genspark_dev
Harden single SearXNG Space guardrails
e1da5ec
|
Raw
History Blame Contribute Delete
3.33 kB
---
title: Ingestics SearXNG
emoji: πŸ”Ž
colorFrom: indigo
colorTo: blue
sdk: docker
app_port: 7860
pinned: false
license: agpl-3.0
short_description: Private SearXNG backend for Ingestics deep research
---
# Ingestics SearXNG (Private Research Backend)
This Space hosts a hardened [SearXNG](https://docs.searxng.org/) instance used
**only** by the Ingestics web app as a deep-research backbone. It is not a
public search frontend; rate limiting and quality filtering happen on the
Cloudflare Worker side that consumes it.
## What it does
- Aggregates results primarily from tolerant engines (DuckDuckGo, Brave,
Qwant, Bing, Yahoo, Mojeek) plus Wikipedia/Wikidata/PubMed/Crossref/
Semantic Scholar. Google remains low-weight backup only.
- Exposes the SearXNG **JSON API** (`/search?q=...&format=json`) for the
Ingestics Cloudflare Pages worker to consume.
- Nginx sits in front of SearXNG with micro-caching, connection caps, and
request throttles. SearXNG's own limiter can be enabled when Valkey exists.
- Engine timeouts are tightened (4–8 s) so one slow upstream cannot pin a
worker thread.
- Music / video / social media / torrent engines are disabled because
they're noise for a health-info agent and tend to attract bot
challenges that would burn our shared HF egress IP.
## Hardware
- HF Spaces **CPU Basic** (2 vCPU, 16 GB RAM, 50 GB ephemeral disk).
- Granian is tuned for I/O-heavy workloads: 8 workers Γ— 40 threads behind
Nginx. The Worker-side cache/coalescing and Nginx micro-cache prevent
duplicate bursts from becoming upstream engine floods.
## Bot / IP-ban resilience
Five mitigations layer on top of each other:
1. **Rotating-proxy ready** β€” set `SEARXNG_PROXY_HTTP` and/or
`SEARXNG_PROXY_HTTPS` as HF secrets. The boot script injects them into
`outgoing.proxies`, so a premium provider can rotate IPs behind one
endpoint without committing credentials.
2. **Nginx micro-cache** β€” identical JSON searches cache for 3 minutes,
use stale-on-error, and lock concurrent cache misses.
3. **Ingress throttles** β€” Nginx caps per-IP request rate/connections and
adds a separate client-marker budget for Worker traffic.
4. **Engine load distribution** β€” tolerant engines have higher weights;
Google is low-weight backup and noisy/video/torrent engines are disabled.
5. **Worker-side dedup + cache** β€” the Cloudflare Worker coalesces identical
in-flight queries and 10-minute caches completed research.
## Security
- Set HF secrets `SEARXNG_PROXY_HTTP` / `SEARXNG_PROXY_HTTPS` for the rotating
proxy provider endpoint.
- Set the HF secret `SEARXNG_API_KEY` if you want to require an API key
on every call. The Worker pool will send it as `X-API-KEY`. When
unset, the Space is effectively open β€” but its URL isn't publicised
and HF lists it as private to the operator.
- `SEARXNG_SECRET` is auto-generated at every cold start unless pinned
as a HF secret. Cookies are not used by JSON consumers anyway.
- `public_instance: false` keeps SearXNG's link_token middleware off so
our consumer parses raw URLs.
## Endpoints
- `GET /` β€” the SearXNG search HTML page (useful for human debugging).
- `GET /healthz` β€” upstream health endpoint.
- `GET /search?q=...&format=json` β€” primary JSON API.
- `GET /config` β€” engine list + version (debug).