MCP HubMCP Hub
Back to Skills

deploy-searxng

pjt222
Updated 2 days ago
1 views
17
2
17
View on GitHub
Documentationgeneral

About

This skill deploys a self-hosted SearXNG privacy-focused meta search engine using Docker Compose, handling configuration, engine selection, and Nginx setup. It's designed for developers wanting a private, track-free search that aggregates results from multiple providers. Use it to create a shared team search instance or reduce dependency on a single commercial provider.

Quick Install

Claude Code

Recommended
Primary
npx skills add pjt222/agent-almanac -a claude-code
Plugin CommandAlternative
/plugin add https://github.com/pjt222/agent-almanac
Git CloneAlternative
git clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/deploy-searxng

Copy and paste this command in Claude Code to install this skill

Documentation

Deploy SearXNG

Deploy a self-hosted SearXNG meta search engine with Docker Compose and Nginx.

When to Use

  • Setting up a private, self-hosted search engine
  • Aggregating results from multiple search providers without tracking
  • Running a search instance for a team or organization
  • Replacing reliance on a single search provider

Inputs

  • Required: Server or machine with Docker installed
  • Optional: Domain name for public access
  • Optional: SSL certificate or Let's Encrypt setup
  • Optional: Custom engine preferences

Procedure

Step 1: Create Project Structure

mkdir -p searxng/{config,nginx}
cd searxng

Step 2: Write Docker Compose File

docker-compose.yml:

services:
  searxng:
    image: searxng/searxng:latest
    container_name: searxng
    volumes:
      - ./config:/etc/searxng:rw
    environment:
      - SEARXNG_BASE_URL=https://search.example.com/
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    restart: unless-stopped
    networks:
      - searxng

  nginx:
    image: nginx:1.27-alpine
    container_name: searxng-nginx
    ports:
      - "8080:80"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
    depends_on:
      - searxng
    restart: unless-stopped
    networks:
      - searxng

networks:
  searxng:
    driver: bridge

Step 3: Configure SearXNG Settings

config/settings.yml:

use_default_settings: true

general:
  instance_name: "My SearXNG"
  privacypolicy_url: false
  contact_url: false

search:
  safe_search: 0
  autocomplete: "google"
  default_lang: "en"

server:
  secret_key: "generate-a-random-secret-key-here"
  limiter: true
  image_proxy: true
  port: 8080
  bind_address: "0.0.0.0"

ui:
  static_use_hash: true
  default_theme: simple
  infinite_scroll: true

engines:
  - name: google
    engine: google
    shortcut: g
    disabled: false

  - name: duckduckgo
    engine: duckduckgo
    shortcut: ddg
    disabled: false

  - name: wikipedia
    engine: wikipedia
    shortcut: wp
    disabled: false

  - name: github
    engine: github
    shortcut: gh
    disabled: false

  - name: stackoverflow
    engine: stackoverflow
    shortcut: so
    disabled: false

  - name: arxiv
    engine: arxiv
    shortcut: arx
    disabled: false

Generate a secret key:

openssl rand -hex 32

Step 4: Configure Nginx Frontend

nginx/nginx.conf:

events {
    worker_connections 1024;
}

http {
    server {
        listen 80;

        location / {
            proxy_pass http://searxng:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Connection "";
            proxy_buffering off;
        }

        location /static/ {
            proxy_pass http://searxng:8080/static/;
            expires 1y;
            add_header Cache-Control "public, immutable";
        }
    }
}

Step 5: Configure Rate Limiting

config/limiter.toml:

[botdetection.ip_limit]
link_token = true

[botdetection.ip_lists]
block_ip = []
pass_ip = ["127.0.0.1/8", "::1/128"]
pass_searxng_org = false

Step 6: Deploy and Verify

# Start the stack
docker compose up -d

# Check logs
docker compose logs -f searxng

# Verify it's running
curl -s http://localhost:8080 | head -5

# Test a search
curl -s "http://localhost:8080/search?q=test&format=json" | head -20

Got: SearXNG responds on port 8080 through Nginx. Search queries return aggregated results.

If fail: Check docker compose logs searxng for config errors. Verify settings.yml YAML syntax.

Step 7: Add SSL (Production)

For public deployments, add SSL termination. Update docker-compose.yml:

services:
  nginx:
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx-ssl.conf:/etc/nginx/nginx.conf:ro
      - certbot-certs:/etc/letsencrypt:ro
      - certbot-webroot:/var/www/certbot:ro

  certbot:
    image: certbot/certbot
    volumes:
      - certbot-certs:/etc/letsencrypt
      - certbot-webroot:/var/www/certbot

volumes:
  certbot-certs:
  certbot-webroot:

See configure-nginx skill for the full SSL Nginx configuration.

Step 8: Updates and Maintenance

# Pull latest image
docker compose pull searxng

# Restart with new image
docker compose up -d

# Backup configuration
cp -r config/ config-backup-$(date +%Y%m%d)/

Validation

  • SearXNG starts without errors in logs
  • Search queries return results from configured engines
  • Image proxy works (images load through SearXNG)
  • Rate limiter blocks excessive requests
  • Configuration persists across container restarts
  • Nginx proxies requests correctly

Pitfalls

  • Missing secret_key: SearXNG will refuse to start without a secret_key in settings.yml.
  • Config permissions: SearXNG writes to the config directory. The volume must be :rw not :ro.
  • Engine blocks: Some engines may block requests from server IPs. Rotate engines or use image proxy.
  • YAML indentation: settings.yml is sensitive to indentation. Validate with a YAML linter before deploying.
  • Base URL mismatch: SEARXNG_BASE_URL must match the actual URL users access, including protocol and trailing slash.
  • DNS resolution in Docker: Engines that use Google/Bing may need host network or proper DNS. Default Docker DNS usually works.

Related Skills

  • setup-compose-stack - general Docker Compose patterns used here
  • configure-nginx - Nginx configuration for SSL and security headers
  • configure-reverse-proxy - advanced proxy patterns for the Nginx frontend

GitHub Repository

pjt222/agent-almanac
Path: i18n/caveman-lite/skills/deploy-searxng
0
agentsagentskillsai-assisted-developmentclaude-codeskillsteams

Related Skills

railway-docs

Documentation

This skill fetches current Railway documentation to answer questions about features, functionality, or specific docs URLs. It ensures developers receive accurate, up-to-date information directly from Railway's official sources. Use it when users ask how Railway works or reference Railway documentation.

View skill

n8n-code-python

Documentation

This Claude Skill provides expert guidance for writing Python code in n8n's Code nodes, specifically for using Python's standard library and working with n8n's special syntax like `_input`, `_json`, and `_node`. It helps developers understand Python's limitations within n8n and recommends using JavaScript for most workflows while offering Python solutions for specific data transformation needs.

View skill

archon

Documentation

The Archon skill provides RAG-powered semantic search and project management through a REST API. Use it for querying documentation, managing hierarchical projects/tasks, and performing knowledge retrieval with document upload capabilities. Always prioritize Archon first when searching external documentation before using other sources.

View skill

n8n-code-javascript

Documentation

This Claude Skill provides expert guidance for writing JavaScript code in n8n's Code nodes. It covers essential n8n-specific syntax like `$input`/`$json` variables, HTTP helpers, and DateTime handling, while troubleshooting common errors. Use it when developing n8n workflows that require custom JavaScript processing in Code nodes.

View skill