You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For those who are interested in using an internal CA signed SSL certificate to secure your SearXNG instance (Not self-signed nor a public SSL certificate), it is possible and easy to do with Docker-Compose.
In my environment, I use my pfSense router as my certificate authority. As such, I used it to create an internally signed certificate and key for my internal SearXNG server's DNS name.
The following instructions imply that you are using a Linux host and you working directory for SearXNG is at /usr/local/searxng-docker
Copy your internally signed .crt and .key file to the root of the working directory (/usr/local/searxng-docker)
Bring down your docker-compose environment docker-compose down
Edit the docker-compse file sudo nano ./docker-compse.yaml
Under the "volumes" sub-section of the "caddy" section, add a bind volume to bind the .crt file to /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.crt (NOTE! <DNS NAME> should be whatever you specified for your hostname in the .env file!) - type: bind source: ./<IMPORTED CERT>.crt target: /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.crt
Just like the pervious step, add another bind volume but this time do it for the key file located at /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.key - type: bind source: ./<IMPORTED KEY>.key target: /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.key
Save your docker-compose.yaml file
Bring your docker-compose environment back up
If you have told your computer/phone/whatever that your internal certificate authority is valid, then when you now access your SearXNG instance, it should now be secure and not give you an Invalid SSL warning. (NOTE: You may have to close all your web browsers before it accepts the new cert!)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
For those who are interested in using an internal CA signed SSL certificate to secure your SearXNG instance (Not self-signed nor a public SSL certificate), it is possible and easy to do with Docker-Compose.
In my environment, I use my pfSense router as my certificate authority. As such, I used it to create an internally signed certificate and key for my internal SearXNG server's DNS name.
The following instructions imply that you are using a Linux host and you working directory for SearXNG is at /usr/local/searxng-docker
Copy your internally signed .crt and .key file to the root of the working directory (/usr/local/searxng-docker)
Bring down your docker-compose environment
docker-compose downEdit the docker-compse file
sudo nano ./docker-compse.yamlUnder the "volumes" sub-section of the "caddy" section, add a bind volume to bind the .crt file to /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.crt (NOTE! <DNS NAME> should be whatever you specified for your hostname in the .env file!)
- type: bindsource: ./<IMPORTED CERT>.crttarget: /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.crtJust like the pervious step, add another bind volume but this time do it for the key file located at /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.key
- type: bindsource: ./<IMPORTED KEY>.keytarget: /data/caddy/certificates/local/<DNS NAME>/<DNS NAME>.keySave your docker-compose.yaml file
Bring your docker-compose environment back up
If you have told your computer/phone/whatever that your internal certificate authority is valid, then when you now access your SearXNG instance, it should now be secure and not give you an Invalid SSL warning. (NOTE: You may have to close all your web browsers before it accepts the new cert!)
Beta Was this translation helpful? Give feedback.
All reactions