Installing SearXNG on VPS: a private metasearch engine for secure search
TL;DR
In this guide, we will step-by-step set up your own private SearXNG metasearch engine on your Virtual Private Server (VPS) using Docker Compose. SearXNG allows you to anonymously aggregate search results from multiple sources, avoiding tracking and personalization, offering full control over your search activity. You will get a fully functional, secure, and scalable search service, accessible via HTTPS.
Install and configure SearXNG on Ubuntu Server 24.04 LTS.
Use Docker Compose for service isolation and ease of management.
Ensure secure access via HTTPS using an automatic Let's Encrypt certificate configured by Caddy.
Learn the basic principles of maintaining and backing up your private search engine.
Gain control over your search results, eliminating tracking and targeted advertising.
What we are setting up and why
Diagram: What we are setting up and why
In the modern digital world, privacy is becoming an increasingly valuable resource. Large search engines, such as Google, Yandex, or Bing, collect vast amounts of data about our search queries, interests, and behavior, which is then used for targeted advertising, personalized search results, and even user profiling. This is not only an ethical problem but also a practical one: personalized results can limit one's perspective, and tracking creates security risks.
This is where SearXNG comes in — it is a free and open-source metasearch engine that aggregates results from over 70 different search services (Google, DuckDuckGo, Bing, Wikipedia, Reddit, YouTube, and many others) without saving any user information. It acts as a proxy between you and the search engines, effectively hiding your IP address and query from the ultimate sources. SearXNG does not use cookies, does not collect telemetry, does not create user profiles, and is not subject to censorship or personalization of search results.
Ultimately, upon completing this guide, you will have a fully functional, private search service running on your own server. You can use it for yourself, your family, or a small team, ensuring anonymity and freedom of search. You will gain direct access to a clean, unfiltered internet, free from advertising noise and algorithmic bias.
There are several alternatives for private search. You can use ready-made public SearXNG instances, such as those listed on searx.space, or other private search engines like DuckDuckGo, Brave Search, or Startpage. However, each of these options has its nuances:
Public SearXNG instances: Convenient, but you still trust the instance operator. If the instance is overloaded or its operator decides to collect data, you lose some control. Additionally, some instances may be blocked or operate unstably.
DuckDuckGo/Brave Search/Startpage: These are excellent options for many users who don't want to bother with setup. They offer good privacy but are still centralized services. You trust their privacy policy, and they may be subject to external pressure or policy changes.
Cloud-managed solutions: Some providers offer SearXNG hosting as a service, but this is usually more expensive and still means delegating some control.
Why is self-hosted on a VPS the best choice for our target audience? Because it gives you full control. You control the server, its configuration, data, and policies. No one but you has access to logs or your search activity. This is an ideal option for those who value maximum privacy, want to understand how the service works, and are willing to spend a little time setting it up. Moreover, it's an excellent way to delve deeper into working with Linux, Docker, and network services.
What VPS configuration is needed for this task
Diagram: What VPS configuration is needed for this task
SearXNG is not a resource-intensive application for individual use or a small group. However, the more queries and search engines you use, the more resources will be required. It is important to choose a configuration that ensures stable operation and scalability.
Minimum Requirements (for 1-5 users):
CPU: 1 vCPU (core) with a frequency of 2 GHz or higher.
RAM: 2 GB of RAM. SearXNG itself doesn't consume much, but kernel buffers, Docker, and caches can utilize this amount.
Disk: 20-30 GB SSD. SSD is critical for fast system and Docker container performance. The volume is mainly needed for the operating system, Docker images, and logs.
Network: 100 Mbps. SearXNG will send and receive data from many search engines, so a stable and sufficiently wide channel is important.
Recommended VPS Plan (for 5-20 users or with other services):
For more comfortable operation, especially if you plan to use SearXNG actively or host other lightweight services on the same VPS, the following configuration is recommended:
CPU: 2 vCPU (cores) with a frequency of 2.5 GHz or higher.
RAM: 4 GB of RAM. This will provide sufficient headroom for peak loads and caching.
Disk: 50-80 GB NVMe/SSD. A fast disk will significantly improve system responsiveness.
Network: 200-500 Mbps. A wider channel will ensure faster retrieval of results from all sources.
Finding a VPS with the specified characteristics will not be difficult with most providers. It is also important to pay attention to the provider's reputation and the quality of support.
When a dedicated server is needed, not a VPS
Transitioning to a dedicated server becomes justified if:
High load: You plan to serve hundreds or thousands of users, or SearXNG will be part of a larger infrastructure with a very high query frequency.
Many other services: In addition to SearXNG, you host several other resource-intensive applications on the server (e.g., databases, game servers, high-load web applications).
Specific hardware requirements: You need direct access to hardware resources, for example, for using specialized processors, large amounts of RAM (more than 64 GB), or very fast disk subsystems (NVMe RAID).
Maximum performance and isolation: You want to eliminate "noisy neighbors" and get guaranteed performance without virtualization.
For most SearXNG usage scenarios, even for a small team, a VPS will be more than sufficient and cost-effective. If you still decide that you need a dedicated server, make sure its configuration meets your performance requirements. For example, a suitable dedicated server might offer 4-8 physical cores, 16-32 GB RAM, and 2x500 GB NVMe disks.
Location: what it affects
The choice of VPS geographical location affects several key aspects:
Latency: The closer the server is to you and your users, the lower the latency when accessing SearXNG. This is especially important for a quick search engine response.
Laws and jurisdiction: The server's location determines which country's jurisdiction your data and operations fall under. For privacy, many prefer countries with strong data protection laws (e.g., Netherlands, Germany, Switzerland).
Search engine availability: Some search engines may show different results or have access restrictions depending on the IP address from which requests originate. Choosing a location close to major search engine data centers can improve the quality and speed of results retrieval.
It is recommended to choose a location that is geographically close to the majority of your users and is in a jurisdiction favorable to privacy.
Server Preparation
Server Preparation
Diagram: Server Preparation
Before installing SearXNG, you need to perform a series of basic configurations on your VPS. We will use Ubuntu Server 24.04 LTS as the most current and supported operating system for 2026.
1. SSH Access and Creating a User with Sudo
It is assumed that you already have SSH access to the server under the root account or a user with sudo privileges. It is strongly not recommended to work directly as root. Let's create a new user (e.g., searxng_admin) and grant them sudo privileges.
# Создание нового пользователя
sudo adduser searxng_admin
# Добавление пользователя в группу sudo
sudo usermod -aG sudo searxng_admin
Now, exit the root session and log in as the new user searxng_admin using their password.
2. SSH Key Configuration (Recommended)
To enhance security, it is recommended to configure SSH key authentication and disable password authentication.
On your local machine, generate an SSH key if you don't have one yet:
Then, on the server, edit the SSH daemon configuration file /etc/ssh/sshd_config:
sudo nano /etc/ssh/sshd_config
Find the following lines and modify them (or add them if they are missing):
# Отключить вход для root
PermitRootLogin no
# Отключить аутентификацию по паролю (после того, как убедитесь, что вход по ключу работает!)
PasswordAuthentication no
Save the changes (Ctrl+O, Enter) and exit (Ctrl+X). Restart the SSH service:
sudo systemctl restart sshd
Important: Make sure you can log in with an SSH key before disabling PasswordAuthentication, otherwise you risk losing access to the server!
3. System Update
Always start by updating the system to ensure you have the latest security patches and package versions installed.
Edit /etc/fail2ban/jail.local to configure parameters, for example, add your IP address to ignoreip:
sudo nano /etc/fail2ban/jail.local
Find the [DEFAULT] section and modify bantime (ban time), findtime (period for counting attempts), and maxretry (maximum number of attempts). Add your IP address to ignoreip to avoid accidentally blocking yourself:
Save and close the file. Restart Fail2Ban to apply the changes:
sudo systemctl restart fail2ban
Now your server is ready for SearXNG installation.
Software Installation — Step-by-Step
Diagram: Software Installation — Step-by-Step
We will install SearXNG using Docker Compose. This approach ensures application isolation, simplifies dependency management, and facilitates updates. For 2026, Docker and Docker Compose are the de facto standard for deploying many web services.
1. Installing Docker Engine and Docker Compose
First, let's install the necessary Docker components. We will use the official Docker repositories to get the latest versions.
# Обновление индекса пакетов (актуально на 2026 год)
sudo apt update
# Установка пакетов, необходимых для использования репозитория Docker через HTTPS
sudo apt install -y ca-certificates curl gnupg
# Добавление официального GPG ключа Docker
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Добавление репозитория Docker в APT-источники
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Обновление индекса пакетов после добавления репозитория Docker
sudo apt update
# Установка Docker Engine, Docker CLI и Docker Compose (актуальные версии на 2026 год)
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Добавление текущего пользователя в группу docker для работы с Docker без sudo
sudo usermod -aG docker $USER
# Применение изменений для группы docker (необходимо перелогиниться или выполнить newgrp docker)
newgrp docker
# Проверка установки Docker
docker run hello-world
The docker run hello-world command should output a welcome message, confirming a successful Docker installation.
2. Creating a Directory for SearXNG and Configuration
Let's create a working directory for SearXNG, where all configuration files and Docker Compose will be stored.
mkdir ~/searxng
cd ~/searxng
3. Creating the docker-compose.yml File
Create the docker-compose.yml file. This file will define how Docker should run SearXNG.
nano docker-compose.yml
Paste the following content. This is a basic configuration using the official SearXNG image and Caddy as a reverse proxy for HTTPS.
version: '3.8'
services:
searxng:
image: searxng/searxng:latest # Актуальная версия SearXNG на 2026 год
container_name: searxng
ports:
- "8080:8080" # SearXNG будет доступен на порту 8080 внутри контейнера
volumes:
- ./searxng_settings.yml:/etc/searxng/settings.yml:ro # Монтируем наш конфиг
- ./data/searxng:/data # Директория для данных и кэша SearXNG
environment:
- SEARXNG_BASE_URL=https://ВАШ_ДОМЕН_ДЛЯ_SEARXNG/ # Замените на ваш домен
- SEARXNG_URL=http://searxng:8080/ # Внутренний URL для Caddy
restart: unless-stopped
networks:
- searxng_network
caddy:
image: caddy:2-alpine # Актуальная версия Caddy на 2026 год
container_name: caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro # Монтируем наш конфиг Caddy
- ./data/caddy:/data # Директория для данных Caddy (сертификаты Let's Encrypt)
environment:
- CADDY_EMAIL=ВАШ[email protected] # Email для Let's Encrypt
restart: unless-stopped
networks:
- searxng_network
networks:
searxng_network:
driver: bridge
Important: Replace ВАШ_ДОМЕН_ДЛЯ_SEARXNG with your actual domain (e.g., searx.mydomain.com) and ВАШ[email protected] with your email address to receive notifications from Let's Encrypt.
4. Configuring the searxng_settings.yml File
SearXNG has many settings that can be changed in the settings.yml file. To start, we will create a basic file.
nano searxng_settings.yml
Paste the following minimal content. For a complete list of settings, refer to the official SearXNG documentation.
# searxng_settings.yml - Пример базовой конфигурации
# Общие настройки
debug: False
limiter: True # Включить ограничение скорости запросов
user_agent: 'SearXNG/1.3' # Пример user-agent, актуальный на 2026 год
# Настройки приватности
no_cookie_tracking: True
no_session_tracking: True
no_result_urls_tracking: True
# Настройки движков (пример - включены основные)
# Для полного списка и настройки см. https://docs.searxng.org/admin/settings.html#engines
engines:
- google
- duckduckgo
- bing
- wikipedia
- startpage
- yandex
# Настройки интерфейса (опционально)
# theme: simple
# autocomplete: 'duckduckgo'
# Дополнительные опции
# image_proxy: True
# timezone: 'Europe/Moscow'
# Secret key для защиты сессий (ОБЯЗАТЕЛЬНО СГЕНЕРИРУЙТЕ СВОЙ!)
secret_key: "СГЕНЕРИРУЙТЕ_СВОЙ_СЕКРЕТНЫЙ_КЛЮЧ"
Very important: Replace "СГЕНЕРИРУЙТЕ_СВОЙ_СЕКРЕТНЫЙ_КЛЮЧ" with a random string. You can generate it, for example, like this:
Copy the generated string and paste it into searxng_settings.yml.
