searx-docker
searx-docker copied to clipboard
searx
add an example for reverse proxy
hi i have been trying to deploy this behind an apache2 reverse proxy a couple times, and still cant get it to work with caddy, and if i use filtron directly all files are using localhost instead of the real domain.
can you please add a new docker-compose file for reverse proxies?
with no https and a simple setting to change the output port and the base domain.
and without the need to create a systemd service
something like this but based on the official searx image
version: '3.3'
services:
searx:
image: hoellen/searx:master
container_name: searx
restart: unless-stopped
networks:
- searx
environment:
- BASE_URL="https://domain.tld"
- IMAGE_PROXY=True
volumes:
- ./searx/settings.yml:/usr/local/searx/searx/settings.yml # enable custom settings.yml
filtron:
container_name: filtron
image: dalf/filtron
restart: unless-stopped
ports:
- 127.0.0.1:8004:8004
- 127.0.0.1:8005:8005
networks:
- searx
command: -listen 0.0.0.0:8004 -api 0.0.0.0:8005 -target searx:8888
volumes:
- ./filtron:/etc/filtron # mount rules.json
read_only: true
morty:
container_name: morty
image: dalf/morty
restart: always
ports:
- "127.0.0.1:8006:8006" # reverse proxy on a seprate subdomain
networks:
- searx
command: -timeout 6
environment:
- MORTY_KEY=key
- MORTY_ADDRESS=0.0.0.0:8006
logging:
driver: none
read_only: true
cap_drop:
- ALL
searx-checker:
container_name: searx-checker
image: searx/searx-checker
restart: always
networks:
- searx
command: -cron -o html/data/status.json http://searx:8888
volumes:
- searx-checker:/usr/local/searx-checker/html/data:rw
networks:
searx:
volumes:
searx-checker:
There is no need to complicate the things. Just set SEARX_HOSTNAME in .env to a localhost hostname like http://localhost:8081 and this will allow you to proxy to http://localhost:8081 using apache.
You are right, I just tested and it didn't work without modifying the direct docker-compose.yml. It's one simple change though because BASE_URL in Searx should not be https by default and allow for another custom hostname.
Setting SEARX_HOSTNAME=http://localhost:8081 and changing docker-compose.yaml s BASE_URL to http only does not do the trick. Apache shows a blank page using Proxypass http://localhost:8081
any progress here ? I still could not manage to get it working with the following changes:
In .env: Set SEARS_HOSTNAME=http://localhost:8081
In docker-compose-yaml: Set BASE_URL=http://domain.com
In Apache2 config: ProxyPass http://localhost:8081
I just land on a blank page when trying to access searx instance.
any progress here ? I still could not manage to get it working with the following changes:
In .env: Set SEARS_HOSTNAME=http://localhost:8081
In docker-compose-yaml: Set BASE_URL=http://domain.com
In Apache2 config: ProxyPass http://localhost:8081
I just land on a blank page when trying to access searx instance.
use the docker compose example i listed before. its working really well, with all the addons.
@fareszr Thanks for the heads up. However your sample is based on v3.3 whereas the latest config file is v3.7. 3.3 does lead to a not working configuration on my side where none of the services is able to start.
@unixfox Could you elaborate the changes you were referring to in order to get it working ?
@fareszr Thanks for the heads up. However your sample is based on v3.3 whereas the latest config file is v3.7. 3.3 does lead to a not working configuration on my side where none of the services is able to start.
@unixfox Could you elaborate the changes you were referring to in order to get it working ?
i don't think the version matters, as i don't use any 3.x specific feature. it should work on all 3.x versions.
