Setting Up a Secure and Optimized SearXNG Instance with Docker Compose

Ehmad
Setting Up a Secure and Optimized SearXNG Instance with Docker Compose

If you’re looking to deploy a private instance of SearXNG—a powerful, open-source metasearch engine—using Docker Compose is one of the simplest and most efficient ways to do it. This guide explores the custom Docker Compose configuration for SearXNG, explains its benefits, and provides step-by-step instructions for running it on your network.

Overview of the Docker Compose Configuration

The following docker-compose.yml file has been designed to prioritize security, efficiency, and ease of management. It sets up SearXNG to run on port 80 of the host (mapped from port 8080 in the container), provides custom logging, and limits container privileges to only what’s necessary.

Here’s the complete Docker Compose configuration:

version: "3.7"

services:
  searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    ports:
      - "80:8080"
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      - SEARXNG_BASE_URL=http://10.1.15.196/
      - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
      - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

Key Components of the Configuration

Let’s break down each part of this configuration file:

  • Container Name: Naming the container as searxng makes it easy to manage and identify in docker ps outputs.
  • Image: Specifies the SearXNG Docker image (docker.io/searxng/searxng:latest), ensuring you’re using the latest version.
  • Restart Policy: Automatically restarts the container if it fails, ensuring your SearXNG instance remains online without manual intervention.
  • Ports: Maps port 80 on the host to port 8080 in the container, making SearXNG accessible at http://10.1.15.196/.
  • Volumes: Mounts a local directory (./searxng) to /etc/searxng in the container, allowing persistent configuration storage and easy customization.
  • Environment Variables:
    • SEARXNG_BASE_URL: Configures SearXNG’s base URL for local access at http://10.1.15.196/.
    • UWSGI_WORKERS and UWSGI_THREADS: Dynamically set default values for uwsgi workers and threads, optimizing for available CPU and RAM.
  • Capabilities:
    • cap_drop and cap_add: Increases security by dropping all unnecessary capabilities and only allowing minimal privileges like CHOWN, SETGID, and SETUID.
  • Logging: Limits the size and number of log files with the json-file driver to avoid excessive disk usage.

Benefits of This Configuration

  1. Ease of Use and Deployment: Docker Compose simplifies deployment by combining all configurations into a single, easily manageable file. With this setup, starting or stopping your SearXNG instance only requires a single command.

  2. Security:

    • Minimal Capabilities: By dropping all capabilities except those essential for SearXNG, you limit the potential attack surface.
    • Port Mapping: Exposing only the necessary port (80 on the host) helps secure access to SearXNG.

  3. Efficiency and Performance:

    • Customizable Worker and Thread Settings: By using environment variables to set default values for UWSGI_WORKERS and UWSGI_THREADS, this configuration ensures that SearXNG can handle multiple requests efficiently without exhausting resources.
    • Automatic Restart: With restart: unless-stopped, your SearXNG instance can recover automatically from failures, maintaining high uptime.

  4. Log Management: Configuring the log rotation with max-size and max-file helps prevent log files from consuming excessive disk space. This keeps your environment clean and reduces the need for manual log maintenance.

  5. Customization Through Volumes: Mounting a local directory to /etc/searxng in the container allows you to customize and persist SearXNG’s configuration easily. Any changes made in the local ./searxng directory will automatically update the configuration within the container, making it simple to apply updates.

How to Run This Docker Compose Configuration

  1. Save the Compose File: Create a file named docker-compose.yml with the above configuration.

  2. Create a Local Configuration Directory: Make a directory named searxng in the same location as the docker-compose.yml file. This directory will store your SearXNG configuration files, ensuring they persist between container restarts.

    mkdir searxng

  3. Start the Container: From the directory containing the docker-compose.yml file, run the following command to build and start your SearXNG instance:

    docker-compose up -d

  4. Access SearXNG: Once the container is running, open a web browser and navigate to http://10.1.15.196/. You should see the SearXNG search interface.

  5. Stop the Container: To stop the container, use the following command:

    docker-compose down

Conclusion

With this optimized Docker Compose configuration, you’re set up for a secure, efficient, and user-friendly SearXNG experience. This configuration balances security, performance, and simplicity, making it ideal for anyone looking to deploy their own private search engine.

You should also read:

Ehmad

Streaming live audio over Wi-Fi with an ESP8266

Streaming live audio over Wi-Fi with an ESP8266 is a fascinating project but has some limitations due to the hardware’s constrained resources. The ESP8266 is designed for IoT applications and may not handle high-quality audio streaming directly. However, with careful design, it’s possible to achieve…

Continue reading...