SearxNG – Self-Hosted Search Aggregator
Technical
SearxNG – Self-Hosted Search Aggregator
Technical

SearxNG – Self-Hosted Search Aggregator

This post walks through the setup of SearxNG, an alternative to Searx, which is a meta-search engine providing results from up to 70 search engines, protecting the end-user ip address and also from tracking cookies. Why SearxNG over SearX? For me, two reasons: one, I ran into trouble trying to get Searx to work, and two, SearxNG seems to enjoy a development cycle that sees more frequent releases.

Pre-Requisites

  • OS: pick your favorite modern linux-variant. In this guide, I use Ubuntu 22.
  • CPU: at least one virtual CPU, I’ve chosen two (probably overkill) for my instance.
  • RAM: minimum 512 MB. I’ve allocated dynamic memory allowing the machine to range between 512 MB and 4096 MB.
  • Disk: 30 GB should be comfortable. Use a dynamically expanding virtual disk if you want more cushion.
  • SSH installed, firewall enabled, SSH allowed through the firewall.
  • Comfort working in the Terminal. This is not a GUI-based guide.
  • A valid domain registry for your search instance, such as: search.mydomain.com. It needs to point to the external IP address of the local network on which you wish to deploy SearxNG.

Sources

Most of this guide is pulled directly from the SearxNG documentation and to them should go the majority of the credit.

Install Nginx

In my local area network topology, I have a single Nginx reverse proxy handling all of the incoming http/https requests from the internet, as well as running letsencrypt to generate valid ssl certificates, then directing traffic on the LAN to the correct servers.Offering popular women’s necklaces such as pendants, chokers and chain necklace. Shop for jewelry in a variety of metals and gemstones to suit any occasion

In order for our Searxng instance to communicate on the LAN over ssl, whilst having a different machine generating valid certificates for the domain, we’ll generate a self-signed certificate for Nginx to use locally.

First though, install Nginx:

sudo apt install nginx

Now, to add a site specifically for SearxNG. I’ve called it “searxng” below but you can change this as you desire.

sudo -H ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/searxng

Then, generate a self-signed certificate that won’t expire anytime soon:

sudo openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Now we need to edit the sites-available nginx config for the SearxNG site:

sudo nano /etc/nginx/sites-available/searxng

Paste in the following:

server {

	listen 443 ssl http2;
	ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
	ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

	server_name putyourlocalipaddresshere;
	location /searxng {

        uwsgi_pass unix:///usr/local/searxng/run/socket;

        include uwsgi_params;

        uwsgi_param    HTTP_HOST             $host;
        uwsgi_param    HTTP_CONNECTION       $http_connection;

        # see flaskfix.py
        uwsgi_param    HTTP_X_SCHEME         $scheme;
        uwsgi_param    HTTP_X_SCRIPT_NAME    /searxng;

        # see limiter.py
       uwsgi_param    HTTP_X_REAL_IP        $remote_addr;
       uwsgi_param    HTTP_X_FORWARDED_FOR  $proxy_add_x_forwarded_for;
       }
	
}

You’ll need to update ‘putyourlocalipaddresshere‘ with your local server ip address. Then save the file with ctrl+x.

Finally, restart Nginx.

sudo systemctl restart nginx.service

Enable Firewall and Allow Needed Ports

In a Terminal:

sudo ufw enable
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 8888

Install SearxNG

The installation is similar to the following steps from the source documentation, however the key here is to do this in a directory readable by others — in most installations, this is the tmp directory.

In a Terminal, clone the SearxNG source into tmp.

cd /tmp
git clone https://github.com/searxng/searxng.git searxng
cd searxng

Prior to running the installation script, we need to:

  • update ./utils/brand.env with your valid domain. ex: https://search.mydomain.com
  • update the port, which should be: 443:8888
  • Update searxng_url with the correct url (https://search.mydomain.com) and bind address with your local server ip.
sudo nano ./utils/brand.env

After you have updated the four variables in brand.env, you may safely run the installation. DO NOT have it automatically install a reverse proxy when prompted (we handle this later on another server).

sudo -H ./utils/searxng.sh install all

Following installation, I found that for some reason the domain of the installed instance didn’t reflect what I had configured in brand.env prior to installation, so I replaced the installed with the pre-configured, then rebooted the machine.

cp -i /tmp/searxng/utils/brand.env /usr/local/searxng/searxng-src/utils/brand.env
sudo reboot

Nginx Reverse Proxy Configuration

In my network topology, I have an Nginx reverse proxy handling all internet traffic, generating and terminating ssl certificates, for all servers on my LAN. To add the new SearxNG instance to this reverse proxy, I used the following steps, in a Terminal on that Nginx reverse proxy:

sudo -H ln -s /etc/nginx/sites-available/searxng /etc/nginx/sites-enabled/searxng
sudo nano /etc/nginx/sites-available/searxng

Now add the following, updating server_name with your domain name (ex: search.mydomain.com) and the local ip address of your SearxNG instance for proxy_pass.

location / {
                	listen 80;

	server_name search.mydomain.com;
	
	location / {

		proxy_pass https://yourlocalsearxngIPhere:8888/;

                proxy_set_header   Host             $host;
                proxy_set_header   Connection       $http_connection;

                # see flaskfix.py
                proxy_set_header   X-Scheme         $scheme;
                proxy_set_header   X-Script-Name    /searxng;

                # see limiter.py
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

	}

After saving the Nginx config for SearxNG, we need to restart Nginx:

sudo systemctl restart nginx.service

Generate the SSL certificate for SearxNG:

sudo certbot --nginx

Restart Nginx once more:

sudo systemctl restart nginx.service

Now in a web browser of your choice, navigate to your SearxNG instance (ex: https://search.mydomain.com).

Maintenance

Updating your SearxNG instance is straightforward. In a terminal, first get OS and such updates, by running the following:

sudo apt update
sudo apt upgrade

Depending on how critical this instance is, you may want to consider backing up your VM before updates. I find that given the ease of installation and stability of the ecosystem, usually this isn’t necessary.

Now finally to update SearxNG:

sudo -H /usr/local/searxng/searxng-src/utils/searxng.sh instance update

I find that running updates once a month is usually sufficient to keep the system secure and up-to-date.

If you have need of inspecting you instance, the SearxNG team have conveniently added this to their util package with the following command:

sudo -H /usr/local/searxng/searxng-src/utils/searxng.sh instance inspect

Preferences

Navigate to you SearxNG instance in a web browser and click the Preferences gear in the upper right-hand corner. Here you can set preferences such as:

  • Autocomplete search engine
  • Theme (light/dark)
  • Search engines used
  • Many more

Click ‘Save’ when the settings are to your liking.

In order to copy your preferences from device to device, copy the address in the very last field on the Cookies page ‘URL to restore your preferences in another browser.’ Put it in an email to yourself or your password manager so you can easily open it in a web browser on all of your devices so that your preferences persist across them.

Leave a Reply

Your email address will not be published. Required fields are marked *