Introduction
Searx is an open-source search engine that gathers results from over 70 engines (such as Bing, Google, DuckDuckGo, or Wikipedia) into a single site, without recording your search history, IP address, or browser fingerprint.
After completing this guide, you will have:
- A fully functional Searx Search Engine (version 1.0.0)
- Private and encrypted, log-free searches
- Proxified links to increase privacy
- Protection against misuse with a reverse proxy rules engine
Prerequisites
To complete this guide, you will need the following:
- Rcs Cloud Instance with Ubuntu 20.10 and root access
- Add an IPv6 Address
- Basic web, networking, and DNS knowledge
1. Update Domain DNS Entries
Using your custom domain, update the A Record (IPv4) and AAAA Record (IPv6) with the IP addresses of your server. This guide uses search.example.com for all examples. If you host your DNS with Rcs, you can edit records by visiting the DNS tab in the control panel.
- Type: A and AAAA
- Name: search
- Data: Cloud Instance IPv4 (A) and IPv6 (AAAA) Address
- Priority: No Change
2. Create a Firewall for Your Server
In the Firewall section of the Products page, add a new firewall and attach it to your server. The last entry in the firewall is for ssh security. Changing the default port for SSH (22) to any random port number between 1024 and 65535 will help to stop some bot attacks.
Both IPv4 and IPv6 Protocols
Rule 1:
- Action: accept
- Protocol: TCP (http)
- Port: 80
- Source: Anywhere
Rule 2:
- Action: accept
- Protocol: TCP (https)
- Port: 443
- Source: Anywhere
Rule 3:
- Action: accept
- Protocol: TCP
- Port: 55800
- Source: Local IP is Preferred or Anywhere
3. Create User and Enable SSH-Only Access
Update and Upgrade Ubuntu:
# apt update && apt upgrade -y
Create a new user:
# adduser *example_User*
After entering a password and other details, add this new user to the sudo group:
# usermod -aG sudo *example_User*
On your local computer, create an SSH key pair using ssh-keygen and name it searchengine.
$ cd ~/.ssh $ ssh-keygen -f searchengine
On Linux or MacOS, copy the key to your server. For Windows read this Serverfault post for alternatives to ssh-copy-id.
$ ssh-copy-id -i ~/.ssh/searchengine *example_User@<cloud IP address>*
Returning to your server as the root user, update SSH configuration to remove password authentication.
# nano /etc/ssh/sshd_config
Find and change the entries below. Remove any hash marks '#' at the start of each line.
... Port 55800 #change from 22 to match firewall PubkeyAuthentication yes UsePam no PasswordAuthentication no PermitRootLogin no
Save this file and restart ssh:
# systemctl restart ssh
Leaving the root account still logged in, open a new terminal window on your local computer. Log into your server with your new user account, custom port, and key using ssh:
$ ssh -p 55800 -i ~/.ssh/searchengine *example_User@<cloud IP address>*
You can now log out the root user and close the Rcs terminal window. You will use this new user for the rest of the guide.
4. Add A Swapfile
If your server has less than 1GB of memory Searx will not install. Adding a swapfile will fix this for you:
$ sudo swapoff /swapfile
$ sudo fallocate -l 1G /swapfile
$ sudo mkswap /swapfile
$ sudo swapon /swapfile
$ sudo chmod 600 /swapfile
$ sudo swapon --show
The last command will output results like this:
NAME TYPE SIZE USED PRIO
/swapfile file 1024M 0B -2
5. Install Nginx and a Free SSL Certificate
Install Nginx.
$ sudo -H apt install nginx
Create a configuration file using the domain as the file name (Example: search.example.com).
$ sudo nano /etc/nginx/sites-available/search.example.com
Change the server_name to match your custom domain name created in Step 2 above:
server { listen 80; listen [::]:80; # For IPv6 server_name search.example.com; # <-- CHANGE TO YOUR CUSTOM DOMAIN NAME access_log /dev/null; # No Logs error_log /dev/null; # No Logs root /var/www/html; index index.html index.htm; location / { try_files $uri $uri/ = 404; } # For Certbot location /.well-known/acme-challenge { root /var/www/html; } # https://search.example.com/searx location /searx { proxy_pass http://127.0.0.1:4004/; proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx; } location /searx/static { alias /usr/local/searx/searx-src/searx/static; } location /morty { proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; } }
Save this file and create a symbolic link in
sites-enabled
to activate the site in Nginx.$ sudo -H ln -s /etc/nginx/sites-available/search.example.com /etc/nginx/sites-enabled/search.example.com
Verify Nginx is configured correctly:
$ sudo nginx -t
Remove the default Nginx site (optional):
$ sudo rm /etc/nginx/sites-available/default $ sudo rm /etc/nginx/sites-enabled/default
Reload Nginx.
