I hosted searxng on portainer and receive PermissionError and no python application found error
Log:
PermissionError: [Errno 13] Permission denied: '/etc/searxng/settings.yml'
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. going in full dynamic mode ***
--- no python application found, check your startup logs for errors ---
[pid: 19|app: -1|req: -1/1] 127.0.0.1 () {28 vars in 330 bytes} [Sat May 17 05:06:00 2025] HEAD /healthz => generated 21 bytes in 0 msecs (HTTP/1.1 500) 3 headers in 102 bytes (0 switches on core 0)
I tried removing cap_drop (as instructed on https://github.com/searxng/searxng-docker/issues/115) but no luck
version: "3.7"
services:
# caddy:
# container_name: caddy
# image: docker.io/library/caddy:2-alpine
# network_mode: host
# restart: unless-stopped
# volumes:
# - ./Caddyfile:/etc/caddy/Caddyfile:ro
# - caddy-data:/data:rw
# - caddy-config:/config:rw
# environment:
# # - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost/}
# - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
# cap_drop:
# - ALL
# cap_add:
# - NET_BIND_SERVICE
# logging:
# driver: "json-file"
# options:
# max-size: "1m"
# max-file: "1"
redis:
container_name: redis
image: docker.io/valkey/valkey:8-alpine
command: valkey-server --save 30 1 --loglevel warning
restart: unless-stopped
networks:
- searxng
volumes:
- valkey-data2:/data
# cap_drop:
# - ALL
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
searxng:
container_name: searxng
image: docker.io/searxng/searxng:latest
restart: unless-stopped
networks:
- searxng
ports:
# - "127.0.0.1:8080:8080"
- "20054:8080"
volumes:
- ./searxng:/etc/searxng:rw
environment:
# - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
- SEARXNG_BASE_URL="http://mydomain:20054/"
- UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
- UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
# cap_drop:
# - ALL
cap_add:
- CHOWN
- SETGID
- SETUID
logging:
driver: "json-file"
options:
max-size: "1m"
max-file: "1"
networks:
searxng:
volumes:
# caddy-data:
# caddy-config:
valkey-data2:
thx a lot!
You must log in or register to comment.
Question: What is redis and valkey giving you in this instance? I took a look at my notes and I’ve never invoked redis. Just curious. School me. This is what I spin up:
spoiler
services: searxng: image: searxng/searxng:latest container_name: searxng ports: - "8989:8080" volumes: - /path/to/searxng/data:/etc/searxng environment: - SEARXNG_BASE_URL= - SEARXNG_INSTANCE_NAME= - SEARXNG_CONTACT_INFO= - SEARXNG_LANGUAGE=en-US - SEARXNG_AUTOCOMPLETE=duckduckgo - SEARXNG_THEME=simple - SEARXNG_OUTGOING_METHOD=default - SEARXNG_ENABLE_METRICS=true - SEARXNG_ENABLE_CAPTCHA=false - SEARXNG_ENABLE_INFINITE_SCROLL=true - SEARXNG_ENABLE_PIWIK_ANALYTICS=false - SEARXNG_ENABLE_ADVANCED_SEARCH=true - SEARXNG_ENABLE_PRIVATE_RESULTS=true - SEARXNG_ENABLE_TORIFICATION=false - SEARXNG_ENABLE_HTTPS_EVERYWHERE=true - SEARXNG_ENABLE_PROXY=true - SEARXNG_ENABLE_PLUGINS=true restart: unless-stoppedThank you so much, sorry it’s taken so long to reply. I still haven’t had the time, but I will take a closer look when I get the chance.
No worries mate. I was just curious. I have never incorporated both those in a searxng stack and was wondering what they brought to the stack.
I’ve never used portainer sorry.
