The docker-compose files for setting up a SearXNG instance with docker.
Go to file
Bnyro 72cb934126 [refactor] readme: add hosting instructions for bringing own reverse proxy 2024-10-06 11:56:21 +02:00
searxng fix limiter.toml url 2024-07-13 13:32:31 +08:00
.env feat: uwsgi workers / threads configuration options (#235) 2024-10-04 11:25:44 +02:00
.gitignore Rely on searxng/settings.yml 2022-03-20 10:36:48 +01:00
Caddyfile Update Caddyfile to Add X-Real-IP to fix bot detection 2023-06-20 02:45:04 +00:00
LICENSE Initial commit 2019-07-01 16:23:52 +02:00
README.md [refactor] readme: add hosting instructions for bringing own reverse proxy 2024-10-06 11:56:21 +02:00
docker-compose.yaml feat: uwsgi workers / threads configuration options (#235) 2024-10-04 11:25:44 +02:00
searxng-docker.service.template Fixed searxng-docker.service.template issue (#225) 2024-04-17 14:02:09 +02:00

README.md

searxng-docker

Create a new SearXNG instance in five minutes using Docker

What is included ?

Name Description Docker image Dockerfile
Caddy Reverse proxy (create a LetsEncrypt certificate automatically) docker.io/library/caddy:2-alpine Dockerfile
SearXNG SearXNG by itself docker.io/searxng/searxng:latest Dockerfile
Valkey In-memory database docker.io/valkey/valkey:7-alpine Dockerfile

How to use it

There are two ways to host SearXNG. The first one doesn't require any prior knowledge about self-hosting and thus is recommended for beginners. It includes caddy as a reverse proxy and automatically deals with the TLS certificates for you. The second one is recommended for more advanced users that already have their own reverse proxy (e.g. Nginx, HAProxy, ...) and probably some other services running on their machine. The first few steps are the same for both installation methods however.

  1. Install docker
  2. Get searxng-docker
cd /usr/local
git clone https://github.com/searxng/searxng-docker.git
cd searxng-docker
  1. Edit the .env file to set the hostname and an email
  2. Generate the secret key sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml
  3. Edit searxng/settings.yml according to your needs

[!NOTE] On the first run, you must remove cap_drop: - ALL from the docker-compose.yaml file for the searxng service to successfully create /etc/searxng/uwsgi.ini. This is necessary because the cap_drop: - ALL directive removes all capabilities, including those required for the creation of the uwsgi.ini file. After the first run, you should re-add cap_drop: - ALL to the docker-compose.yaml file for security reasons.

[!NOTE] Windows users can use the following powershell script to generate the secret key:

$randomBytes = New-Object byte[] 32
(New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
$secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
(Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml
  1. Run SearXNG in the background: docker compose up -d

Method 2: Bring your own reverse proxy (experienced users)

  1. Remove the caddy related parts in docker-compose.yaml such as the caddy service and its volumes.
  2. Point your reverse proxy to the port set for the searxng service in docker-compose.yml (8080 by default).
  3. Generate and configure the required TLS certificates with the reverse proxy of your choice.
  4. Run SearXNG in the background: docker compose up -d

[!NOTE] You can change the port searxng listens on inside the docker container (e.g. if you want to operate in host network mode) with the BIND_ADDRESS environment variable (defaults to 0.0.0.0:8080). The environment variable can be set directly inside docker-compose.yaml.

Troubleshooting - How to access the logs

To access the logs from all the containers use: docker compose logs -f.

To access the logs of one specific container:

  • Caddy: docker compose logs -f caddy
  • SearXNG: docker compose logs -f searxng
  • Valkey: docker compose logs -f redis

Start SearXNG with systemd

You can skip this step if you don't use systemd.

  • cp searxng-docker.service.template searxng-docker.service
  • edit the content of WorkingDirectory in the searxng-docker.service file (only if the installation path is different from /usr/local/searxng-docker)
  • Install the systemd unit:
    systemctl enable $(pwd)/searxng-docker.service
    systemctl start searxng-docker.service
    

Note on the image proxy feature

The SearXNG image proxy is activated by default.

The default Content-Security-Policy allow the browser to access to ${SEARXNG_HOSTNAME} and https://*.tile.openstreetmap.org;.

If some users want to disable the image proxy, you have to modify ./Caddyfile. Replace the img-src 'self' data: https://*.tile.openstreetmap.org; by img-src * data:;.

Multi Architecture Docker images

Supported architecture:

  • amd64
  • arm64
  • arm/v7

How to update ?

To update the SearXNG stack:

git pull
docker compose pull
docker compose up -d

Or the old way (with the old docker-compose version):

git pull
docker-compose pull
docker-compose up -d