Knowledgebase

Install Searx with Nginx on Ubuntu 20.10 Print

  • 0

Introduction

Searx is an open-source search engine that gathers results from over 70 engines (such as Bing, Google, DuckDuckGo, or Wikipedia) into a single site, without recording your search history, IP address, or browser fingerprint.

After completing this guide, you will have:

  • A fully functional Searx Search Engine (version 1.0.0)
  • Private and encrypted, log-free searches
  • Proxified links to increase privacy
  • Protection against misuse with a reverse proxy rules engine

Prerequisites

To complete this guide, you will need the following:

1. Update Domain DNS Entries

Using your custom domain, update the A Record (IPv4) and AAAA Record (IPv6) with the IP addresses of your server. This guide uses search.example.com for all examples. If you host your DNS with Rcs, you can edit records by visiting the DNS tab in the control panel.

  • Type: A and AAAA
  • Name: search
  • Data: Cloud Instance IPv4 (A) and IPv6 (AAAA) Address
  • Priority: No Change

2. Create a Firewall for Your Server

In the Firewall section of the Products page, add a new firewall and attach it to your server. The last entry in the firewall is for ssh security. Changing the default port for SSH (22) to any random port number between 1024 and 65535 will help to stop some bot attacks.

Both IPv4 and IPv6 Protocols

Rule 1:

  • Action: accept
  • Protocol: TCP (http)
  • Port: 80
  • Source: Anywhere

Rule 2:

  • Action: accept
  • Protocol: TCP (https)
  • Port: 443
  • Source: Anywhere

Rule 3:

  • Action: accept
  • Protocol: TCP
  • Port: 55800
  • Source: Local IP is Preferred or Anywhere

3. Create User and Enable SSH-Only Access

  1. Update and Upgrade Ubuntu:

     # apt update && apt upgrade -y 
  2. Create a new user:

     # adduser *example_User* 
  3. After entering a password and other details, add this new user to the sudo group:

     # usermod -aG sudo *example_User* 
  4. On your local computer, create an SSH key pair using ssh-keygen and name it searchengine.

     $ cd ~/.ssh
     $ ssh-keygen -f searchengine
  5. On Linux or MacOS, copy the key to your server. For Windows read this Serverfault post for alternatives to ssh-copy-id.

     $ ssh-copy-id -i ~/.ssh/searchengine *example_User@<cloud IP address>*
  6. Returning to your server as the root user, update SSH configuration to remove password authentication.

     # nano /etc/ssh/sshd_config

    Find and change the entries below. Remove any hash marks '#' at the start of each line.

     ...
     Port 55800 #change from 22 to match firewall
    
     PubkeyAuthentication yes
     UsePam no
    
     PasswordAuthentication no
     PermitRootLogin no
  7. Save this file and restart ssh:

     # systemctl restart ssh
  8. Leaving the root account still logged in, open a new terminal window on your local computer. Log into your server with your new user account, custom port, and key using ssh:

     $ ssh -p 55800 -i ~/.ssh/searchengine *example_User@<cloud IP address>* 

    You can now log out the root user and close the Rcs terminal window. You will use this new user for the rest of the guide.

4. Add A Swapfile

If your server has less than 1GB of memory Searx will not install. Adding a swapfile will fix this for you:

    $ sudo swapoff /swapfile
    $ sudo fallocate -l 1G /swapfile
    $ sudo mkswap /swapfile
    $ sudo swapon /swapfile
    $ sudo chmod 600 /swapfile 
    $ sudo swapon --show

The last command will output results like this:

          NAME    TYPE    SIZE    USED    PRIO
      /swapfile     file    1024M     0B    -2

5. Install Nginx and a Free SSL Certificate

  1. Install Nginx.

     $ sudo -H apt install nginx
  2. Create a configuration file using the domain as the file name (Example: search.example.com).

