searx-instances icon indicating copy to clipboard operation
searx-instances copied to clipboard
verified publisher icon searxng

Add https://searx.mxchange.org

Open Quix0r opened this issue 1 year ago • 8 comments

Requirements (make sure to read all of them)

  • [X] It is my instance. I bought the domain myself and I own this domain. Free domains (e.g. Freenom) and shared domains (e.g. noip.com) are not allowed.
  • [X] I'll keep my instance up to date, at the very least 1 week old. Example program for keeping up to date: watchtower, cron, ouroboros.
  • [X] I give the right to check.searx.space to check my instance (every 3 hours for the response times, every 24 hours for the other tests).
  • [X] I acknowledge that managing a public instance is not an easy task and require spending time to keep the instance in good health. E.g. look after your instance by using a monitoring system.
  • [X] I guarantee to keep an uptime per month of my instance at minimum 90%. Please ask for a removal of your instance if there is a planned long downtime or notify us here for a short downtime.
  • [X] I do not track the users of my instance with any analytics or tracking software.
  • [X] I won't try to manipulate the ranking of my instance in a way that give an unfair advantage over the other public instances in the list. (e.g. caching requests for searx.space server)
  • [X] I control the final webserver (software) that is serving the requests to the users of my instance. Here is a non-exhaustive list of forbidden hosting types: Cloudflare, PaaS, managed (hosting provider controlled) HTTP(S) load balancer (e.g. AWS ALB), shared Web hosting. TCP load balancer is fine. Cloudflare DNS only (grey cloud) is fine.
  • [X] If needed, I can restrict users from accessing my instance for the only sole reason of keeping my instance in working conditions for the other users (detailed description - evidence need to be provided when asked). Other means of restriction is forbidden.

Bot protection requirement

  • [X] Yes I have configured the server.public_instance parameter.

Source code URL

No response

Comment

Local /etc/searxng/limiter.toml has link_token=true enabled.

Quix0r avatar Jul 10 '24 18:07 Quix0r

@maintainers Warning, instance found in the commit history, make sure to wait 1 week before adding the instance if needed. See here for more information: https://github.com/searxng/searx-instances#add-a-previously-submitted-instance

Commit ID: 5333343cd683d6e983e299fb3ac170d5542fbaed
 - Date: Tue Sep 5 13:31:24 2023 +0200
 - Description: [mod] remove non SearXNG instances (the old searx instances) from the list (#331)
 - Author: Markus Heiser

Commit ID: 73460260597a8b8f65ab5b00d7b56ba9e0d316c5
 - Date: Wed Jan 29 15:41:16 2020 +0100
 - Description: Update the model, import existing instances
 - Author: Dalf

github-actions[bot] avatar Jul 10 '24 18:07 github-actions[bot]

Please consider joining our Matrix room for public instance maintainers by joining our Matrix room: https://matrix.to/#/#searxng:matrix.org then pinging @ unixfox, @ dalf and @ mrpaulblack for asking to be invited to the Matrix room. We discuss troubles managing a public instance, sharing some advices (like how to protect against bots), announcing big changes in searxng and more.

github-actions[bot] avatar Jul 10 '24 18:07 github-actions[bot]

Your TLS and CSP grades are not optimal. However, these grades can be ignored if you do not mind being ranked lower on searx.space. If you want to fix it before adding your instance, just do it and notify us when finished. Otherwise, tell us to add your instance now.

ononoki1 avatar Jul 23 '24 02:07 ononoki1

That's odd, it claims that headers for HSTS aren't set. But my configuration file contains them (by default I add them for all):

    <IfModule mod_headers.c>
        Header always set X-Content-Type-Options "nosniff"
        Header always set X-XSS-Protection "1; mode=block"
        Header always set X-Frame-Options "sameorigin"
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        Header always set Referrer-Policy: no-referrer
    </IfModule>

Quix0r avatar Jul 23 '24 13:07 Quix0r

How I do it here:

    <Location />
        # httpd dmn entry PHP support BEGIN.
        # httpd dmn entry PHP support END.
        Options -Indexes +Includes +FollowSymLinks +MultiViews
        SetHandler uwsgi-handler
        uWSGISocket /run/uwsgi/app/searx/socket
        uWSGImaxVars 256
        <LimitExcept GET POST HEAD DELETE>
            <RequireAll>
                Require all granted
            </RequireAll>
        </LimitExcept>
    </Location>

The settings.yml file does set the headers, I didn't know that.

Quix0r avatar Jul 23 '24 14:07 Quix0r

My apache is not setting those headers you can see at https://developer.mozilla.org/en-US/observatory/analyze?host=searx.mxchange.org#headers

Quix0r avatar Jul 23 '24 14:07 Quix0r

Pleasee add me now.

