommended for beginners. It includes caddy as a reverse proxy and automatically deals with the TLS certificates for
|
||||
you. The second one is recommended for more advanced users that already have their own reverse proxy (e.g. Nginx,
|
||||
HAProxy, ...) and probably some other services running on their machine. The first few steps are the same for both
|
||||
installation methods however.
|
||||
|
||||
1. [Install docker](https://docs.docker.com/install/)
|
||||
2. Get searxng-docker
|
||||
|
||||
```shell
|
||||
cd /usr/local
|
||||
git clone https://github.com/searxng/searxng-docker.git
|
||||
cd searxng-docker
|
||||
```
|
||||
|
||||
3. Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
|
||||
4. Generate the secret key `sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
|
||||
On a Mac: `sed -i '' "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
|
||||
5. Edit [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) according to
|
||||
your needs
|
||||
|
||||
> [!NOTE]
|
||||
> Windows users can use the following powershell script to generate the secret key:
|
||||
> ```powershell
|
||||
> $randomBytes = New-Object byte[] 32
|
||||
> (New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
|
||||
> $secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
|
||||
> (Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml
|
||||
> ```
|
||||
|
||||
### Method 1: With Caddy included (recommended for beginners)
|
||||
|
||||
6. Run SearXNG in the background: `docker compose up -d`
|
||||
|
||||
### Method 2: Bring your own reverse proxy (experienced users)
|
||||
|
||||
6. Remove the caddy related parts in `docker-compose.yaml` such as the caddy service and its volumes.
|
||||
7. Point your reverse proxy to the port set for the `searxng` service in `docker-compose.yml` (8080 by default).
|
||||
8. Generate and configure the required TLS certificates with the reverse proxy of your choice.
|
||||
9. Run SearXNG in the background: `docker compose up -d`
|
||||
|
||||
> [!NOTE]
|
||||
> You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host`
|
||||
> network mode) with the `BIND_ADDRESS` environment variable (defaults to `[::]:8080`). The environment variable can be
|
||||
> set directly inside `docker-compose.yaml`.
|
||||
|
||||
## Troubleshooting - How to access the logs
|
||||
|
||||
To access the logs from all the containers use: `docker compose logs -f`.
|
||||
|
||||
To access the logs of one specific container:
|
||||
|
||||
- Caddy: `docker compose logs -f caddy`
|
||||
- SearXNG: `docker compose logs -f searxng`
|
||||
- Valkey: `docker compose logs -f redis`
|
||||
|
||||
### Start SearXNG with systemd
|
||||
|
||||
You can skip this step if you don't use systemd.
|
||||
|
||||
1. Copy the service template file:
|
||||
```sh
|
||||
cp searxng-docker.service.template searxng-docker.service
|
||||
```
|
||||
|
||||
2. Edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is
|
||||
different from ```/usr/local/searxng-docker```)
|
||||
|
||||
3. Enable the service:
|
||||
```sh
|
||||
systemctl enable $(pwd)/searxng-docker.service
|
||||
```
|
||||
|
||||
4. Start the service:
|
||||
```sh
|
||||
systemctl start searxng-docker.service
|
||||
```
|
||||
|
||||
**Note:** Ensure the service file path matches your installation directory before enabling it.
|
||||
|
||||
## Multi Architecture Docker images
|
||||
|
||||
Supported architecture:
|
||||
|
||||
- amd64
|
||||
- arm64
|
||||
- arm/v7
|
||||
|
||||
## How to update ?
|
||||
|
||||
To update the SearXNG stack:
|
||||
|
||||
```sh
|
||||
git pull
|
||||
docker compose pull
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
Or the old way (with the old docker-compose version):
|
||||
|
||||
```sh
|
||||
git pull
|
||||
docker-compose pull
|
||||
docker-compose up -d
|
||||
```
|
||||
Continue to [*searxng-docker*](https://github.com/searxng/searxng-docker/tree/0c7875a42942e916ab39b171d69cab7d170ddb60) (deprecated)
|
||||
|
||||
@@ -1,61 +0,0 @@
|
||||
services:
|
||||
caddy:
|
||||
container_name: caddy
|
||||
image: docker.io/library/caddy:2-alpine
|
||||
network_mode: host
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
||||
- caddy-data:/data:rw
|
||||
- caddy-config:/config:rw
|
||||
environment:
|
||||
- SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost}
|
||||
- SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "1m"
|
||||
max-file: "1"
|
||||
|
||||
redis:
|
||||
container_name: redis
|
||||
image: docker.io/valkey/valkey:8-alpine
|
||||
command: valkey-server --save 30 1 --loglevel warning
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- searxng
|
||||
volumes:
|
||||
- valkey-data2:/data
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "1m"
|
||||
max-file: "1"
|
||||
|
||||
searxng:
|
||||
container_name: searxng
|
||||
image: docker.io/searxng/searxng:latest
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- searxng
|
||||
ports:
|
||||
- "127.0.0.1:8080:8080"
|
||||
volumes:
|
||||
- ./searxng:/etc/searxng:rw
|
||||
- searxng-data:/var/cache/searxng:rw
|
||||
environment:
|
||||
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "1m"
|
||||
max-file: "1"
|
||||
|
||||
networks:
|
||||
searxng:
|
||||
|
||||
volumes:
|
||||
caddy-data:
|
||||
caddy-config:
|
||||
valkey-data2:
|
||||
searxng-data:
|
||||
@@ -1,16 +0,0 @@
|
||||
[Unit]
|
||||
Description=SearXNG service
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=on-failure
|
||||
|
||||
Environment=SEARXNG_DOCKERCOMPOSEFILE=docker-compose.yaml
|
||||
|
||||
WorkingDirectory=/usr/local/searxng-docker
|
||||
ExecStart=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans
|
||||
ExecStop=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} down
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,7 +0,0 @@
|
||||
# This configuration file updates the default configuration file
|
||||
# See https://github.com/searxng/searxng/blob/master/searx/limiter.toml
|
||||
|
||||
[botdetection.ip_limit]
|
||||
# activate advanced bot protection
|
||||
# enable this when running the instance for a public usage on the internet
|
||||
link_token = false
|
||||
@@ -1,9 +0,0 @@
|
||||
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
|
||||
use_default_settings: true
|
||||
server:
|
||||
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
|
||||
secret_key: "ultrasecretkey" # change this!
|
||||
limiter: false # enable this when running the instance for a public usage on the internet
|
||||
image_proxy: true
|
||||
redis:
|
||||
url: redis://redis:6379/0
|
||||
Reference in New Issue
Block a user