Deprecation notice

Templates moved to https://github.com/searxng/searxng/tree/master/container
Documentation moved to https://docs.searxng.org/admin/installation-docker.html
This commit is contained in:
Ivan Gabaldon
2026-03-28 20:09:29 +01:00
committed by GitHub
parent 0c7875a429
commit 2138c5d13d
8 changed files with 7 additions and 315 deletions

7
.env
View File

@@ -1,7 +0,0 @@
# By default listen on https://localhost
# To change this:
# * uncomment SEARXNG_HOSTNAME, and replace <host> by the SearXNG hostname
# * uncomment LETSENCRYPT_EMAIL, and replace <email> by your email (require to create a Let's Encrypt certificate)
# SEARXNG_HOSTNAME=<host>
# LETSENCRYPT_EMAIL=<email>

6
.gitignore vendored
View File

@@ -1,6 +0,0 @@
*~
searxng-docker.service
caddy
srv
searxng/uwsgi.ini

View File

@@ -1,91 +0,0 @@
{
admin off
log {
output stderr
format filter {
# Preserves first 8 bits from IPv4 and 32 bits from IPv6
request>remote_ip ip_mask 8 32
request>client_ip ip_mask 8 32
# Remove identificable information
request>remote_port delete
request>headers delete
request>uri query {
delete url
delete h
delete q
}
}
}
servers {
client_ip_headers X-Forwarded-For X-Real-IP
# Allow the following IP to passthrough the "X-Forwarded-*" headers to SearXNG
# https://caddyserver.com/docs/caddyfile/options#trusted-proxies
trusted_proxies static private_ranges
trusted_proxies_strict
}
}
{$SEARXNG_HOSTNAME}
tls {$SEARXNG_TLS}
encode zstd gzip
@api {
path /config
path /healthz
path /stats/errors
path /stats/checker
}
@static {
path /static/*
}
@imageproxy {
path /image_proxy
}
header {
# CSP (https://content-security-policy.com)
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
# Disable browser features
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
# Only allow same-origin requests
Referrer-Policy "same-origin"
# Prevent MIME type sniffing from the declared Content-Type
X-Content-Type-Options "nosniff"
# Comment header to allow indexing by search engines
X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
# enable HSTS
# WARNING: Once this value is set, the site must continue to support HTTPS until the expiry time is reached.
# Strict-Transport-Security max-age=15768000;
# Remove "Server" header
-Server
}
header @api {
Access-Control-Allow-Methods "GET, OPTIONS"
Access-Control-Allow-Origin "*"
}
route {
# Cache policy
header Cache-Control "no-cache"
header @static Cache-Control "public, max-age=30, stale-while-revalidate=60"
header @imageproxy Cache-Control "public, max-age=3600"
}
# SearXNG
reverse_proxy localhost:8080

