.env-dist

# The docker image to use for SearXNG (https://hub.docker.com/r/searxng/searxng/tags):
SEARXNG_IMAGE=docker.io/searxng/searxng:2024.9.6-153a28ccd
# The docker image to use for Valkey (Redis) (https://hub.docker.com/r/valkey/valkey):
SEARXNG_REDIS_IMAGE=docker.io/valkey/valkey:8.0-alpine

# The domain name for the searxng service:
SEARXNG_TRAEFIK_HOST=searxng.example.com

# The name of this instance. If there is only one instance, use 'default'.
SEARXNG_INSTANCE=

SEARXNG_SECRET_KEY=

# Filter access by IP address source range (CIDR):
##Disallow all access: 0.0.0.0/32
##Allow all access: 0.0.0.0/0
SEARXNG_IP_SOURCERANGE=0.0.0.0/0

# HTTP Basic Authentication:
# Use `make config` to fill this in properly, or set this to blank to disable.
SEARXNG_HTTP_AUTH=

# OAUTH2
# Set to `true` to use OpenID/OAuth2 authentication via the
# traefik-forward-auth service in d.rymcg.tech.
# Using OpenID/OAuth2 will require login to access your app,
# but it will not affect what a successfully logged-in person can do in your
# app. If your app has built-in authentication and can check the user
# header that traefik-forward-auth sends, then your app can limit what the
# logged-in person can do in the app. But if your app can't check the user
# header, or if your app doesn't have built-in authentication at all, then
# any person with an account on your Gitea server can log into your app and
# have full access.
SEARXNG_OAUTH2=
# In addition to Oauth2 authentication, you can configure basic authorization
# by entering which authorization group can log into your app. You create
# groups of email addresses in the `traefik` folder by running `make groups`. 
SEARXNG_OAUTH2_AUTHORIZED_GROUP=

# Mutual TLS (mTLS):
# Set true or false. If true, all clients must present a certificate signed by Step-CA:
SEARXNG_MTLS_AUTH=false
# Enter a comma separated list of client domains allowed to connect via mTLS.
# Wildcards are allowed and encouraged on a per-app basis:
SEARXNG_MTLS_AUTHORIZED_CERTS=*.clients.searxng.example.com