Quix0r avatar Jul 23 '24 14:07 Quix0r

Please use the edit button. It's unnecessary to send that many comments.

unixfox avatar Jul 23 '24 22:07 unixfox

Little head-up for my instance: The (by me) selected default search engines seem to block my server's IP address. So you have to choose your own instances and save the settings string in a text file.

Quix0r avatar Nov 15 '24 13:11 Quix0r

hello @Quix0r, make sure to keep your instance up to date. your instance needs to be at the very least 1 week old, it's 2 months old!

when there will be a second warning, your instance will be removed.

unixfox avatar Jan 10 '25 20:01 unixfox

I now run a small shell script:

#!/bin/sh

cd ${HOME}/searx/ || exit 255
git pull --all || exit 255
./manage py.build

Of course I need to execute /etc/init.d/uwsgi restart as root. But else it is now updated automatically.

Quix0r avatar Jan 13 '25 03:01 Quix0r

@Quix0r - Your instance is out of date again: 2025.6.15+b12d2b317 - check your script please.

I'll keep my instance up to date, at the very least 1 week old. Example program for keeping up to date: watchtower, cron, ouroboros.

vojkovic avatar Sep 25 '25 01:09 vojkovic

I'm updating the node manually as I have touched the settings.yml file and it might cause conflicts on rebase.

Quix0r avatar Sep 26 '25 23:09 Quix0r

valkey wasn't installed. Under Devuan/Debian you need to install valkey-server which listens on the same port as REDIS does. So if you need to run both, change the port in /etc/valkey/valkey.conf to an other number.

Quix0r avatar Sep 27 '25 23:09 Quix0r

Great, thanks.

Your instance is now coming back as 2025.9.28+3aeb49a74+dirty, +dirty appears when you leave uncommitted changes to searxng.

vojkovic avatar Sep 28 '25 09:09 vojkovic

A git diff brings no output here as I have committed my local changes to settings.yml. I run it directly from the source root directory.

Quix0r avatar Sep 28 '25 18:09 Quix0r 

[uwsgi]
# Who will run the code
uid = searx
gid = searx

# Cache
cache2 = name=searxcache,items=2000,blocks=2000,blocksize=4096,bitmap=1

# disable logging for privacy
disable-logging = true

# Number of workers (usually CPU count)
workers = 2

# The right granted on the created socket
chmod-socket = 666

# Plugin to use and interpreter config
single-interpreter = true
master = true
plugin = python3,http
lazy-apps = true
enable-threads = true

# Module to import
module = searx.webapp

# Virtualenv and python path
virtualenv = /home/searx/searx/local/py3/
pythonpath = /home/searx/searx/
chdir = /home/searx/searx/searx/

Quix0r avatar Sep 28 '25 18:09 Quix0r

The +dirty suffix doesn't mean your tracked files have diffs, it means something in your working tree is different from a clean git checkout.

I will need you to fix this to keep your instance on the public list.

vojkovic avatar Sep 29 '25 15:09 vojkovic

That is might be my local commit on settings.yml then where I added my secret key, base URL and changed some other configuration. An idea is a to add searx/settinhs.yml to .gitignore and rename it settings.yml.dist. Then people can have local changes to their settings file and still have a clean checkout.

Quix0r avatar Sep 29 '25 16:09 Quix0r

An other also very common way is to have 2 configuration files, a committed settings.yml and an ignored settings-local.yml with loading order settings -> local. So the local settings can overwrite "generic" settings.

Quix0r avatar Sep 29 '25 16:09 Quix0r

That is might be my local commit on settings.yml then where I added my secret key, base URL and changed some other configuration

There is no need to modify the searx/settings.yml file in the repository.

Create a local /etc/searxng/settings.yml file, in its first line set use_default_settings: true and change only what is needed. Here is a minimal example:

use_default_settings: true

server:
    secret_key: "ultrasecretkey"   # change this
    base_url: http://example.org/location  # change this!

return42 avatar Sep 30 '25 04:09 return42

Ah, so you have a "local configuration" file as I described as 2nd option. That's what I didn't know. I then revert my changes and before set them in your mentioned file.

Quix0r avatar Sep 30 '25 18:09 Quix0r

All done!

Quix0r avatar Sep 30 '25 21:09 Quix0r

Nicely done! Also to go back to the original issue, can you setup some sort of auto update for your instance as it's already been noted as outdated twice in the past.

vojkovic avatar Oct 01 '25 09:10 vojkovic

I'm currently doing this here:

$ crontab -l
MAILTO="[email protected]"

# m h  dom mon dow   command
@weekly         ${HOME}/update.sh 2>&1

And update.sh:

#!/bin/sh

cd ${HOME}/searx/ || exit 255
echo "$0: git pull ..."
git pull --all || exit 255
echo "$0: ./manage py.build ..."
./manage py.build || exit 255
echo "$0: All done."

Quix0r avatar Oct 01 '25 20:10 Quix0r