Well, it does not:
filtron | 2020/12/13 18:25:20 Cannot parse rules: open /etc/filtron/rules.json: no such file or directory morty | WARNING: no logs are available with the 'none' log driver searx-checker | Sleep 73 seconds searx | searx version searx | searx | Create /etc/searx/uwsgi.ini searx | Create /etc/searx/settings.yml searx | Listen on 0.0.0.0:8080 searx | [uWSGI] getting INI configuration from /etc/searx/uwsgi.ini searx | [uwsgi-static] added mapping for /static => /usr/local/searx/searx/static morty exited with code 1 filtron exited with code 1 morty | WARNING: no logs are available with the 'none' log driver filtron exited with code 1 morty | WARNING: no logs are available with the 'none' log driver morty exited with code 1 morty exited with code 1 filtron exited with code 1 morty | WARNING: no logs are available with the 'none' log driver morty exited with code 1 filtron exited with code 1
Well, it does not:
filtron | 2020/12/13 18:25:20 Cannot parse rules: open /etc/filtron/rules.json: no such file or directory morty | WARNING: no logs are available with the 'none' log driver searx-checker | Sleep 73 seconds searx | searx version searx | searx | Create /etc/searx/uwsgi.ini searx | Create /etc/searx/settings.yml searx | Listen on 0.0.0.0:8080 searx | [uWSGI] getting INI configuration from /etc/searx/uwsgi.ini searx | [uwsgi-static] added mapping for /static => /usr/local/searx/searx/static morty exited with code 1 filtron exited with code 1 morty | WARNING: no logs are available with the 'none' log driver filtron exited with code 1 morty | WARNING: no logs are available with the 'none' log driver morty exited with code 1 morty exited with code 1 filtron exited with code 1 morty | WARNING: no logs are available with the 'none' log driver morty exited with code 1 filtron exited with code 1
well that's because you dot have the rule.json file needed for filtron to work. you have to create filtron/rules.json in the same folder where the docker compose file is.
for searx its the same issue i mounted the settings.yml file to allow for custom settings. you should create searx/settings.yml in the same folder where the docker compose file is.
if you don't want custom settings.yml you can comment the volumes sections in the searx container, however morty wouldnt work since you have to enable it manually.
as for filtron, rules.json is essential.
I see then this is the difference between the 3.3 and the 3.7 config file as the rule.json as well as the rest of the necessary files are created when the launch script runs.
I see then this is the difference between the 3.3 and the 3.7 config file as the rule.json as well as the rest of the necessary files are created when the launch script runs.
No, this is a common mistake, when mounting specific files, if they don't exist before the container starts, docker will create a directory instead of a file. anyway the problem you showed is with missing files, please make sure you have all the files with correct settings.
@fareszr The files are all there. Anyway, thank you for pointing me into the right direction as the searx settings.yml has an hardcoded base url - therefore the changes in the docker-compose.yaml are ignored and it does not work.
Summing up, @unixfox solution with v3.7 works just fine if you proceed as follows:
In .env: Set SEARS_HOSTNAME=http://localhost:8081
In docker-compose-yaml within searx section: Set BASE_URL=https://domain.com/ Set MORTY_URL=https://domain.com/morty/
In /searx/settings.yml under server section: Set base_url : False
In Apache2 config: ProxyPass http://localhost:8081/
@fareszr The files are all there. Anyway, thank you for pointing me into the right direction as the searx settings.yml has an hardcoded base url - therefore the changes in the docker-compose.yaml are ignored and it does not work.
Summing up, @unixfox solution with v3.7 works just fine if you proceed as follows:
In .env: Set SEARS_HOSTNAME=http://localhost:8081
In docker-compose-yaml within searx section: Set BASE_URL=https://domain.com/ Set MORTY_URL=https://domain.com/morty/
In /searx/settings.yml under server section: Set base_url : False
In Apache2 config: ProxyPass http://localhost:8081/
wait, you were trying these options on the official image ?. the example docker-compose config was built on hoellen/searx:master
wait, you were trying these options on the official image ?. the example docker-compose config was built on hoellen/searx:master
Yes, cause this is the github repo for the official image.
A short update: If I set "ProxyPreserveHost On" within the apache2 config I am left with a blank page. If I set "ProxyPreserveHost Off" I get information within searx displayed like: []https://i.imgur.com/Aiu5xr2.png(url) If I bypass Caddy and reverse proxy directly to Morty on 4040 I can enable the PreserveHost option and the URL gets translated fine.
I'd like, too, the option to have a container that is forwardable. I want to add searx to my private server wich is already forwarded with nginx. Installing this container doesnt work because it conflicts with the standard ports used by nginx. Not being familiar with this stack i have no confidence changing any setting.
P.S. Solutions posted here didn't work for me.