5. Creating the Caddyfile
Caddy will act as a reverse proxy, forwarding requests to SearXNG and automatically configuring HTTPS using Let's Encrypt.
nano Caddyfile
Paste the following content:
ВАШ_ДОМЕН_ДЛЯ_SEARXNG {
# Замените на ваш домен, например, searx.mydomain.com
# Caddy автоматически получит SSL-сертификат от Let's Encrypt
reverse_proxy searxng:8080 {
# Перенаправляет запросы к SearXNG контейнеру
header_up Host {host}
header_up X-Real-IP {remote_ip}
header_up X-Forwarded-For {remote_ip}
header_up X-Forwarded-Proto {scheme}
}
# Дополнительные заголовки для безопасности (рекомендуется)
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Frame-Options DENY
X-Content-Type-Options nosniff
X-XSS-Protection "1; mode=block"
Referrer-Policy no-referrer-when-downgrade
}
# Логирование (опционально)
log {
output file /data/access.log {
roll_size 10mb
roll_keep 5
roll_keep_for 720h
}
format json
}
}
Important: Replace ВАШ_ДОМЕН_ДЛЯ_SEARXNG with your actual domain. Ensure that the DNS A-record for this domain points to your VPS's IP address. Without a correct DNS record, Caddy will not be able to obtain an SSL certificate.
6. Running SearXNG with Docker Compose
After creating all the necessary files, you can start SearXNG.
# Создание директории для данных Caddy и SearXNG
mkdir -p data/caddy data/searxng
# Запуск контейнеров в фоновом режиме
docker compose up -d
# Проверка статуса запущенных контейнеров
docker compose ps
The docker compose ps command should show that the searxng and caddy containers are running and in Up status. If Caddy doesn't start immediately, give it a few minutes to obtain the Let's Encrypt certificate. You can check Caddy's logs if issues arise:
docker compose logs caddy
Now your private metasearch engine SearXNG should be accessible via your domain name over HTTPS.
Configuration
Diagram: Configuration
After the basic installation of SearXNG and Caddy, the next step is to further configure them to optimize performance, security, and functionality.
The searxng_settings.yml file, which we created earlier, is central to SearXNG's configuration. You can find a complete list of options in the official SearXNG documentation. Here are some important settings to consider:
Edit the file:
nano ~/searxng/searxng_settings.yml
Examples of additional settings:
# ... (previous settings) ...
# Engine settings (example: adding Wikipedia, Reddit, YouTube)
# You can enable/disable any engines.
# Some engines may require API keys (see documentation).
engines:
- google
- duckduckgo
- bing
- wikipedia
- reddit
- youtube
# - github # Example engine for developers
# - stackoverflow # Another useful engine
# Request rate limiting settings (limiter)
# Helps prevent abuse and blocks from search engines.
limiter:
enabled: True
rate: 10/minute # Maximum 10 requests per minute per IP
burst: 5 # Additional 5 requests above the limit for a short period
# Proxy settings for engine requests (if needed)
# proxy:
# url: "socks5h://127.0.0.1:9050" # Example for Tor
# type: "socks5"
# Interface settings
autocomplete: 'duckduckgo' # Enable query autocompletion via DuckDuckGo
theme: 'oscar' # Or 'simple', 'garuda', 'nord', 'kavin', etc.
image_proxy: True # Image proxying for additional privacy
suggestions: True # Show search suggestions
# Security settings
# allowed_hosts:
# - "YOUR_SEARXNG_DOMAIN" # Specify your domain for additional protection
# HTTP Headers
# http_headers:
# X-Frame-Options: "DENY"
# X-Content-Type-Options: "nosniff"
# Secret key - GENERATE YOUR OWN!
secret_key: "ВАШ_СЕКРЕТНЫЙ_КЛЮЧ"
After making changes to searxng_settings.yml, you need to restart the SearXNG container for them to take effect:
docker compose restart searxng
2. Caddy Configuration: Caddyfile file
Caddy is already configured to provide HTTPS and proxy requests to SearXNG. You can add additional security headers, configure logging, or add other domains if needed.
