How to install SearXNG on a local machine to stop your searches being tracked and create your own search engine

Introduction

It’s a well known fact that Google tracks everything you do online and builds up a profile that knows you better than you know yourself. One of the major ways they do this is through Google Search. Even if you aren’t logged in, they can link your IP address and browser fingerprint to your profile and still add to their database.

There are ways around this. You can use DuckDuckGo which gives you Bing results in a more privacy conscious (but not fully private) way. Or Startpage, which aims to serve Google results in a private way. However, it is hard to beat a piece of self-hostable software called SearXNG for the ability to host it yourself, and thus you don’t have to trust anyone else.

What is SearXNG?

SearXNG is a free, open source, metasearch engine. This means that when you type a query, it can gather the results from multiple different search engines such as Google, DuckDuckGo, Brave, etc, for better overall results. It strips away any tracking scripts, browser fingerprinting, and cookies, so Google et al. only see a search query and the IP address of the server it comes from.

SearXNG screenshot

You can use a public instance to test it out. You can also use these permanently if you trust the person running them not to log your searches, and there are benefits to doing this as all your searches get mixed in with the other users on this instance, making it harder for the search engines to know who is searching what.

Installation

Prerequisites

You will need a computer running on your local network with Docker Compose installed. This could be something as simple as a Raspberry Pi or old laptop. You’ll also ideally need a privacy respecting VPN such as Mullvad or Proton VPN.

Setup

The first step is to make a Docker folder somewhere, e.g. your home folder. Inside the Docker folder, create a folder called vpn-project, and inside this, two folders called gluetun and searxng.

Now in the vpn-project folder, create a file called docker-compose.yaml and add the following:

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8080:8080/tcp # SearXNG
    volumes:
      - /path/to/vpn-project/gluetun:/gluetun
    environment:
      - PUID=1000 #CHANGE_TO_YOUR_UID
      - PGID=1000 #CHANGE_TO_YOUR_GID
      - TZ=Europe/London #CHANGE_TO_YOUR_TZ
      - VPN_SERVICE_PROVIDER=protonvpn #Change to your VPN provider
      - OPENVPN_USER=
      - OPENVPN_PASSWORD=
      - SERVER_COUNTRIES=United Kingdom #Change based on the Wiki
      - HTTPPROXY=off #change to on if you wish to enable
      - SHADOWSOCKS=off #change to on if you wish to enable
      - UPDATER_PERIOD=24h
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always
    
  searxng:
    image: searxng/searxng
    container_name: SearXNG
    network_mode: service:gluetun
    mem_limit: 512mb
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    volumes:
      - /path/to/vpn-project/searxng:/etc/searxng:rw 
    restart: on-failure:5

This is the markup that tells Docker we want to download an application called Gluetun (our VPN client), and run both it and SearXNG, running SearXNG’s traffic through Gluetun. You can see that there are several things you need to change to make this work for your config:

  • Update /path/to/vpn-project with the actual path to your vpn-project folder. This needs updating in two places
  • Change the PUID and PGID to your user’s values, found by running id -u and id -g respectively in the terminal.
  • Change TZ to your Timezone.
  • Change VPN_SERVICE_PROVIDER to your VPN Provider. Follow the instructions on the Gluetun Wiki for your provider, and add any lines necessary to log in with your provider. The example above is for ProtonVPN and needs you to add the user and password keys as outlined in the Wiki, you will need to change the section entirely if you use another VPN service.
  • Change SERVER_COUNTRIES to the country you want your VPN to connect to.

Once you’ve done all this, save the docker-compose.yaml file and go to your Terminal, in the vpn-project directory. Run the following command:

docker compose up

Docker will now download the applications, set up the Gluetun VPN container, and then set up SearXNG. If all went well, we will be able to see SearXNG on the IP address of the machine you installed it on. If you don’t know this, run the following command in a terminal:

ip addr show | grep 192.168

This should print out your private IP address. For example, mine is 192.168.86.46, so I’d point my browser to http://192.168.86.46:8080 to see SearXNG: SearXNG IP screenshot

From here you are free to search the web and note that results are labelled as coming from a number of search engines. Thanks to Gluetun, Google et al. now see these searches as coming from the IP address of your VPN, not your home IP address, and thanks to SearXNG all their tracking scripts and cookies have been blocked. SearXNG Results screenshot

You may want to now stop the docker command you ran, and run:

docker compose up -d

This runs the containers in the background so when you close the terminal window they will still persist. You can now experiment with some of the preferences in the SearcXNG browser window: you can choose who provides your autocomplete if any, choose which search engines you want results from, etc. You can also add your new search engine to your web browser so it is used every time you search in the address bar.

Finally, you need to decide if you just want to have your search engine accessible at home like it is now, or if you want to be able to use it when you’re out the house. There are many ways to access self hosted applications outside of home and I will be doing guides on several of them shortly, but some options include:

  • Tailscale which sets up a VPN between your devices so you can access local applications over the internet to any device you’ve logged into Tailscale on.
  • Cloudflare Tunnels to expose your local applications over the internet to anyone who has the URL you assign to them, but you don’t have to open ports on your router and have the protection of Cloudflare build in
  • Port forwarding where you open up ports on your router so you (and anyone else) can access your internal applications that you forward to, via your public IP address. There are security implications of doing this method.

Whichever method you choose, or even if you choose to keep your SearXNG on your local network for now, hopefully you are now enjoying powerful, private search results, without everything you do being stored!