@fareszr
version: '3.3'
services:
searx:
image: hoellen/searx:master
container_name: searx
restart: unless-stopped
networks:
- searx
environment:
- BASE_URL="http://localhost"
- IMAGE_PROXY=True
#volumes:
# - ./searx/settings.yml:/usr/local/searx/searx/settings.yml # enable custom settings.yml
filtron:
container_name: filtron
image: dalf/filtron
restart: unless-stopped
ports:
- 127.0.0.1:8004:8004
- 127.0.0.1:8005:8005
networks:
- searx
command: -listen 0.0.0.0:8004 -api 0.0.0.0:8005 -target searx:8888
volumes:
- ./filtron:/etc/filtron # mount rules.json
read_only: true
morty:
container_name: morty
image: dalf/morty
restart: always
ports:
- "127.0.0.1:8006:8006" # reverse proxy on a seprate subdomain
networks:
- searx
command: -timeout 6
environment:
- MORTY_KEY=key
- MORTY_ADDRESS=0.0.0.0:8006
logging:
driver: none
read_only: true
cap_drop:
- ALL
searx-checker:
container_name: searx-checker
image: searx/searx-checker
restart: always
networks:
- searx
command: -cron -o html/data/status.json http://searx:8888
volumes:
- searx-checker:/usr/local/searx-checker/html/data:rw
networks:
searx:
volumes:
searx-checker:
I use your docker-compose.yml, but it dose not work well.
I try access url http://localhost or http://localhost:8888, but fail, searx dose not expose port, why we can access in browser?
@fareszr
version: '3.3' services: searx: image: hoellen/searx:master container_name: searx restart: unless-stopped networks: - searx environment: - BASE_URL="http://localhost" - IMAGE_PROXY=True #volumes: # - ./searx/settings.yml:/usr/local/searx/searx/settings.yml # enable custom settings.yml filtron: container_name: filtron image: dalf/filtron restart: unless-stopped ports: - 127.0.0.1:8004:8004 - 127.0.0.1:8005:8005 networks: - searx command: -listen 0.0.0.0:8004 -api 0.0.0.0:8005 -target searx:8888 volumes: - ./filtron:/etc/filtron # mount rules.json read_only: true morty: container_name: morty image: dalf/morty restart: always ports: - "127.0.0.1:8006:8006" # reverse proxy on a seprate subdomain networks: - searx command: -timeout 6 environment: - MORTY_KEY=key - MORTY_ADDRESS=0.0.0.0:8006 logging: driver: none read_only: true cap_drop: - ALL searx-checker: container_name: searx-checker image: searx/searx-checker restart: always networks: - searx command: -cron -o html/data/status.json http://searx:8888 volumes: - searx-checker:/usr/local/searx-checker/html/data:rw networks: searx: volumes: searx-checker:I use your docker-compose.yml, but it dose not work well.
I try access url
http://localhostorhttp://localhost:8888, but fail, searx dose not expose port, why we can access in browser?
its 8004/8005
@fareszr
version: '3.3' services: searx: image: hoellen/searx:master container_name: searx restart: unless-stopped networks: - searx environment: - BASE_URL="http://localhost" - IMAGE_PROXY=True #volumes: # - ./searx/settings.yml:/usr/local/searx/searx/settings.yml # enable custom settings.yml filtron: container_name: filtron image: dalf/filtron restart: unless-stopped ports: - 127.0.0.1:8004:8004 - 127.0.0.1:8005:8005 networks: - searx command: -listen 0.0.0.0:8004 -api 0.0.0.0:8005 -target searx:8888 volumes: - ./filtron:/etc/filtron # mount rules.json read_only: true morty: container_name: morty image: dalf/morty restart: always ports: - "127.0.0.1:8006:8006" # reverse proxy on a seprate subdomain networks: - searx command: -timeout 6 environment: - MORTY_KEY=key - MORTY_ADDRESS=0.0.0.0:8006 logging: driver: none read_only: true cap_drop: - ALL searx-checker: container_name: searx-checker image: searx/searx-checker restart: always networks: - searx command: -cron -o html/data/status.json http://searx:8888 volumes: - searx-checker:/usr/local/searx-checker/html/data:rw networks: searx: volumes: searx-checker:I use your docker-compose.yml, but it dose not work well.
http://localhostorhttp://localhost:8888, but fail, searx dose not expose port, why we can access in browser?its 8004/8005
no, I access http://localhost:8004 or http://localhost:8005, but it return nothing, how you access it?
