version: "3.7"

services:
  searxng:
    container_name: searxng
    image: searxng/searxng:2022.11.11-3a765113
    restart: unless-stopped
    networks:
      - tipi_main_network
    volumes:
      - "${APP_DATA_DIR}/data:/etc/searxng"
    ports:
      - ${APP_PORT}:8080
    environment:
      - BIND_ADDRESS=0.0.0.0:8080
      - BASE_URL=${APP_PROTOCOL:-http}://${APP_DOMAIN}/
      - SECRET_KEY=${SEARXNG_SECRET_KEY}
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.searxng-web-redirect.redirectscheme.scheme: https
      traefik.http.services.searxng.loadbalancer.server.port: 8080
      # Web
      traefik.http.routers.searxng-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.searxng-insecure.entrypoints: web
      traefik.http.routers.searxng-insecure.service: searxng
      traefik.http.routers.searxng-insecure.middlewares: searxng-web-redirect
      # Websecure
      traefik.http.routers.searxng.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.searxng.entrypoints: websecure
      traefik.http.routers.searxng.service: searxng
      traefik.http.routers.searxng.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.searxng-local-insecure.rule: Host(`searxng.${LOCAL_DOMAIN}`)
      traefik.http.routers.searxng-local-insecure.entrypoints: web
      traefik.http.routers.searxng-local-insecure.service: searxng
      traefik.http.routers.searxng-local-insecure.middlewares: searxng-web-redirect
      # Local domain secure
      traefik.http.routers.searxng-local.rule: Host(`searxng.${LOCAL_DOMAIN}`)
      traefik.http.routers.searxng-local.entrypoints: websecure
      traefik.http.routers.searxng-local.service: searxng
      traefik.http.routers.searxng-local.tls: true