Self-host SearXNG on a VPS.
Your own private metasearch, 70+ upstream sources.
SearXNG queries Google, Bing, DuckDuckGo, Wikipedia and seventy more — and never tells any of them who is asking. Three Docker commands, one reverse proxy, one bookmarklet — and the default search engine of every browser in your house is yours.
- 01
SearXNG is a metasearch front-end — no index of its own; queries are fanned out to 70+ upstream engines and aggregated. Fully self-hosted means nobody else sees your queries.
- 02
The structural challenge is upstream IP reputation — datacentre IPs hit CAPTCHAs. Mitigate with multi-engine fan-out, modest rate limits, and a host whose IP space is not in the abuse heatmap.
- 03
The compound value is everything you can build on top — Perplexica AI-search, browser default integration, custom search aliases — all backed by your private SearXNG.
What SearXNG actually is. Metasearch, not search.
SearXNG is a Python application that, when you submit a query, fans the query out to many upstream search engines in parallel — Google, Bing, DuckDuckGo, Brave, Mojeek, Wikipedia, GitHub, arXiv, IMDb, Reddit, dozens more depending on configuration — and merges the results into one ranked list with deduplication and source attribution. It does not have its own crawler or its own index; the value is the aggregation plus the privacy proxy.
From the user's point of view: you type a query, you get results that look like a normal search page. From the upstream's point of view: a query came in from the SearXNG instance's IP, with no cookies, no referrer, no user identifier. From your point of view: the SearXNG instance never logs your queries (default config), and even if compromised, holds no historical search profile to leak.
Categories beyond web: SearXNG has built-in support for image search (across multiple engines), video, news, maps, science, files (BitTorrent indices, FTP), social media. The result page has tabs for each. The category routing means you can run a "code-only" search profile that queries only GitHub, GitLab and SourceGraph, or a "news-only" search profile, or whatever else.
The killer feature for a privacy-aware reader: SearXNG exposes a JSON API. Anything that needs search results — a desktop launcher, a CLI command, a chatbot, an AI agent — can call your SearXNG instead of Google. That turns SearXNG from a search engine into the search back-end for your entire toolchain.
The IP reputation wall. Why hyperscaler IPs get CAPTCHA-walled.
Upstream search engines protect themselves against scrapers by rate-limiting and CAPTCHA-walling traffic from IPs they consider abusive. Hyperscaler ranges (AWS, GCP, Azure, DigitalOcean, the larger Hetzner and OVH pools) are the most-blocked, because those ranges are where most scrapers run. The result: SearXNG on an AWS Lightsail starts returning empty Google results within ten queries, while the same SearXNG on a less-trafficked datacentre IP runs for months without issue.
Mitigation 1 — pick the host carefully. A NordBastion VPS sits in Nordic datacentres whose IP ranges are not in the typical scraper-abuse heatmap. The smaller, less-busy ranges mean the IP comes with neutral reputation, which is what SearXNG needs at the upstream layer.
Mitigation 2 — fan out aggressively. Edit settings.yml to enable many upstreams: not just Google + Bing, but also Brave, Mojeek, Qwant, Startpage, Marginalia, plus the category-specific ones (Wikipedia, GitHub, Reddit). The more upstreams you enable, the less traffic any one sees, the less likely any one starts rate-limiting.
Mitigation 3 — rate-limit your own users. SearXNG has built-in per-IP rate limits (limiter.toml). Tune them so a single user cannot accidentally generate scraper-pattern traffic. The default 10 req/min is usually right for personal use.
Mitigation 4 — Tor for Google specifically. SearXNG supports proxying upstream queries through Tor. For Google in particular, which is the most aggressive on CAPTCHA, routing queries through Tor (using_tor_proxy: true on the google engine block) trades a bit of latency for a much fresher reputation pool.
The Docker install. Fifteen minutes from "fresh VPS" to "browser default".
1. Install Docker. curl -fsSL https://get.docker.com | sh — Compose v2 ships in the same package on modern Debian/Ubuntu.
2. Clone the official searxng-docker template. git clone https://github.com/searxng/searxng-docker.git && cd searxng-docker — this is the upstream-maintained docker-compose.yml that bundles SearXNG with a Valkey/Redis sidecar (for the rate limiter and cache) and a Caddy reverse proxy.
3. Configure. Edit .env: set SEARXNG_HOSTNAME=search.example.com (your subdomain), [email protected] (used by Caddy for ACME registration). Open searxng/settings.yml: set server.secret_key to a fresh openssl rand -hex 32, customise the title/instance_name, enable the engines you want.
