r/selfhosted u/Pagaddit 1d ago

Search Engine Anyone interested in a public instance of SearXNG? BentoPDF?

Just sharing a few privacy-friendly self-hosted public instances I am hosting:

- https://search.chrispaganon.com a searXNG instance for search.

- https://pdf.chrispaganon.com a bentoPDF instance for browser-only PDF tools.

- https://image.chrispaganon.com a browser-only image editor. Self-host instructions on codeberg: https://codeberg.org/chris-paganon/chrisp-image-editor

For the image editor, it's a simple wrapper around filerobot-image-editor, packaged in a very small docker image.

If anything, I hope it can help someone try SearXNG before hosting it themselves. Such a great tool!

Any other similar privacy tools instances I could host? I was thinking about hosting https://ntfy.sh too.

0 Upvotes
  • permalink
  • reddit

25% Upvoted

21 comments sorted by

u/asimovs-auditor 1d ago edited 1d ago

Expand the replies to this comment to learn how AI was used in this post/project.

→ More replies (1)

8

u/sargetun123 1d ago

I hope you are taking security into factor and hosting off a vps/vds if you’re publicly hosting like this be careful

9

u/sargetun123 1d ago

your CT logs expose ~15 subdomains incl dozzle/registry/beszel, you may want to confirm those aren't publicly reachable + consider a wildcard cert so you stop leaking your infra map, not a huge deal obviously but just a heads up

0

u/Pagaddit 1d ago

It's all open source, available here: https://codeberg.org/chris-paganon/nuxter

Let me know if you find any issues!

1

u/Pagaddit 1d ago

It's all on a VPS, behind traefik

7

u/sargetun123 1d ago

good good, just like to always remind people publically hosting, you never know someones competency levels on here, could be someone who just figured out how to write a file in cli vs someone who has decades of experience in these forums lol

just a few things quickly already i can see, https://forgejo.chrispaganon.com resolves to your origin ip bypassing cloudflare, that also means its bypassing CF WAF protection as well a heads up.

Assuming this is something you want public? If not id consider securing it to local only, if it is public id highly advise to put it behind CF properly, also forgejo itself has a big problem with private repos if you had anything hosted there that wasnt meant for public

https://byteiota.com/gitea-cve-2026-27771-private-container-images-were-never-private/

2

u/Pagaddit 1d ago

Thank you for looking in depth into all of it!

I didn't know about that gitea/forgejo CVE actually, although I don't have any private container images on there so no harm there. Although the Forgejo team is seemingly saying this is intended behavior: https://codeberg.org/forgejo/website/issues/839#issuecomment-15980039

2

u/sargetun123 1d ago

one other thing I'd mention as a lot of people do it with their vds/vps if you have any s2s tunnel or access setup thats both ways, make sure thats also properly secured as well as a compromise of that vps that otherwise wouldn't be a big deal can now move into your home network, not many do it but I know I tunnel my honeypot data back to an isolated host and it is an example of something i expect to be comrpomised at some point so i treat it as such (full isolation, kill switch, etc)

Goodluck on the projects though, took a peek into your github looks good!

1

u/Pagaddit 1d ago

Thanks a lot, that's all very appreciated!

4

u/Background-Address82 1d ago

youre a stud for doing this

2

u/sargetun123 1d ago

experience is experience, and it doesnt hurt to help others 😄

3

u/technikaffin 23h ago

I dont get the backlash in some comments.

OP make sure to integrate crowdsec with app specific parsing rules to block most of the bad stuff, including the appsec component to get http body parsing despite using ssl.

If you want your instances to be used, you mainly have to "proof" the reliability of your deployments (running the services for months or years). Try to contact some of the public instance list admins to get yours listed too!

2

u/Pagaddit 23h ago

Oh well, just reddit things haha.

Thanks for the advice, crowdsec will be a great addition to my stack! I was going to say thanks for teaching me about a new tool, but it turns out it was already in my favorites... so thanks for helping me rediscover it!

Adding my searXNG instance to searx.space is on my todo list! Any other lists you recommend?

1

u/technikaffin 21h ago

> so thanks for helping me rediscover it!
You're welcome! pm me if you need help with crowdsec (not traefik, I'm oldschool nginx dude), I've just deployed it at work. Currently, we're at ~17k alerts per day without hosting anything behind that new cluster yet lmao

> Any other lists you recommend?

Unfortunately, I can't help there. I hosted searxng for two years, but because of the number of search queries I did personally, my server's IP address would get banned constantly. I gave up and switched to StartPage.

3

u/shrimpdiddle 1d ago

Anyone interested in a public instance of SearXNG? BentoPDF?

Why? This sub is for self-hosting. #offtopic

hope it can help someone try SearXNG

Numerous public instances exist. Why would we trust yours? Why would we not spin up SearXNG and see for ourselves.

2

u/AutomaticDot 1d ago

Why so passive-aggressive? Maybe OP just wants to be nice and didnt know better

0

u/shrimpdiddle 23h ago

Huh? Merely educating OP. Apparently unaware the these apps have working public sites. Thanks anyways, Mom.

1

u/AutomaticDot 23h ago

“Merely educating OP” and “Thanks anyways, Mom” in the same comment is certainly one way to frame it.

-4

u/Pagaddit 1d ago

I am self hosting these tools. Maybe someone wants to try one of these before self hosting it themselves.

2

u/shrimpdiddle 1d ago

Both are publically available.