Create a new SearXNG instance in five minutes using Docker
| Name | Description | Docker image | Dockerfile |
|---|---|---|---|
| Caddy | Reverse proxy (create a LetsEncrypt certificate automatically) | docker.io/library/caddy:2-alpine | Dockerfile |
| SearXNG | SearXNG by itself | docker.io/searxng/searxng:latest | Dockerfile |
| Valkey | In-memory database | docker.io/valkey/valkey:8-alpine | Dockerfile |
There are two ways to host SearXNG. The first one doesn't require any prior knowledge about self-hosting and thus is recommended for beginners. It includes caddy as a reverse proxy and automatically deals with the TLS certificates for you. The second one is recommended for more advanced users that already have their own reverse proxy (e.g. Nginx, HAProxy, ...) and probably some other services running on their machine. The first few steps are the same for both installation methods however.
- Install docker
- Get searxng-docker
cd /usr/local
git clone https://github.com/searxng/searxng-docker.git
cd searxng-docker- Edit the .env file to set the hostname and an email
- Generate the secret key
sed -i "s|ultrasecretkey|$(openssl rand -hex 32)|g" searxng/settings.yml - Edit searxng/settings.yml according to your needs
Note
On the first run, you must remove cap_drop: - ALL from the docker-compose.yaml file for the searxng service to successfully create /etc/searxng/uwsgi.ini. This is necessary because the cap_drop: - ALL directive removes all capabilities, including those required for the creation of the uwsgi.ini file. After the first run, you should re-add cap_drop: - ALL to the docker-compose.yaml file for security reasons.
Note
Windows users can use the following powershell script to generate the secret key:
$randomBytes = New-Object byte[] 32
(New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBytes)
$secretKey = -join ($randomBytes | ForEach-Object { "{0:x2}" -f $_ })
(Get-Content searxng/settings.yml) -replace 'ultrasecretkey', $secretKey | Set-Content searxng/settings.yml- Run SearXNG in the background:
docker compose up -d
- Remove the caddy related parts in
docker-compose.yamlsuch as the caddy service and its volumes. - Point your reverse proxy to the port set for the
searxngservice indocker-compose.yml(8080 by default). - Generate and configure the required TLS certificates with the reverse proxy of your choice.
- Run SearXNG in the background:
docker compose up -d
Note
You can change the port searxng listens on inside the docker container (e.g. if you want to operate in host network mode) with the BIND_ADDRESS environment variable (defaults to 0.0.0.0:8080). The environment variable can be set directly inside docker-compose.yaml.
To access the logs from all the containers use: docker compose logs -f.
To access the logs of one specific container:
- Caddy:
docker compose logs -f caddy - SearXNG:
docker compose logs -f searxng - Valkey:
docker compose logs -f redis
You can skip this step if you don't use systemd.
cp searxng-docker.service.template searxng-docker.service- edit the content of
WorkingDirectoryin thesearxng-docker.servicefile (only if the installation path is different from /usr/local/searxng-docker) - Install the systemd unit:
systemctl enable $(pwd)/searxng-docker.service systemctl start searxng-docker.service
The SearXNG image proxy is activated by default.
The default Content-Security-Policy allow the browser to access to ${SEARXNG_HOSTNAME} and https://*.tile.openstreetmap.org;.
If some users want to disable the image proxy, you have to modify ./Caddyfile. Replace the img-src 'self' data: https://*.tile.openstreetmap.org; by img-src * data:;.
Supported architecture:
- amd64
- arm64
- arm/v7
To update the SearXNG stack:
git pull
docker compose pull
docker compose up -dOr the old way (with the old docker-compose version):
git pull
docker-compose pull
docker-compose up -d
