Article

Table of Contents
Theme:
Was this article helpful?
Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $600 by adding new articles!

Install Searx with Nginx on Ubuntu 20.10

Author: Jeff Pitney

Last Updated: Thu, Sep 9, 2021
Server Apps Ubuntu

Introduction

Searx is an open-source search engine that gathers results from over 70 engines (such as Bing, Google, DuckDuckGo, or Wikipedia) into a single site, without recording your search history, IP address, or browser fingerprint.

After completing this guide, you will have:

  • A fully functional Searx Search Engine (version 1.0.0)
  • Private and encrypted, log-free searches
  • Proxified links to increase privacy
  • Protection against misuse with a reverse proxy rules engine

Prerequisites

To complete this guide, you will need the following:

1. Update Domain DNS Entries

Using your custom domain, update the A Record (IPv4) and AAAA Record (IPv6) with the IP addresses of your server. This guide uses search.example.com for all examples. If you host your DNS with Vultr, you can edit records by visiting the DNS tab in the control panel.

Setting Entry
Type A and AAAA
Name search
Data Cloud Instance IPv4 (A) and IPv6 (AAAA) Address
Priority No Change

2. Create a Firewall for Your Server

In the Firewall section of the Products page, add a new firewall and attach it to your server. The last entry in the firewall is for ssh security. Changing the default port for SSH (22) to any random port number between 1024 and 65535 will help to stop some bot attacks.

Both IPv4 and IPv6 Protocols

Action Protocol Port Source
accept TCP (http) 80 Anywhere
accept TCP (https) 443 Anywhere
accept TCP 55800 Local IP is Preferred or Anywhere

3. Create User and Enable SSH-Only Access

  1. Update and Upgrade Ubuntu:

    # apt update && apt upgrade -y 
    
  2. Create a new user:

    # adduser *example_User* 
    
  3. After entering a password and other details, add this new user to the sudo group:

    # usermod -aG sudo *example_User* 
    
  4. On your local computer, create an SSH key pair using ssh-keygen and name it searchengine.

    $ cd ~/.ssh
    $ ssh-keygen -f searchengine
    
  5. On Linux or MacOS, copy the key to your server. For Windows read this Serverfault post for alternatives to ssh-copy-id.

    $ ssh-copy-id -i ~/.ssh/searchengine *example_User@<cloud IP address>*
    
  6. Returning to your server as the root user, update SSH configuration to remove password authentication.

    # nano /etc/ssh/sshd_config
    

    Find and change the entries below. Remove any hash marks '#' at the start of each line.

    ...
    Port 55800 #change from 22 to match firewall
    
    PubkeyAuthentication yes
    UsePam no
    
    PasswordAuthentication no
    PermitRootLogin no
    
  7. Save this file and restart ssh:

    # systemctl restart ssh
    
  8. Leaving the root account still logged in, open a new terminal window on your local computer. Log into your server with your new user account, custom port, and key using ssh:

    $ ssh -p 55800 -i ~/.ssh/searchengine *example_User@<cloud IP address>* 
    

    You can now log out the root user and close the Vultr terminal window. You will use this new user for the rest of the guide.

4. Add A Swapfile

If your server has less than 1GB of memory Searx will not install. Adding a swapfile will fix this for you:

    $ sudo swapoff /swapfile
    $ sudo fallocate -l 1G /swapfile
    $ sudo mkswap /swapfile
    $ sudo swapon /swapfile
    $ sudo chmod 600 /swapfile 
    $ sudo swapon --show

The last command will output results like this:

          NAME    TYPE    SIZE    USED    PRIO
      /swapfile     file    1024M     0B    -2

5. Install Nginx and a Free SSL Certificate

  1. Install Nginx.

    $ sudo -H apt install nginx
    
  2. Create a configuration file using the domain as the file name (Example: search.example.com).

    $ sudo nano /etc/nginx/sites-available/search.example.com
    

    Change the server_name to match your custom domain name created in Step 2 above:

    server {
        listen 80;
        listen [::]:80; # For IPv6
        server_name search.example.com; # <-- CHANGE TO YOUR CUSTOM DOMAIN NAME
        access_log /dev/null; # No Logs
        error_log /dev/null; # No Logs
        root /var/www/html;
        index index.html index.htm;
    
        location / {
            try_files $uri $uri/ = 404;
        }
    
        # For Certbot
        location /.well-known/acme-challenge {
            root    /var/www/html;
        }
    
        # https://search.example.com/searx
        location /searx {
            proxy_pass         http://127.0.0.1:4004/;
            proxy_set_header   Host             $http_host;
            proxy_set_header   Connection       $http_connection;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-Scheme         $scheme;
            proxy_set_header   X-Script-Name    /searx;
        }
    
        location /searx/static {
            alias /usr/local/searx/searx-src/searx/static;
        }
    
        location /morty {
            proxy_pass         http://127.0.0.1:3000/;
            proxy_set_header   Host             $http_host;
            proxy_set_header   Connection       $http_connection;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   X-Scheme         $scheme;
        }
    }
    
  3. Save this file and create a symbolic link in sites-enabled to activate the site in Nginx.

    $ sudo -H ln -s /etc/nginx/sites-available/search.example.com /etc/nginx/sites-enabled/search.example.com
    
  4. Verify Nginx is configured correctly:

    $ sudo nginx -t
    
  5. Remove the default Nginx site (optional):

    $ sudo rm /etc/nginx/sites-available/default
    $ sudo rm /etc/nginx/sites-enabled/default
    
  6. Reload Nginx.

    $ sudo systemctl reload nginx
    
  7. To protect your privacy, stop Nginx from logging any requests:

    $ sudo nano /etc/nginx/nginx.conf
    

    In the nginx.conf file, change the log file directories:

    ...
    error_log: /dev/null;
    access_log: /dev/null;
    ...
    
