Create a new SearXNG instance in five minutes using Docker
Name | Description | Docker image | Dockerfile |
---|---|---|---|
Caddy | Reverse proxy (create a LetsEncrypt certificate automatically) | docker.io/library/caddy:2-alpine | Dockerfile |
SearXNG | SearXNG by itself | docker.io/searxng/searxng:latest | Dockerfile |
Valkey | In-memory database | docker.io/valkey/valkey:8-alpine | Dockerfile |
There are two ways to host SearXNG. The first one doesn't require any prior knowledge about self-hosting and thus is recommended for beginners. It includes caddy as a reverse proxy and automatically deals with the TLS certificates for you. The second one is recommended for more advanced users that already have their own reverse proxy (e.g. Nginx, HAProxy, ...) and probably some other services running on their machine. The first few steps are the same for both installation methods however.
- Install docker
- Get searxng-docker
cd /usr/local
git clone https://github.com/searxng/searxng-docker.git
cd searxng-docker
- Edit the .env file to set the hostname and an email
- Generate the secret key
sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml
- Edit searxng/settings.yml according to your needs
Note
On the first run, you must remove cap_drop: - ALL
from the docker-compose.yaml
file for the searxng
service to successfully create /etc/searxng/uwsgi.ini
. This is necessary because the cap_drop: - ALL
directive removes all capabilities, including those required for the creation of the uwsgi.ini
file. After the first run, you should re-add cap_drop: - ALL
to the docker-compose.yaml
file for security reasons.
Note
Windows users can use the following powershell script to generate the secret key:
$randomBytes = New-Object byte[] 32
(New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
$secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
(Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml
- Run SearXNG in the background:
docker compose up -d
- Remove the caddy related parts in
docker-compose.yaml
such as the caddy service and its volumes. - Point your reverse proxy to the port set for the
searxng
service indocker-compose.yml
(8080 by default). - Generate and configure the required TLS certificates with the reverse proxy of your choice.
- Run SearXNG in the background:
docker compose up -d
Note
You can change the port searxng
listens on inside the docker container (e.g. if you want to operate in host
network mode) with the BIND_ADDRESS
environment variable (defaults to 0.0.0.0:8080
). The environment variable can be set directly inside docker-compose.yaml
.
To access the logs from all the containers use: docker compose logs -f
.
To access the logs of one specific container:
- Caddy:
docker compose logs -f caddy
- SearXNG:
docker compose logs -f searxng
- Valkey:
docker compose logs -f redis
You can skip this step if you don't use systemd.
cp searxng-docker.service.template searxng-docker.service
- edit the content of
WorkingDirectory
in thesearxng-docker.service
file (only if the installation path is different from /usr/local/searxng-docker) - Install the systemd unit:
systemctl enable $(pwd)/searxng-docker.service systemctl start searxng-docker.service
The SearXNG image proxy is activated by default.
The default Content-Security-Policy allow the browser to access to ${SEARXNG_HOSTNAME}
and https://*.tile.openstreetmap.org;
.
If some users want to disable the image proxy, you have to modify ./Caddyfile. Replace the img-src 'self' data: https://*.tile.openstreetmap.org;
by img-src * data:;
.
Supported architecture:
- amd64
- arm64
- arm/v7
To update the SearXNG stack:
git pull
docker compose pull
docker compose up -d
Or the old way (with the old docker-compose version):
git pull
docker-compose pull
docker-compose up -d