rubin110 · February 20, 2025 00:43
diff --git a/docker-compose.yaml b/docker-compose.yaml
 # version: "3.7"

 # Docker Compose config for SearXNG running through a VPN via MullVad

 # This stack puts together a virtual network under 172.89.0.0/24 subnet,
 # brings up gluetun which VPN connects to MullVad, redis for SearXNG, and
 # finally SearXNG frontend. The end result is that you can access SearXNG
 # locally, but all traffic SearXNG generates when aggregating results from other
 # search engines will be sent through the VPN, effectively preventing 3rd parties
 # (advertisers) from tracking your search habits. Keep in mind all traffic generated
 # by your browser after clicking a link will still pass through your home internet.

 # What this stack doesn't do is provide any SSL or secure way to expose SearXNG
 # to the internet. I would recommend either setting up a VPN to your home network,
 # or reverse proxy with something like Nginx Proxy Manager or Traefik.

 # I store my Docker Compose stacks inside individual directories in /srv/compose .
 # To begin you'll need to start off the with instructions in the Github repo:
 # https://github.com/searxng/searxng-docker
 # Specifically git clone the repo inside where you store compose stacks.
 # Review this compose file and modify:
 # Virtual network subnet and IP address
 # Wireguard VPN information
 # Timezone

 # You can set SEARXNG_BASE_URL later.

 # Because mDNS hostnames in Docker never work for me, so I recommend modifying
 # settigns.yaml in the searxng directory to provide a static IP address for
 # the redis URL. If you stay with the defaults in here, it should be:
 # redis://172.89.0.1:6379/0

 # Once the containers are going, you can hit SearXNG at http://172.89.0.2:8080 .

 networks:
    searxng-gluetun:
      name: searxng-gluetun
      driver: bridge
      ipam:
        config:
          - subnet: 172.89.0.0/24

 services:

  searxng-gluetun:
    image: qmcgaw/gluetun
    container_name: searxng-gluetun
    cap_add:
      - NET_ADMIN
    volumes:
    - ./gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      # Update the values here with what MullVad provides
      - WIREGUARD_PRIVATE_KEY=InsertMullVadPrivateKeyHere
      - WIREGUARD_ADDRESSES=123.123.123.123/32
      # I'm not sure if SERVICE_CETIES is needed
      # - SERVER_CITIES=Amsterdam
      # Set timezone for accurate log times
      - TZ=America/Chicago
      - HTTPPROXY=on
    restart: unless-stopped
    networks:
      searxng-gluetun:
        ipv4_address: 172.89.0.2
    labels:
      mag37.dockcheck.restart-stack: true

  searxng-redis:
    container_name: searxng-redis
    image: docker.io/valkey/valkey:8-alpine
    command: valkey-server --save 30 1 --loglevel warning
    restart: unless-stopped
    volumes:
      - valkey-data2:/data
    environment:
      # Set timezone for accurate log times
      - TZ=America/Chicago
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
    network_mode: service:searxng-gluetun

  searxng-searxng:
    container_name: searxng-searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      # Set timezone for accurate log times
      - TZ=America/Chicago
      #  Once SearXNG is reverse proxied to its final location, update this URL
      - SEARXNG_BASE_URL=https://example.com/
      # - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
      # - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
    network_mode: service:searxng-gluetun

 volumes:
  caddy-data:
  caddy-config:
  valkey-data2:
	# version: "3.7"

	# Docker Compose config for SearXNG running through a VPN via MullVad

	# This stack puts together a virtual network under 172.89.0.0/24 subnet,
	# brings up gluetun which VPN connects to MullVad, redis for SearXNG, and
	# finally SearXNG frontend. The end result is that you can access SearXNG
	# locally, but all traffic SearXNG generates when aggregating results from other
	# search engines will be sent through the VPN, effectively preventing 3rd parties
	# (advertisers) from tracking your search habits. Keep in mind all traffic generated
	# by your browser after clicking a link will still pass through your home internet.

	# What this stack doesn't do is provide any SSL or secure way to expose SearXNG
	# to the internet. I would recommend either setting up a VPN to your home network,
	# or reverse proxy with something like Nginx Proxy Manager or Traefik.

	# I store my Docker Compose stacks inside individual directories in /srv/compose .
	# To begin you'll need to start off the with instructions in the Github repo:
	# https://github.com/searxng/searxng-docker
	# Specifically git clone the repo inside where you store compose stacks.
	# Review this compose file and modify:
	# Virtual network subnet and IP address
	# Wireguard VPN information
	# Timezone

	# You can set SEARXNG_BASE_URL later.

	# Because mDNS hostnames in Docker never work for me, so I recommend modifying
	# settigns.yaml in the searxng directory to provide a static IP address for
	# the redis URL. If you stay with the defaults in here, it should be:
	# redis://172.89.0.1:6379/0

	# Once the containers are going, you can hit SearXNG at http://172.89.0.2:8080 .

	networks:
	searxng-gluetun:
	name: searxng-gluetun
	driver: bridge
	ipam:
	config:
	- subnet: 172.89.0.0/24

	services:

	searxng-gluetun:
	image: qmcgaw/gluetun
	container_name: searxng-gluetun
	cap_add:
	- NET_ADMIN
	volumes:
	- ./gluetun:/gluetun
	environment:
	- VPN_SERVICE_PROVIDER=mullvad
	- VPN_TYPE=wireguard
	# Update the values here with what MullVad provides
	- WIREGUARD_PRIVATE_KEY=InsertMullVadPrivateKeyHere
	- WIREGUARD_ADDRESSES=123.123.123.123/32
	# I'm not sure if SERVICE_CETIES is needed
	# - SERVER_CITIES=Amsterdam
	# Set timezone for accurate log times
	- TZ=America/Chicago
	- HTTPPROXY=on
	restart: unless-stopped
	networks:
	searxng-gluetun:
	ipv4_address: 172.89.0.2
	labels:
	mag37.dockcheck.restart-stack: true

	searxng-redis:
	container_name: searxng-redis
	image: docker.io/valkey/valkey:8-alpine
	command: valkey-server --save 30 1 --loglevel warning
	restart: unless-stopped
	volumes:
	- valkey-data2:/data
	environment:
	# Set timezone for accurate log times
	- TZ=America/Chicago
	cap_drop:
	- ALL
	cap_add:
	- SETGID
	- SETUID
	- DAC_OVERRIDE
	logging:
	driver: "json-file"
	options:
	max-size: "1m"
	max-file: "1"
	network_mode: service:searxng-gluetun

	searxng-searxng:
	container_name: searxng-searxng
	image: docker.io/searxng/searxng:latest
	restart: unless-stopped
	volumes:
	- ./searxng:/etc/searxng:rw
	environment:
	# Set timezone for accurate log times
	- TZ=America/Chicago
	# Once SearXNG is reverse proxied to its final location, update this URL
	- SEARXNG_BASE_URL=https://example.com/
	# - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
	# - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
	cap_drop:
	- ALL
	cap_add:
	- CHOWN
	- SETGID
	- SETUID
	logging:
	driver: "json-file"
	options:
	max-size: "1m"
	max-file: "1"
	network_mode: service:searxng-gluetun

	volumes:
	caddy-data:
	caddy-config:
	valkey-data2: