Install Searx with Nginx on Ubuntu 20.10
Introduction
Searx is an open-source search engine that gathers results from over 70 engines (such as Bing, Google, DuckDuckGo, or Wikipedia) into a single site, without recording your search history, IP address, or browser fingerprint.
After completing this guide, you will have:
- A fully functional Searx Search Engine (version 1.0.0)
- Private and encrypted, log-free searches
- Proxified links to increase privacy
- Protection against misuse with a reverse proxy rules engine
Prerequisites
To complete this guide, you will need the following:
- Vultr Cloud Instance with Ubuntu 20.10 and root access
- Add an IPv6 Address
- Basic web, networking, and DNS knowledge
1. Update Domain DNS Entries
Using your custom domain, update the A Record (IPv4) and AAAA Record (IPv6) with the IP addresses of your server. This guide uses search.example.com for all examples. If you host your DNS with Vultr, you can edit records by visiting the DNS tab in the control panel.
- Type: A and AAAA
- Name: search
- Data: Cloud Instance IPv4 (A) and IPv6 (AAAA) Address
- Priority: No Change
2. Create a Firewall for Your Server
In the Firewall section of the Products page, add a new firewall and attach it to your server. The last entry in the firewall is for ssh security. Changing the default port for SSH (22) to any random port number between 1024 and 65535 will help to stop some bot attacks.
Both IPv4 and IPv6 Protocols
Rule 1:
- Action: accept
- Protocol: TCP (http)
- Port: 80
- Source: Anywhere
Rule 2:
- Action: accept
- Protocol: TCP (https)
- Port: 443
- Source: Anywhere
Rule 3:
- Action: accept
- Protocol: TCP
- Port: 55800
- Source: Local IP is Preferred or Anywhere
3. Create User and Enable SSH-Only Access
Update and Upgrade Ubuntu:
# apt update && apt upgrade -yCreate a new user:
# adduser *example_User*After entering a password and other details, add this new user to the sudo group:
# usermod -aG sudo *example_User*On your local computer, create an SSH key pair using ssh-keygen and name it searchengine.
$ cd ~/.ssh $ ssh-keygen -f searchengineOn Linux or MacOS, copy the key to your server. For Windows read this Serverfault post for alternatives to ssh-copy-id.
$ ssh-copy-id -i ~/.ssh/searchengine *example_User@<cloud IP address>*Returning to your server as the root user, update SSH configuration to remove password authentication.
# nano /etc/ssh/sshd_configFind and change the entries below. Remove any hash marks '#' at the start of each line.
... Port 55800 #change from 22 to match firewall PubkeyAuthentication yes UsePam no PasswordAuthentication no PermitRootLogin noSave this file and restart ssh:
# systemctl restart sshLeaving the root account still logged in, open a new terminal window on your local computer. Log into your server with your new user account, custom port, and key using ssh:
$ ssh -p 55800 -i ~/.ssh/searchengine *example_User@<cloud IP address>*You can now log out the root user and close the Vultr terminal window. You will use this new user for the rest of the guide.
4. Add A Swapfile
If your server has less than 1GB of memory Searx will not install. Adding a swapfile will fix this for you:
$ sudo swapoff /swapfile
$ sudo fallocate -l 1G /swapfile
$ sudo mkswap /swapfile
$ sudo swapon /swapfile
$ sudo chmod 600 /swapfile
$ sudo swapon --showThe last command will output results like this:
NAME TYPE SIZE USED PRIO
/swapfile file 1024M 0B -25. Install Nginx and a Free SSL Certificate
Install Nginx.
$ sudo -H apt install nginxCreate a configuration file using the domain as the file name (Example: search.example.com).
$ sudo nano /etc/nginx/sites-available/search.example.comChange the server_name to match your custom domain name created in Step 2 above:
server { listen 80; listen [::]:80; # For IPv6 server_name search.example.com; # <-- CHANGE TO YOUR CUSTOM DOMAIN NAME access_log /dev/null; # No Logs error_log /dev/null; # No Logs root /var/www/html; index index.html index.htm; location / { try_files $uri $uri/ = 404; } # For Certbot location /.well-known/acme-challenge { root /var/www/html; } # https://search.example.com/searx location /searx { proxy_pass http://127.0.0.1:4004/; proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Script-Name /searx; } location /searx/static { alias /usr/local/searx/searx-src/searx/static; } location /morty { proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $http_host; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; } }Save this file and create a symbolic link in
sites-enabledto activate the site in Nginx.$ sudo -H ln -s /etc/nginx/sites-available/search.example.com /etc/nginx/sites-enabled/search.example.comVerify Nginx is configured correctly:
$ sudo nginx -tRemove the default Nginx site (optional):
$ sudo rm /etc/nginx/sites-available/default $ sudo rm /etc/nginx/sites-enabled/defaultReload Nginx.
