searx-instances icon indicating copy to clipboard operation
searx-instances copied to clipboard

Published 20 hours ago verified publisher icon searxng

https://search.charliewhiskey.net

Open botchedcode opened this issue 1 year ago • 2 comments

Requirements (make sure to read all of them)

  • [X] It is my instance. I bought the domain myself and I own this domain. Free domains (e.g. Freenom) and shared domains (e.g. noip.com) are not allowed.
  • [X] I'll keep my instance up to date, at the very least 1 week old. Example program for keeping up to date: watchtower, cron, ouroboros.
  • [X] I give the right to check.searx.space to check my instance (every 3 hours for the response times, every 24 hours for the other tests).
  • [X] I acknowledge that managing a public instance is not an easy task and require spending time to keep the instance in good health. E.g. look after your instance by using a monitoring system.
  • [X] I guarantee to keep an uptime per month of my instance at minimum 90%. Please ask for a removal of your instance if there is a planned long downtime or notify us here for a short downtime.
  • [X] I do not track the users of my instance with any analytics or tracking software.
  • [X] I won't try to manipulate the ranking of my instance in a way that give an unfair advantage over the other public instances in the list. (e.g. caching requests for searx.space server)
  • [X] I control the final webserver (software) that is serving the requests to the users of my instance. Here is a non-exhaustive list of forbidden hosting types: Cloudflare, PaaS, managed (hosting provider controlled) HTTP(S) load balancer (e.g. AWS ALB), shared Web hosting. TCP load balancer is fine. Cloudflare DNS only (grey cloud) is fine.
  • [X] If needed, I can restrict users from accessing my instance for the only sole reason of keeping my instance in working conditions for the other users (detailed description - evidence need to be provided when asked). Other means of restriction is forbidden.

Bot protection requirement

  • [X] Yes I have configured the server.public_instance parameter.

Source code URL

No response

Comment

No response

botchedcode avatar May 03 '24 16:05 botchedcode

Please consider joining our Matrix room for public instance maintainers by joining our Matrix room: https://matrix.to/#/#searxng:matrix.org then pinging @ unixfox, @ dalf and @ mrpaulblack for asking to be invited to the Matrix room. We discuss troubles managing a public instance, sharing some advices (like how to protect against bots), announcing big changes in searxng and more.

github-actions[bot] avatar May 03 '24 16:05 github-actions[bot]

Comment

SearXNG instance was created by Docker compose using docker.io/searxng/searxng:latest, updated daily by cronjob. I have an A+ grade for HTTPS/TLS at cryptcheck.fr. I also have an A+ grade from Mozilla Observatory for CSP, HSTS, XSS-Protection, etc. Not using trackers (nothing was found by uBlock Origin, uMatrix, Privacy Badger and Malwarebytes Browser Guard.

botchedcode avatar May 04 '24 07:05 botchedcode

Hi @botchedcode, first access to http://search.charliewhiskey.net/config redirects to an invalid URL https://search.charliewhiskey.netconfig (note the slash and TLD). Please setup HTTP to HTTPS correctly.

ononoki1 avatar May 08 '24 15:05 ononoki1

Hi @ononoki1, I was a little confused by your information and was unable to recreate it in my own home. I tested it several times in different ways, but the forwarding always led me to the correct destination address without exception.

I just found out: it works perfectly with the Vivaldi browser (Chromium-based), it also works perfectly with Firefox. Under Linux as well as under Windows.

I first had to use Google Chrome and Microsoft Edge to reproduce the problem. I normally avoid both browsers as a matter of principle. Surprise: Chrome and Edge show the behaviour you reported, but Vivaldi and Firefox do not. I have never seen this before.

I have now adjusted the configuration of my Apache reverse proxy so that it also works with Chrome and Edge.

Please try again.

botchedcode avatar May 08 '24 16:05 botchedcode

I was a little confused by your information and was unable to recreate it in my own home. I tested it several times in different ways, but the forwarding always led me to the correct destination address without exception.

Your site uses HSTS (the Strict-Transport-Security header), which will make browser always use HTTPS after first access via HTTPS. So when visiting http://search.charliewhiskey.net/config, the browser will rewrite the URL to https://search.charliewhiskey.net/config internally without sending request to server. That's also why you can only reproduce the wrong redirection on a new browser.

ononoki1 avatar May 08 '24 16:05 ononoki1