How are u running it? Bare metal? Docker?

So nginx, traffic, and cloudflare are both reverse proxies that can do SSL termination. Now cloudflare hijacks all SSL connection it proxies (essentially a mitm) and has configuration for if u would like SSL connection from cloudflare to ur own server.

All reverse proxies pass along headers to backend services indicating all sorts of things most importantly the remote client IP, and info about if the service is behind an ssl proxy.

I use client -> cloudflare -> nginx -> my services. The client makes an encrypted pipe between itself and cloudflare, cloudflare then terminates SSL does some scanning on the raw unencrypted packet makes an encrypted connection to nginx and attaches headers about the client. I have a SSL cert on my server where nginx does SSL termination of the cloudflare connection. Nginx then attaches more headers and does routing to passes it back to a backend service ie searxng (the service itself) the docker compose for searxng comes with a packaged traffic reverse proxie its not necessary here and will in fact cause all sorts of problems.

Here is the service in my docker compose for searxng:

searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    networks:
      - local_bridge
      - proxy
    volumes:
      - ./data/searxng:/etc/searxng
    environment:
      - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
      - SEARXNG_SECRET=${SEARXNG_SECRET}
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID

Here is the docker compose for my nginx config

  certbot:
    image: certbot/dns-cloudflare
    # Command to obtain certificates (run once manually or integrate with a web server's startup)
    # Replace 'yourdomain.com' and '*.yourdomain.com' with your actual domain(s)
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot # A dummy webroot, not strictly necessary for DNS challenge but good practice
      - ./data/certbot/secrets:/etc/letsencrypt/secrets:ro # Mount secrets read-only
    command: certonly
      --dns-cloudflare
      --dns-cloudflare-credentials /etc/letsencrypt/secrets/cloudflare.ini
      --non-interactive
      --agree-tos
      --email ${LETS_ENCRYPT_EMAIL}
      --dns-cloudflare-propagation-seconds 60
      -d example.com
      -d *.example.com
    environment:
      - TERM=xterm # Required for certbot to run in non-interactive mode gracefully

  nginx:
    image: nginx:latest
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./data/nginx/cache:/var/cache

      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/nginx.conf:/etc/nginx/nginx.conf
      
      - ./data/sites-enabled:/etc/nginx/sites-enabled
      - ./data/sites-available:/etc/nginx/sites-available
      - ./data/snippets:/config/nginx/snippets
      - ./data/www:/var/www/html

    depends_on:
      - certbot
    extra_hosts:
      - "example.com:127.0.0.1"
      - "*.example.com:127.0.0.1"

I use certbot to issue SSL certs for my domain locally this is the cert that do SSL connection between nginx and cloudflare.

Then nginx can route connection to the searxng instance (ur gonna need a bunch of nginx config and I couldn’t be bothered copy pasting that when an LLM can gen that it can probably gen all this tbh).

Also how u doing auth for searxng? Cos if ur opening it to the internet as a whole u might end up with lots of traffic from randos.

Not this one lemmy.ml is to be avoided for censorship reasons.

Whoever is in charge o blackrock

Hey for the record ive been banned for saying this perfectly proving my point.

Fuck i really must the spastic cunt.

Just say retarded u friggin retard.

I have a tendancy to call people cunts. Idk why the americans get so mad abt it for me its just a common greeting.

Your mother is a hamster and your father smelt of elderberry.

Not my comment history i spend a lot of time arguing with people.

I do have to say the person responding to me has an excellent taste in lemmy comments.

Most of the marketing about skin protection is bs.

And sunscreen is also probably better for said protection than some special bs shite.

And yeah medical reasons is a whole different thing entirely.

Same here. Most if not all the moisturiser marketing is complete and utter bullshit.

Also btw soap isnt actually that good at cleaning u (it is effective at killing bacteria tho) most of the cleaning comes from the fact that after u put soap on something it feels gross till you wash it all off with water.

What do u think shampoo is its soap with a liquifaction agent it does the exact same thing just with double the price and fancy marketing.

Skin care products are required to get no government cetification on their claims. Hence its mostly marketing and giving/taking advantage of people with self image issues. Its the next step in consumerism to take advantage of mens wallets in the same way the beuty industry has been doing to women for years.

Soap and water will clean practically anything and if ya need it maybe some dirt cheap moisturiser for literally any part of your body will do the trick. Hell u can probably find something in ur kitchen that will do just as good of a job as any bullshit product.

Dont buy into the marketing mens beuty marketing is perfectly correllated with self image issues its all designed to make u a good little consumer.

Honestly the best thing u can do for your skin is go swimming in the ocean once a day.

I try get news from a variety of places i do like reading opposite slants on the same events its kinda interesting tbh. Look man those who turn i blind eye to political games will be used up and spat out we have to be informed else face being abused/used by those who are.

I get a total vote count for my comments and posts up and down its not made into one big scoreboard but its definatly something i can see.

And would have a strong left spin too it.

Unfortunalty i need insta to talk to people. Wish i could kill it tho

Any system of power is seen as oppression by those who dont beleive as long as people can choose their flavour of oppression we should be fine.

Ahh they are withering a slow and painfull death not our problem.

There is a web version i beleive but they have support for basicly all platforms nativly.