jandieman/searxng-docker
2
0
Fork 0
mirror of https://github.com/searxng/searxng-docker.git synced 2025-12-22 19:50:00 +00:00
Code Issues Projects Releases Wiki Activity

[mod] container: replace uWSGI with Granian (#395)

Browse Source 
To sync with https://github.com/searxng/searxng/pull/4820
This commit is contained in:
Ivan Gabaldon
2025-07-04 14:35:43 +02:00
committed by GitHub
parent fc51db2367
commit 8b75609524
4 changed files with 9 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.env
View File

@@ -5,10 +5,3 @@
# SEARXNG_HOSTNAME=<host> # SEARXNG_HOSTNAME=<host>
# LETSENCRYPT_EMAIL=<email> # LETSENCRYPT_EMAIL=<email>
# Optional:
# If you run a very small or a very large instance, you might want to change the amount of used uwsgi workers and threads per worker
# More workers (= processes) means that more search requests can be handled at the same time, but it also causes more resource usage
# SEARXNG_UWSGI_WORKERS=4
# SEARXNG_UWSGI_THREADS=4

27
Caddyfile
View File

@@ -42,10 +42,6 @@ encode zstd gzip
path /stats/checker path /stats/checker
} }
@search {
path /search
}
@imageproxy { @imageproxy {
path /image_proxy path /image_proxy
} }
@@ -58,20 +54,17 @@ header {
# CSP (https://content-security-policy.com) # CSP (https://content-security-policy.com)
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;" Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
# Disable some browser features # Disable browser features
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()" Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
# Set referrer policy # Only allow same-origin requests
Referrer-Policy "no-referrer" Referrer-Policy "same-origin"
# Force clients to use HTTPS
Strict-Transport-Security "max-age=31536000"
# Prevent MIME type sniffing from the declared Content-Type # Prevent MIME type sniffing from the declared Content-Type
X-Content-Type-Options "nosniff" X-Content-Type-Options "nosniff"
# X-Robots-Tag (comment to allow site indexing) # Comment header to allow indexing by search engines
X-Robots-Tag "noindex, noarchive, nofollow" X-Robots-Tag "noindex, nofollow, noarchive, nositelinkssearchbox, nosnippet, notranslate, noimageindex"
# Remove "Server" header # Remove "Server" header
-Server -Server
@@ -84,14 +77,10 @@ header @api {
route { route {
# Cache policy # Cache policy
header Cache-Control "max-age=0, no-store" header Cache-Control "max-age=0, public, must-revalidate"
header @search Cache-Control "max-age=5, private" header @imageproxy Cache-Control "max-age=3600, public"
header @imageproxy Cache-Control "max-age=604800, public"
header @static Cache-Control "max-age=31536000, public, immutable" header @static Cache-Control "max-age=31536000, public, immutable"
} }
# SearXNG # SearXNG
reverse_proxy localhost:8080 { reverse_proxy localhost:8080
# https://github.com/searx/searx-docker/issues/24
header_up Connection "close"
}

10
README.md
View File

@@ -44,7 +44,7 @@ There are two ways to host SearXNG. The first one doesn't require any prior know
9. Run SearXNG in the background: `docker compose up -d` 9. Run SearXNG in the background: `docker compose up -d`
> [!NOTE] > [!NOTE]
> You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host` network mode) with the `BIND_ADDRESS` environment variable (defaults to `0.0.0.0:8080`). The environment variable can be set directly inside `docker-compose.yaml`. > You can change the port `searxng` listens on inside the docker container (e.g. if you want to operate in `host` network mode) with the `BIND_ADDRESS` environment variable (defaults to `[::]:8080`). The environment variable can be set directly inside `docker-compose.yaml`.
## Troubleshooting - How to access the logs ## Troubleshooting - How to access the logs
@@ -78,14 +78,6 @@ You can skip this step if you don't use systemd.
**Note:** Ensure the service file path matches your installation directory before enabling it. **Note:** Ensure the service file path matches your installation directory before enabling it.
## Note on the image proxy feature
The SearXNG image proxy is activated by default.
The default [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) allows the browser to access to ```${SEARXNG_HOSTNAME}``` and ```https://*.tile.openstreetmap.org;```.
If some users want to disable the image proxy, you have to modify [./Caddyfile](https://github.com/searxng/searxng-docker/blob/master/Caddyfile). Replace the ```img-src 'self' data: https://*.tile.openstreetmap.org;``` by ```img-src * data:;```.
## Multi Architecture Docker images ## Multi Architecture Docker images
Supported architecture: Supported architecture:

2
docker-compose.yaml
View File

@@ -47,8 +47,6 @@ services:
- searxng-data:/var/cache/searxng:rw - searxng-data:/var/cache/searxng:rw
environment: environment:
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/ - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
- UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
- UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
logging: logging:
driver: "json-file" driver: "json-file"
options: options: