Add https://fairsuch.net

[rasos]

Requirements

• It is my instance. I bought the domain myself and I own this domain. Free domains (e.g. Freenom) and shared domains (e.g. noip.com) are not allowed.
• I give the right to check.searx.space to check my instance (every 3 hours for the response times, every 24 hours for the other tests).
• I acknowledge that managing a public instance is not an easy task and require spending time to keep the instance in good health. E.g. look after your instance by using a monitoring system.
• I guarantee to keep an uptime per month of my instance at minimum 90%. Please ask for a removal of your instance if there is a planned long downtime or notify us here for a short downtime.
• I do not track the users of my instance with any analytics or tracking software.
• I won't try to manipulate the ranking of my instance in a way that give an unfair advantage over the other public instances in the list. (e.g. caching requests for searx.space server)
• I control the final webserver (software) that is serving the requests to the users of my instance. Here is a non-exhaustive list of forbidden hosting types: PaaS, managed (hosting provider controlled) HTTP(S) load balancer (e.g. AWS ALB), Cloudflare, shared Web hosting. TCP load balancer is fine.

Bot protection

Yes, I have enabled the limiter plugin built in SearXNG.

Source code URL

https://git.fairkom.net/hosting/fairsuch/

Comment

No response

[ononoki1]

Hi @rasos, your TLS and CSP grades are not optimal. Please note that you must at least get TLS grade E to add your instance in searx.space.

[rasos]

Thanks for the feedback, CSP and HSTS headers have been added. fairsuch.net should have now A+ at the CSP Mozilla check and it shows an A grade at SSLlabs. It seems that cryptcheck TLS does not respect our rather strong nginx settings:

   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;

[ononoki1]

Your CSP policy is too strict that image search cannot work (e.g. https://fairsuch.net/search?q=test&categories=images). An example CSP header is here: https://github.com/searxng/searxng-docker/blob/d4f06df911e91803d6af48b8f0e060f08429b767/Caddyfile#L85

---

If you use the example CSP header, you may also need to enable image_proxy in settings.yml.

[rasos]

Ok, I added the CSP exceptions.

Maybe add a recommended nginx searxng.conf to the docs somewhere here for those (like me) who already have an nginx in place? It is a bit hard to find those in the util install scripts or extract them from the caddyfile.

[ononoki1]

If you use the example CSP header, you may also need to enable image_proxy in settings.yml.

[return42]

In the docs ("step by step" manual) in the config section we have enabled image_proxy: true .. but we do not have any hints about CSP .. there is only one discussion searxng/searxng#918 but not related to a general view on CSP.

I haven't picked up the CSP topic yet, since I did not had a clue how to give good hints about this topic ..

A reasonable CSP setup is always something individual (the discussion shows that) and it's hard for me to give general tips or to write a documentation that everybody can use.

@rasos if you have suggestion how we can improve the docs send your PR to https://github.com/searxng/searxng or open a discussion. Help is always welcome :-)

[return42]

Hi @rasos it seems you modified the SearXNG sources? .. no problem its OK, SearXNG is open and we are happy to see folks working with and forking SearXNG 👍

But please take into account to disclose the sources, for me details --> SearXNG is licenced by GNU Affero General Public License v3.0

The source is linked in the footer ..

.. and BTW your version no. is also broken .. may be both is related to the same issue and you did not install git on your SearXNG's host.

[rasos]

For this instance we had only replaced the logo and favicon and customized some text. The code has not been touched. Looking up the AGPL license text saying "if you modify the Program" - well that may include graphics as well. Sure, we fully commit to publishing any changes, here is the repo: https://git.fairkom.net/hosting/fairsuch/

git is installed on the host machine. The funny version number seems not to have been fixed by searxng/searxng#1282 - I need to check again at the next update.

[rasos]

Sharing our CSP & privacy settings in the discussion area searxng/searxng#918 (comment)

[unixfox]

Hi, I removed your instance from the public list due to the incorrect version reporting.

Please try to find a way to fix it and we will add back your instance.

[rasos]

We have moved fairsuch.net to a kubernetes setup via kustomize and we would be happy to get listed at searx.space.

Now the version number is also shown correctly, we use the standard image and just do some minimal changes via config map (logo, about). Here are the deployment files https://git.fairkom.net/hosting/fairsuch/-/tree/k8s/

[unixfox]

Yes please create a new github issue. Thank you

[rasos]

Submitted as new issue #505