Edit the file:
nano ~/searxng/Caddyfile
Example of adding CORS headers (if you plan to use SearXNG from other web applications):
YOUR_SEARXNG_DOMAIN {
# ... (previous settings) ...
# Additional headers for CORS (Cross-Origin Resource Sharing)
header / {
Access-Control-Allow-Origin "" # Allow all. Use a specific domain for better security.
Access-Control-Allow-Methods "GET, POST, OPTIONS"
Access-Control-Allow-Headers "Content-Type, Authorization"
}
# ... (rest of the settings) ...
}
After changing the Caddyfile, restart the Caddy container:
docker compose restart caddy
3. Secrets and Environment Variables
As shown in docker-compose.yml, we already use environment variables for SEARXNG_BASE_URL and CADDY_EMAIL. For SearXNG's secret_key, we mount the searxng_settings.yml file. If you prefer the secret key not to be stored in a file, you can pass it as an environment variable in docker-compose.yml:
searxng:
# ...
environment:
- SEARXNG_BASE_URL=https://YOUR_SEARXNG_DOMAIN/
- SEARXNG_URL=http://searxng:8080/
- SEARXNG_SECRET_KEY=YOUR_SECRET_KEY_FROM_ENVIRONMENT_VARIABLE # Add this line
# ...
In this case, you will need to remove the line secret_key: "ВАШ_СЕКРЕТНЫЙ_КЛЮЧ" from searxng_settings.yml. This can be useful for deployment automation where the secret key is pulled from a secret management system.
4. Health Check
After all configurations, let's ensure that SearXNG is working correctly.
Checking availability via curl:
curl -I https://ВАШ_ДОМЕН_ДЛЯ_SEARXNG/
You should receive an HTTP status of 200 OK and headers indicating Caddy and SearXNG.
There should be no critical errors in the logs. If there are, examine them carefully to determine the cause.
Checking in the browser:
Open your domain (https://ВАШ_ДОМЕН_ДЛЯ_SEARXNG/) in a web browser. You should see the SearXNG interface. Try performing a few search queries to ensure that results are retrieved and displayed correctly.
If all steps are completed correctly, your private metasearch engine SearXNG is fully configured and ready for use.
Backups and Maintenance
Diagram: Backups and Maintenance
Regular backups and timely maintenance are critical for the stable and secure operation of any service, including SearXNG. Although SearXNG itself does not store confidential user data (as it is a private search engine), it is important to preserve its configuration and Caddy data (Let's Encrypt certificates) to avoid reconfiguration in case of a failure.
1. What to Back Up
For SearXNG on Docker Compose, the main elements that require backing up are:
SearXNG Configuration Files:searxng_settings.yml. This is the main file defining your search engine's behavior.
Docker Compose Files:docker-compose.yml. Defines how to run SearXNG and Caddy.
Caddy Configuration Files:Caddyfile. Contains your reverse proxy and HTTPS settings.
Caddy Data: The ./data/caddy directory (in our case ~/searxng/data/caddy). This is where Let's Encrypt certificates and other Caddy service information are stored.
SearXNG Data: The ./data/searxng directory (in our case ~/searxng/data/searxng). May contain cache, logs, and other temporary SearXNG data.
User data is not backed up, as SearXNG does not store it.
2. Simple Auto-Backup Script
We will create a simple script that will archive all necessary files and directories. For backup, you can use tar for archiving and rsync for synchronization with remote storage. For more advanced scenarios, consider borgbackup or restic, which support deduplication and encryption.
Create a script file, for example, backup_searxng.sh, in your home directory:
nano ~/backup_searxng.sh
Insert the following content:
#!/bin/bash
# Path to SearXNG directory
SEARXNG_DIR="/home/searxng_admin/searxng" # Replace with the path to your SearXNG directory
BACKUP_DIR="/var/backups/searxng"
TIMESTAMP=$(date +"%Y%m%d%H%M%S")
BACKUP_FILE="$BACKUP_DIR/searxng_backup_$TIMESTAMP.tar.gz"
RETENTION_DAYS=7 # Keep backups for the last 7 days
# Create backup directory if it doesn't exist
mkdir -p "$BACKUP_DIR"
echo "Starting SearXNG backup to $BACKUP_FILE..."
# Stop SearXNG for data consistency (optional, but recommended for caddy/searxng data)
# docker compose -f "$SEARXNG_DIR/docker-compose.yml" stop
# Archive necessary files and directories
tar -czf "$BACKUP_FILE" -C "$SEARXNG_DIR" \
docker-compose.yml \
searxng_settings.yml \
Caddyfile \
data/caddy \
data/searxng \
--remove-files-from data/searxng/cache # Clear SearXNG cache if it's large
# Start SearXNG back up (if it was stopped)
# docker compose -f "$SEARXNG_DIR/docker-compose.yml" start
echo "Backup completed."
# Delete old backups
echo "Deleting old backups (older than $RETENTION_DAYS days)..."
find "$BACKUP_DIR" -name "searxng_backup_*.tar.gz" -type f -mtime +$RETENTION_DAYS -delete
echo "Old backups cleanup completed."
# Example of sending backup to a remote server via rsync
# REMOTE_USER="backup_user"
# REMOTE_HOST="your_backup_server_ip"
# REMOTE_PATH="/mnt/backups/searxng/"
# rsync -avzh "$BACKUP_FILE" "$REMOTE_USER@$REMOTE_HOST:$REMOTE_PATH"
# Example of sending backup to S3-compatible storage using s3cmd/awscli
# s3cmd put "$BACKUP_FILE" s3://your-s3-bucket/searxng/
Make the script executable:
chmod +x ~/backup_searxng.sh
Configure cron to automatically run the script. For example, for a daily backup at 03:00 AM:
crontab -e
Add the following line to the end of the crontab file:
This will run the script daily at 3 AM and redirect the output to the log file /var/log/searxng_backup.log.
3. Where to Store Backups
Storing backups on the same server as the main service is not recommended. If the server fails (e.g., disk failure), you will lose both the service and the backups. Recommended storage locations:
External S3-compatible storage: Services like Backblaze B2, Amazon S3, DigitalOcean Spaces, MinIO (self-hosted) offer reliable and inexpensive object storage. You can use s3cmd or awscli for automatic backup uploads.
Separate VPS or dedicated server: If you have another server, you can use rsync or scp to copy backups.
NAS/local storage: For personal use, you can configure backups to be copied to local network storage.
Always encrypt backups, especially if they are stored on third-party services. Tools like borgbackup or restic do this automatically.
4. Updates: rolling vs maintenance window
Keeping the system and applications up-to-date is critical for security and stability.
Operating System Updates: Regularly run sudo apt update && sudo apt upgrade -y. For Ubuntu LTS, it is recommended to do this at least once a month. Consider using unattended-upgrades for automatic application of security patches.
Docker Image Updates (SearXNG, Caddy):
Rolling updates: For SearXNG, which does not have a complex database or state, you can simply perform periodically:
docker compose pull # Download the latest image versions
docker compose up -d # Recreate containers with new images
This can be done every few weeks. Caddy will automatically renew its Let's Encrypt certificates if they are nearing expiration.
Maintenance window: If you want to ensure no issues, plan a small maintenance window (e.g., 15-30 minutes once a month) where you manually run docker compose pull && docker compose up -d, and then check logs and functionality. This allows you to be prepared for potential problems and roll back changes if something goes wrong.
Always back up before major updates or configuration changes.
Troubleshooting + FAQ
Various issues may arise during the installation and operation of SearXNG. Here are common errors and answers to frequently asked questions.
SearXNG does not start or returns a 502 Bad Gateway error
What to check: Ensure that the SearXNG container is running and accessible via internal port 8080. Check the SearXNG container logs.
docker compose ps
docker compose logs searxng
Look for initialization errors, issues with accessing the searxng_settings.yml file, or incorrect parameters. If you see "502 Bad Gateway" in the Caddy logs, it means Caddy cannot connect to the SearXNG container.
Verify that SEARXNG_URL=http://searxng:8080/ in docker-compose.yml is correct and matches the SearXNG service name in the same file.
How to fix: Correct errors in searxng_settings.yml (e.g., YAML syntax errors), ensure the file path in docker-compose.yml is correct. Restart the SearXNG container: docker compose restart searxng.