     $ sudo nano /etc/nginx/sites-available/search.example.com

    Change the server_name to match your custom domain name created in Step 2 above:

     server {
         listen 80;
         listen [::]:80; # For IPv6
         server_name search.example.com; # <-- CHANGE TO YOUR CUSTOM DOMAIN NAME
         access_log /dev/null; # No Logs
         error_log /dev/null; # No Logs
         root /var/www/html;
         index index.html index.htm;
    
         location / {
             try_files $uri $uri/ = 404;
         }
    
         # For Certbot
         location /.well-known/acme-challenge {
             root    /var/www/html;
         }
    
         # https://search.example.com/searx
         location /searx {
             proxy_pass         http://127.0.0.1:4004/;
             proxy_set_header   Host             $http_host;
             proxy_set_header   Connection       $http_connection;
             proxy_set_header   X-Real-IP        $remote_addr;
             proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
             proxy_set_header   X-Scheme         $scheme;
             proxy_set_header   X-Script-Name    /searx;
         }
    
         location /searx/static {
             alias /usr/local/searx/searx-src/searx/static;
         }
    
         location /morty {
             proxy_pass         http://127.0.0.1:3000/;
             proxy_set_header   Host             $http_host;
             proxy_set_header   Connection       $http_connection;
             proxy_set_header   X-Real-IP        $remote_addr;
             proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
             proxy_set_header   X-Scheme         $scheme;
         }
     }
  3. Save this file and create a symbolic link in sites-enabled to activate the site in Nginx.

     $ sudo -H ln -s /etc/nginx/sites-available/search.example.com /etc/nginx/sites-enabled/search.example.com
  4. Verify Nginx is configured correctly:

     $ sudo nginx -t
  5. Remove the default Nginx site (optional):

     $ sudo rm /etc/nginx/sites-available/default
     $ sudo rm /etc/nginx/sites-enabled/default
  6. Reload Nginx.

     $ sudo systemctl reload nginx
  7. To protect your privacy, stop Nginx from logging any requests:

     $ sudo nano /etc/nginx/nginx.conf

    In the nginx.conf file, change the log file directories:

     ...
     error_log: /dev/null;
     access_log: /dev/null;
     ...
  8. Install the EFF Certbot and the Let's Encrypt SSL certificates for your domain.

     $ sudo apt install certbot python3-certbot-nginx
     $ sudo certbot --nginx -d search.example.com
  9. Restart the Nginx service to make sure your configuration is working:

     $ sudo -H systemctl restart nginx
  10. Use the netstat command to confirm your server is listening to port 80 and 443:

     $ sudo netstat -tulpn
  11. Change the name of the configuration file to searx.conf. This will help the Searx install scripts work in the next step.

    $ sudo cp /etc/nginx/sites-available/search.example.com /etc/nginx/sites-available/searx.conf
    
    $ sudo -H ln -s /etc/nginx/sites-available/searx.conf /etc/nginx/sites-enabled/searx.conf
    
    $ sudo rm /etc/nginx/sites-available/search.example.com
    $ sudo rm /etc/nginx/sites-enabled/search.example.com
    
    $ sudo nginx -t 
    $ sudo systemctl reload nginx

6. Install Searx Search Engine and Components

You are now ready to install Searx! Searx is easy to install with pre-written scripts.

  1. Install Golang:

     $ sudo apt install golang
  2. Create and cd into a new directory called ‘Downloads’:

     $ sudo mkdir ~/Downloads && cd ~/Downloads 
  3. Clone the Searx repository into a new searx directory using git:

     $ sudo git clone https://github.com/searx/searx searx
  4. Create two directory structures using the -p flag. This avoids a rights issue later when running the Searx install scripts.

     $ sudo mkdir -p ~/Downloads/searx/cache/etc/uwsgi/apps-available
    
     $ sudo mkdir -p ~/Downloads/searx/cache/lib/systemd/system     
  5. Navigate to the searx directory and edit the .config.sh file:

     $ cd searx
     $ sudo nano ./.config.sh

    Replace the PUBLIC_URL with your custom domain name matching the A and AAAA DNS records.

     PUBLIC_URL="https://search.example.com/searx"
  6. Install Searx and uWSGI using the installation script:

     $ sudo -H ./utils/searx.sh install all
  7. Confirm Searx is running:

     $ sudo -H ./utils/searx.sh inspect service
  8. Create and copy two keys to use for your settings.yml file.

     $ openssl rand -hex 16
    
     $ openssl rand -base64 33
  9. Edit the Searx settings.yml file to match your custom domain and keys

     $ sudo nano /etc/searx/settings.yml 

    In the server section update the base_url and secret_key. Uncomment the result_proxy section and add your custom url and key.

     ...
     server:
         port : 8888
         bind_address : "127.0.0.1" # address to listen on
         secret_key : "ultrasecretkey" # Use: openssl rand -hex 16 to change this!
         base_url : https://search.example.com # Set custom base_url. Possible values: False or "https://your.custom.host/location/"
         image_proxy : True # Proxying image results through searx
    
     # uncomment below section if you have running morty proxy
     result_proxy:
         url : https://search.example.com/morty
         key : !!binary "your_morty_proxy_key" # Use: openssl rand -base64 33 to change this!
  10. Save the settings file and then Restart and test:

    $ sudo systemctl restart uwsgi
    $ sudo ./utils/searx.sh inspect service

    Searx is installed but not available from the internet yet. Requests are routed through Filtron to protect your server from misuse, so it will be installed next.

  11. Install the Filtron Reverse Proxy. You do not need to install the nginx reverse proxy (ProxyPass) at the end of this script as that step has already been completed.

    $ sudo -H ./utils/filtron.sh install all     
  12. Install the Morty Results Proxy using the installation script:

    $ sudo -H ./utils/morty.sh install all
  13. Restart Searx and check status:

    $ sudo -H service uwsgi restart
    $ sudo -H ~/Downloads/searx/utils/searx.sh inspect service
    $ sudo -H ~/Downloads/searx/utils/filtron.sh inspect service
    $ sudo -H ~/Downloads/searx/utils/morty.sh inspect service

Congratulations! Your server is now hosting a fully operational, log-free, and ssl-encrypted Searx site. Visit https://search.example.com/searx to use it.

After you log out, you can remove the Port 55800 entry in your firewall to increase security. To access to your server in the future, log into Rcs and add this firewall entry back.

Ideas for Your Searx Server

  • Change your browser default search engine to Searx. You will add it with a template using ?q=%s for the search term:

      https://search.example.com/searx/search?q=%s
  • Set the preferences for Searx to use specific search engines or change the theme. A detailed description of settings is located in the Searx documentation.

  • Visit Searx-Instances to add your server to the list of public Searx instances.

  • Consider additional DDOS protection available from Rcs to help protect your server from abuse.

More Information

Introduction Searx is an open-source search engine that gathers results from over 70 engines (such as Bing, Google, DuckDuckGo, or Wikipedia) into a single site, without recording your search history, IP address, or browser fingerprint. After completing this guide, you will have: A fully functional Searx Search Engine (version 1.0.0) Private and encrypted, log-free searches Proxified links to increase privacy Protection against misuse with a reverse proxy rules engine Prerequisites To complete this guide, you will need the following: Rcs Cloud Instance with Ubuntu 20.10 and root access Add an IPv6 Address Basic web, networking, and DNS knowledge 1. Update Domain DNS Entries Using your custom domain, update the A Record (IPv4) and AAAA Record (IPv6) with the IP addresses of your server. This guide uses search.example.com for all examples. If you host your DNS with Rcs, you can edit records by visiting the DNS tab in the control panel. Type: A and AAAA Name: search Data: Cloud Instance IPv4 (A) and IPv6 (AAAA) Address Priority: No Change 2. Create a Firewall for Your Server In the Firewall section of the Products page, add a new firewall and attach it to your server. The last entry in the firewall is for ssh security. Changing the default port for SSH (22) to any random port number between 1024 and 65535 will help to stop some bot attacks. Both IPv4 and IPv6 Protocols Rule 1: Action: accept Protocol: TCP (http) Port: 80 Source: Anywhere Rule 2: Action: accept Protocol: TCP (https) Port: 443 Source: Anywhere Rule 3: Action: accept Protocol: TCP Port: 55800 Source: Local IP is Preferred or Anywhere 3. Create User and Enable SSH-Only Access Update and Upgrade Ubuntu: # apt update && apt upgrade -y Create a new user: # adduser *example_User* After entering a password and other details, add this new user to the sudo group: # usermod -aG sudo *example_User* On your local computer, create an SSH key pair using ssh-keygen and name it searchengine. $ cd ~/.ssh $ ssh-keygen -f searchengine On Linux or MacOS, copy the key to your server. For Windows read this Serverfault post for alternatives to ssh-copy-id. $ ssh-copy-id -i ~/.ssh/searchengine *example_User@* Returning to your server as the root user, update SSH configuration to remove password authentication. # nano /etc/ssh/sshd_config Find and change the entries below. Remove any hash marks '#' at the start of each line. ... Port 55800 #change from 22 to match firewall PubkeyAuthentication yes UsePam no PasswordAuthentication no PermitRootLogin no Save this file and restart ssh: # systemctl restart ssh Leaving the root account still logged in, open a new terminal window on your local computer. Log into your server with your new user account, custom port, and key using ssh: $ ssh -p 55800 -i ~/.ssh/searchengine *example_User@* You can now log out the root user and close the Rcs terminal window. You will use this new user for the rest of the guide. 4. Add A Swapfile If your server has less than 1GB of memory Searx will not install. Adding a swapfile will fix this for you: $ sudo swapoff /swapfile $ sudo fallocate -l 1G /swapfile $ sudo mkswap /swapfile $ sudo swapon /swapfile $ sudo chmod 600 /swapfile $ sudo swapon --show The last command will output results like this: NAME TYPE SIZE USED PRIO /swapfile file 1024M 0B -2 5. Install Nginx and a Free SSL Certificate Install Nginx. $ sudo -H apt install nginx Create a configuration file using the domain as the file name (Example: search.example.com). $ sudo nano /etc/nginx/sites-available/search.example.com Change the server_name to match your custom domain name created in Step 2 above: server { listen 80; listen [::]:80; # For IPv6 server_name search.example.com; # <-- CHANGE TO YOUR CUSTOM DOMAIN NAME access_log /dev/null; # No Logs error_log /dev/null; # No Logs root /var/www/html; index index.html index.htm; location / { try_files $uri $uri/ = 404; } # For Certbot location /.well-known/acme-challenge { root /var/www/html; } # https://search.example.com/searx location /searx { proxy_pass http://127.0.0.1:4004/; proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx; } location /searx/static { alias /usr/local/searx/searx-src/searx/static; } location /morty { proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; } } Save this file and create a symbolic link in sites-enabled to activate the site in Nginx. $ sudo -H ln -s /etc/nginx/sites-available/search.example.com /etc/nginx/sites-enabled/search.example.com Verify Nginx is configured correctly: $ sudo nginx -t Remove the default Nginx site (optional): $ sudo rm /etc/nginx/sites-available/default $ sudo rm /etc/nginx/sites-enabled/default Reload Nginx. $ sudo systemctl reload nginx To protect your privacy, stop Nginx from logging any requests: $ sudo nano /etc/nginx/nginx.conf In the nginx.conf file, change the log file directories: ... error_log: /dev/null; access_log: /dev/null; ... Install the EFF Certbot and the Let's Encrypt SSL certificates for your domain. $ sudo apt install certbot python3-certbot-nginx $ sudo certbot --nginx -d search.example.com Restart the Nginx service to make sure your configuration is working: $ sudo -H systemctl restart nginx Use the netstat command to confirm your server is listening to port 80 and 443: $ sudo netstat -tulpn Change the name of the configuration file to searx.conf. This will help the Searx install scripts work in the next step. $ sudo cp /etc/nginx/sites-available/search.example.com /etc/nginx/sites-available/searx.conf $ sudo -H ln -s /etc/nginx/sites-available/searx.conf /etc/nginx/sites-enabled/searx.conf $ sudo rm /etc/nginx/sites-available/search.example.com $ sudo rm /etc/nginx/sites-enabled/search.example.com $ sudo nginx -t $ sudo systemctl reload nginx 6. Install Searx Search Engine and Components You are now ready to install Searx! Searx is easy to install with pre-written scripts. Install Golang: $ sudo apt install golang Create and cd into a new directory called ‘Downloads’: $ sudo mkdir ~/Downloads && cd ~/Downloads Clone the Searx repository into a new searx directory using git: $ sudo git clone https://github.com/searx/searx searx Create two directory structures using the -p flag. This avoids a rights issue later when running the Searx install scripts. $ sudo mkdir -p ~/Downloads/searx/cache/etc/uwsgi/apps-available $ sudo mkdir -p ~/Downloads/searx/cache/lib/systemd/system Navigate to the searx directory and edit the .config.sh file: $ cd searx $ sudo nano ./.config.sh Replace the PUBLIC_URL with your custom domain name matching the A and AAAA DNS records. PUBLIC_URL="https://search.example.com/searx" Install Searx and uWSGI using the installation script: $ sudo -H ./utils/searx.sh install all Confirm Searx is running: $ sudo -H ./utils/searx.sh inspect service Create and copy two keys to use for your settings.yml file. $ openssl rand -hex 16 $ openssl rand -base64 33 Edit the Searx settings.yml file to match your custom domain and keys $ sudo nano /etc/searx/settings.yml In the server section update the base_url and secret_key. Uncomment the result_proxy section and add your custom url and key. ... server: port : 8888 bind_address : "127.0.0.1" # address to listen on secret_key : "ultrasecretkey" # Use: openssl rand -hex 16 to change this! base_url : https://search.example.com # Set custom base_url. Possible values: False or "https://your.custom.host/location/" image_proxy : True # Proxying image results through searx # uncomment below section if you have running morty proxy result_proxy: url : https://search.example.com/morty key : !!binary "your_morty_proxy_key" # Use: openssl rand -base64 33 to change this! Save the settings file and then Restart and test: $ sudo systemctl restart uwsgi $ sudo ./utils/searx.sh inspect service Searx is installed but not available from the internet yet. Requests are routed through Filtron to protect your server from misuse, so it will be installed next. Install the Filtron Reverse Proxy. You do not need to install the nginx reverse proxy (ProxyPass) at the end of this script as that step has already been completed. $ sudo -H ./utils/filtron.sh install all Install the Morty Results Proxy using the installation script: $ sudo -H ./utils/morty.sh install all Restart Searx and check status: $ sudo -H service uwsgi restart $ sudo -H ~/Downloads/searx/utils/searx.sh inspect service $ sudo -H ~/Downloads/searx/utils/filtron.sh inspect service $ sudo -H ~/Downloads/searx/utils/morty.sh inspect service Congratulations! Your server is now hosting a fully operational, log-free, and ssl-encrypted Searx site. Visit https://search.example.com/searx to use it. After you log out, you can remove the Port 55800 entry in your firewall to increase security. To access to your server in the future, log into Rcs and add this firewall entry back. Ideas for Your Searx Server Change your browser default search engine to Searx. You will add it with a template using ?q=%s for the search term: https://search.example.com/searx/search?q=%s Set the preferences for Searx to use specific search engines or change the theme. A detailed description of settings is located in the Searx documentation. Visit Searx-Instances to add your server to the list of public Searx instances. Consider additional DDOS protection available from Rcs to help protect your server from abuse. More Information Searx Project Searx Documentation Searx Github Repository Morty Github Repository Filtron Github Repository

Was this answer helpful?
Back

Powered by WHMCompleteSolution