$ sudo systemctl reload nginx
To protect your privacy, stop Nginx from logging any requests:
$ sudo nano /etc/nginx/nginx.conf
In the
nginx.conf
file, change the log file directories:... error_log: /dev/null; access_log: /dev/null; ...
Install the EFF Certbot and the Let's Encrypt SSL certificates for your domain.
$ sudo apt install certbot python3-certbot-nginx $ sudo certbot --nginx -d search.example.com
Restart the Nginx service to make sure your configuration is working:
$ sudo -H systemctl restart nginx
Use the netstat command to confirm your server is listening to port 80 and 443:
$ sudo netstat -tulpn
Change the name of the configuration file to
searx.conf
. This will help the Searx install scripts work in the next step.$ sudo cp /etc/nginx/sites-available/search.example.com /etc/nginx/sites-available/searx.conf $ sudo -H ln -s /etc/nginx/sites-available/searx.conf /etc/nginx/sites-enabled/searx.conf $ sudo rm /etc/nginx/sites-available/search.example.com $ sudo rm /etc/nginx/sites-enabled/search.example.com $ sudo nginx -t $ sudo systemctl reload nginx
6. Install Searx Search Engine and Components
You are now ready to install Searx! Searx is easy to install with pre-written scripts.
Install Golang:
$ sudo apt install golang
Create and cd into a new directory called ‘Downloads’:
$ sudo mkdir ~/Downloads && cd ~/Downloads
Clone the Searx repository into a new searx directory using git:
$ sudo git clone https://github.com/searx/searx searx
Create two directory structures using the -p flag. This avoids a rights issue later when running the Searx install scripts.
$ sudo mkdir -p ~/Downloads/searx/cache/etc/uwsgi/apps-available $ sudo mkdir -p ~/Downloads/searx/cache/lib/systemd/system
Navigate to the searx directory and edit the
.config.sh
file:$ cd searx $ sudo nano ./.config.sh
Replace the
PUBLIC_URL
with your custom domain name matching the A and AAAA DNS records.PUBLIC_URL="https://search.example.com/searx"
Install Searx and uWSGI using the installation script:
$ sudo -H ./utils/searx.sh install all
Confirm Searx is running:
$ sudo -H ./utils/searx.sh inspect service
Create and copy two keys to use for your
settings.yml
file.$ openssl rand -hex 16 $ openssl rand -base64 33
Edit the Searx
settings.yml
file to match your custom domain and keys$ sudo nano /etc/searx/settings.yml
In the server section update the base_url and secret_key. Uncomment the result_proxy section and add your custom url and key.
... server: port : 8888 bind_address : "127.0.0.1" # address to listen on secret_key : "ultrasecretkey" # Use: openssl rand -hex 16 to change this! base_url : https://search.example.com # Set custom base_url. Possible values: False or "https://your.custom.host/location/" image_proxy : True # Proxying image results through searx # uncomment below section if you have running morty proxy result_proxy: url : https://search.example.com/morty key : !!binary "your_morty_proxy_key" # Use: openssl rand -base64 33 to change this!
Save the settings file and then Restart and test:
$ sudo systemctl restart uwsgi $ sudo ./utils/searx.sh inspect service
Searx is installed but not available from the internet yet. Requests are routed through Filtron to protect your server from misuse, so it will be installed next.
Install the Filtron Reverse Proxy. You do not need to install the nginx reverse proxy (ProxyPass) at the end of this script as that step has already been completed.
$ sudo -H ./utils/filtron.sh install all
Install the Morty Results Proxy using the installation script:
$ sudo -H ./utils/morty.sh install all
Restart Searx and check status:
$ sudo -H service uwsgi restart $ sudo -H ~/Downloads/searx/utils/searx.sh inspect service $ sudo -H ~/Downloads/searx/utils/filtron.sh inspect service $ sudo -H ~/Downloads/searx/utils/morty.sh inspect service
Congratulations! Your server is now hosting a fully operational, log-free, and ssl-encrypted Searx site. Visit https://search.example.com/searx to use it.
After you log out, you can remove the Port 55800 entry in your firewall to increase security. To access to your server in the future, log into Rcs and add this firewall entry back.
Ideas for Your Searx Server
Change your browser default search engine to Searx. You will add it with a template using
?q=%s
for the search term:https://search.example.com/searx/search?q=%s
Set the preferences for Searx to use specific search engines or change the theme. A detailed description of settings is located in the Searx documentation.
Visit Searx-Instances to add your server to the list of public Searx instances.
Consider additional DDOS protection available from Rcs to help protect your server from abuse.