If you see the published port for a very short time then something might be crashing when it tries to start.
docker logs searxngfrom cli might be revealingedit: I do have a searxng container and my compose.yml is very similar to yours. I guess we both copied the example. The only difference I can see is that you still have the env variables for UWSGI_WORKERS and UWSGI_THREADS. I just set both of those to 4 instead of using the SEARXNG_ env vars
Listen on [::]:8080doesn’t give 20054, could this be the reason?Listen on [::]:8080 [uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525] SearXNG version 2025.5.16+1b08324 Use existing /etc/searxng/uwsgi.ini Use existing /etc/searxng/settings.yml Listen on [::]:8080 [uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525] SearXNG version 2025.5.16+1b08324 Use existing /etc/searxng/uwsgi.ini Use existing /etc/searxng/settings.yml Listen on [::]:8080 [uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]open(“/etc/searxng/uwsgi.ini”): Permission denied [core/io.c line 525]
I think here is your problem. Make sure that file exists and is readable from inside of the docker.
I tried removing cap_drop (as instructed on https://github.com/searxng/searxng-docker/issues/115) but no luck, the permission error still exists. And also there occurs a new error
no python application foundtry opening a shell with ’ docker exec -it searxng sh" and see if you can cat the file from inside docker, if yes then I’m not sure of a solution ,if no then the problem is with permissions on your filesystem outside of docker where you have " - ./data/searxng:/etc/searxng" You need to go to ./data/searxng and correct the permissions so they can be read inside the docker.
u are right its not writable, the files are read only, that is wierd
Yep Probably you need to change ownership and/or permissions of the files outside of docker.
I dont want to give the wrong suggestion from memory so hopefully thats enough info to get you going in the direction of a fix. Basically see what user id owns the files inside of docker, make it the same uid outside of docker in the folder you are bind mounting.
SN_FR_@SN:~$ sudo docker exec -it searxng sh -c "id" uid=0(root) gid=0(root) groups=0(root)container is running as root, so there shouldn’t be any permission error?
u are right its not writable, the files are read only, that is wierd
I’m opening those files with windows but the user permission inside docker shouldn’t cause that problem.
I’m scratching my head nw
have you checked the directory & file permissions with
ls -la /Your/SearXNG/WorkingDir?The error in your log is telling you that the container does not have permission to that directory/file, you can essentially bypass this with
sudo chmod 777 /Your/SearXNG/WorkingDir/*andsudo chown 1000:1000 /Your/SearXNG/WorkingDir/*However, if you’re looking for security best practices this is not advisable but if all you care about is that it works it should be fine.
I think I do have permission to the directory?
~ # ls -la /etc/searxng total 72 drwx------ 1 1026 100 42 May 17 04:49 . drwxr-xr-x 1 root root 494 May 17 05:24 .. ---------- 1 root root 68667 May 17 04:49 settings.yml ---------- 1 root root 1223 May 17 04:49 uwsgi.ini___
Taking a look at your
docker-compose.ymlI see this volume mount:volumes: - /volume1/SN/Docker/searxng-stack/searxng:/etc/searxng:rwWhereas
/volume1/SN/Docker/searxng-stack/searxngis the directory on your system docker is attempting to use to store the files inside the container from/etc/searxng.Example of a volume mount that’ll likely work better for you;
volumes: - /home/YourUser/docker/config/searxng:/etc/searxng:rwThe tilde (~) acts as your current users home directorynot owned by root and where docker persistent volumes should be stored.(aka: /home/YourUser)Edit: I feel like I was wrong here, given that your run
sudoindocker compose up -dthe tilde will likely not work here and instead point to the/rootdirectory instead. I’ve updated the above to reflect the appropriate directory for your volume mount.After making the change over to that directory and configuring SearXNG how you like re-create your docker container with
sudo docker compose up -d —force-recreateApologies for the poor formatting, typing this on mobile.
Edit:
Note: if you want to expose the port do not add the
127.0.0.1like how I have in mydocker-compose.yml.Edit 2: Corrected some things…
Thank you so much, sorry it’s taken so long to reply. I still haven’t had the time, but I will take a closer look when I get the chance.