4. Launch. docker compose up -d — the first start pulls the SearXNG, Valkey and Caddy images, generates the TLS certificate, brings the stack up. Visit https://search.example.com and the SearXNG home page renders.
5. Test the engines. Search for something common; verify results come back. Open Preferences → Engines and verify each enabled upstream shows green. If Google shows red with a CAPTCHA error, jump to chapter 2's Tor-proxy mitigation.
That is the install. Updates: docker compose pull && docker compose up -d once a week — the SearXNG community pushes fixes within 48 hours when an upstream changes its scraping pattern, so staying current is the difference between "all engines work" and "Google has been broken for three weeks".
Browser default. Desktop, mobile, terminal.
Firefox. Visit https://search.example.com once; click the address-bar overflow menu (...) → "Add Search Engine"; Settings → Search → Default search engine → SearXNG. The address bar now searches through your SearXNG. Bonus: set Search Suggestions → off (SearXNG's suggestions go to a third party by default; disable to keep the keystroke local).
Chrome / Brave / Edge. chrome://settings/searchEngines → Add → name "SearXNG", shortcut "s", URL https://search.example.com/?q=%s — set as default. Same flow on Brave and Edge.
iOS Safari. Safari does not let you add custom search engines directly, but the open-source Privacy Redirect extension (or the more capable Mojo Search Extensions plugin) gets you there. Alternative: install Brave or Firefox iOS, set SearXNG default, use it for searches.
Android. Firefox Android — same flow as desktop. Brave Android — same flow as desktop. The keyboard-suggestion path on stock Chrome Android is the only awkward case; use Firefox there.
Terminal. alias s='function _s(){ xdg-open "https://search.example.com/?q=$*"; }; _s' — adds a "s your search query" command. On macOS replace xdg-open with open.
Hardening. Make the instance genuinely log-free.
Disable Caddy access logs. The default Caddyfile in the searxng-docker template logs every request to a JSON file. Every search query you type appears in that log. Edit the Caddyfile to add log { output discard } inside the SearXNG site block; reload Caddy. The application now writes no per-query log anywhere.
Disable the favicon proxy. SearXNG fetches favicons for result domains by default, which gives each domain a hint that someone searched it. settings.yml: search.favicon_resolver: '' disables it.
Disable search suggestions. Auto-complete suggestions are forwarded to a third-party endpoint by default. settings.yml: search.suggestion_resolver: '' makes the URL bar suggestions stay local.
Disable image proxy if not needed. SearXNG proxies result images through itself for privacy; this costs bandwidth on the VPS. If you do not use image search, disable it (server.image_proxy: false). If you do, leave it on — it is doing its job.
Restrict by IP or basic auth. Public SearXNG instances draw bot traffic that you do not want eating your upstream budget. Add a Caddy basic_auth block (one user, one password) or restrict the site by remote_ip { ... } to your home and travel IPs. Most operators eventually do this.
Going further — Perplexica AI on top. Your private ChatGPT-search.
Perplexica is an open-source clone of Perplexity AI — an AI search interface that takes a natural-language question, runs targeted searches to gather sources, then synthesises an answer with citations. The clever bit is the back-end: Perplexica uses SearXNG as its search engine, and an OpenAI-compatible chat completion API (Ollama running Llama / Mistral / Qwen locally, or LiteLLM proxying to a remote provider) as its language model. Both halves can be self-hosted, neither needs to touch a third party.
Install. git clone https://github.com/ItzCrazyKns/Perplexica.git, edit config.toml to point SEARXNG at http://searxng:8080 (the existing container from chapter 3), set OLLAMA at http://ollama:11434 or your LiteLLM endpoint, docker compose up -d. Perplexica is now running on a second port, fully wired into your SearXNG.
What you get. A web UI that looks and feels like Perplexity — type a question, watch it search through your SearXNG, watch it summarise the sources, get a cited answer. Everything happens on your VPS; no third party sees the question, the searches or the answer. For research-grade use, the cited-source structure is much more honest than the unattributed-paragraph format that hosted AI products tend toward.
Resource cost. SearXNG remains tiny. Perplexica itself is a small Next.js app. The language-model cost is the variable — running Ollama with a 7B model wants 8 GB of RAM, a 70B model wants 64 GB. For modest use, point Perplexica at a remote OpenAI-compatible endpoint (LiteLLM in front of one of the privacy-focused inference providers) and the VPS stays light.
Questions, answered.
