Compare commits

...

10 commits

Author SHA1 Message Date
0d6d4a5ad0 added git lfs step to fix images
Some checks failed
Hugo Deploy Pipeline / Build-and-Deploy (push) Has been cancelled
2024-06-29 14:17:24 +01:00
8a6af95f80 removed minify for troubleshooting 2024-06-29 14:15:06 +01:00
b52dcdd156 trying rsync again 2024-06-29 14:10:44 +01:00
0fae93b743 add rsync step 2024-06-29 14:09:13 +01:00
e85df705df changing gitea action to maybe fix corrupted images 2024-06-29 14:06:54 +01:00
f7c3a0d9a0 fixed submodule for real? 2024-06-28 17:10:52 +01:00
e74a955f2f fixed submodule? 2024-06-28 17:08:57 +01:00
486b4d5e51 Merge pull request 'develop' (#1) from develop into main
Reviewed-on: #1
2024-06-28 17:02:42 +01:00
46107ad706 . 2024-06-28 17:00:59 +01:00
2da671a5d4 added searxng article 2024-06-28 16:59:18 +01:00
6 changed files with 137 additions and 16 deletions

View file

@ -11,31 +11,32 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
lfs: true
submodules: true # Fetch Hugo themes (true OR recursive) submodules: true # Fetch Hugo themes (true OR recursive)
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod
- name: Checkout LFS objects
run: git lfs checkout
- name: Setup Hugo - name: Setup Hugo
uses: peaceiris/actions-hugo@v3 uses: peaceiris/actions-hugo@v3
with: with:
hugo-version: '0.128.0' hugo-version: '0.128.0'
- name: Setup Rsync
uses: GuillaumeFalourd/setup-rsync@v1.2
- name: Build - name: Build
run: hugo --minify run: hugo --minify
- name: Deploy to Staging server - name: Install SSH Key
uses: easingthemes/ssh-deploy@main uses: shimataro/ssh-key-action@v2
with: with:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} key: ${{ secrets.SSH_PRIVATE_KEY }}
ARGS: "-rlgoDzvc -i" known_hosts: 'placeholder' # to make it work
SOURCE: "public/"
REMOTE_HOST: ${{ secrets.REMOTE_HOST }} - name: Adding Known Hosts
REMOTE_USER: ${{ secrets.REMOTE_USER }} run: ssh-keyscan -H ${{ secrets.REMOTE_HOST }} >> ~/.ssh/known_hosts
TARGET: ${{ secrets.REMOTE_TARGET }}
EXCLUDE: "/dist/, /node_modules/" - name: Deploy with rsync
SCRIPT_BEFORE: | run: rsync -avz --delete ./public/ ${{ secrets.REMOTE_USER }}@${{ secrets.REMOTE_HOST }}:${{ secrets.REMOTE_TARGET }}
whoami
ls -al
SCRIPT_AFTER: |
whoami
ls -al
echo $RSYNC_STDOUT

View file

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:63205e9a744500be6ba817f1b3022ab0c1f699aa89391db2f871b3c42c08f433
size 66754

View file

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e62d2e7403509dd68da0accd592267009d6d79edc1c348115e77acc1da573b64
size 200826

View file

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fa33b839661f95814297447dd5288f7e9fa99ce39163e2fd0a02bb65aba6dcc7
size 49608

View file

@ -0,0 +1,111 @@
---
title: "Installing SearXNG with a VPN for private searching"
date: 2024-06-28T17:02:45+01:00
summary: 'How to install SearXNG on a local machine to stop your searches being tracked and create your own search engine'
---
How to install SearXNG on a local machine to stop your searches being tracked and create your own search engine
<!-- more -->
# Introduction
It's a well known fact that [Google tracks everything you do](https://www.knowyourmobile.com/data-privacy/ways-google-tracks-you/) online and builds up a profile that knows you better than you know yourself. One of the major ways they do this is through Google Search. Even if you aren't logged in, they can link your IP address and browser fingerprint to your profile and still add to their database.
There are ways around this. You can use [DuckDuckGo](https://duckduckgo.com) which gives you Bing results in a more privacy conscious ([but not fully private](https://www.techradar.com/news/duckduckgo-in-hot-water-over-hidden-tracking-agreement-with-microsoft)) way. Or [Startpage](https://startpage.com), which aims to serve Google results in a private way. However, it is hard to beat a piece of self-hostable software called **SearXNG** for the ability to host it yourself, and thus you don't have to trust anyone else.
# What is SearXNG?
[SearXNG](https://github.com/searxng/searxng) is a free, open source, *metasearch* engine. This means that when you type a query, it can gather the results from multiple different search engines such as Google, DuckDuckGo, Brave, etc, for better overall results. It strips away any tracking scripts, browser fingerprinting, and cookies, so Google et al. only see a search query and the IP address of the server it comes from.
![SearXNG screenshot](images/searxng.png)
You can use a [public instance](https://searx.space/) to test it out. You can also use these permanently if you trust the person running them not to log your searches, and there are benefits to doing this as all your searches get mixed in with the other users on this instance, making it harder for the search engines to know who is searching what.
# Installation
## Prerequisites
You will need a computer running on your local network with [Docker Compose](https://docs.docker.com/compose/) installed. This could be something as simple as a Raspberry Pi or old laptop. You'll also ideally need a privacy respecting VPN such as Mullvad or Proton VPN.
## Setup
The first step is to make a *Docker* folder somewhere, e.g. your home folder. Inside the Docker folder, create a folder called *vpn-project*, and inside this, two folders called *gluetun* and *searxng*.
Now in the *vpn-project* folder, create a file called *docker-compose.yaml* and add the following:
```
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8080:8080/tcp # SearXNG
volumes:
- /path/to/vpn-project/gluetun:/gluetun
environment:
- PUID=1000 #CHANGE_TO_YOUR_UID
- PGID=1000 #CHANGE_TO_YOUR_GID
- TZ=Europe/London #CHANGE_TO_YOUR_TZ
- VPN_SERVICE_PROVIDER=protonvpn #Change to your VPN provider
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- SERVER_COUNTRIES=United Kingdom #Change based on the Wiki
- HTTPPROXY=off #change to on if you wish to enable
- SHADOWSOCKS=off #change to on if you wish to enable
- UPDATER_PERIOD=24h
labels:
- com.centurylinklabs.watchtower.enable=false
security_opt:
- no-new-privileges:true
restart: always
searxng:
image: searxng/searxng
container_name: SearXNG
network_mode: service:gluetun
mem_limit: 512mb
depends_on:
gluetun:
condition: service_healthy
security_opt:
- no-new-privileges:true
volumes:
- /path/to/vpn-project/searxng:/etc/searxng:rw
restart: on-failure:5
```
This is the markup that tells Docker we want to download an application called Gluetun (our VPN client), and run both it and SearXNG, running SearXNG's traffic through Gluetun. You can see that there are several things you need to change to make this work for your config:
* Update **/path/to/vpn-project** with the actual path to your *vpn-project* folder. This needs updating in two places
* Change the **PUID** and **PGID** to your user's values, found by running *id -u* and *id -g* respectively in the terminal.
* Change **TZ** to your [Timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
* Change **VPN_SERVICE_PROVIDER** to your VPN Provider. Follow the instructions on the [Gluetun Wiki](https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers) for your provider, and add any lines necessary to log in with your provider. The example above is for ProtonVPN and needs you to add the user and password keys as outlined in the Wiki, you will need to change the section entirely if you use another VPN service.
* Change **SERVER_COUNTRIES** to the country you want your VPN to connect to.
Once you've done all this, save the *docker-compose.yaml* file and go to your Terminal, in the *vpn-project* directory. Run the following command:
```
docker compose up
```
Docker will now download the applications, set up the Gluetun VPN container, and then set up SearXNG. If all went well, we will be able to see SearXNG on the IP address of the machine you installed it on. If you don't know this, run the following command in a terminal:
```
ip addr show | grep 192.168
```
This should print out your private IP address. For example, mine is 192.168.86.46, so I'd point my browser to http://192.168.86.46:8080 to see SearXNG:
![SearXNG IP screenshot](images/ip.png)
From here you are free to search the web and note that results are labelled as coming from a number of search engines. Thanks to Gluetun, Google et al. now see these searches as coming from the IP address of your VPN, not your home IP address, and thanks to SearXNG all their tracking scripts and cookies have been blocked.
![SearXNG Results screenshot](images/searchresult.png)
You may want to now stop the docker command you ran, and run:
```
docker compose up -d
```
This runs the containers in the background so when you close the terminal window they will still persist. You can now experiment with some of the preferences in the SearcXNG browser window: you can choose who provides your autocomplete if any, choose which search engines you want results from, etc. You can also add your new search engine to your web browser so it is used every time you search in the address bar.
Finally, you need to decide if you just want to have your search engine accessible at home like it is now, or if you want to be able to use it when you're out the house. There are many ways to access self hosted applications outside of home and I will be doing guides on several of them shortly, but some options include:
* [Tailscale](https://www.howtogeek.com/how-to-remote-access-your-network-using-tailscale-vpn/) which sets up a VPN between your devices so you can access local applications over the internet to any device you've logged into Tailscale on.
* [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/) to expose your local applications over the internet to anyone who has the URL you assign to them, but you don't have to open ports on your router and have the protection of Cloudflare build in
* [Port forwarding](https://portforward.com/how-to-port-forward/) where you open up ports on your router so you (and anyone else) can access your internal applications that you forward to, via your public IP address. There are security implications of doing this method.
Whichever method you choose, or even if you choose to keep your SearXNG on your local network for now, hopefully you are now enjoying powerful, private search results, without everything you do being stored!

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.6 MiB

After

Width:  |  Height:  |  Size: 132 B