In this article we are going to setup our first self-hosted web application
called SearXNG. This will allow us to replace Google, Duck Duck Go, Bing and
the like. SearXNG will search all of these services and more on our behalf,
while also cleaning up and removing the tracking information as well.

This post is but one in a series for setting up your own cloud environment.

If you wish to have your own hosted personal search engine continue on to the
following steps, if you do not you can skip this application as our future
installs will not rely on this install.

:: Create Data Folders on the Host

First we will create a folder on the host system to store some static files
that will survive updating the instance in the future. SSH into your VPS and
execute the following commands:

:~$ sudo -i
:~# mkdir -p /media/searxng

:: Setup Docker Instance

Now lets switch back to our Portainer web administration interface and click
"Containers" on the left and "Add container" at the top. Starting at the top
of the page for the name lets use "searxng" and for the image go ahead and put
in "searxng/searxng:latest".

Click the gray "publish a new network port" button and fill out the fields as
such:

Host: 6081 -> Container: 8080

Now at the bottom click on "Restart policy" and change it to "Always".

Now lets setup some environmental variables, these are settings that will be
pushed into the docker instance when we deploy the container. Click on "Env"
at the bottom of the page.

Name: BASE_URL -> Value: https://search.<yourdomain.xyz>/
Name: INSTANCE_NAME -> Value: searxng
Name: SEARXNG_SETTINGS_PATH -> Value: /etc/searxng/settings.yml
Name: UWSGI_SETTINGS_PATH -> Value: /etc/searxng/uwsgi.ini

In the above block you will want to replace <yourdomain.xyz> with your own
domain, I suggest using a subdomain like "search.yourdomain.xyz" here or maybe
"search.apps.yourdomain.xyz". Just keep all your future apps following the
same standard as it will keep your DNS records clean.

Now skip over to "Volumes" and click the gray "map additional volume" button.
Create the following mapping, and change the type on the right to "Bind".

Container: /etc/searxng -> Host: /media/searxng

Go ahead and deploy the container using the blue "Deploy the container"
button.

Now we have the instance running, but we need to get a few things setup. First
we need to get our DNS hostname working we created under the environment
variables. Second we need to setup this instance inside our reverse proxy so
we can get secure HTTPS access to the instance.

:: DNS Settings / Hostname

This process will differ for everyone, as this portion depends where your
domain is registered and which NS servers you are using for your domain. Here
is where you need to check your domain registrar (something like NameCheap,
GoDaddy, DirectNIC, NetworkSolutions, etc) and find your DNS records.

I am going to create two records, first I am going to make an "A" record. This
record points a hostname using your domain, something like
docker.yourdomain.xyz, and points to the public IP address of your VPS.

Once your "A" record is created, create another record this time a "CNAME" and
for the name put in the value of your "BASE_URL" parameter you used in the
environmental variables section of Portainer. In our example I will be using
"search.yourdomain.xyz" and for the destination or pointer you should use your
docker "A" record you created previously. So the following is what the two
records should look some what like:

Record: A
Hostname: docker
Domain: yourdomain.xyz

Record: CNAME
Hostname: search
Pointer/Dest: docker.yourdomain.xyz

Once you have those created we need to have our reverse proxy answer those
requests.

Login to your Nginx Proxy Manager administrative interface, we set this up
back in the second article in this series. Once you are logged into the UI,
click on "Hosts" at the top then "Proxy Hosts" in the drop down menu. Now
click on the "Add Proxy Host" button in the top right.

For our domain name, this is the FQDN (Fully Qualified Domain Name) that the
reverse proxy will listen for on incoming connections. Set this to
"search.yourdomain.xyz", leave the scheme as "http", set the
"Forward Hostname / IP" to "docker.yourdomain.xyz", and set the forward port
to "6081". You can also set the slider for "Block Common Exploits" to enabled.

Click Save at the bottom right and the dialog will go away, and a new Proxy
Host will appear in the list. Currently running as HTTP Only.

:: Checking Local DNS Resolution

I want to pause here and recommend we check the DNS settings on your VPS. We
want to make sure the hosts file contains an entry for "docker.yourdomain.xyz"
as this will make your local DNS lookups much faster.

In your SSH session to your VPS execute the following command, you should
already be root from the previous commands we ran at the top of this post:

:~# nano /etc/hosts

If you do not have a line in this file that looks like the following, just add
it.

<publicipaddress>    docker.yourdomain.xyz

Remember to replace "<publicipaddress>" with your public IP address of the VPS
and "yourdomain.xyz" with your domain name.

:: Getting your HTTPS Certificate and Verifying Traffic

This step will verify a few things and if all traffic is flowing correctly,
give you a free SSL/TLS certificate from Lets' Encrypt.

Click the three dots on the right of the entry for "search.yourdomain.xyz" and
choose "Edit". Click "SSL" on the top menu bar and select "Request a new SSL
certificate" from the drop down. I also usually choose "Force SSL" and "HTTP/2
Support". At the bottom verify the email is good (they use this in case the
certificate is expiring and no renew has happened to inform you), and choose
"I agree".

Click the "Save" button and give it a little bit of time. If the dialog goes
away without errors you have successfully pulled your first SSL certificate.
If you got any errors, then you need to verify a few things.

- Firewalls; Are you allowing ports 80 and 443 through your firewalls to the
  reverse proxy docker instance?

- Are all your DNS records correct?
- Verify your "A" record that points your hostname of "docker.yourdomain.xyz"
  to the public IP address of your docker server.
- Verify your "CNAME" record points "search.yourdomain.xyz" to
  "docker.yourdomain.xyz".

You can retry five times before you will be temp banned from Lets' Encrypt for
that FQDN and will need to wait an hour to try again. Don't keep at it if it
fails, check all your settings and give your DNS provider some time to public
the changed records.

:: Does it work?

If everything is working, you should be able to open your browser and navigate
to:

https://search.yourdomain.xyz

At this point you should get to a default SearXNG page, ready for you to set
preferences or start searching.
<!DOCTYPE html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="canonical" href="gemini://bbs.archaicbinary.net/blog/self-hosting/2022.04.21-Self-Hosted Cloud Environment (Search Engine).txt" /><title>gemini://bbs.archaicbinary.net/blog/self-hosting/2022.04.21-Self-Hosted Cloud Environment (Search Engine).txt</title><style>.c{max-width:80em;margin-left:auto;margin-right:auto;}.l{margin:0;color:lightgray;}.m{margin-top:0;margin-bottom:0;}.b{display:list-item;list-style-type:disc;list-style-position:inside;}</style></head><body><p class="l">-- Leo's gemini proxy</p><p class="l">-- Connecting to bbs.archaicbinary.net:1965...</p><p class="l">-- Connected</p><p class="l">-- Sending request</p><p class="l">-- Meta line: 20 text/plain;lang=en-US</p><p class="l">-- Response ended</p><p class="l">-- Page fetched on Mon May 20 16:01:47 2024</p></body></html>