genspark_dev
Harden single SearXNG Space guardrails
e1da5ec
|
Raw
History Blame Contribute Delete
3.33 kB
metadata
title: Ingestics SearXNG
emoji: πŸ”Ž
colorFrom: indigo
colorTo: blue
sdk: docker
app_port: 7860
pinned: false
license: agpl-3.0
short_description: Private SearXNG backend for Ingestics deep research

Ingestics SearXNG (Private Research Backend)

This Space hosts a hardened SearXNG instance used only by the Ingestics web app as a deep-research backbone. It is not a public search frontend; rate limiting and quality filtering happen on the Cloudflare Worker side that consumes it.

What it does

  • Aggregates results primarily from tolerant engines (DuckDuckGo, Brave, Qwant, Bing, Yahoo, Mojeek) plus Wikipedia/Wikidata/PubMed/Crossref/ Semantic Scholar. Google remains low-weight backup only.
  • Exposes the SearXNG JSON API (/search?q=...&format=json) for the Ingestics Cloudflare Pages worker to consume.
  • Nginx sits in front of SearXNG with micro-caching, connection caps, and request throttles. SearXNG's own limiter can be enabled when Valkey exists.
  • Engine timeouts are tightened (4–8 s) so one slow upstream cannot pin a worker thread.
  • Music / video / social media / torrent engines are disabled because they're noise for a health-info agent and tend to attract bot challenges that would burn our shared HF egress IP.

Hardware

  • HF Spaces CPU Basic (2 vCPU, 16 GB RAM, 50 GB ephemeral disk).
  • Granian is tuned for I/O-heavy workloads: 8 workers Γ— 40 threads behind Nginx. The Worker-side cache/coalescing and Nginx micro-cache prevent duplicate bursts from becoming upstream engine floods.

Bot / IP-ban resilience

Five mitigations layer on top of each other:

  1. Rotating-proxy ready β€” set SEARXNG_PROXY_HTTP and/or SEARXNG_PROXY_HTTPS as HF secrets. The boot script injects them into outgoing.proxies, so a premium provider can rotate IPs behind one endpoint without committing credentials.
  2. Nginx micro-cache β€” identical JSON searches cache for 3 minutes, use stale-on-error, and lock concurrent cache misses.
  3. Ingress throttles β€” Nginx caps per-IP request rate/connections and adds a separate client-marker budget for Worker traffic.
  4. Engine load distribution β€” tolerant engines have higher weights; Google is low-weight backup and noisy/video/torrent engines are disabled.
  5. Worker-side dedup + cache β€” the Cloudflare Worker coalesces identical in-flight queries and 10-minute caches completed research.

Security

  • Set HF secrets SEARXNG_PROXY_HTTP / SEARXNG_PROXY_HTTPS for the rotating proxy provider endpoint.
  • Set the HF secret SEARXNG_API_KEY if you want to require an API key on every call. The Worker pool will send it as X-API-KEY. When unset, the Space is effectively open β€” but its URL isn't publicised and HF lists it as private to the operator.
  • SEARXNG_SECRET is auto-generated at every cold start unless pinned as a HF secret. Cookies are not used by JSON consumers anyway.
  • public_instance: false keeps SearXNG's link_token middleware off so our consumer parses raw URLs.

Endpoints

  • GET / β€” the SearXNG search HTML page (useful for human debugging).
  • GET /healthz β€” upstream health endpoint.
  • GET /search?q=...&format=json β€” primary JSON API.
  • GET /config β€” engine list + version (debug).