diff --git a/.env b/.env index f1483b0..fc0f666 100644 --- a/.env +++ b/.env @@ -5,10 +5,3 @@ # SEARXNG_HOSTNAME= # LETSENCRYPT_EMAIL= - -# Optional: -# If you run a very small or a very large instance, you might want to change the amount of used uwsgi workers and threads per worker -# More workers (= processes) means that more search requests can be handled at the same time, but it also causes more resource usage - -# SEARXNG_UWSGI_WORKERS=4 -# SEARXNG_UWSGI_THREADS=4 diff --git a/Caddyfile b/Caddyfile index 7b5112e..a18a9ca 100644 --- a/Caddyfile +++ b/Caddyfile @@ -42,10 +42,6 @@ encode zstd gzip path /stats/checker } -@search { - path /search -} - @imageproxy { path /image_proxy } @@ -58,20 +54,17 @@ header { # CSP (https://content-security-policy.com) Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;" - # Disable some browser features + # Disable browser features Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()" - # Set referrer policy - Referrer-Policy "no-referrer" - - # Force clients to use HTTPS - Strict-Transport-Security "max-age=31536000" + # Only allow same-origin requests + Referrer-Policy "same-origin" # Prevent MIME type sniffing from the declared Content-Type X-Content-Type-Options "nosniff" - # X-Robots-Tag (comment to allow site indexing) - X-Robots-Tag "noindex, noarchive, nofollow" + # Comment header to allow indexing by search engines + X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex" # Remove "Server" header -Server @@ -84,14 +77,10 @@ header @api { route { # Cache policy - header Cache-Control "max-age=0, no-store" - header @search Cache-Control "max-age=5, private" - header @imageproxy Cache-Control "max-age=604800, public" + header Cache-Control "max-age=0, public, must-revalidate" + header @imageproxy Cache-Control "max-age=3600, public" header @static Cache-Control "max-age=31536000, public, immutable" } # SearXNG -reverse_proxy localhost:8080 { - # https://github.com/searx/searx-docker/issues/24 - header_up Connection "close" -} +reverse_proxy localhost:8080 diff --git a/README.md b/README.md index 3a778d1..b384144 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ There are two ways to host SearXNG. The first one doesn't require any prior know 9. Run SearXNG in the background: `docker compose up -d` > [!NOTE] -> You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host` network mode) with the `BIND_ADDRESS` environment variable (defaults to `0.0.0.0:8080`). The environment variable can be set directly inside `docker-compose.yaml`. +> You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host` network mode) with the `BIND_ADDRESS` environment variable (defaults to `[::]:8080`). The environment variable can be set directly inside `docker-compose.yaml`. ## Troubleshooting - How to access the logs @@ -78,14 +78,6 @@ You can skip this step if you don't use systemd. **Note:** Ensure the service file path matches your installation directory before enabling it. -## Note on the image proxy feature - -The SearXNG image proxy is activated by default. - -The default [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) allows the browser to access to ```${SEARXNG_HOSTNAME}``` and ```https://*.tile.openstreetmap.org;```. - -If some users want to disable the image proxy, you have to modify [./Caddyfile](https://github.com/searxng/searxng-docker/blob/master/Caddyfile). Replace the ```img-src 'self' data: https://*.tile.openstreetmap.org;``` by ```img-src * data:;```. - ## Multi Architecture Docker images Supported architecture: diff --git a/docker-compose.yaml b/docker-compose.yaml index 8566044..f17bb42 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -47,8 +47,6 @@ services: - searxng-data:/var/cache/searxng:rw environment: - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/ - - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4} - - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4} logging: driver: "json-file" options: