SearXNG

SearXNG is a search engine aggregator that let's you search the web with maximum privacy because it will use the other search engines, but without having them pinpoint to you in any way. And by self-hosting it, you get the maximum possible privacy.

Installation

There are multiple installation approaches possible. You can either go with containers or bare-metal. While i usually recommend bare-metal, this time going the podman way is actually preferable because the bare-metal approach requires running a root install script, which is not a good idea, or read it and decompose enough to run the single commands by hand, which would be annoying and not too much fun since the install script is complex and not well written.

So, as usual create the user, then clone the repository and copy the docker-compose.yaml:

useradd -d /deposito/daemons/searxng -m searxng
su - searxng
git clone https://github.com/searxng/searxng-docker.git
 cp searxng-docker/docker-compose.yaml .

Now you don't want Caddy because you already have NGINX as reverse proxy, so edit the docker compose file like the following example:

docker-compose.yml
version: "3.7"
services:
  searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    networks:
      - searxng-net
    ports:
      - "127.0.0.1:8083:8080"
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

networks:
  searxng_net:
    ipam:
      driver: default

volumes:
  caddy-data:
  caddy-config:
  redis-data:

Remember to set an available port (8083)!

Now pull it:

podman compose pull

Reverse Proxy

You can run SearXNG both as a subdomain or a subpath. I prefer the first one because it make it easier to integrate as Firefox default search engine.

I assume the SearXNG will be reachable as https://search.mydomain.com.

Following this page create a NGINX config file called /etc/nginx/com.mydomain/search/search.conf like this:

search.conf
server {
        server_name search.mydomain.com;
        listen 443 ssl; 
        listen 8443 ssl; 
        http2 on;

        access_log /var/log/nginx/search.mydomain.com_access_log main;
        error_log /var/log/nginx/search.mydomain.com_error_log info;

        location / {

            proxy_pass http://127.0.0.1:8083/;

            proxy_set_header   Host             $host;
            proxy_set_header   Connection       $http_connection;

            # see flaskfix.py
            proxy_set_header   X-Scheme         $scheme;
            proxy_set_header   X-Script-Name    /searxng/;

            # see limiter.py
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

            access_log /dev/null;
            error_log  /dev/null;
        }
}

and add it to your NGINX configuration. See The Reverse Proxy concept for more details.

SSO can be added using the basic endpoint in Authelia or NGINX PAM Auth.

Add to firefox

Navigate your firefox to https://search.mydomain.com, then right-click on address bar and select the last icon: add SearXNG as search engine. If the option is missing, you have a different version of Firefox, check online how to do such a thing.

Autostart

To start it, and set it up on boot, as usual follow my indications Using Containers on Gentoo, so link the user-containers init script:

ln -s /etc/init.d/user-containers /etc/init.d/user-containers.searxng

and create the following config file:

/etc/conf.d/user-containers.searxng
USER=searxng
DESCRIPTION="The search engine"

Add the service to the default runlevel and start it now:

rc-update add user-containers.searxng default
rc-service user-containers.searxng start