$ sudo systemctl reload nginxTo protect your privacy, stop Nginx from logging any requests:
$ sudo nano /etc/nginx/nginx.confIn the
nginx.conffile, change the log file directories:... error_log: /dev/null; access_log: /dev/null; ...Install the EFF Certbot and the Let's Encrypt SSL certificates for your domain.
$ sudo apt install certbot python3-certbot-nginx $ sudo certbot --nginx -d search.example.comRestart the Nginx service to make sure your configuration is working:
$ sudo -H systemctl restart nginxUse the netstat command to confirm your server is listening to port 80 and 443:
$ sudo netstat -tulpnChange the name of the configuration file to
searx.conf. This will help the Searx install scripts work in the next step.$ sudo cp /etc/nginx/sites-available/search.example.com /etc/nginx/sites-available/searx.conf $ sudo -H ln -s /etc/nginx/sites-available/searx.conf /etc/nginx/sites-enabled/searx.conf $ sudo rm /etc/nginx/sites-available/search.example.com $ sudo rm /etc/nginx/sites-enabled/search.example.com $ sudo nginx -t $ sudo systemctl reload nginx
6. Install Searx Search Engine and Components
You are now ready to install Searx! Searx is easy to install with pre-written scripts.
Install Golang:
$ sudo apt install golangCreate and cd into a new directory called ‘Downloads’:
$ sudo mkdir ~/Downloads && cd ~/DownloadsClone the Searx repository into a new searx directory using git:
$ sudo git clone https://github.com/searx/searx searxCreate two directory structures using the -p flag. This avoids a rights issue later when running the Searx install scripts.
$ sudo mkdir -p ~/Downloads/searx/cache/etc/uwsgi/apps-available $ sudo mkdir -p ~/Downloads/searx/cache/lib/systemd/systemNavigate to the searx directory and edit the
.config.shfile:$ cd searx $ sudo nano ./.config.shReplace the
PUBLIC_URLwith your custom domain name matching the A and AAAA DNS records.PUBLIC_URL="https://search.example.com/searx"Install Searx and uWSGI using the installation script:
$ sudo -H ./utils/searx.sh install allConfirm Searx is running:
$ sudo -H ./utils/searx.sh inspect serviceCreate and copy two keys to use for your
settings.ymlfile.$ openssl rand -hex 16 $ openssl rand -base64 33Edit the Searx
settings.ymlfile to match your custom domain and keys$ sudo nano /etc/searx/settings.ymlIn the server section update the base_url and secret_key. Uncomment the result_proxy section and add your custom url and key.
... server: port : 8888 bind_address : "127.0.0.1" # address to listen on secret_key : "ultrasecretkey" # Use: openssl rand -hex 16 to change this! base_url : https://search.example.com # Set custom base_url. Possible values: False or "https://your.custom.host/location/" image_proxy : True # Proxying image results through searx # uncomment below section if you have running morty proxy result_proxy: url : https://search.example.com/morty key : !!binary "your_morty_proxy_key" # Use: openssl rand -base64 33 to change this!Save the settings file and then Restart and test:
$ sudo systemctl restart uwsgi $ sudo ./utils/searx.sh inspect serviceSearx is installed but not available from the internet yet. Requests are routed through Filtron to protect your server from misuse, so it will be installed next.
Install the Filtron Reverse Proxy. You do not need to install the nginx reverse proxy (ProxyPass) at the end of this script as that step has already been completed.
$ sudo -H ./utils/filtron.sh install allInstall the Morty Results Proxy using the installation script:
$ sudo -H ./utils/morty.sh install allRestart Searx and check status:
$ sudo -H service uwsgi restart $ sudo -H ~/Downloads/searx/utils/searx.sh inspect service $ sudo -H ~/Downloads/searx/utils/filtron.sh inspect service $ sudo -H ~/Downloads/searx/utils/morty.sh inspect service
Congratulations! Your server is now hosting a fully operational, log-free, and ssl-encrypted Searx site. Visit https://search.example.com/searx to use it.
After you log out, you can remove the Port 55800 entry in your firewall to increase security. To access to your server in the future, log into Vultr and add this firewall entry back.
Ideas for Your Searx Server
Change your browser default search engine to Searx. You will add it with a template using
?q=%sfor the search term:https://search.example.com/searx/search?q=%sSet the preferences for Searx to use specific search engines or change the theme. A detailed description of settings is located in the Searx documentation.
Visit Searx-Instances to add your server to the list of public Searx instances.
Consider additional DDOS protection available from Vultr to help protect your server from abuse.