cross-posted from: https://lemmy.today/post/35487250
I’m looking at self-hosting SearXNG. I have an old Win 11 machine and figure this might be the only way it can be useful.
Two questions I haven’t seen answered so far:
I would be hosting on my own home network, which is on a VPN 24/7, but for added privacy my devices are sometimes on VPN connections to other IPs. So I need to know the external IP of the instance to be able to find it. Are there any added measures I should put in place to prevent randoms looking at IPs or port scanning from finding the instance and going to town?
If this is on my home network anyway, are there any risks of data leaking or triangulation of, say, referrals or image searches that would just point back to my home network?
My threat model is for big tech to leave me alone, so it’s not exactly huge stakes, but I also don’t want to bother self-hosting if added complexity makes it not worth it.
Needs more details. With that convoluted VPN setup it might work or not, depending on the actual implementation.
Personally I don’t expose my SearXNG instance to the open net.
What other details are helpful to provide?
The home network has a VPN running at the router level, so everything in the house is on the same local WLAN (i.e. LocalSend works between devices). But that’s also where all my “Hello bank! Hello Work! Hello paid streaming service and Meta!” activity happens. Other family members are a limiting factor on this.
Does it make more sense to just run docker locally on my machine and use that as the self-hosting location? Seems like a bit much, but I agree that I don’t really want to expose it to the open internet without…I don’t know, something like just having some password in my password manager. That seems tolerable at least.
The router VPN usually isn’t the issue, as most devices behind it can communicate with each other. What would be the issue with running the service on that old machine and connecting locally, and via VPN while away from home? Would there be anything in your setup that won’t work like that?
Not really, but I think it’s more about if the effort is worth it over all vs. just cycling a few public instances. I think I might end up going for that option instead.