Add https://searxng.nicfab.it

[nicfab]

Requirements

• [X] It is my instance.
• [X] I give the right to check.searx.space to check my instance (every 3 hours for the response times, every 24 hours for the other tests).
• [X] I acknowledge that managing a public instance is not an easy task and require spending time to keep the instance in good health. E.g. look after your instance by using a monitoring system.
• [X] I guarantee to keep an uptime per month of my instance at minimum 90%. Please ask for a removal of your instance if there is a planned long downtime or notify us here for a short downtime.
• [X] I do not track the users of my instance with any analytics or tracking software.
• [X] I won't try to manipulate the ranking of my instance in a way that give an unfair advantage over the other public instances in the list. (e.g. caching requests for searx.space server)

Bot protection

Yes, I have enabled the limiter plugin built in SearXNG.

Source code URL

No response

Comment

No response

[tiekoetter]

Hi @nicfab, The limiter plugin is not working on your instance. Running curl -i "https://searxng.nicfab.it/search?q=test" gives results instead of error 429. Your instance is hosted on AWS. As a result of that it will be marked red in the network tab on searx.space.

Everything else looks good.

[nicfab]

curl -i "https://searxng.nicfab.it/search?q=test"

Thank you for your quick reply. I modified the file setting.yaml; can you check again? Regarding AWS, I have all my servers there, and I spent a lot of time setting up the instance. What should I do?

[tiekoetter]

@nicfab You don't need to do anything. This won't affect the ranking of your instance.

[nicfab]

@nicfab You don't need to do anything. This won't affect the ranking of your instance.

I am evaluating digitalocean, and I will move all to it if possible. Did you check the plugin? Is it working?

[tiekoetter]

@nicfab Honestly AWS is good if you are more comfortable with it. DigitalOcean is also pretty good I host one of my Name servers there. Yes the limiter plugin is working now.

[nicfab]

@nicfab Honestly AWS is good if you are more comfortable with it. DigitalOcean is also pretty good I host one of my Name servers there. Yes the limiter plugin is working now.

Sincerely, AWS allows me to have servers in Italy (Milan), and it's important regarding the GDPR. Digital Ocean doesn't have any servers in Italy, and I don't trust it. I would appreciate it if you suggested some European solutions (I would avoid OVH after the well-known fire). When can I see my instance among the public ones?

[tiekoetter]

@nicfab I host my instance and my main stuff with myVirtualserver.com. They are only hosting in Germany though. I don't know about any good hoster in Italy. Sorry.

You will see your instance when the searx.space server syncs its list with the one from this repo. This happens every 3 hours.

[nicfab]

myVirtualserver.com

Thank you very much

[nicfab]

Hello @tiekoetter

Today I set the reverse DNS, and it changed. I don't see my instance anymore. What should I do?

[tiekoetter]

@nicfab Your instance is on the Offline & error tab on searx.space with the reason Connection timed out. It will refresh automatically when your instance is working.

[nicfab]

Ok. Thank you

[nicfab]

Hello @tiekoetter,

I set the TOR address for my instance, which is:

zpqi3eorbszyks36k6jsicg64wm6el7fom4o2ds3hqqcqcapfin3qfid.onion

Can you add it to the online TOR instances?

Let me take the opportunity for a question: "I can guess, but why the instances under AWS are marked red?" If the service works fine, from my perspective is an added value. I also think that - as in my case - people who set public instances (for the benefit of all) pay on their own, and it probably is unfair to mark those instances red. My few cents.

[tiekoetter]

@nicfab Yes I will add your onion address.

Regarding the marking in the network tab:

I personally agree that even providers like AWS should be allowed / not marked because you have your own VM there (same trust level as any other VM hoster). Reverse proxy providers like Cloudflare should still be marked because they have the keys to the encryption.

Which AS is marked red is defined here https://github.com/searxng/searx-space/blob/master/searxstats/data/asn.py

@dalf What do you think? Should this maybe be changed in the future?

[unixfox]

@nicfab Yes I will add your onion address.

Regarding the marking in the network tab:

I personally agree that even providers like AWS should be allowed / not marked because you have your own VM there (same trust level as any other VM hoster). Reverse proxy providers like Cloudflare should still be marked because they have the keys to the encryption.

Which AS is marked red is defined here https://github.com/searxng/searx-space/blob/master/searxstats/data/asn.py

@dalf What do you think? Should this maybe be changed in the future?

The issue is that we don't know if the user is hosting searxng on a VM or on a MITM solution like aws cloudfront or even on AWS ALB

[nicfab]

@nicfab Yes I will add your onion address.

Regarding the marking in the network tab:

I personally agree that even providers like AWS should be allowed / not marked because you have your own VM there (same trust level as any other VM hoster). Reverse proxy providers like Cloudflare should still be marked because they have the keys to the encryption.

Which AS is marked red is defined here https://github.com/searxng/searx-space/blob/master/searxstats/data/asn.py

@dalf What do you think? Should this maybe be changed in the future?

Thank you for your quick reply. I don't use Cloudflare or other services like that one. Let me take the opportunity to present my professional profile here: https://www.fabiano.law/en/page/about/. As you can see, I am the former president of the San Marino DPA and have dealt with privacy and data protection for over 20 years. I am also passionate about computer science, and I set up all of my running instances, also maintain them. I always pay attention to privacy and security, and I can guarantee that my systems are privacy ok. I would be happy if you could decide to remove the red mark to AWS or my instance.

[tiekoetter]

@unixfox Ok I didn't consider this

[nicfab]

I don't use AWS CloudFront, but simply AWS-EC2 accessing from https://aws.amazon.com

[dalf]

Reverse proxy providers like Cloudflare should still be marked because they have the keys to the encryption.

• Amazon can access to the VM
• The traffic is in clear in memory and between the docker containers (yes on localhost).

---

AWS is put in the "red" list because of https://en.wikipedia.org/wiki/CLOUD_Act#International_reactions So also https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2022/augustus/16/cloud-act-memo/Cloud+Act+Memo+Final.pdf

From my understanding and following this principle, the "red" list should contain all US providers, but I recognize this is an European view point.

The list: https://github.com/searxng/searx-space/blob/master/searxstats/data/asn.py

---

Instead of just a red flag, for each ASN, we can list the entities (organizations, country, etc...) that can access the instance or the traffic (list made according to the public knowledge), and then let the users decide. (I'm not sure this doable).

---

[EDIT / disclaimer] multiple message were added the time I wrote this message.

[nicfab]

Reverse proxy providers like Cloudflare should still be marked because they have the keys to the encryption.

• Amazon can access to the VM
• The traffic is in clear in memory and between the docker containers (yes on localhost).

AWS is put in the "red" list because of https://en.wikipedia.org/wiki/CLOUD_Act#International_reactions So also https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2022/augustus/16/cloud-act-memo/Cloud+Act+Memo+Final.pdf

From my understanding and following this principle, the "red" list should contain all US providers, but I recognize this is an European view point.

The list: https://github.com/searxng/searx-space/blob/master/searxstats/data/asn.py

Instead of just a red flag, for each ASN, we can list the entities (organizations, country, etc...) that can access the instance or the traffic (list made according to the public knowledge), and then let the users decide. (I'm not sure this doable).

[EDIT / disclaimer] multiple message were added the time I wrote this message.

I'm afraid I disagree with you about the statement that Amazon can access the VM; it is commonplace, and no official document or paper confirms that.

Also, regarding the traffic locally, only the sysadmin can view it, and - in my case - I am the only one that potentially can view the traffic. Amazon cannot access the VM without my consent.

@dalf, as you said, I am in Europe, and we have solid legislation about data protection and privacy. Furthermore, my instance is located in the AWS data center in Italy (Milan).

I hope you can review the red-mark policy.

[nicfab]

Let me just add that you cannot generalize about AWS because - in my case - the entity that issues the invoice to me is AMAZON WEB SERVICES EMEA SARL. So it's an EU company different from the US ones. However, I see on the list marked red AWS, US, and it's wrong.

[nicfab]

@tiekoetter I set the IPV6 address, and I seem that the check tests are ok. Is the update automatic on https://searx.space page?

[tiekoetter]

@nicfab Yes it will automatically be done.

[nicfab]

@tiekoetter I changed the server and installation from docker to scripts. The onion address is changed and now is:

http://lgmekfnpealdqhnctyg3p5fuelpdwnbqbwnl2ickpdoodzatzgz27ryd.onion

Is the update automatic?

[nicfab]

@tiekoetter Sorry for this new message, but I see that my old onion address related to my instance is under "Offline & error" -> Others. I understand that the change is not automatic. My new onion address is the following:

http://lgmekfnpealdqhnctyg3p5fuelpdwnbqbwnl2ickpdoodzatzgz27ryd.onion

May I have some update on that? Many thanks for considering my request.

[unixfox]

Please create a new issue of type : "update"/" edit".

Anybody in the searxng team will then update your onion URL.