HTTPS is not working, browser shows a certificate error
What to check: Caddy automatically obtains Let's Encrypt certificates.
docker compose logs caddy
Look for error messages during certificate acquisition (e.g., "tls: no ACME client was able to solve the challenge"). This often indicates DNS or firewall issues.
Ensure that the DNS record (A type) for your domain points to your VPS's IP address.
Check that ports 80 and 443 are open in UFW: sudo ufw status verbose.
How to fix: Correct the DNS record if it's wrong. Open ports 80 and 443 in UFW. Make sure the correct domain is specified in Caddyfile. Restart Caddy: docker compose restart caddy.
SearXNG is slow or returns many captchas
What to check: Slow performance can be caused by server overload, a slow internet connection, or frequent blocks by search engines. A large number of captchas indicates that search engines identify your requests as automated.
Check CPU/RAM load on the VPS: htop.
Check SearXNG logs for errors from search engines.
How to fix: Increase request limits in searxng_settings.yml (limiter section). Consider using proxy servers (e.g., Tor or external proxies) for requests to search engines (proxy setting in searxng_settings.yml). If the VPS is overloaded, consider upgrading resources (CPU/RAM/network). Try disabling some search engines that most frequently trigger captchas.
What is the minimum suitable VPS configuration?
Minimally for SearXNG (single user or very small group), 1 vCPU, 2 GB RAM, and 20-30 GB SSD storage will be required. This configuration will be sufficient for basic operation, but active use or adding other services to the VPS may cause delays. It is recommended to choose more powerful configurations if you plan to use SearXNG regularly or for multiple users.
What to choose — VPS or dedicated for this task?
For most users installing SearXNG for personal use or a small team, a Virtual Private Server (VPS) is the optimal choice. It offers sufficient performance, flexibility, and cost-effectiveness. A dedicated server only makes sense in cases of very high load (hundreds of users), when SearXNG is part of a large infrastructure, or if you require full control over hardware and maximum guaranteed performance without virtualization. In most scenarios, a VPS will be more than sufficient.
How to update SearXNG to a new version?
Since we use Docker Compose, updating is very simple:
cd ~/searxng
docker compose pull # Downloads the latest versions of SearXNG and Caddy images
docker compose up -d # Recreates containers using new images
docker image prune -f # Removes old unused Docker images to save space
Before updating, it is recommended to back up your configuration files.
Can I add my own search engines or configure them?
Yes, SearXNG supports many search engines and allows for detailed configuration. In the searxng_settings.yml file, in the engines section, you can enable or disable the engines you need. Some engines (e.g., Google Custom Search, Reddit) may require obtaining API keys, which you will need to specify in the same file. Full documentation on engine configuration is available on the official SearXNG website.
How to restrict access to my SearXNG to specific IP addresses only?
You can configure Caddy to restrict access. Edit your Caddyfile:
YOUR_SEARXNG_DOMAIN {
# ...
# Restrict access by IP address
# Replace YOUR_IP_ADDRESS with your allowed IPs (multiple can be separated by space)
# If the IP address does not match, Caddy will return 403 Forbidden
# remote_ip {
# ip_range YOUR_IP_ADDRESS/32
# ip_range YOUR_SECOND_IP_ADDRESS/32
# # Or use an entire subnet
# # ip_range 192.168.1.0/24
# policy deny_ip
# }
# ...
}
After modifying Caddyfile, restart Caddy: docker compose restart caddy.
Conclusions and Next Steps
Diagram: Conclusions and Next Steps
Congratulations! You have successfully installed and configured your own private meta-search engine SearXNG on a VPS. Now you control your search activity, are protected from tracking and personalization of results, and can enjoy a clean, unbiased search on the internet. You have also mastered basic skills in working with Docker Compose, Caddy, and Linux server management, which is valuable experience.
Where to go next?
Fine-tuning: Explore the full SearXNG documentation to adapt searxng_settings.yml to your needs as much as possible. Experiment with different themes, enable and disable search engines, and adjust limits.
Browser Integration: Configure your browser (Firefox, Chrome, Brave) to use your new SearXNG instance as the default search engine. This will significantly simplify usage.
Monitoring and Scaling: If you plan to serve a large number of users, explore server monitoring tools (e.g., Prometheus + Grafana) and consider running multiple SearXNG instances behind a load balancer.
