Understanding the Importance of the Recent OpenSSH Patch in pfSense

Understanding the Importance of the Recent OpenSSH Patch in pfSense

The FreeBSD Project recently issued a crucial security advisory (FreeBSD-SA-23:19.openssh) that highlights a significant vulnerability in OpenSSH—a widely used suite for secure remote communication. This advisory is particularly relevant for users of pfSense, a popular open-source firewall and router software based on FreeBSD.

The Vulnerability: Prefix Truncation Attack

Identified as CVE-2023-48795, the security flaw involves a “Prefix Truncation Attack” in the SSH protocol’s handshake mechanism. Attackers can exploit this vulnerability to manipulate handshake messages silently, potentially weakening client authentication algorithms or disabling keystroke timing attack countermeasures. This vulnerability affects all supported versions of FreeBSD.

Immediate Action Required

Given the severity of the issue, it’s vital for administrators to patch their systems immediately. For pfSense users, this means ensuring their system incorporates the latest FreeBSD patches. The advisory provides detailed steps for updating systems either through binary patches via freebsd-update or by applying source code patches directly.

Workaround and Long-Term Solution

Until systems can be fully updated, a temporary workaround is provided, involving specific changes to the OpenSSH configuration files to mitigate the risk. However, this is only a stopgap measure, and administrators are strongly encouraged to apply the full updates as soon as possible to ensure the integrity and security of their systems.

Conclusion

This advisory serves as a reminder of the constant vigilance needed in maintaining the security of network systems like pfSense. Administrators should take immediate action to apply this patch and regularly monitor for further updates to protect against evolving threats. The quick response and detailed guidance provided by the FreeBSD Security Team reflect the ongoing commitment to security within the open-source community.




Understanding the Security Enhancements in pfSense + Update 23.09.1


Introduction:

The latest pfSense + update, version 23.09.1, marks a significant step forward in network security and functionality. As a widely-used open-source firewall and router software, pfSense is integral to maintaining robust network security. This update addresses several critical vulnerabilities and performance issues, reflecting the ongoing commitment to providing a secure and efficient network environment.

Key Security Fixes in 23.09.1:

  1. TCP Spoofing Vulnerability Patch (FreeBSD-SA-23:17.pf):
    One of the most critical fixes in this release is for a TCP spoofing vulnerability in the pf(4) component. This vulnerability could potentially allow an attacker to intercept and manipulate TCP traffic, posing a significant risk to data integrity and security. The update patches this flaw, thereby enhancing the security of TCP traffic management in pfSense.
  2. ZFS Data Corruption Issues (FreeBSD-EN-23:16.openzfs & FreeBSD-EN-23:18.openzfs):
    ZFS, a key file system used by pfSense, had two notable vulnerabilities that have been addressed in this update. One issue led to potential data corruption, and the other caused high CPU usage by ZFS kernel threads. These fixes not only improve data integrity but also enhance the overall performance of systems using ZFS.
  3. OpenSSL Performance Issues (FreeBSD-EN-23:17.ossl):
    Prior to the update, the ossl(4) module’s AES-GCM implementation occasionally produced incorrect results. Since AES-GCM is widely used for encrypted communications, this fix is crucial for maintaining the confidentiality and integrity of encrypted data.
  4. Kernel Physical Memory Allocator Error (FreeBSD-EN-23:20.vm):
    The update rectified an issue with the kernel’s physical memory allocator, which previously gave incorrect results. This fix is vital for the overall stability and reliability of the pfSense system.

Implications for Network Security:

These security enhancements in the pfSense + 23.09.1 update represent critical steps in safeguarding network infrastructure. By addressing vulnerabilities ranging from TCP spoofing to data integrity in file systems and encryption modules, this update ensures that pfSense continues to offer robust defense mechanisms against a variety of cyber threats.

Furthermore, the resolution of these issues not only enhances security but also contributes to the overall performance and stability of networks utilizing pfSense. Network administrators can now rely on a more secure, efficient, and reliable system for managing their network traffic and security policies.

Conclusion:

The 23.09.1 update for pfSense + underscores the importance of continuous vigilance and proactive measures in network security. By addressing key vulnerabilities and performance issues, pfSense maintains its position as a trusted and capable tool in the arsenal of network security professionals. Users of pfSense are encouraged to apply this update promptly to ensure their networks remain secure and efficient.

For more in-depth details about the 23.09.1 update and its full range of features and fixes, please refer to the official pfSense documentation.


This blog post outlines the security-centric aspects of the pfSense + 23.09.1 update, emphasizing its impact and importance in network security.




Effortless Upgrade to pfSense+ 23.09 on Netgate 1100: A Quick Guide

Hello, tech enthusiasts! Knud here with a must-know update for all pfSense+ users, especially those with Netgate 1100. The latest release, 23.09, is here, and it’s packed with significant changes and upgrades.

Upgrading to pfSense+ 23.09: Step-by-Step

  1. Initiate the Update: Access the pfSense+ dashboard, and click the ‘Update’ button under the ‘Version’ section.
  2. Backup Is Key: Before updating, navigate to ‘Diagnostics’ then ‘Backup & Restore’ for a necessary backup.
  3. Patience Pays Off: Expect the update to take around 15 minutes. So, relax, and let it complete.

What’s New in 23.09?

  1. PHP Upgrade: PHP has been upgraded to version 8.2.11, ensuring better performance and security【11†source】.
  2. Operating System Upgrade: The base system now uses a more recent point on FreeBSD 14-CURRENT【11†source】.
  3. Improved SCTP Support: Enhancements in PF for firewall rules, NAT, and logging, particularly for SCTP packets【11†source】.
  4. OpenSSL Upgrade: A significant jump from 1.1.1t to 3.0.12, bringing major API and ABI changes, and deprecating weak algorithms【15†source】.
  5. Kea DHCP Server: A new, opt-in feature preview for IPv4 and IPv6 DHCP services【11†source】.
  6. NVMe Storage Device Driver Change: The default driver switched from nvd(4) to nda(4), impacting swap configurations【15†source】.
  7. Security Enhancements: OpenSSL 3.0.x no longer supports SHA1 certificates, impacting OpenVPN and other services【15†source】.

Post-Update Steps:

Once updated, perform another backup to ensure your settings are current.

Final Thoughts:

Upgrading your pfSense+ system to version 23.09 is straightforward but requires careful steps. Remember, patience is crucial during the upgrade process for a smooth transition. Enjoy the new features and improved performance!

Cheers to efficient networking,
Knud ;O)




Essential Computer Maintenance: Keeping Your System Clean and Optimized

Introduction:
In today’s digital age, our computers have become an indispensable part of our lives. Whether it’s for work, entertainment, or communication, we rely heavily on these machines. Just as we take care of our physical spaces, our digital realms also require regular maintenance to ensure they function smoothly. In this blog post, we’ll explore a series of steps you can take to keep your computer organized, secure, and performing at its best.

  1. Backup Your Files and Data:
    The first rule of digital hygiene is to back up your files and data regularly. You never know when disaster might strike – a hardware failure, malware attack, or accidental deletion could lead to data loss. By maintaining a consistent backup routine, you’ll have peace of mind knowing your precious files are safe and sound.
  2. Keep Software and OS Updated:
    Outdated software and operating systems can become vulnerable to security breaches and may also lead to performance issues. Regularly update your operating system and software applications to ensure you’re benefitting from the latest features, bug fixes, and security patches.
  3. Browser Cleanup:
    Browsers accumulate temporary files, cookies, and other data over time, which can impact your browsing experience. Before performing a cleanup, make sure to save or store a list of your passwords. Clearing browsing data can help improve browser performance and protect your privacy.
  4. Uninstall Unused Programs:
    Over time, we tend to accumulate a variety of software programs that we no longer use. Uninstalling these unused programs not only frees up valuable storage space but also reduces clutter and potential security risks.
  5. Manage Startup Items:
    Too many programs launching at startup can slow down your computer’s boot time. Use tools like “msconfig” (Windows) to manage startup items. Identify non-essential programs that launch with your system and disable them to streamline your startup process.
  6. Cleaning the Physical Hardware:
    For desktop computers, cleaning the internal fans and components is crucial to prevent overheating and maintain proper airflow. However, for laptops, it’s recommended to have a specialist perform this task to avoid causing damage.
  7. Upgrade to SSD:
    Consider replacing traditional spinning hard drives (HDDs) with solid-state drives (SSDs) for improved performance. SSDs are faster, more reliable, and can significantly enhance your computer’s overall responsiveness.
  8. Disk Cleanup:
    Use the built-in disk cleanup tool to remove temporary files and system files. This helps reclaim disk space and keeps your system running smoothly.
  9. Managing Startup Services:
    Navigate to “msconfig” and review the list of startup services. Hide Microsoft services and disable any unnecessary third-party services that you don’t need running at startup.
  10. Manual Cleanup:
    Regularly clean up your “C:\temp” folder and your download folder. Sort through files and remove old, unused files to free up space.
  11. Registry Cleanup:
    Use caution when editing the Windows Registry, but removing unwanted entries from the “Run” keys in “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” and “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” can help prevent unnecessary programs from launching at startup.
  12. Clearing AppData and Crash Dumps:
    Navigate to “%temp%” to remove old files that are no longer needed. Similarly, delete files in the “%userprofile%\AppData\Local\CrashDumps” directory. And delete the files in “c:\Windows\Temp” skip open files.
  13. Virus Scanning:
    To ensure your computer is free from malware and viruses, use reliable antivirus software. Consider using free tools like Trend Micro’s Virus Scan to perform regular scans and keep your system secure.

Conclusion:
By following these steps, you’ll not only keep your computer organized and optimized but also ensure its longevity and security. Regular maintenance is the key to enjoying a seamless computing experience, allowing you to make the most out of your digital world.




Enhancing Your Network Security with pfBlockerNG-devel: A Quick Guide

Are you concerned about the security of your home network? Worried about malicious websites, ads, and unwanted content infiltrating your online experience? Look no further than pfBlockerNG-devel, a powerful package for pfSense that allows you to take control of your network’s security by implementing various blocking mechanisms. In this guide, we’ll walk you through the installation and key configuration steps to get the most out of pfBlockerNG-devel without overwhelming you with technical details.

Installation

To get started, open up your pfSense dashboard and navigate to the System Package Manager. Here, you’ll find a list of available packages. Search for “pfBlockerNG-devel” and install it. Once the installation is complete, you’ll be guided through a wizard that will assist you in setting up pfBlockerNG.

Initial Configuration

After installation, ensure that you enable “floating rules” and “kill states.” These settings are important for the proper functioning of pfBlockerNG.

GeoIP Blocking

One powerful feature of pfBlockerNG-devel is the ability to block traffic based on geographical locations. If there are countries you prefer not to have contact with, you can easily set up inbound blocking rules for them. This adds an extra layer of security to your network.

DNSBL (DNS Blocking)

DNSBL, or DNS Blocking, is an essential tool to prevent access to malicious, ads, and unwanted websites. pfBlockerNG-devel supports this feature by allowing you to add various blacklists. However, it’s important not to go overboard, as blocking too much might hinder your internet usage. Consider enabling lists like “ads_basic,” “malicious,” “easylist,” and “firebog_malicious” under DNSBL groups.

Moreover, the “shalalist” category offers site-blocking options for aggressive, cost traps, drugs, finance, gambling, and spyware-related websites. The “ut1” category includes aggressive, dangerous sites, DDOS, drugs, gambling, malware, phishing, sects, and cheater-related sites. Be selective in your choices to maintain optimal internet usability.

IP Blocking

In the IP blocking section, you can prevent outbound traffic to specific IP addresses. This is useful for devices that may have IP addresses hardcoded in their software, bypassing your DNS. Prioritize blocking known malicious IPs by using the PRI1 and TOR deny outbound lists. Additionally, maintain a whitelist to permit outbound traffic to trusted IPs.

Regular Updates

Remember, changes you make within pfBlockerNG-devel need an update to take effect. Go to “Firewall” and select “pfBlockerNG Update” to ensure your settings are current.

DNS Provider and Security

For enhanced security, consider configuring your external DNS provider. One recommended option is Quad9, known for its comprehensive blocklists and secondary DNS service. Quad9 not only blocks potentially harmful sites but also secures your DNS requests against potential fakes. This extra layer of protection prevents malicious actors from redirecting you to counterfeit websites.

Conclusion

Enhancing your network security with pfBlockerNG-devel doesn’t have to be overwhelming. By following this quick guide, you can set up an effective security solution for your home network. Remember to strike a balance between protection and usability, and stay updated with the latest threat intelligence to keep your online experience safe and smooth.




Setting Up DNS Resolver (Unbound) in pfSense to Use Quad9

Introduction:
In today’s digital landscape, having a robust and secure DNS resolver is essential for ensuring a smooth and safe browsing experience. One popular option is Quad9, a DNS service that emphasizes privacy and security. In this guide, we will walk you through the process of setting up the DNS Resolver (Unbound) in pfSense to use Quad9 for your DNS queries.

Menu System – General Setup

  1. Access General Setup:
    Log in to your pfSense web interface and navigate to System > General Setup.
  2. Update Primary DNS Server:
    In the “DNS Server Settings” section, locate the primary DNS server. Change the IP address to 9.9.9.9 and set the hostname to dns.quad9.net.
  3. Configure Secondary DNS Server:
    For the secondary DNS server, set the IP address to 149.112.112.112 and the hostname to dns.quad9.net.
  4. DNS Resolution Behavior:
    Ensure that the “DNS resolution Behavior” is set to Use local DNS, fall back to remote DNS servers (default).
  5. IPv6 Configuration (Optional):
    If you’re not using IPv6, you can skip the IPv6 configuration settings in the General Setup.

Menu Services – DNS Resolver – General Settings

  1. Enable DNS Resolver:
    Go to Services > DNS Resolver and ensure that the Enable checkbox is selected.
  2. SSL/TLS Certificate:
    Keep the default SSL/TLS Certificate setting, as it is set to the webConfigurator default.
  3. Network Interfaces:
    Under “Network Interfaces,” select All to allow DNS resolution on all available interfaces.
  4. Outgoing Network Interfaces:
    Choose WAN as the outgoing network interface for DNS queries.
  5. System Domain Local Zone Type:
    Set the “System Domain Local Zone Type” to Transparent.
  6. DNSSEC Configuration:
    Since Quad9 already uses DNSSEC, you don’t need to enable DNSSEC in the pfSense settings.
  7. Enable Forwarding Mode:
    Make sure that “Enable Forwarding Mode” is enabled. This allows Unbound to forward DNS queries to external DNS servers like Quad9.
  8. SSL/TLS for Outgoing DNS Queries:
    Enable the “Use SSL/TLS for outgoing DNS Queries to Forwarding Servers” option. This ensures encrypted communication between pfSense and Quad9.

Conclusion:

Setting up the DNS Resolver (Unbound) in pfSense to use Quad9 is a straightforward process that enhances your network’s security and privacy. By following the steps outlined in this guide, you’ve configured your pfSense firewall to route DNS queries through Quad9’s secure and reliable servers. With a strong emphasis on protecting user data and thwarting malicious activities, Quad9 ensures a safer online experience for you and your network users. Now you can enjoy faster, more secure, and private browsing while benefiting from the robust capabilities of pfSense and Quad9.

Remember, the digital landscape is constantly evolving, and staying proactive about your network’s security is paramount. Periodically revisit your DNS resolver settings and consider exploring other security-enhancing features within pfSense to ensure your network remains protected.




Strengthen Your Network Security with Essential pfSense Packages

Title: Strengthen Your Network Security with Essential pfSense Packages

Introduction

In today’s digital age, network security is paramount for safeguarding sensitive data and protecting against various cyber threats. pfSense, an open-source firewall and router platform, offers a wide range of packages to enhance the security of your network. In this blog post, we will explore four powerful pfSense packages – pfBlockerNG-devel, Service Watchdog, System Patches, and Tailscale – that can fortify your network defenses and ensure a safer online environment for your organization or home network.

  1. pfBlockerNG-devel: The Ultimate DNS Firewall

One of the most critical aspects of network security is controlling and filtering DNS traffic. pfBlockerNG-devel is an advanced package for pfSense that acts as a DNS firewall, allowing you to block malicious domains, advertisements, and other unwanted content. With its versatile features, pfBlockerNG-devel enables you to create custom blocklists, white-lists, and even implement IP address and geo-blocking rules. By leveraging DNSBL (DNS Block List) technology, this package keeps your network safe from phishing attempts, malware distribution, and other cyber threats.

  1. Service Watchdog: Ensuring Uninterrupted Services

In a robust network infrastructure, it’s essential to maintain uptime and availability of critical services. Service Watchdog is a pfSense package designed to monitor and automatically restart services that may experience failures. Whether it’s a web server, VPN, or any other service, Service Watchdog constantly monitors their status and takes corrective actions when issues arise. By implementing this package, you can minimize service disruptions, thwart potential downtime, and ensure seamless operation of vital services.

  1. System Patches: Keeping Up with Security Updates

Staying up-to-date with security patches is crucial in defending against vulnerabilities and exploits. System Patches is a pfSense package that simplifies the process of applying system-level patches, including security updates and bug fixes. It ensures that your pfSense installation is current and fortified against known security threats. Regularly updating your pfSense system with System Patches significantly reduces the risk of potential breaches and enhances overall network security.

  1. Tailscale: Securely Connecting Remote Networks

In today’s work environment, remote connectivity is more critical than ever. Tailscale, a modern and easy-to-use VPN solution, provides secure and private network connections for remote devices. As a pfSense package, Tailscale allows you to set up a secure mesh network, ensuring that authorized devices can access resources securely from anywhere, without exposing them to the open internet. Tailscale uses strong encryption and authentication methods, making it an excellent choice for organizations seeking a safe and reliable VPN solution.

Conclusion

In conclusion, securing your network is a continuous process that requires the right tools and strategies. By leveraging pfSense packages like pfBlockerNG-devel, Service Watchdog, System Patches, and Tailscale, you can significantly enhance your network security posture. These packages enable you to fortify your defenses against malicious content, ensure uninterrupted service availability, stay up-to-date with security patches, and securely connect remote networks.

As cyber threats continue to evolve, it is essential to adapt your network security measures accordingly. By incorporating these powerful pfSense packages into your infrastructure, you are taking proactive steps to safeguard your network and protect your sensitive data from potential cyber attacks. Remember, network security is a shared responsibility, and continuous vigilance is key to maintaining a safe and resilient network environment.




Safeguarding Your Digital Oasis: The Importance of Network Segmentation and Robust Security

Title: Safeguarding Your Digital Oasis: The Importance of Network Segmentation and Robust Security

Introduction

In our interconnected world, the proliferation of Internet of Things (IoT) devices and the need for guest access has become increasingly common. However, the convenience comes with potential security risks that should not be ignored. In this blog post, we will emphasize the critical importance of separating IoT devices from your private network, implementing robust security measures, and maintaining up-to-date systems to create a secure digital oasis for your home or business.

  1. The Significance of Network Segmentation

Isolating IoT devices from your private network is a fundamental security practice. IoT devices often have vulnerabilities, and if compromised, they can become a gateway for hackers to access your personal data and network. By creating a separate network for these devices, you mitigate the risk of unauthorized access and protect your sensitive information.

