I hosted searxng on portainer and receive PermissionError and no python application found error

Log:

PermissionError: [Errno 13] Permission denied: '/etc/searxng/settings.yml'

unable to load app 0 (mountpoint='') (callable not found or import error)

*** no app loaded. going in full dynamic mode ***

--- no python application found, check your startup logs for errors ---

[pid: 19|app: -1|req: -1/1] 127.0.0.1 () {28 vars in 330 bytes} [Sat May 17 05:06:00 2025] HEAD /healthz => generated 21 bytes in 0 msecs (HTTP/1.1 500) 3 headers in 102 bytes (0 switches on core 0)

I tried removing cap_drop (as instructed on https://github.com/searxng/searxng-docker/issues/115) but no luck

version: "3.7"

services:
  # caddy:
  #   container_name: caddy
  #   image: docker.io/library/caddy:2-alpine
  #   network_mode: host
  #   restart: unless-stopped
  #   volumes:
  #     - ./Caddyfile:/etc/caddy/Caddyfile:ro
  #     - caddy-data:/data:rw
  #     - caddy-config:/config:rw
  #   environment:
  #     # - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost/}
  #     - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
  #   cap_drop:
  #     - ALL
  #   cap_add:
  #     - NET_BIND_SERVICE
  #   logging:
  #     driver: "json-file"
  #     options:
  #       max-size: "1m"
  #       max-file: "1"

  redis:
    container_name: redis
    image: docker.io/valkey/valkey:8-alpine
    command: valkey-server --save 30 1 --loglevel warning
    restart: unless-stopped
    networks:
      - searxng
    volumes:
      - valkey-data2:/data
    # cap_drop:
    #   - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

  searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    networks:
      - searxng
    ports:
      # - "127.0.0.1:8080:8080"
      - "20054:8080"
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      # - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
      - SEARXNG_BASE_URL="http://mydomain:20054/"
      - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
      - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
    # cap_drop:
    #   - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"

networks:
  searxng:

volumes:
  # caddy-data:
  # caddy-config:
  valkey-data2:

thx a lot!

  • Override4414@lemmy.worldOPEnglish
    21·
    9 hours ago

    Listen on [::]:8080 doesn’t give 20054, could this be the reason?

    Listen on [::]:8080

[uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]

SearXNG version 2025.5.16+1b08324

Use existing /etc/searxng/uwsgi.ini

Use existing /etc/searxng/settings.yml

Listen on [::]:8080

[uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]

SearXNG version 2025.5.16+1b08324

Use existing /etc/searxng/uwsgi.ini

Use existing /etc/searxng/settings.yml

Listen on [::]:8080

[uWSGI] getting INI configuration from /etc/searxng/uwsgi.ini

open("/etc/searxng/uwsgi.ini"): Permission denied [core/io.c line 525]
    • HappyTimeHarry@lemm.eeEnglish
      3·
      8 hours ago

      open(“/etc/searxng/uwsgi.ini”): Permission denied [core/io.c line 525]

      I think here is your problem. Make sure that file exists and is readable from inside of the docker.

        • HappyTimeHarry@lemm.eeEnglish
          1·
          7 hours ago

          try opening a shell with ’ docker exec -it searxng sh" and see if you can cat the file from inside docker, if yes then I’m not sure of a solution ,if no then the problem is with permissions on your filesystem outside of docker where you have " - ./data/searxng:/etc/searxng" You need to go to ./data/searxng and correct the permissions so they can be read inside the docker.

            • HappyTimeHarry@lemm.eeEnglish
              1·
              6 hours ago

              Yep Probably you need to change ownership and/or permissions of the files outside of docker.

              I dont want to give the wrong suggestion from memory so hopefully thats enough info to get you going in the direction of a fix. Basically see what user id owns the files inside of docker, make it the same uid outside of docker in the folder you are bind mounting.

              • Override4414@lemmy.worldOPEnglish
                1·
                6 hours ago
                SN_FR_@SN:~$ sudo docker exec -it searxng sh -c "id"
uid=0(root) gid=0(root) groups=0(root)

                container is running as root, so there shouldn’t be any permission error?

                u are right its not writable, the files are read only, that is wierd

                I’m opening those files with windows but the user permission inside docker shouldn’t cause that problem.

                I’m scratching my head nw

          • Override4414@lemmy.worldOPEnglish
            1·
            7 hours ago
            ~ # ls /etc/searxng
settings.yml  uwsgi.ini
~ # cat settings.yml
cat: can't open 'settings.yml': No such file or directory
~ # cat /etc/searxng/settings.yml
general:
  # Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
  debug: false
  # displayed name
  instance_name: "searxng"
  # For example: https://example.com/privacy

            I think I do have the permission?

            • HappyTimeHarry@lemm.eeEnglish
              1·
              7 hours ago

              If you have permissions then try editibg uwsgi.ini and see if it lets you save.

              Im going from memory but i think i had a similar issue and i had to manually create the file, yours shows the file already exists but it might not be writable.