cross-posted from: https://lemmy.today/post/35487250
I’m looking at self-hosting SearXNG. I have an old Win 11 machine and figure this might be the only way it can be useful.
Two questions I haven’t seen answered so far:
I would be hosting on my own home network, which is on a VPN 24/7, but for added privacy my devices are sometimes on VPN connections to other IPs. So I need to know the external IP of the instance to be able to find it. Are there any added measures I should put in place to prevent randoms looking at IPs or port scanning from finding the instance and going to town?
If this is on my home network anyway, are there any risks of data leaking or triangulation of, say, referrals or image searches that would just point back to my home network?
My threat model is for big tech to leave me alone, so it’s not exactly huge stakes, but I also don’t want to bother self-hosting if added complexity makes it not worth it.
I have a similar setup on my laptop, a docker searxng (well podman rootless, but near enough) locked into a gluetun instance. Works fine, simple to set up, sucks less than any individual search engine and is usefully configurable, but I’m on linux, I expect there’s more pain for windows (linux might be a use for the spare computer…). It’s not resource intensive. Gluetun let’s you expose a local port for searxng and you just point your browser at https://192.168.x.x:8192 or whatever, no need to worry about exit IP. Gluetun is well used and has a focus on avoiding leaks, plenty of eyes on the code, I’ve never had any problems.
You can wireguard (or tailscale or whatever) into your home network and use it on your phone too. Spin up a pihole for adblock while you’re at it. I say go for it…
Tailscale has been a game changer for my self-hosted stuff - zero port forwarding headaches and i can access my searxng instance from anywhere without exposing it to the internet (works great with my audiobookshelf server too, been using the soundleaf app to stream my books on the go).
Oh, I wouldn’t know about that terrible Windows thing (more than I must). A deb distro is my daily driver, so I was thinking about doing what you’re saying as a more portable alternative that moves easily with any VPN location.
How resource-intensive is your setup?
Cool, you said ‘old Win 11 machine’, I assumed. It’s really not intensive, never know it’s there. I guess it’s a VPN, a few curls, some stats and a light webserver ?
Oh yeah, sorry, that’s just the old paperwight I had lying around, not my baby.