SearXNG: Self-Host Your Own Private Search Engine

Every search you make on Google, Bing, or DuckDuckGo is logged, profiled, and used to build an advertising profile. Even DuckDuckGo — while better than Google on privacy — still relies on Bing's index and operates as a centralized service you have to trust.

SearXNG is a self-hosted metasearch engine that aggregates results from dozens of search engines without sending your queries to any of them directly. Your SearXNG instance queries Google, Bing, DuckDuckGo, Wikipedia, and others on your behalf, strips tracking parameters, and returns clean results. The search engines see your server's IP, not yours. They never learn who searched for what.

How SearXNG Works

SearXNG is not a search engine — it does not crawl the web or build its own index. It is a metasearch aggregator:

1. You type a query into your SearXNG instance
2. SearXNG sends that query to multiple search engines simultaneously
3. Each engine returns results
4. SearXNG merges, deduplicates, and ranks the combined results
5. You see the results with no tracking, no ads, and no personalization

The key privacy benefit: the search engines see the query coming from your server, not from your browser. There's no cookie, no fingerprint, no search history building up.

Docker Setup

SearXNG is straightforward to deploy:

services:
  searxng:
    image: searxng/searxng:latest
    restart: unless-stopped
    ports:
      - "8080:8080"
    volumes:
      - ./searxng:/etc/searxng
    environment:
      - SEARXNG_BASE_URL=https://search.yourdomain.com/
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID

  searxng-redis:
    image: redis:7-alpine
    restart: unless-stopped
    command: redis-server --save 60 1 --loglevel warning
    volumes:
      - searxng_redis:/data
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE

volumes:
  searxng_redis:

Redis is optional but strongly recommended. It powers the limiter (rate limiting) and caches results, which both improves performance and reduces the chance of your instance being blocked by search engines.

First run

mkdir -p searxng
docker compose up -d

On first start, SearXNG generates a default settings.yml and uwsgi.ini in the ./searxng directory. Stop the container, edit the settings, and restart:

docker compose down
# Edit ./searxng/settings.yml
docker compose up -d

Visit http://your-server:8080 and you should see the search interface.

Configuration

The main configuration file is settings.yml. Here are the important sections:

General settings

general:
  debug: false
  instance_name: "My Search"
  privacypolicy_url: false
  donation_url: false
  contact_url: false
  enable_metrics: true

server:
  base_url: "https://search.yourdomain.com/"
  secret_key: "a-long-random-string-change-this"
  limiter: true          # Enable rate limiting (requires Redis)
  image_proxy: true      # Proxy images through SearXNG for privacy
  method: "POST"         # POST hides queries from server logs

ui:
  static_use_hash: true
  default_locale: "en"
  query_in_title: false  # Don't put search queries in page titles
  infinite_scroll: true
  default_theme: "simple"
  center_alignment: true
  results_on_new_tab: false

Search engine configuration

This is where SearXNG gets interesting. You can enable, disable, and configure dozens of engines:

engines:
  - name: google
    engine: google
    shortcut: g
    disabled: false

  - name: bing
    engine: bing
    shortcut: b
    disabled: false

  - name: duckduckgo
    engine: duckduckgo
    shortcut: ddg
    disabled: false

  - name: wikipedia
    engine: wikipedia
    shortcut: wp
    disabled: false

  - name: github
    engine: github
    shortcut: gh
    categories: [it, repos]
    disabled: false

  - name: arxiv
    engine: arxiv
    shortcut: arx
    categories: [science]
    disabled: false

  - name: stackoverflow
    engine: stackoverflow
    shortcut: so
    disabled: false

SearXNG supports over 100 engines out of the box, organized by category: general, images, videos, news, music, files, IT, science, social media, and more.

Recommended engine strategy

Not all engines are equal. A practical starting configuration:

Enable:

• Google (best general results, but most aggressive rate limiting)
• Bing (good fallback)
• DuckDuckGo (reliable, rarely rate-limits)
• Wikipedia (for quick reference)
• GitHub (for code searches)
• Brave (good results, less aggressive limiting)

Consider disabling:

• Yahoo (results overlap heavily with Bing)
• Engines with poor result quality or frequent timeouts
• Region-specific engines you don't need

For images: Google Images, Bing Images, and Unsplash cover most needs.

For videos: YouTube (via Invidious or Piped for privacy) and PeerTube for open-source content.

Public vs. Private Instance

This is the most important decision you will make with SearXNG.

Private instance (recommended for most people)

• Only you (and maybe your household) use it
• No rate limiting concerns — your query volume is low
• No need for bot protection or CAPTCHAs
• Set it behind your VPN or reverse proxy with authentication
• Search engines almost never block private instances

Public instance

Running a public SearXNG instance sounds noble but comes with serious challenges:

• Rate limiting: Google, Bing, and others will detect high query volume and start serving CAPTCHAs or blocking your server's IP. This is the number one problem with public instances.
• Abuse: Bots and scrapers will find and hammer your instance. You need aggressive rate limiting.
• Bandwidth: Image proxying and high query volume use significant bandwidth.
• Legal exposure: In some jurisdictions, running a public proxy for search queries creates legal gray areas.
• Maintenance burden: You become responsible for uptime and abuse management.

If you want a public instance, study how established instances like searx.be handle these challenges. But for personal use, keep it private.

Rate Limiting and Anti-Detection

Even for private instances, search engines may occasionally rate-limit your server. Mitigate this:

Enable the limiter

server:
  limiter: true   # Requires Redis

The built-in limiter restricts queries per IP per time window, protecting you from accidental abuse.

Configure request throttling

SearXNG can delay requests to avoid triggering rate limits:

outgoing:
  request_timeout: 5
  max_request_timeout: 15
  pool_connections: 100
  pool_maxsize: 20
  enable_http2: true

Rotate user agents

SearXNG rotates user agent strings by default, which helps avoid detection. Don't disable this.

Use a proxy (for public instances)

For public instances, you can route outgoing requests through a proxy to distribute the IP load:

outgoing:
  proxies:
    all://:
      - socks5h://proxy1:1080
      - socks5h://proxy2:1080

For private instances with low query volume, this is unnecessary.

Search Customization

Bang syntax

Like DuckDuckGo, SearXNG supports bang syntax for targeting specific engines:

• !g search query — search only Google
• !wp search query — search only Wikipedia
• !gh search query — search only GitHub
• !so search query — search only Stack Overflow

Categories

SearXNG organizes results by category. Users can select categories in the UI, or you can configure defaults:

categories_as_tabs:
  general:
  images:
  videos:
  news:
  it:
    name: "Tech"
  science:
  files:

Auto-complete

Enable search suggestions:

search:
  autocomplete: "duckduckgo"  # or "google", "wikipedia", etc.
  autocomplete_min: 4

Setting It as Your Default Search Engine

Browser configuration

Most browsers let you add a custom search engine:

• URL pattern: https://search.yourdomain.com/search?q=%s
• Firefox: Settings → Search → Add search engine via the address bar
• Chrome/Brave: Settings → Search engine → Manage search engines → Add

On mobile

• Firefox Mobile: Same as desktop — add a custom search engine in settings
• Safari: No native support for custom search engines. Use a shortcut workaround or the SearXNG PWA.
• Brave Mobile: Settings → Search engines → Add custom

Running Behind a Reverse Proxy

Caddy

search.yourdomain.com {
    reverse_proxy searxng:8080
}

Traefik

labels:
  - "traefik.http.routers.searxng.rule=Host(`search.yourdomain.com`)"
  - "traefik.http.routers.searxng.tls.certresolver=letsencrypt"
  - "traefik.http.services.searxng.loadbalancer.server.port=8080"

Authentication (private instance)

If you want to restrict access without a VPN, put authentication in front:

search.yourdomain.com {
    basicauth / {
        username $2a$14$... # bcrypt hash
    }
    reverse_proxy searxng:8080
}

Or use Authelia/Authentik for SSO integration.

Plugins and Extensions

SearXNG has a plugin system for extending functionality:

• Hash plugin: Calculate hashes (search md5 hello world)
• Self-information: Shows your IP, user agent (search ip)
• Tracker URL removal: Strips tracking parameters from result URLs (enabled by default)
• Hostname replace: Redirect YouTube to Invidious, Twitter to Nitter, Reddit to Teddit
• Unit converter: Convert units inline (search 10 kg to lbs)

Enable plugins in settings.yml:

enabled_plugins:
  - 'Hash plugin'
  - 'Self Information'
  - 'Tracker URL remover'
  - 'Unit converter'
  - 'Hostnames plugin'

hostnames:
  replace:
    '(.*\\.)?youtube\\.com$': 'piped.yourdomain.com'
    '(.*\\.)?twitter\\.com$': 'nitter.yourdomain.com'
    '(.*\\.)?reddit\\.com$': 'teddit.yourdomain.com'

The hostname replace plugin is particularly useful if you self-host alternative frontends for YouTube, Twitter, and Reddit.

Resource Requirements

SearXNG is very lightweight:

This will run comfortably on a Raspberry Pi, a $5 VPS, or any spare machine. The bottleneck is outgoing network bandwidth, not compute.

Honest Limitations

• Result quality depends on upstream engines: SearXNG is only as good as the engines it queries. If Google serves poor results, SearXNG's Google results will also be poor.
• Rate limiting is a real problem: For heavy use or public instances, expect some engines to intermittently return errors or CAPTCHAs. DuckDuckGo and Brave are more tolerant than Google.
• No personalization: This is both the feature and the limitation. You won't get location-aware results unless you configure a default region. Search results are the same for everyone.
• No search history by default: There is no built-in way to see your past searches. This is intentional for privacy but means you can't "go back" to something you searched yesterday.
• Image search can be slow: Image proxying adds latency. Disabling image_proxy speeds things up but reveals your IP to image hosts.

The Bottom Line

SearXNG is one of the easiest self-hosted services to deploy and one of the most impactful for daily privacy. It takes 5 minutes to set up, uses minimal resources, and immediately removes search tracking from your daily life.

The experience is genuinely good. Results are comparable to searching Google or Bing directly — because they are Google and Bing results, just without the tracking. Set it as your default search engine, and after a week you will forget it is even there. That is the best compliment a privacy tool can receive.

Resources

• SearXNG documentation
• SearXNG GitHub
• Public instances list — see how others configure their instances
• Engine documentation — full list of supported search engines
• Settings reference — complete configuration reference