this post was submitted on 17 May 2025
24 points (96.2% liked)

Selfhosted

46679 readers
746 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
24
Need help with searxng docker compose (lemmy.world)
submitted 18 hours ago* (last edited 15 hours ago) by Override4414@lemmy.world to c/selfhosted@lemmy.world
26 comments fedilink hide all child comments
 

I hosted searxng on portainer and receive PermissionError and no python application found error

Log:

PermissionError: [Errno 13] Permission denied: '/etc/searxng/settings.yml'

unable to load app 0 (mountpoint='') (callable not found or import error)

*** no app loaded. going in full dynamic mode ***

***
no python application found, check your startup logs for errors
***

[pid: 19|app: -1|req: -1/1] 127.0.0.1 () {28 vars in 330 bytes} [Sat May 17 05:06:00 2025] HEAD /healthz => generated 21 bytes in 0 msecs (HTTP/1.1 500) 3 headers in 102 bytes (0 switches on core 0)

I tried removing cap_drop (as instructed on https://github.com/searxng/searxng-docker/issues/115) but no luck

version: "3.7"

services:
  # caddy:
  #   container_name: caddy
  #   image: docker.io/library/caddy:2-alpine
  #   network_mode: host
  #   restart: unless-stopped
  #   volumes:
  #     - ./Caddyfile:/etc/caddy/Caddyfile:ro
  #     - caddy-data:/data:rw
  #     - caddy-config:/config:rw
  #   environment:
  #     # - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost/}
  #     - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
  #   cap_drop:
  #     - ALL
  #   cap_add:
  #     - NET_BIND_SERVICE
  #   logging:
  #     driver: "json-file"
  #     options:
  #       max-size: "1m"
  #       max-file: "1"

  redis:
    container_name: redis
    image: docker.io/valkey/valkey:8-alpine
    command: valkey-server --save 30 1 --loglevel warning
    restart: unless-stopped
    networks:
      - searxng
    volumes:
      - valkey-data2:/data
    # cap_drop:
    #   - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

  searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    networks:
      - searxng
    ports:
      # - "127.0.0.1:8080:8080"
      - "20054:8080"
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      # - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
      - SEARXNG_BASE_URL="http://mydomain:20054/"
      - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
      - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
    # cap_drop:
    #   - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

networks:
  searxng:

volumes:
  # caddy-data:
  # caddy-config:
  valkey-data2:

thx a lot!

all 31 comments
sorted by: hot top controversial new old
[–] irmadlad@lemmy.world 1 points 2 hours ago

Question: What is redis and valkey giving you in this instance? I took a look at my notes and I've never invoked redis. Just curious. School me. This is what I spin up:

spoiler

services:
  searxng:
    image: searxng/searxng:latest
    container_name: searxng
    ports:
      - "8989:8080"
    volumes:
      - /path/to/searxng/data:/etc/searxng
    environment:
      - SEARXNG_BASE_URL=
      - SEARXNG_INSTANCE_NAME=
      - SEARXNG_CONTACT_INFO=
      - SEARXNG_LANGUAGE=en-US
      - SEARXNG_AUTOCOMPLETE=duckduckgo
      - SEARXNG_THEME=simple
      - SEARXNG_OUTGOING_METHOD=default
      - SEARXNG_ENABLE_METRICS=true
      - SEARXNG_ENABLE_CAPTCHA=false
      - SEARXNG_ENABLE_INFINITE_SCROLL=true
      - SEARXNG_ENABLE_PIWIK_ANALYTICS=false
      - SEARXNG_ENABLE_ADVANCED_SEARCH=true
      - SEARXNG_ENABLE_PRIVATE_RESULTS=true
      - SEARXNG_ENABLE_TORIFICATION=false
      - SEARXNG_ENABLE_HTTPS_EVERYWHERE=true
      - SEARXNG_ENABLE_PROXY=true
      - SEARXNG_ENABLE_PLUGINS=true
    restart: unless-stopped

[–] yaroto98@lemmy.org 6 points 18 hours ago* (last edited 18 hours ago) (1 children)

Did you accidently typo the url? I see a '/' instead of a ':' before the port number.

try going to http://mydomainname:20054/

Might also need to fix the searchx_base_url env variable

[–] Override4414@lemmy.world 2 points 18 hours ago* (last edited 17 hours ago)

sorry that is a typo in the post lol

[–] ohshit604@sh.itjust.works 2 points 16 hours ago* (last edited 16 hours ago) (2 children)

have you checked the directory & file permissions with ls -la /Your/SearXNG/WorkingDir ?

