• 1 Post
  • 17 Comments
Joined 5 months ago
cake
Cake day: February 8th, 2025

help-circle
  • So why would you not write out the full path?

    The other day my raspberry pi decided it didn’t want to boot up, I guess it didn’t like being hosted on an SD card anymore, so I backed up my compose folder and reinstalled Rasp Pi OS under a different username than my last install.

    If I specified the full path on every container it would be annoying to have to redo them if I decided I want to move to another directory/drive or change my username.








  • “Technically” my jellyfin is exposed to the internet however, I have Fail2Ban setup blocking every public IP and only whitelisting IP’s that I’ve verified.

    I use GeoBlock for the services I want exposed to the internet however, I should also setup Authelia or something along those lines for further verification.

    Reverse proxy is Traefik.


  • If you aren’t already familiarized with the Docker Engine - you can use Play With Docker to fiddle around, spin up a container or two using the docker run command, once you get comfortable with the command structure you can move into Docker Compose which makes handling multiple containers easy using .yml files.

    Once you’re comfortable with compose I suggest working into Reverse Proxying with something like SWAG or Traefik which let you put an domain behind the IP, ssl certificates and offer plugins that give you more control on how requests are handled.

    There really is no “guide for dummies” here, you’ve got to rely on the documentation provided by these services.










  • Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.

    It’s honestly whatever works for you and what you prefer having.


  • Taking a look at your docker-compose.yml I see this volume mount:

    volumes: 
    - /volume1/SN/Docker/searxng-stack/searxng:/etc/searxng:rw
    

    Whereas /volume1/SN/Docker/searxng-stack/searxng is the directory on your system docker is attempting to use to store the files inside the container from /etc/searxng.

    Example of a volume mount that’ll likely work better for you;

    volumes:
    - /home/YourUser/docker/config/searxng:/etc/searxng:rw
    

    The tilde (~) acts as your current users home directory (aka: /home/YourUser) not owned by root and where docker persistent volumes should be stored.

    Edit: I feel like I was wrong here, given that your run sudo in docker compose up -d the tilde will likely not work here and instead point to the /root directory instead. I’ve updated the above to reflect the appropriate directory for your volume mount.

    After making the change over to that directory and configuring SearXNG how you like re-create your docker container with sudo docker compose up -d —force-recreate

    Apologies for the poor formatting, typing this on mobile.

    Edit:

    Note: if you want to expose the port do not add the 127.0.0.1 like how I have in my docker-compose.yml.

    Edit 2: Corrected some things…


  • have you checked the directory & file permissions with ls -la /Your/SearXNG/WorkingDir ?

    The error in your log is telling you that the container does not have permission to that directory/file, you can essentially bypass this with sudo chmod 777 /Your/SearXNG/WorkingDir/* and sudo chown 1000:1000 /Your/SearXNG/WorkingDir/*

    However, if you’re looking for security best practices this is not advisable but if all you care about is that it works it should be fine.