This is something I'm trying to accomplish too, and it's frankly impossible without changing parts of the docker-compose.yml && the Caddyfile. I've managed to get it forwarded to the front end loads but it won't query as it says it's 'rate limit exceeded'.
Is Caddy actually required here at all? Just wondering if this container setup would be relatively easy to strip Caddy out of leaving just a direct connection to Filtron/morty using an existing reverse proxy? I am of course making an assumption here, but I can't imagine many people have a use case where the only thing on their domain that they're self-hosting is searx.
Locally it functions perfectly well (for me) at the root of the local IP, but if you want to run TLS between the two containers, it gets gnarly.
I find Caddy an odd choice too -- it's a great bit of kit, but it seems relatively new and there's little documentation on the web for users to self-help.
This is something I'm trying to accomplish too, and it's frankly impossible without changing parts of the docker-compose.yml && the Caddyfile. I've managed to get it forwarded to the front end loads but it won't query as it says it's 'rate limit exceeded'.
Is Caddy actually required here at all? Just wondering if this container setup would be relatively easy to strip Caddy out of leaving just a direct connection to Filtron/morty using an existing reverse proxy? I am of course making an assumption here, but I can't imagine many people have a use case where the only thing on their domain that they're self-hosting is searx.
I found myself in the same spot. However, leaving Caddy just aside and directly reverse proxy to Filtron works perfectly fine for me. The only change in compose-docker.yaml then is to set BASE_URL and MORTY_URL correctly as they are available by through the reverse proxy.
So this is what works for you? What local ip and port do you forward in the proxy?
services:
filtron:
container_name: filtron
image: dalf/filtron
restart: always
ports:
- "127.0.0.1:4040:4040"
- "127.0.0.1:4041:4041"
networks:
- searx
command: -listen 0.0.0.0:4040 -api 0.0.0.0:4041 -target searx:8080
volumes:
- /mnt/data/docker/appdata/filtron/rules.json:/etc/filtron/rules.json:rw
read_only: true
cap_drop:
- ALL
searx:
container_name: searx
image: searx/searx:latest
restart: always
networks:
- searx
command: ${SEARX_COMMAND:-}
volumes:
- /mnt/data/docker/appdata/searx:/etc/searx:rw
environment:
- BIND_ADDRESS=0.0.0.0:8080
- BASE_URL=https://searx.mydomain.com/
- MORTY_URL=https://searx.mydomain.com/morty/
- MORTY_KEY=${MORTY_KEY}
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
morty:
container_name: morty
image: dalf/morty
restart: always
ports:
- "127.0.0.1:3000:3000"
networks:
- searx
command: -timeout 6 -ipv6
environment:
- MORTY_KEY=${MORTY_KEY}
- MORTY_ADDRESS=0.0.0.0:3000
logging:
driver: none
read_only: true
cap_drop:
- ALL
networks:
searx:
ipam:
driver: default
@akanealw Exactly. Despite BASE_URL and MORTY_URL I did not modify the compose file.
The relevant apache2 reverse proxy config part looks like this:
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
<Location />
ProxyPass http://127.0.0.1:4040/
ProxyPassReverse http://127.0.0.1:4040/
</Location>
<Location /morty>
ProxyPass http://127.0.0.1:3000
ProxyPassReverse http://127.0.0.1:3000
</Location>
I have followed all steps and am still revieving an "Rate Limit exceeded" error
enable websockets.
filtron requires websockets. users without websockets will get rate limited.
On Sun, Jan 30 2022 at 04:50:22 PM -0000, searx/searx-docker - reply+aipxadsqo5b3iasvfhzlyd6aakrmxevbnhhcztc7me at reply.github.com @.***> wrote:
I have followed all steps and am still revieving an "Rate Limit exceeded" error
— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you were mentioned.Message ID: @.***>
enable websockets. filtron requires websockets. users without websockets will get rate limited.
Filtron doesn't need websockets, that's not true.