Add https://searx.thefloatinglab.world

[FransVeldman]

Requirements (make sure to read all of them)

• [X] It is my instance. I bought the domain myself and I own this domain. Free domains (e.g. Freenom) and shared domains (e.g. noip.com) are not allowed.
• [X] I give the right to check.searx.space to check my instance (every 3 hours for the response times, every 24 hours for the other tests).
• [X] I acknowledge that managing a public instance is not an easy task and require spending time to keep the instance in good health. E.g. look after your instance by using a monitoring system.
• [X] I guarantee to keep an uptime per month of my instance at minimum 90%. Please ask for a removal of your instance if there is a planned long downtime or notify us here for a short downtime.
• [X] I do not track the users of my instance with any analytics or tracking software.
• [X] I won't try to manipulate the ranking of my instance in a way that give an unfair advantage over the other public instances in the list. (e.g. caching requests for searx.space server)
• [X] I control the final webserver (software) that is serving the requests to the users of my instance. Here is a non-exhaustive list of forbidden hosting types: PaaS, managed (hosting provider controlled) HTTP(S) load balancer (e.g. AWS ALB), Cloudflare, shared Web hosting. TCP load balancer is fine.

Bot protection

No, I have not installed a bot protection and I do recognize that without one, my instance will be flooded by bots and could have some of its engines stop working (an example is Google).

Source code URL

No response

Comment

This instance is also accessible via http://iziatwmtwhrp2kjm3tkrurj3b25qjhznleztdwqc6jgoxmxfvkmh3mid.onion/

[ononoki1]

Hi @FransVeldman, your CSP grade is not optimal. However, it can be ignored if you do not mind being ranked lower on searx.space. If you want to fix it before adding your instance, just do it and notify us when finished. Otherwise, tell us to add your instance now.

[FransVeldman]

I have no experience with CSP. I'm a bit puzzled what would be the correct CSP header. I tried various options but all of them result in a compromised functionality. I could not find the required CSP header anywhere in the documentation or support groups.Do you know what I have to put there? I have a standard setup with nginx.

If I get listed now, I will be ranked up automatically once I have a more optimal CSP header? In that case you can add my instance now.

[unixfox]

It's literally in the Recommendations for your instance section when adding a new instance if you had read it... https://github.com/searxng/searxng-docker/blob/master/Caddyfile#L33-L84

[FransVeldman]

Sorry, I don't know what definition of "literally" you are using, but there is nothing "literally" saying "Add the following line to your nginx.conf file".

The link you are referring to looks like some kind of configuration file / source code for stuff I don't have. In my question I was literally saying: "I'm using nginx".

The install guides I followed didn't mention anything about caddyfiles, whatever they are, and I don't have the software to use them.

The nginx frontend I'm using is on a VPS that runs a bunch of other services, all using the same nginx frontend, so I wish to keep nginx.

In the config file you are referring to, I see various header lines. Something like header \@imageproxy and a header \@notimageproxy. Does this mean that since I proxy images I need to use the first variant? Or does it mean that I need to change the header according to the page the user is requesting? There is also a generic "header" section higher up in that file, with some stuff that is already part of the standard install.

And yes, I tried all those header variants in nginx, but as I said, things got broken when I tried to add anything like this to the nginx file.

You may call me dumb if you wish, but as I said, I got everything working but I'm just unfamiliar with CSP stuff and really don't want to become an CSP expert just for cranking up my searx ranking. I'm just looking for a solution to add the correct CSP stuff to my nginx setup without breaking things.

[unixfox]

You basically just need to copy the same headers from the Caddyfile in your NGINX configuration and you will be good to go.

If you think some things are broken due to the CSP rules then post the console logs here.

[ononoki1]

If I get listed now, I will be ranked up automatically once I have a more optimal CSP header?

Yes.

there is nothing "literally" saying "Add the following line to your nginx.conf file"

Simply add this line add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"; to the server block of your NGINX config file will be OK.

[FransVeldman]

I tried the header you suggested, but after I reload nginx some things don't work anymore. If I search on images or video's, the urls are found but no images are shown anymore. Any idea why?

What exactly do we actually gain with this CSP thing in our situation? Is there any chance searxng will misbehave or become a security threat without it?

[ononoki1]

What exactly do we actually gain with this CSP thing in our situation?

You may see MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.

[return42]

@FransVeldman please update your instance / thanks!

[unixfox]

Please consider joining our Matrix room for public instance maintainers by joining our Matrix room: https://matrix.to/#/#searxng:matrix.org then pinging @\unixfox, @\dalf and @\mrpaulblack for asking to be invited to the Matrix room. We discuss troubles managing a public instance, sharing some advices (like how to protect against bots), announcing big changes in searxng and more.

[unixfox]

A new big change has been introduced 🎉!

Please read this documentation for how to proceed: https://gist.github.com/unixfox/4e22730769540fe5b9f1943a86439761

We are going to make mandatory this new parameter by 1st December 2023. Any instance that do not have this parameter enabled won't be allowed in the public list anymore.

We can make exceptions in case you really do not want to enable our bot limiter solution, but you will have to send us proofs: clearly stating how you detect bots, how you actively deal with them and also prove that it really works.

Feel free to ask here if you have any troubles setting up this new parameter.

[return42]

@FransVeldman please update your instance / thanks!

Instance was installed in Feb and has never been updated since .. in May we already asked you to update but without a feedback from your side .. are you not interested to maintain the instance any longer?

[unixfox]

@FransVeldman Important step above https://github.com/searxng/searx-instances/issues/298#issuecomment-1753695819! The deadline has already passed, if you do not conform we will have to remove your instance by the end of the year.

[unixfox]

your instance was removed for being outdated: https://github.com/searxng/searx-instances/commit/889f187afa01e3abc3de4a8bd64dc893d8b6b7d4