# use alpine as base for searx and set workdir as well as env vars FROM alpine:3.20 AS base ENV GID=991 UID=991 UWSGI_WORKERS=1 UWSGI_THREADS=16 UPSTREAM_COMMIT=d37dc307831ef0f16a6cb2fbb0c5afe9bb5e4258 COPY ./requirements.txt . # install build deps and git clone searxng as well as setting the version RUN apk -U upgrade \ && apk add --no-cache -t build-dependencies \ build-base \ py3-setuptools \ python3-dev \ libffi-dev \ libxslt-dev \ libxml2-dev \ openssl-dev \ tar \ && apk add --no-cache \ ca-certificates \ python3 \ py3-pip \ libxml2 \ libxslt \ openssl \ tini \ uwsgi \ uwsgi-python3 \ git \ brotli \ && pip install --no-cache --break-system-packages -r requirements.txt \ && apk del build-dependencies \ && rm -rf /var/cache/apk/* /root/.cache FROM base AS searxng WORKDIR /usr/local/searxng # install build deps and git clone searxng as well as setting the version RUN addgroup -g ${GID} searxng \ && adduser -u ${UID} -D -h /usr/local/searxng -s /bin/sh -G searxng searxng \ && git config --global --add safe.directory /usr/local/searxng \ && git clone https://github.com/searxng/searxng . \ && git reset --hard ${UPSTREAM_COMMIT} \ && chown -R searxng:searxng . \ && su searxng -c "/usr/bin/python3 -m searx.version freeze" # copy run.sh COPY ./src/run.sh /usr/local/bin/run.sh # include patches for authorized api access COPY ./src/auth/auth.py searx/auth.py RUN sed -i -e "/if output_format not in settings\\['search'\\]\\['formats'\\]:/a\\ from searx.auth import valid_api_key\\n if (not valid_api_key(request)):" -e 's|flask.abort(403)| flask.abort(403)|' /usr/local/searxng/searx/webapp.py \ && sed -i "/return Response('', mimetype='text\/css')/a \\\\n@app.route('//search', methods=['GET', 'POST'])\\ndef search_key(key=None):\\n from searx.auth import auth_search_key\\n return auth_search_key(request, key)" /usr/local/searxng/searx/webapp.py \ && sed -i "/3\. If the IP is not in either list, the request is not blocked\./a\\ from searx.auth import valid_api_key\\n if (valid_api_key(request)):\\n return None" searx/limiter.py # make run.sh executable, copy uwsgi server ini, set default settings, precompile static theme files RUN cp -r -v dockerfiles/uwsgi.ini /etc/uwsgi/; \ chmod +x /usr/local/bin/run.sh; \ su searxng -c "/usr/bin/python3 -m compileall -q searx"; \ find /usr/local/searxng/searx/static -a \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ -type f -exec gzip -9 -k {} \+ -exec brotli --best {} \+ # expose port and set tini as CMD; default user is searxng USER searxng EXPOSE 8080 CMD ["/sbin/tini","--","run.sh"]