Create a new private/auth protected SearXNG instance with a VPN for better privacy in five minutes using Docker
Name | Description | Docker image | Dockerfile |
---|---|---|---|
Caddy | Reverse proxy (create a LetsEncrypt certificate automatically) | docker.io/library/caddy:2-alpine | Dockerfile |
SearXNG | SearXNG by itself | docker.io/searxng/searxng:latest | Dockerfile |
Gluetun | VPN client | docker.io/qmcgaw/gluetun:latest | Dockerfile |
Authelia | Auth system to protect your private instance | docker.io/authelia/authelia:latest | Dockerfile |
- Set up a A record on your DNS pointing to your public ip
- Set up a CNAME record on auth.your_domain.tld pointing to the previous A record
- Install docker
- Get searxng-vpn-docker
cd /usr/local git clone https://github.com/mrwazaby/searxng-vpn-docker.git cd searxng-vpn-docker
- Generate three secrets keys
openssl rand -hex 32
forJWT_SECRET
,ENCRYPTION_KEY
andSESSION_SECRET
- Create the
.env
file (cp .env.example .env
) and edit it to set the variables - To configure the VPN section refer to the gluetun documentation
- Edit the searxng/settings.yml file according to your need
- Generate passwords for yout Authelia users
docker run -it authelia/authelia:latest authelia crypto hash generate argon2
- Copy the user config example file into authelia/config and edit it according to your needs
- Check everything is working:
docker compose up
- Run SearXNG in the background:
docker compose up -d
Warning
If you use an older version of docker desktop (< 3.6.0
), you may have to install Docker Compose v1.
Accordingly, you should modify the commands in this documentation to suit Docker Compose v1. For instance, change 'docker compose up' to 'docker-compose up'.
Install the docker-compose plugin (be sure that docker-compose version is at least 1.9.0)
Note
Windows users can use the following powershell script to generate the secret key:
$randomBytes = New-Object byte[] 32
(New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
$secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
(Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml
To access the logs from all the containers use: docker compose logs -f
.
To access the logs of one specific container:
- Caddy:
docker compose logs -f caddy
- SearXNG:
docker compose logs -f searxng
- Gluetun:
docker compose logs -f gluetun
- Authelia :
docker compose logs -f authelia
You can skip this step if you don't use systemd.
cp searxng-vpn-docker.service.template searxng-vpn-docker.service
- edit the content of
WorkingDirectory
in thesearxng-vpn-docker.service
file (only if the installation path is different from /usr/local/searxng-vpn-docker) - Install the systemd unit:
systemctl enable $(pwd)/searxng-vpn-docker.service systemctl start searxng-vpn-docker.service
The SearXNG image proxy is activated by default.
The default Content-Security-Policy allow the browser to access to ${SEARXNG_HOSTNAME}
and https://*.tile.openstreetmap.org;
.
If some users want to disable the image proxy, you have to modify ./Caddyfile. Replace the img-src 'self' data: https://*.tile.openstreetmap.org;
by img-src * data:;
.
Supported architecture:
- amd64
- arm64
- arm/v7
To update the SearXNG stack:
git pull
docker compose pull
docker compose up -d
Or the old way (with the old docker-compose version):
git pull
docker-compose pull
docker-compose up -d
List of inspirations for this project: