mrpaulblack
commented
2 years ago for reference check out my traefik config file for my searxng fork: https://github.com/paulgoio/searxng/blob/main/docker-compose.yml
Closed mrwormo closed 1 year ago
mrpaulblack
commented
2 years ago for reference check out my traefik config file for my searxng fork: https://github.com/paulgoio/searxng/blob/main/docker-compose.yml
mrwormo
commented
2 years ago for reference check out my traefik config file for my searxng fork: https://github.com/paulgoio/searxng/blob/main/docker-compose.yml
Thx for your reply. Your docker-compose put me on the trail : i don't need to expose any ports.
Here is my finale docker-compose.yml :
searxng:
container_name: searxng
image: searxng/searxng:latest
hostname: searxng
restart: always
volumes:
- /app/searxng:/etc/searxng:rw
environment:
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
- TZ=Europe/Paris
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
networks:
- traefikAnd the searx.yml
http:
services:
searxng:
loadBalancer:
servers:
- url: "http://searxng:8080"
routers:
searxng:
rule: "Host(`domain.tld`)"
entryPoints:
- "web"
middlewares:
- "redirect-to-https@file"
service: "noop@internal"
searxng-secure:
rule: "Host(`domain.tld`)"
entryPoints:
- "websecure"
middlewares:
- "hsts@file"
- "security@file"
- "compression@file"
service: "searxng@file"
tls:
certResolver: letsencrypt-ecdsa
options: mintls13Thx again @mrpaulblack :+1:
GenesisAdam
commented
2 years ago @mrwormo Please may I have the content of your middlewares.yml file. I am getting error regarding compression. I am using Traefik V2. Many thanks.
mrwormo
commented
2 years ago @mrwormo Please may I have the content of your middlewares.yml file. I am getting error regarding compression. I am using Traefik V2. Many thanks.
Here is my compression.yml :
http:
middlewares:
compression:
compress:
excludedContentTypes:
- "text/event-stream"Have you tried to comment compression@file ?
GenesisAdam
commented
2 years ago @mrwormo Thank you. It's all running ok now. I use a middlewares-chain.yml file and created a middleware-chain for searx as below using your snippet code:
chain-searx: chain: middlewares:
This is then referenced in the compose file as:
y0nei
commented
1 year ago Im going to throw in my configuration, i had big troubles getting this configured right because i just picked up traefik, but managed to get it working well, with an A+ grade
I also added a label traefik.enable=true in searxng's docker-compose.yml
I got it working with something like this:
searxng.yml
http:
services:
searxng:
loadBalancer:
servers:
- url: "http://searxng:8080"
routers:
searxng:
rule: "Host(`amongus.sus`) && Method(`GET`,`POST`,`HEAD`)"
middlewares:
- general_security
- searxng_headers
service: searxng
entryPoints:
- "websecure"
tls:
certResolver: production
middlewares:
general_security:
headers:
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
browserXssFilter: true
contentTypeNosniff: true
referrerPolicy: "no-referrer"
searxng_headers:
headers:
customResponseHeaders:
X-Robots-Tag: "noindex, noarchive, nofollow"
Content-Security-Policy: "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
Permissions-Policy: "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"where certResolver: production points to this in traefik.yml
certificatesResolvers:
production:
acme:
email: you@email.com
storage: /etc/traefik/certs/acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
httpChallenge:
entryPoint: webi also have set a default option for minimum tls version in the same traefik.yml file like this:
tls:
# ...
options:
default:
minVersion: VersionTLS12for HTTP -> HTTPS redirecting i have this in entryPoints in traefik.yml
entryPoints:
web:
address: :80
# (Optional) Redirect to HTTPS
# ---
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
return42
commented
1 year ago Close since issue has been solved / answered.
y0nei
commented
1 year ago Additional note from me; If you want the best TLS score, add this to your traefik.yml:
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256related issue (#391) on searxng/searx-instances
fahadshery
commented
2 months ago Im going to throw in my configuration, i had big troubles getting this configured right because i just picked up traefik, but managed to get it working well, with an A+ grade I also added a label
traefik.enable=truein searxng'sdocker-compose.ymlI got it working with something like this:
searxng.ymlhttp: services: searxng: loadBalancer: servers: - url: "http://searxng:8080" routers: searxng: rule: "Host(`amongus.sus`) && Method(`GET`,`POST`,`HEAD`)" middlewares: - general_security - searxng_headers service: searxng entryPoints: - "websecure" tls: certResolver: production middlewares: general_security: headers: stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: true browserXssFilter: true contentTypeNosniff: true referrerPolicy: "no-referrer" searxng_headers: headers: customResponseHeaders: X-Robots-Tag: "noindex, noarchive, nofollow" Content-Security-Policy: "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com" Permissions-Policy: "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"where
certResolver: productionpoints to this intraefik.ymlcertificatesResolvers: production: acme: email: you@email.com storage: /etc/traefik/certs/acme.json caServer: "https://acme-v02.api.letsencrypt.org/directory" httpChallenge: entryPoint: webi also have set a default option for minimum tls version in the same
traefik.ymlfile like this:tls: # ... options: default: minVersion: VersionTLS12for HTTP -> HTTPS redirecting i have this in
entryPointsintraefik.ymlentryPoints: web: address: :80 # (Optional) Redirect to HTTPS # --- http: redirections: entryPoint: to: websecure scheme: https websecure: address: :443
hi, is this still working? I can't get mine to work with traefik :( getting bad gateway error
Hello,
I'm running Traefik v2 on my server to serve a dozen of container without problems. But i'm facing of a "Bad gateway" with the Searxng container.
I've no error in Traefik logs, neither in Searxng logs. And the Traefik's dashboard is happy too.
My docker-compose.yml :
And my searx.yml is similar to others :
Is someone manages to operate Searxng with Traefik v2 ?