Apache

This section explains how to set up a SearXNG instance using the HTTP server Apache. If you did use the Installation Script and do not have any special preferences you can install the SearXNG site using searxng.sh:

$ sudo -H ./utils/searxng.sh install apache

If you have special interests or problems with setting up Apache, the following section might give you some guidance.

The Apache HTTP server

If Apache is not installed, install it now. If apache is new to you, the Getting Started, Configuration Files and Terms Used to Describe Directives documentation gives first orientation. There is also a list of Apache directives to keep in the pocket.

sudo -H apt-get install apache2

Now at http://localhost you should see some kind of Welcome or Test page. How this default site is configured, depends on the linux distribution (compare Apache directives).

less /etc/apache2/sites-enabled/000-default.conf

In this file, there is a line setting the DocumentRoot directive:

DocumentRoot /var/www/html

And the welcome page is the HTML file at /var/www/html/index.html.

Debian’s Apache layout

Be aware, Debian’s Apache layout is quite different from the standard Apache configuration. For details look at the apache2.README.Debian (/usr/share/doc/apache2/README.Debian.gz). Some commands you should know on Debian:

Apache modules

To load additional modules, in most distributions you have to un-comment the lines with the corresponding LoadModule directive, except in Debian’s Apache layout.

Debian’s Apache layout uses a2enmod and a2dismod to activate or disable modules:

sudo -H a2enmod ssl
sudo -H a2enmod headers
sudo -H a2enmod proxy
sudo -H a2enmod proxy_http
sudo -H a2enmod proxy_uwsgi

Apache sites

In Debian’s Apache layout you create a searxng.conf with the <Location /searxng > directive and save this file in the sites available folder at /etc/apache2/sites-available. To enable the searxng.conf use a2ensite:

sudo -H a2ensite searxng.conf

Apache’s SearXNG site

To proxy the incoming requests to the SearXNG instance Apache needs the mod_proxy module (Apache modules).

Depending on what your SearXNG installation is listening on, you need a http mod_proxy_http) or socket (mod_proxy_uwsgi) communication to upstream.

The Installation Script installs the reference setup and a uWSGI setup that listens on a socket by default. You can install and activate your own searxng.conf like shown in Apache sites.

# -*- coding: utf-8; mode: apache -*-

LoadModule ssl_module           /usr/lib/apache2/modules/mod_ssl.so
LoadModule headers_module       /usr/lib/apache2/modules/mod_headers.so
LoadModule proxy_module         /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_uwsgi_module   /usr/lib/apache2/modules/mod_proxy_uwsgi.so
# LoadModule setenvif_module      /usr/lib/apache2/modules/mod_setenvif.so
#
# SetEnvIf Request_URI /searxng dontlog
# CustomLog /dev/null combined env=dontlog

<Location /searxng>

    Require all granted
    Order deny,allow
    Deny from all
    # Allow from fd00::/8 192.168.0.0/16 fe80::/10 127.0.0.0/8 ::1
    Allow from all

    # add the trailing slash
    RedirectMatch  308 /searxng$ /searxng/

    ProxyPreserveHost On
    ProxyPass unix:/usr/local/searxng/run/socket|uwsgi://uwsgi-uds-searxng/

    # see flaskfix.py
    RequestHeader set X-Scheme %{REQUEST_SCHEME}s
    RequestHeader set X-Script-Name /searxng

    # see limiter.py
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s

</Location>

# uWSGI serves the static files and in settings.yml we use::
#
#   ui:
#     static_use_hash: true
#
# Alias /searxng/static/ /usr/local/searxng/searxng-src/searx/static/

Restart service:

sudo -H systemctl restart apache2
sudo -H service uwsgi restart searxng

disable logs

For better privacy you can disable Apache logs. In the examples above activate one of the lines and restart apache:

SetEnvIf Request_URI "/searxng" dontlog
# CustomLog /dev/null combined env=dontlog

The CustomLog directive disables logs for the entire (virtual) server, use it when the URL of the service does not have a path component (/searxng), so when SearXNG is located at root (/).