How to setup searxng with traefik or nginx and cloudflare [Solved]
from alphacyberranger@sh.itjust.works to selfhosted@lemmy.world on 03 Jan 13:03
https://sh.itjust.works/post/52741065
from alphacyberranger@sh.itjust.works to selfhosted@lemmy.world on 03 Jan 13:03
https://sh.itjust.works/post/52741065
I am new to this, but I have been hosting Searxng via docker for a while now and have been accessing it over the internet directly using an open port. Now I have a domain (assume search.abc.xyz) and I have tried multiple things using nginx and traefik to get it working along with cloudflare. So far nothing has helped and I am tired on banging my head. Can anybody steer me in the right path or share the right tutorial for this. Any help would be appreciated.
Solution: Hertzner was blocking port 80 and port 443 by default. So certbot was actually failing.
threaded - newest
What did you try and what was the error?
.
Okay I fixed the issue. I’m an idiot. Hertzner was blocking port 80 and port 443 by default.
How are u running it? Bare metal? Docker?
So nginx, traffic, and cloudflare are both reverse proxies that can do SSL termination. Now cloudflare hijacks all SSL connection it proxies (essentially a mitm) and has configuration for if u would like SSL connection from cloudflare to ur own server.
All reverse proxies pass along headers to backend services indicating all sorts of things most importantly the remote client IP, and info about if the service is behind an ssl proxy.
I use client -> cloudflare -> nginx -> my services. The client makes an encrypted pipe between itself and cloudflare, cloudflare then terminates SSL does some scanning on the raw unencrypted packet makes an encrypted connection to nginx and attaches headers about the client. I have a SSL cert on my server where nginx does SSL termination of the cloudflare connection. Nginx then attaches more headers and does routing to passes it back to a backend service ie searxng (the service itself) the docker compose for searxng comes with a packaged traffic reverse proxie its not necessary here and will in fact cause all sorts of problems.
Here is the service in my docker compose for searxng:
searxng: container_name: searxng image: docker.io/searxng/searxng:latest restart: unless-stopped networks: - local_bridge - proxy volumes: - ./data/searxng:/etc/searxng environment: - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/ - SEARXNG_SECRET=${SEARXNG_SECRET} cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUIDHere is the docker compose for my nginx config
certbot: image: certbot/dns-cloudflare # Command to obtain certificates (run once manually or integrate with a web server's startup) # Replace 'yourdomain.com' and '*.yourdomain.com' with your actual domain(s) volumes: - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot # A dummy webroot, not strictly necessary for DNS challenge but good practice - ./data/certbot/secrets:/etc/letsencrypt/secrets:ro # Mount secrets read-only command: certonly.
Okay I fixed the issue. I’m an idiot. Hertzner was blocking port 80 and port 443 by default.