  8. Install the EFF Certbot and the Let's Encrypt SSL certificates for your domain.

    $ sudo apt install certbot python3-certbot-nginx
    $ sudo certbot --nginx -d search.example.com
    
  9. Restart the Nginx service to make sure your configuration is working:

     $ sudo -H systemctl restart nginx
    
  10. Use the netstat command to confirm your server is listening to port 80 and 443:

     $ sudo netstat -tulpn
    
  11. Change the name of the configuration file to searx.conf. This will help the Searx install scripts work in the next step.

    $ sudo cp /etc/nginx/sites-available/search.example.com /etc/nginx/sites-available/searx.conf
    
    $ sudo -H ln -s /etc/nginx/sites-available/searx.conf /etc/nginx/sites-enabled/searx.conf
    
    $ sudo rm /etc/nginx/sites-available/search.example.com
    $ sudo rm /etc/nginx/sites-enabled/search.example.com
    
    $ sudo nginx -t 
    $ sudo systemctl reload nginx
    

6. Install Searx Search Engine and Components

You are now ready to install Searx! Searx is easy to install with pre-written scripts.

  1. Install Golang:

    $ sudo apt install golang
    
  2. Create and cd into a new directory called ‘Downloads’:

    $ sudo mkdir ~/Downloads && cd ~/Downloads 
    
  3. Clone the Searx repository into a new searx directory using git:

    $ sudo git clone https://github.com/searx/searx searx
    
  4. Create two directory structures using the -p flag. This avoids a rights issue later when running the Searx install scripts.

    $ sudo mkdir -p ~/Downloads/searx/cache/etc/uwsgi/apps-available
    
    $ sudo mkdir -p ~/Downloads/searx/cache/lib/systemd/system     
    
  5. Navigate to the searx directory and edit the .config.sh file:

    $ cd searx
    $ sudo nano ./.config.sh
    

    Replace the PUBLIC_URL with your custom domain name matching the A and AAAA DNS records.

    PUBLIC_URL="https://search.example.com/searx"
    
  6. Install Searx and uWSGI using the installation script:

    $ sudo -H ./utils/searx.sh install all
    
  7. Confirm Searx is running:

    $ sudo -H ./utils/searx.sh inspect service
    
  8. Create and copy two keys to use for your settings.yml file.

    $ openssl rand -hex 16
    
    $ openssl rand -base64 33
    
  9. Edit the Searx settings.yml file to match your custom domain and keys

    $ sudo nano /etc/searx/settings.yml 
    

    In the server section update the base_url and secret_key. Uncomment the result_proxy section and add your custom url and key.

    ...
    server:
        port : 8888
        bind_address : "127.0.0.1" # address to listen on
        secret_key : "ultrasecretkey" # Use: openssl rand -hex 16 to change this!
        base_url : https://search.example.com # Set custom base_url. Possible values: False or "https://your.custom.host/location/"
        image_proxy : True # Proxying image results through searx
    
    # uncomment below section if you have running morty proxy
    result_proxy:
        url : https://search.example.com/morty
        key : !!binary "your_morty_proxy_key" # Use: openssl rand -base64 33 to change this!
    
  10. Save the settings file and then Restart and test:

    $ sudo systemctl restart uwsgi
    $ sudo ./utils/searx.sh inspect service
    

    Searx is installed but not available from the internet yet. Requests are routed through Filtron to protect your server from misuse, so it will be installed next.

  11. Install the Filtron Reverse Proxy. You do not need to install the nginx reverse proxy (ProxyPass) at the end of this script as that step has already been completed.

    $ sudo -H ./utils/filtron.sh install all     
    
  12. Install the Morty Results Proxy using the installation script:

    $ sudo -H ./utils/morty.sh install all
    
  13. Restart Searx and check status:

    $ sudo -H service uwsgi restart
    $ sudo -H ~/Downloads/searx/utils/searx.sh inspect service
    $ sudo -H ~/Downloads/searx/utils/filtron.sh inspect service
    $ sudo -H ~/Downloads/searx/utils/morty.sh inspect service
    

Congratulations! Your server is now hosting a fully operational, log-free, and ssl-encrypted Searx site. Visit https://search.example.com/searx to use it.

After you log out, you can remove the Port 55800 entry in your firewall to increase security. To access to your server in the future, log into Vultr and add this firewall entry back.

Ideas for Your Searx Server

  • Change your browser default search engine to Searx. You will add it with a template using ?q=%s for the search term:

    https://search.example.com/searx/search?q=%s
    
  • Set the preferences for Searx to use specific search engines or change the theme. A detailed description of settings is located in the Searx documentation.

  • Visit Searx-Instances to add your server to the list of public Searx instances.
  • Consider additional DDOS protection available from Vultr to help protect your server from abuse.

More Information

Want to contribute?

You could earn up to $600 by adding new articles