Closed hyperdefined closed 1 day ago
Please consider joining our Matrix room for public instance maintainers by joining our Matrix room: https://matrix.to/#/#searxng:matrix.org then pinging @ unixfox, @ dalf and @ mrpaulblack for asking to be invited to the Matrix room. We discuss troubles managing a public instance, sharing some advices (like how to protect against bots), announcing big changes in searxng and more.
Hi @hyperdefined, the image search does not work well. Please either enable image_proxy
or adjust your CSP policy.
I'm not really sure why the images are failing, I have image_proxy
enabled. I am using NGINX in place of Caddy:
location ~ ^/(config|healthz|stats/errors|stats/checker)$ {
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Origin "*";
proxy_pass http://localhost:3011;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
location ~* ^/static/ {
add_header Cache-Control "public, max-age=31536000";
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3011;
}
location = /image_proxy {
add_header Content-Security-Policy "default-src 'none'; img-src 'self' data:";
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3011;
}
location / {
add_header Cache-Control "no-cache, no-store";
add_header Pragma "no-cache";
add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
proxy_pass http://localhost:3011;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
I believed I have fixed it, please let me know if everything seems to be working and configured correctly.
Requirements (make sure to read all of them)
check.searx.space
to check my instance (every 3 hours for the response times, every 24 hours for the other tests).Bot protection requirement
server.public_instance
parameter.Source code URL
No response
Comment
No response