I hosted searxng on portainer and receive PermissionError and no python application found error
Log:
PermissionError: [Errno 13] Permission denied: '/etc/searxng/settings.yml'
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. going in full dynamic mode ***
--- no python application found, check your startup logs for errors ---
[pid: 19|app: -1|req: -1/1] 127.0.0.1 () {28 vars in 330 bytes} [Sat May 17 05:06:00 2025] HEAD /healthz => generated 21 bytes in 0 msecs (HTTP/1.1 500) 3 headers in 102 bytes (0 switches on core 0)
I tried removing cap_drop (as instructed on https://github.com/searxng/searxng-docker/issues/115) but no luck
version: "3.7"
services:
  # caddy:
  #   container_name: caddy
  #   image: docker.io/library/caddy:2-alpine
  #   network_mode: host
  #   restart: unless-stopped
  #   volumes:
  #     - ./Caddyfile:/etc/caddy/Caddyfile:ro
  #     - caddy-data:/data:rw
  #     - caddy-config:/config:rw
  #   environment:
  #     # - SEARXNG_HOSTNAME=${SEARXNG_HOSTNAME:-http://localhost/}
  #     - SEARXNG_TLS=${LETSENCRYPT_EMAIL:-internal}
  #   cap_drop:
  #     - ALL
  #   cap_add:
  #     - NET_BIND_SERVICE
  #   logging:
  #     driver: "json-file"
  #     options:
  #       max-size: "1m"
  #       max-file: "1"
  redis:
    container_name: redis
    image: docker.io/valkey/valkey:8-alpine
    command: valkey-server --save 30 1 --loglevel warning
    restart: unless-stopped
    networks:
      - searxng
    volumes:
      - valkey-data2:/data
    # cap_drop:
    #   - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
  searxng:
    container_name: searxng
    image: docker.io/searxng/searxng:latest
    restart: unless-stopped
    networks:
      - searxng
    ports:
      # - "127.0.0.1:8080:8080"
      - "20054:8080"
    volumes:
      - ./searxng:/etc/searxng:rw
    environment:
      # - SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
      - SEARXNG_BASE_URL="http://mydomain:20054/"
      - UWSGI_WORKERS=${SEARXNG_UWSGI_WORKERS:-4}
      - UWSGI_THREADS=${SEARXNG_UWSGI_THREADS:-4}
    # cap_drop:
    #   - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
networks:
  searxng:
volumes:
  # caddy-data:
  # caddy-config:
  valkey-data2:
thx a lot!


have you checked the directory & file permissions with
ls -la /Your/SearXNG/WorkingDir?The error in your log is telling you that the container does not have permission to that directory/file, you can essentially bypass this with
sudo chmod 777 /Your/SearXNG/WorkingDir/*andsudo chown 1000:1000 /Your/SearXNG/WorkingDir/*However, if you’re looking for security best practices this is not advisable but if all you care about is that it works it should be fine.
I really do not like recommending people chmod 777 anything.
It encourages bad practices.
I agree, hence why I left the note at the bottom of that comment, yes it does encourage bad practices but, if all OP cares about is that it works then it should be fine.
In my other comment I instructed OP to move the volume to their users home directory so they don’t run into permission issues like this again.
I think I do have permission to the directory?
~ # ls -la /etc/searxng total 72 drwx------ 1 1026 100 42 May 17 04:49 . drwxr-xr-x 1 root root 494 May 17 05:24 .. ---------- 1 root root 68667 May 17 04:49 settings.yml ---------- 1 root root 1223 May 17 04:49 uwsgi.ini___
Taking a look at your
docker-compose.ymlI see this volume mount:Whereas
/volume1/SN/Docker/searxng-stack/searxngis the directory on your system docker is attempting to use to store the files inside the container from/etc/searxng.Example of a volume mount that’ll likely work better for you;
The tilde (~) acts as your current users home directorynot owned by root and where docker persistent volumes should be stored.(aka: /home/YourUser)Edit: I feel like I was wrong here, given that your run
sudoindocker compose up -dthe tilde will likely not work here and instead point to the/rootdirectory instead. I’ve updated the above to reflect the appropriate directory for your volume mount.After making the change over to that directory and configuring SearXNG how you like re-create your docker container with
sudo docker compose up -d —force-recreateApologies for the poor formatting, typing this on mobile.
Edit:
Note: if you want to expose the port do not add the
127.0.0.1like how I have in mydocker-compose.yml.Edit 2: Corrected some things…
Thank you so much, sorry it’s taken so long to reply. I still haven’t had the time, but I will take a closer look when I get the chance.