docker-compose.yml

services:
  redis:
    image: cgr.dev/chainguard/valkey:latest
    restart: always
    command: --save 60 1 --loglevel warning
    volumes:
      - valkey-data:/data
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

  searxng:
    image: paulgoio/searxng:{ENV}
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
    volumes:
      - favicon-cache:/var/cache/searxng
    networks:
      - default
      - proxy
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    environment:
      - PUBLIC_INSTANCE=true
      - LIMITER=true
      - METRICS_PASSWORD={KEY1}
      - REDIS_URL=redis://redis:6379/0
      - IMAGE_PROXY=true
      - PROXY={URL1}
      - UWSGI_WORKERS=8
      - UWSGI_THREADS=4
      - BASE_URL=https://{DOMAIN}/
      - NAME=PaulGO
      - CONTACT=https://mrpaulblack.paulgo.page
      - SEARCH_DEFAULT_LANG=en-US
      - SEARCH_ENGINE_ACCESS_DENIED=60
    labels:
      - traefik.enable=true
      - traefik.http.routers.{REPO}.rule=Host(`{DOMAIN}`)&&(Method(`GET`)||Method(`POST`)||Method(`HEAD`))
      - traefik.http.routers.{REPO}.tls=true
      - traefik.http.routers.{REPO}.middlewares=external-secure,searx-csp@file,{REPO}-headers
      # CSP for SearXNG in dynamic config
      # feature policy for SearXNG and disable browser caching
      - traefik.http.middlewares.{REPO}-headers.headers.customResponseHeaders.Permissions-Policy=accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()

networks:
  proxy:
    external: true

volumes:
  valkey-data:
  favicon-cache: