Skip to content

Latest commit

 

History

History
111 lines (83 loc) · 5.36 KB

README.md

File metadata and controls

111 lines (83 loc) · 5.36 KB
Raw

searxng-vpn-docker

Create a new private/auth protected SearXNG instance with a VPN for better privacy in five minutes using Docker

What is included ?

Name Description Docker image Dockerfile
Caddy Reverse proxy (create a LetsEncrypt certificate automatically) docker.io/library/caddy:2-alpine Dockerfile
SearXNG SearXNG by itself docker.io/searxng/searxng:latest Dockerfile
Gluetun VPN client docker.io/qmcgaw/gluetun:latest Dockerfile
Authelia Auth system to protect your private instance docker.io/authelia/authelia:latest Dockerfile

How to use it

  • Set up a A record on your DNS pointing to your public ip
  • Set up a CNAME record on auth.your_domain.tld pointing to the previous A record
  • Install docker
  • Get searxng-vpn-docker 
    cd /usr/local
git clone https://github.com/mrwazaby/searxng-vpn-docker.git
cd searxng-vpn-docker
  • Generate three secrets keys openssl rand -hex 32 for JWT_SECRET, ENCRYPTION_KEY and SESSION_SECRET
  • Create the .env file (cp .env.example .env) and edit it to set the variables
  • To configure the VPN section refer to the gluetun documentation
  • Edit the searxng/settings.yml file according to your need
  • Generate passwords for yout Authelia users docker run -it authelia/authelia:latest authelia crypto hash generate argon2
  • Copy the user config example file into authelia/config and edit it according to your needs
  • Check everything is working: docker compose up
  • Run SearXNG in the background: docker compose up -d

Warning

If you use an older version of docker desktop (< 3.6.0), you may have to install Docker Compose v1. Accordingly, you should modify the commands in this documentation to suit Docker Compose v1. For instance, change 'docker compose up' to 'docker-compose up'.

Install the docker-compose plugin (be sure that docker-compose version is at least 1.9.0)

Note

Windows users can use the following powershell script to generate the secret key:

$randomBytes = New-Object byte[] 32
(New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
$secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
(Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml

How to access the logs

To access the logs from all the containers use: docker compose logs -f.

To access the logs of one specific container:

  • Caddy: docker compose logs -f caddy
  • SearXNG: docker compose logs -f searxng
  • Gluetun: docker compose logs -f gluetun
  • Authelia : docker compose logs -f authelia

Start SearXNG with systemd

You can skip this step if you don't use systemd.

  • cp searxng-vpn-docker.service.template searxng-vpn-docker.service
  • edit the content of WorkingDirectory in the searxng-vpn-docker.service file (only if the installation path is different from /usr/local/searxng-vpn-docker)
  • Install the systemd unit: 
    systemctl enable $(pwd)/searxng-vpn-docker.service
systemctl start searxng-vpn-docker.service

Note on the image proxy feature

The SearXNG image proxy is activated by default.

The default Content-Security-Policy allow the browser to access to ${SEARXNG_HOSTNAME} and https://*.tile.openstreetmap.org;.

If some users want to disable the image proxy, you have to modify ./Caddyfile. Replace the img-src 'self' data: https://*.tile.openstreetmap.org; by img-src * data:;.

Multi Architecture Docker images

Supported architecture:

  • amd64
  • arm64
  • arm/v7

How to update ?

To update the SearXNG stack:

git pull
docker compose pull
docker compose up -d

Or the old way (with the old docker-compose version):

git pull
docker-compose pull
docker-compose up -d

Inspirations

List of inspirations for this project: