SearXNG

2026-04-15

SearXNG is a metasearch engine that aggregates results from multiple search providers.

This compose file deploys SearXNG with a Valkey instance for result caching. SearXNG configuration and cache data are stored on NFS volumes, and the search interface is proxied through a Traefik reverse proxy with Cloudflare TLS certificates.

Docker Compose

# compose.yaml

services:
  searxng:
    image: docker.io/searxng/searxng:latest
    container_name: searxng
    restart: unless-stopped
    depends_on:
      searxng-valkey:
        condition: service_healthy
        restart: true
    # ports:
    #  - 8080:8080"
    networks:
      - searxng
      - searxng_proxy
    volumes:
      - type: volume
        source: docker-nfs
        target: /etc/searxng
        volume:
          subpath: searxng/config
      - type: volume
        source: docker-nfs
        target: /var/cache/searxng
        volume:
          subpath: searxng/data
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
    environment:
      SEARXNG_BASE_URL: https://searxng.${TRAEFIK_BASE_URL}/
      SEARXNG_VALKEY_URL: valkey://:${VALKEY_PASSWORD}@searxng-valkey:6379/0
      SEARXNG_SECRET: ${SEARXNG_SECRET}
      TZ: Europe/London
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=searxng_proxy"

      - "traefik.http.services.searxng.loadbalancer.server.port=8080"

      - "traefik.http.routers.searxng.rule=Host(`searxng.${TRAEFIK_BASE_URL}`)"
      - "traefik.http.routers.searxng.entrypoints=websecure"
      - "traefik.http.routers.searxng.tls.certresolver=cloudflare"

  searxng-valkey:
    image: docker.io/valkey/valkey:9
    container_name: searxng-valkey
    restart: unless-stopped
    networks:
      - searxng
    volumes:
      - type: volume
        source: docker-nfs
        target: /data
        volume:
          subpath: searxng/valkey
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
    healthcheck:
      test: ["CMD", "valkey-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 5s
    command: valkey-server --save 30 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
    environment:
      TZ: Europe/London

networks:
  searxng:
    name: searxng
  searxng_proxy:
    name: searxng_proxy

volumes:
  docker-nfs:
    driver: local
    driver_opts:
      type: nfs
      o: addr=xxx.xxx.xxx.xxx,nolock,soft,rw,nfsvers=4.2
      device: :/mnt/nfs-volume

Environment Variables

# .env

TRAEFIK_BASE_URL=example.com
VALKEY_PASSWORD=
SEARXNG_SECRET= # random string

Traefik Configuration

# compose.yaml (excerpt)

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    ...
    networks:
      - traefik
      # here
      - searxng_proxy
    ...

networks:
  # here
  searxng_proxy:
    name: searxng_proxy