Eight questions that come up before, during and after deploying a private SearXNG instance.
What is SearXNG and how is it different from DuckDuckGo?
SearXNG is a privacy-respecting metasearch engine — it does not have its own search index; instead, when you query it, it forwards your query to 70+ upstream engines (Google, Bing, DuckDuckGo, Wikipedia, Brave, Mojeek, hundreds of specialised ones) and aggregates the results. DuckDuckGo is a single search service that proxies its own results from Bing plus its own crawler. The practical difference: SearXNG gives you more, broader, less-filtered results, with the option to exclude any upstream you do not trust.
What does self-hosting SearXNG give me that the public instances do not?
Three things. One: nobody at a third-party instance can see your queries — public instances are run by volunteers you have no relationship with, and an over-eager admin can log queries. Two: customisation — choose your upstreams, your weighting, your default categories, your UI without compromise. Three: API access — your self-hosted SearXNG is the privacy back-end for everything else (Perplexica AI, custom scrapers, your terminal alias for "search").
What is the IP reputation wall I keep reading about?
When SearXNG queries Google or Bing from your VPS IP, those upstreams see "yet another datacentre IP making automated-looking requests." Hyperscaler IPs (AWS, GCP, Hetzner, DigitalOcean) are the worst — they get CAPTCHA-walled or 429-rate-limited within a few queries. Smaller, less-trafficked datacentre IPs survive longer. The mitigation: pick a host whose IP space is not part of the usual abuse heatmap, and configure SearXNG to spread queries across many upstreams so no single one sees enough traffic to start rate-limiting.
How much VPS do I need?
Very little. SearXNG is I/O-bound (waiting on upstream HTTP responses), not CPU-bound. 1 vCPU and 512 MB of RAM handles a single user comfortably. The Ravelin tier ($5.90/mo) is comfortably oversized and lets you run SearXNG, Perplexica, Vaultwarden and several other small services on the same box.
Can I make SearXNG my default search engine in Firefox or Chrome?
Yes — both browsers support OpenSearch auto-discovery. Once your SearXNG is at https://search.example.com, browse there in Firefox; the URL bar overflow menu offers "Add Search Engine". On Chrome, right-click the address bar and "Manage search engines"; SearXNG appears in the discovered list. Set it as default and the URL-bar search now flows through your privacy instance.
Does the SearXNG instance log my queries?
Not by default — that is the whole point. SearXNG ships with logging disabled at the application level. The web server in front of it (Caddy, Nginx) by default writes access logs that include the request URL, which includes the search query. The hardening chapter in this guide covers turning those access logs off so the instance becomes genuinely log-free.
What is Perplexica and why is it mentioned in this guide?
Perplexica is an open-source clone of Perplexity AI — an AI-search interface that takes a natural-language question, runs search queries to gather sources, and synthesises an answer with citations. It uses SearXNG as its search back-end. Self-hosting both means you get a private AI-search interface where the AI runs locally (Ollama or LiteLLM in front of an OpenAI-compatible endpoint) and the searches go through your SearXNG. The combination is the privacy-respecting analogue of ChatGPT search.
Why host SearXNG on a privacy VPS rather than just any cheap one?
Because the IP your SearXNG queries from sees every search you do. That is the same metadata problem as DNS — a third party watching your DNS knows everywhere you go. A SearXNG on a VPS rented under your real identity, billed to your card, in a jurisdiction that compels logs from datacentres, has not solved the problem; it has just moved it. A no-KYC crypto-paid Nordic VPS keeps the metadata layer aligned with the privacy guarantees the application layer gives you.
A Nordic VPS for your private search. KYC-free, crypto-paid.
Ravelin (2 vCPU, 4 GB, $5.90/mo) handles SearXNG + Vaultwarden + a couple of other small services on the same box. Nordic IPs that have not been ground down by scrapers.
Last reviewed · 2026-05-20 · Sources · SearXNG upstream docs, searxng-docker template, Perplexica repository, OpenSearch description spec · Cadence · yearly
Anonymous VPS hosting in 2026 — the cluster.
This guide is one spoke of a larger series. The pillar walks the three privacy layers end to end — the sibling spokes below dive into the specifics.
Three independent layers — signup, payment, network — explained, legal context included, common mistakes flagged.
Bitwarden-compatible password vault under your own control.
Files, calendar, contacts, photos — owned, not rented.
Postfix, Dovecot, SPF/DKIM/DMARC — deliverability included.
What “no KYC” actually means — and what it does not.