125
README.md
View File

@@ -1,119 +1,8 @@
# searxng-docker
> [!WARNING]
> *searxng-docker* repository is superseded.
>
> For [**NEW installations**](https://docs.searxng.org/admin/installation-docker.html#compose-instancing)
>
> For [**EXISTING installations**](https://docs.searxng.org/admin/installation-docker.html#migrate-from-searxng-docker)
Create a new SearXNG instance in five minutes using Docker
## What is included?
| Name | Description | Docker image | Dockerfile |
|-----------------------------------------------|----------------------------------------------------------------|------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [Caddy](https://github.com/caddyserver/caddy) | Reverse proxy (create a LetsEncrypt certificate automatically) | [docker.io/library/caddy:2-alpine](https://hub.docker.com/_/caddy) | [Dockerfile](https://github.com/caddyserver/caddy-docker/blob/master/Dockerfile.tmpl) |
| [SearXNG](https://github.com/searxng/searxng) | SearXNG by itself | [docker.io/searxng/searxng:latest](https://hub.docker.com/r/searxng/searxng) | [builder.dockerfile](https://github.com/searxng/searxng/blob/master/container/builder.dockerfile) [dist.dockerfile](https://github.com/searxng/searxng/blob/master/container/dist.dockerfile) |
| [Valkey](https://github.com/valkey-io/valkey) | In-memory database | [docker.io/valkey/valkey:8-alpine](https://hub.docker.com/r/valkey/valkey) | [Dockerfile](https://github.com/valkey-io/valkey-container/blob/mainline/Dockerfile.template) |
## How to use it
There are two ways to host SearXNG. The first one doesn't require any prior knowledge about self-hosting and thus is
recommended for beginners. It includes caddy as a reverse proxy and automatically deals with the TLS certificates for
you. The second one is recommended for more advanced users that already have their own reverse proxy (e.g. Nginx,
HAProxy, ...) and probably some other services running on their machine. The first few steps are the same for both
installation methods however.
1. [Install docker](https://docs.docker.com/install/)
2. Get searxng-docker
```shell
cd /usr/local
git clone https://github.com/searxng/searxng-docker.git
cd searxng-docker
```
3. Edit the [.env](https://github.com/searxng/searxng-docker/blob/master/.env) file to set the hostname and an email
4. Generate the secret key `sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
On a Mac: `sed -i '' "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml`
5. Edit [searxng/settings.yml](https://github.com/searxng/searxng-docker/blob/master/searxng/settings.yml) according to
your needs
> [!NOTE]
> Windows users can use the following powershell script to generate the secret key:
> ```powershell
> $randomBytes = New-Object byte[] 32
> (New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
> $secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
> (Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml
> ```
### Method 1: With Caddy included (recommended for beginners)
6. Run SearXNG in the background: `docker compose up -d`
### Method 2: Bring your own reverse proxy (experienced users)
6. Remove the caddy related parts in `docker-compose.yaml` such as the caddy service and its volumes.
7. Point your reverse proxy to the port set for the `searxng` service in `docker-compose.yml` (8080 by default).
8. Generate and configure the required TLS certificates with the reverse proxy of your choice.
9. Run SearXNG in the background: `docker compose up -d`
> [!NOTE]
> You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host`
> network mode) with the `BIND_ADDRESS` environment variable (defaults to `[::]:8080`). The environment variable can be
> set directly inside `docker-compose.yaml`.
## Troubleshooting - How to access the logs
To access the logs from all the containers use: `docker compose logs -f`.
To access the logs of one specific container:
- Caddy: `docker compose logs -f caddy`
- SearXNG: `docker compose logs -f searxng`
- Valkey: `docker compose logs -f redis`
### Start SearXNG with systemd
You can skip this step if you don't use systemd.
1. Copy the service template file:
```sh
cp searxng-docker.service.template searxng-docker.service
```
2. Edit the content of ```WorkingDirectory``` in the ```searxng-docker.service``` file (only if the installation path is
different from ```/usr/local/searxng-docker```)
3. Enable the service:
```sh
systemctl enable $(pwd)/searxng-docker.service
```
4. Start the service:
```sh
systemctl start searxng-docker.service
```
**Note:** Ensure the service file path matches your installation directory before enabling it.
## Multi Architecture Docker images
Supported architecture:
- amd64
- arm64
- arm/v7
## How to update ?
To update the SearXNG stack:
```sh
git pull
docker compose pull
docker compose up -d
```
Or the old way (with the old docker-compose version):
```sh
git pull
docker-compose pull
docker-compose up -d
```
Continue to [*searxng-docker*](https://github.com/searxng/searxng-docker/tree/0c7875a42942e916ab39b171d69cab7d170ddb60) (deprecated)

View File

@@ -1,61 +0,0 @@
services:
caddy:
container_name: caddy
image: docker.io/library/caddy:2-alpine
network_mode: host
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- caddy-data:/data:rw
- caddy-config:/config:rw
environment:
- SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost}
- SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
redis:
container_name: redis
image: docker.io/valkey/valkey:8-alpine
command: valkey-server --save 30 1 --loglevel warning
restart: unless-stopped
networks:
- searxng
volumes:
- valkey-data2:/data
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
searxng:
container_name: searxng
image: docker.io/searxng/searxng:latest
restart: unless-stopped
networks:
- searxng
ports:
- "127.0.0.1:8080:8080"
volumes:
- ./searxng:/etc/searxng:rw
- searxng-data:/var/cache/searxng:rw
environment:
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
networks:
searxng:
volumes:
caddy-data:
caddy-config:
valkey-data2:
searxng-data:

View File

@@ -1,16 +0,0 @@
[Unit]
Description=SearXNG service
Requires=docker.service
After=docker.service
[Service]
Restart=on-failure
Environment=SEARXNG_DOCKERCOMPOSEFILE=docker-compose.yaml
WorkingDirectory=/usr/local/searxng-docker
ExecStart=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} up --remove-orphans
ExecStop=/usr/local/bin/docker compose -f ${SEARXNG_DOCKERCOMPOSEFILE} down
[Install]
WantedBy=multi-user.target

View File

@@ -1,7 +0,0 @@
# This configuration file updates the default configuration file
# See https://github.com/searxng/searxng/blob/master/searx/limiter.toml
[botdetection.ip_limit]
# activate advanced bot protection
# enable this when running the instance for a public usage on the internet
link_token = false

View File

@@ -1,9 +0,0 @@
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
use_default_settings: true
server:
# base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
secret_key: "ultrasecretkey" # change this!
limiter: false # enable this when running the instance for a public usage on the internet
image_proxy: true
redis:
url: redis://redis:6379/0