The error in your log is telling you that the container does not have permission to that directory/file, you can essentially bypass this with sudo chmod 777 /Your/SearXNG/WorkingDir/* and sudo chown 1000:1000 /Your/SearXNG/WorkingDir/*

However, if you’re looking for security best practices this is not advisable but if all you care about is that it works it should be fine.

[–] bladewdr@infosec.pub 2 points 8 hours ago (1 children)

I really do not like recommending people chmod 777 anything.

It encourages bad practices.

[–] ohshit604@sh.itjust.works 1 points 4 hours ago

I agree, hence why I left the note at the bottom of that comment, yes it does encourage bad practices but, if all OP cares about is that it works then it should be fine.

In my other comment I instructed OP to move the volume to their users home directory so they don’t run into permission issues like this again.

[–] Override4414@lemmy.world 1 points 16 hours ago (1 children)

I think I do have permission to the directory?

~ # ls -la /etc/searxng
total 72
drwx------    1 1026     100             42 May 17 04:49 .
drwxr-xr-x    1 root     root           494 May 17 05:24 ..
----------    1 root     root         68667 May 17 04:49 settings.yml
----------    1 root     root          1223 May 17 04:49 uwsgi.ini

___

[–] ohshit604@sh.itjust.works 1 points 14 hours ago* (last edited 14 hours ago)

Taking a look at your docker-compose.yml I see this volume mount:

volumes: 
- /volume1/SN/Docker/searxng-stack/searxng:/etc/searxng:rw

Whereas /volume1/SN/Docker/searxng-stack/searxng is the directory on your system docker is attempting to use to store the files inside the container from /etc/searxng.

Example of a volume mount that’ll likely work better for you;

volumes:
- ~/docker/config/searxng:/etc/searxng:rw

The tilde (~) acts as your current users home directory (aka: /home/YourUser) not owned by root and where docker persistent volumes should be stored.

After making the change over to that directory and configuring SearXNG how you like re-create your docker container with sudo docker compose up -d —force-recreate

Apologies for the poor formatting, typing this on mobile.

Edit:

Note: if you want to expose the port do not add the 127.0.0.1 like how I have in my docker-compose.yml.

[–] RhondaSandTits@lemmy.sdf.org 2 points 16 hours ago (1 children)

Glad to see you got it working. One thing to add that you might find useful:

it shows 20054:8080 for a very short period when I start the stack and then disappeared

This is an indication that the container has stopped. Because you have restart: unless-stopped set, the container is stuck in a bootloop so portainer will always show a state of either starting or running. Docker container automatically stop when the application inside the container has exited or completed... Often because the application has encountered an error.

Some more information that may or may not be useful:

A good example of a container stopped because the application has finished is the Cross-seed container that people use to cross reference their torrents seeding in their bittorrent client with torrents available on other torrent trackers. In this case, the application runs a search on each tracker, downloads the files and once the search is done the application exits and then the docker container will stop.

[–] Override4414@lemmy.world 1 points 16 hours ago

thank you!

[–] jonno@discuss.tchncs.de 2 points 17 hours ago (1 children)

You kind of need caddy to act as a reverse proxy for that. Or are you using a different reverse proxy?

[–] null_dot@lemmy.dbzer0.com 2 points 17 hours ago* (last edited 17 hours ago) (2 children)

I've never used portainer sorry.

If you see the published port for a very short time then something might be crashing when it tries to start.

docker logs searxng from cli might be revealing

edit: I do have a searxng container and my compose.yml is very similar to yours. I guess we both copied the example. The only difference I can see is that you still have the env variables for UWSGI_WORKERS and UWSGI_THREADS. I just set both of those to 4 instead of using the SEARXNG_ env vars

[–] Override4414@lemmy.world 1 points 17 hours ago (1 children)

Listen on [::]:8080 doesn't give 20054, could this be the reason?

Listen on [::]:8080

[uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]

SearXNG version 2025.5.16+1b08324

Use existing /etc/searxng/uwsgi.ini

Use existing /etc/searxng/settings.yml

Listen on [::]:8080

[uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]

SearXNG version 2025.5.16+1b08324

Use existing /etc/searxng/uwsgi.ini

Use existing /etc/searxng/settings.yml

Listen on [::]:8080

[uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]
[–] HappyTimeHarry@lemm.ee 4 points 17 hours ago* (last edited 17 hours ago) (2 children)

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]

I think here is your problem. Make sure that file exists and is readable from inside of the docker.

[–] Override4414@lemmy.world 1 points 16 hours ago (1 children)

I tried removing cap_drop (as instructed on https://github.com/searxng/searxng-docker/issues/115) but no luck, the permission error still exists. And also there occurs a new error no python application found

[–] HappyTimeHarry@lemm.ee 1 points 16 hours ago (2 children)

try opening a shell with ' docker exec -it searxng sh" and see if you can cat the file from inside docker, if yes then I'm not sure of a solution ,if no then the problem is with permissions on your filesystem outside of docker where you have " - ./data/searxng:/etc/searxng" You need to go to ./data/searxng and correct the permissions so they can be read inside the docker.

[–] Override4414@lemmy.world 1 points 15 hours ago (1 children)

u are right its not writable, the files are read only, that is wierd

[–] HappyTimeHarry@lemm.ee 1 points 15 hours ago (1 children)

Yep Probably you need to change ownership and/or permissions of the files outside of docker.

I dont want to give the wrong suggestion from memory so hopefully thats enough info to get you going in the direction of a fix. Basically see what user id owns the files inside of docker, make it the same uid outside of docker in the folder you are bind mounting.

[–] Override4414@lemmy.world 1 points 15 hours ago* (last edited 15 hours ago) (1 children) 
SN_FR_@SN:~$ sudo docker exec -it searxng sh -c "id"
uid=0(root) gid=0(root) groups=0(root)

container is running as root, so there shouldn't be any permission error?

u are right its not writable, the files are read only, that is wierd

I'm opening those files with windows but the user permission inside docker shouldn't cause that problem.

I'm scratching my head nw

[–] HappyTimeHarry@lemm.ee 1 points 5 hours ago* (last edited 5 hours ago)

The problem is that while docker is running as root (0) the searxng process internally runs as a user searxng with id 977

So your filesystem outside of docker needs to have those files assigned the right ownership.

This thread has a more detailed discussion that you might find helpful. https://forums.truenas.com/t/how-to-install-searxng-app-docker-permissions-issue/14049/10

[–] Override4414@lemmy.world 1 points 16 hours ago (1 children) 
~ # ls /etc/searxng
settings.yml  uwsgi.ini
~ # cat settings.yml
cat: can't open 'settings.yml': No such file or directory
~ # cat /etc/searxng/settings.yml
general:
  # Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
  debug: false
  # displayed name
  instance_name: "searxng"
  # For example: https://example.com/privacy

I think I do have the permission?

[–] HappyTimeHarry@lemm.ee 1 points 16 hours ago

If you have permissions then try editibg uwsgi.ini and see if it lets you save.

Im going from memory but i think i had a similar issue and i had to manually create the file, yours shows the file already exists but it might not be writable.

[–] muntedcrocodile@lemm.ee 1 points 17 hours ago* (last edited 16 hours ago) (1 children)

Here is my searxng rocker compose:

services:
  redis:
    container_name: redis
    image: docker.io/valkey/valkey:7-alpine
    command: valkey-server --save 30 1 --loglevel warning
    restart: unless-stopped
    networks:
      - local_bridge
    volumes:
      - ./data/reddis:/data
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

  searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    networks:
      - local_bridge
      - proxy
    volumes:
      - ./data/searxng:/etc/searxng
    environment:
      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
      - SEARXNG_SECRET=${SEARXNG_SECRET}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

networks:
  local_bridge: # local bridge with ipv6 internet access
    driver: bridge
    enable_ipv6: true
  proxy:
    external: true

And my searxng settings:

searxng/data/searxng/settings.yml
# see https://docs.searxng.org/admin/settings/settings.html#settings-use-default-settings
use_default_settings: true

server:
  # base_url is defined in the SEARXNG_BASE_URL environment variable, see .env and docker-compose.yml
  limiter: false  # can be disabled for a private instance
  image_proxy: false
ui:
  static_use_hash: true
  query_in_title: true
  infinite_scroll: true
  default_theme: simple
  theme_args:
    # style of simple theme: auto, light, dark
    simple_style: dark
redis:
  url: redis://redis:6379/0


search:
  safe_search: 0
  autocomplete: 'duckduckgo'
  default_lang: "en"
  formats:
    - html
    - json


outgoing:
  # default timeout in seconds, can be override by engine
  request_timeout: 3.0


enabled_plugins:
  - 'Hash plugin'
  - 'Basic Calculator'
  - 'Self Informations'
  - 'Tracker URL remover'
  # - 'Ahmia blacklist'
  - 'Hostnames plugin'  # see 'hostnames' configuration below
  - 'Open Access DOI rewrite'

And the proxy network is just the docker network that nginx is connected to. Here is my nginx conf https://github.com/muntedcrocodile/nginxconf .

[–] Override4414@lemmy.world 1 points 16 hours ago

thank you!