7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
140 lines
4.7 KiB
Markdown
140 lines
4.7 KiB
Markdown
# SearXNG Integration for Local Deep Research
|
|
|
|
This document explains how to configure and use the SearXNG integration with Local Deep Research.
|
|
|
|
## Configuring SearXNG Access
|
|
|
|
The SearXNG search engine is **disabled by default** until you provide an instance URL. This ensures the system doesn't attempt to use public instances without explicit configuration.
|
|
|
|
### Setting Up Access
|
|
|
|
You have two ways to enable the SearXNG search engine:
|
|
|
|
1. **Environment Variable (Recommended)**:
|
|
```bash
|
|
# Add to your .env file or set in your environment
|
|
SEARXNG_INSTANCE=http://localhost:8080
|
|
|
|
# Optional: Set custom delay between requests (in seconds)
|
|
SEARXNG_DELAY=2.0
|
|
```
|
|
|
|
2. **Configuration Parameter**: Add to your `config.py`:
|
|
```python
|
|
# In config.py
|
|
SEARXNG_CONFIG = {
|
|
"instance_url": "http://localhost:8080",
|
|
"delay_between_requests": 2.0
|
|
}
|
|
```
|
|
|
|
## Self-Hosting SearXNG (Recommended)
|
|
|
|
For the most ethical usage, we strongly recommend self-hosting your own SearXNG instance:
|
|
|
|
### Using Docker (easiest method)
|
|
|
|
```bash
|
|
# Pull the SearXNG Docker image
|
|
docker pull searxng/searxng
|
|
|
|
# Run SearXNG (will be available at http://localhost:8080)
|
|
docker run -d -p 8080:8080 --name searxng searxng/searxng
|
|
```
|
|
|
|
### Using Docker Compose (recommended for production)
|
|
|
|
1. Create a file named `docker-compose.yml` with the following content:
|
|
|
|
```yaml
|
|
version: '3'
|
|
services:
|
|
searxng:
|
|
container_name: searxng
|
|
image: searxng/searxng
|
|
ports:
|
|
- "8080:8080"
|
|
volumes:
|
|
- ./searxng:/etc/searxng
|
|
environment:
|
|
- SEARXNG_BASE_URL=http://localhost:8080/
|
|
restart: unless-stopped
|
|
```
|
|
|
|
2. Run with Docker Compose:
|
|
|
|
```bash
|
|
docker-compose up -d
|
|
```
|
|
|
|
## Using Public Instances
|
|
|
|
If you must use a public instance:
|
|
|
|
1. **Get Permission**: Always contact the administrator of any public instance
|
|
2. **Respect Resources**: Use a longer delay (4-5 seconds minimum) between requests
|
|
3. **Limited Usage**: Keep your research volume reasonable
|
|
|
|
Example configuration for a public instance:
|
|
```bash
|
|
SEARXNG_INSTANCE=https://instance.example.com
|
|
SEARXNG_DELAY=5.0
|
|
```
|
|
|
|
## Checking Configuration
|
|
|
|
To verify if SearXNG is properly configured:
|
|
|
|
```python
|
|
from web_search_engines.search_engine_factory import create_search_engine
|
|
|
|
# Create the engine
|
|
engine = create_search_engine("searxng")
|
|
|
|
# Check if available
|
|
if engine and hasattr(engine, 'is_available') and engine.is_available:
|
|
print(f"SearXNG configured with instance: {engine.instance_url}")
|
|
print(f"Delay between requests: {engine.delay_between_requests} seconds")
|
|
else:
|
|
print("SearXNG is not properly configured or is disabled")
|
|
```
|
|
|
|
## Network Security
|
|
|
|
SearXNG is designed for self-hosting, so Local Deep Research allows SearXNG to access **private network IPs** by default. This means you can run SearXNG on:
|
|
|
|
- **Localhost**: `http://127.0.0.1:8080` or `http://localhost:8080`
|
|
- **LAN IPs**: `http://192.168.1.100:8080`, `http://10.0.0.5:8080`, `http://172.16.0.2:8080`
|
|
- **Docker networks**: `http://172.17.0.2:8080`
|
|
- **Local hostnames**: `http://searxng.local:8080` (if configured in DNS/hosts)
|
|
|
|
This is intentional and secure because:
|
|
1. The SearXNG URL is **admin-configured**, not user input
|
|
2. Private IPs are only accessible from your local network
|
|
3. **Cloud metadata endpoints** (AWS IMDS / ECS, Azure, OCI, DigitalOcean, AlibabaCloud, Tencent Cloud — see `ssrf_validator.ALWAYS_BLOCKED_METADATA_IPS`) are always blocked to prevent credential theft in cloud environments
|
|
|
|
### IPv6-only deployments (NAT64)
|
|
|
|
The "private IPs allowed" exception above does **not** cover IPv6 transition prefixes. On IPv6-only Kubernetes / cloud deployments (AWS / GKE / Azure IPv6-only nodes) where outbound IPv4 traffic is synthesized through NAT64 (`64:ff9b::/96` RFC 6052 well-known or `64:ff9b:1::/48` RFC 8215 local-use), reaching a SearXNG instance through these prefixes is blocked by default. To opt in, set:
|
|
|
|
```bash
|
|
LDR_SECURITY_ALLOW_NAT64=true
|
|
```
|
|
|
|
The opt-in is scoped strictly to the two NAT64 prefixes — 6to4 (`2002::/16`), Teredo (`2001::/32`), the discard prefix (`100::/64`), and the deprecated IPv4-Compatible IPv6 form (`::/96`) remain blocked, and cloud-metadata IPs stay unreachable through any NAT64 wrap. See [SECURITY.md](../SECURITY.md#ipv6-transition-prefix-block-list) for the full rationale.
|
|
|
|
## Troubleshooting
|
|
|
|
If you encounter errors:
|
|
|
|
1. Check that your instance is running
|
|
2. Verify the URL is correct in your environment variables
|
|
3. Ensure you can access the instance in your browser
|
|
4. Check firewall settings and network connectivity
|
|
|
|
## Resources
|
|
|
|
- [SearXNG Documentation](https://searxng.github.io/searxng/)
|
|
- [SearXNG GitHub Repository](https://github.com/searxng/searxng)
|
|
- [SearXNG Docker Hub](https://hub.docker.com/r/searxng/searxng)
|