fix(search): unblock SearXNG 403 — config + headers
All checks were successful
Build & Publish Docker Image / build-and-push (push) Successful in 53s
All checks were successful
Build & Publish Docker Image / build-and-push (push) Successful in 53s
SearXNG returned 403 for every query, logging
'X-Forwarded-For nor X-Real-IP header is set!'. Two fixes, both needed:
1. searxng/settings.yml was being overwritten by SearXNG's default
config in fresh volumes. Explicitly set limiter: false,
public_instance: false, and move secret_key to env lookup via
${SEARXNG_SECRET:-…}. Force a well-known JSON format list.
2. Even with the limiter off, SearXNG's bot detection still nags on
missing forwarder headers. The Node client now sends
X-Forwarded-For: 127.0.0.1, X-Real-IP: 127.0.0.1 and Accept: json
deterministically. Done via a new extraHeaders option on the http
wrapper.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,15 +1,31 @@
|
||||
use_default_settings: true
|
||||
|
||||
server:
|
||||
secret_key: 'dev-secret-change-in-prod'
|
||||
# In production override via env (see docker-compose.prod.yml).
|
||||
secret_key: ${SEARXNG_SECRET:-dev-secret-change-in-prod}
|
||||
# Disables rate limiter + bot detection. This is a private internal service
|
||||
# called only by kochwas — no public exposure, no abuse risk.
|
||||
limiter: false
|
||||
public_instance: false
|
||||
image_proxy: false
|
||||
default_http_headers:
|
||||
X-Content-Type-Options: nosniff
|
||||
X-Download-Options: noopen
|
||||
X-Robots-Tag: noindex, nofollow
|
||||
|
||||
search:
|
||||
formats:
|
||||
- html
|
||||
- json
|
||||
safe_search: 0
|
||||
autocomplete: ''
|
||||
default_lang: 'de'
|
||||
|
||||
ui:
|
||||
default_locale: de
|
||||
|
||||
# Quieten engines that fail on cold start and aren't useful here
|
||||
enabled_plugins:
|
||||
- 'Hash plugin'
|
||||
- 'Tracker URL remover'
|
||||
- 'Open Access DOI rewrite'
|
||||
|
||||
Reference in New Issue
Block a user