server { # Listens on http listen 80; listen [::]:80; # Your server name server_name searx.example.com ; access_log /dev/null; error_log /dev/null; # X-Frame-Options (XFO) header set to DENY add_header X-Frame-Options "DENY"; # HTTP Strict Transport Security (HSTS) header add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # Content Security Policy (CSP) add_header Content-Security-Policy "default-src 'self';"; location / { uwsgi_pass unix:///usr/local/searxng/run/socket; include uwsgi_params; uwsgi_param HTTP_HOST $host; uwsgi_param HTTP_CONNECTION $http_connection; # see flaskfix.py uwsgi_param HTTP_X_SCHEME $scheme; #uwsgi_param HTTP_X_SCRIPT_NAME /searxng; # see limiter.py uwsgi_param HTTP_X_REAL_IP $remote_addr; uwsgi_param HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for; } }