  1. Implementing Robust Security Measures

Having a strong and well-configured firewall is paramount to safeguarding your network. A firewall acts as a gatekeeper, monitoring and controlling incoming and outgoing traffic, preventing malicious entities from gaining entry to your network. Additionally, utilizing intrusion detection and prevention systems (IDPS) adds an extra layer of security, alerting you to potential threats in real-time.

  1. Securing Guest Access

Offering guest Wi-Fi access is a common courtesy, but it should never jeopardize your private network’s security. It is essential to create a separate guest network with strong encryption and a unique password. Restricting guest access to the internet only ensures that their devices are isolated from your private network, safeguarding your data and devices from unauthorized access.

  1. Keeping Systems Up-to-Date

Maintaining regular updates for your computers, router, and firewall is a crucial practice in network security. Software developers frequently release updates to address security vulnerabilities and enhance performance. By staying current with these updates, you minimize the risk of potential exploits and ensure your network remains robust against emerging threats.

  1. Strengthening Wi-Fi Security

Securing your Wi-Fi access point is vital to prevent unauthorized access to your network. Enable WPA3 encryption, which offers the highest level of Wi-Fi security available, and use a strong, unique password that combines uppercase and lowercase letters, numbers, and special characters. Regularly change your Wi-Fi password to further enhance security.

  1. Guest Network Isolation

To ensure guest privacy and protect your network from any misconfigurations, enable client isolation on your guest network. This feature prevents devices connected to the guest network from communicating with each other, limiting their access to the internet only.

Conclusion

As technology becomes an integral part of our lives, ensuring the security of our networks is of utmost importance. By implementing network segmentation to separate IoT devices from the private network, creating strong security measures with up-to-date systems, and securing guest access, you create a fortress of protection for your digital oasis.

Remember, safeguarding your network is an ongoing process. Continuously update your systems, maintain robust security measures, and educate yourself on emerging threats. With these practices in place, you can confidently enjoy the benefits of technology while protecting your personal data and ensuring a safe digital environment for yourself and your guests.




pfSense vs. OPNsense: Elevating Home Firewall Security

Introduction

In the age of increasing cyber threats and privacy concerns, it has become crucial for individuals to secure their home networks. While most people rely on default routers provided by their Internet Service Providers (ISPs), these devices often lack essential features and may not receive timely updates. In this blog post, we will explore two powerful open-source firewall solutions, pfSense and OPNsense, and the compelling reasons to use them to fortify your home network’s security.

  1. Comprehensive Security Features

Unlike default routers, pfSense and OPNsense are specialized firewall distributions based on FreeBSD. They offer a plethora of advanced security features that go beyond the capabilities of regular consumer-grade routers. These include stateful packet filtering, intrusion detection/prevention, Virtual Private Network (VPN) support, DNS filtering, and more. By employing these robust features, users can effectively protect their networks from malicious activities and unauthorized access.

  1. Regular Updates and Security Patches

One of the most significant drawbacks of using default routers is the infrequent or non-existent software updates. Cyber threats evolve rapidly, and without timely updates, your router becomes vulnerable to new exploits and vulnerabilities. Both pfSense and OPNsense have active communities that continuously work on improving the security and stability of their platforms. Regular updates ensure that your firewall remains up-to-date with the latest security patches, safeguarding your home network from potential threats.

  1. Flexibility and Customization

One of the key advantages of open-source solutions like pfSense and OPNsense is their high level of flexibility and customization options. Users can tailor their firewall settings and rules according to their specific needs, creating a personalized security infrastructure. Whether it’s setting up VLANs for segmented networks, creating access controls, or integrating third-party plugins, the ability to customize your firewall enhances the overall security posture of your home network.

  1. Enhanced VPN Capabilities

In today’s interconnected world, the need for secure remote access is more prominent than ever. Both pfSense and OPNsense offer powerful VPN capabilities, allowing users to establish secure connections between remote devices and the home network. Whether you need to access your home resources while traveling or want to encrypt your online activities, these firewall solutions provide a reliable and straightforward VPN setup.

  1. Community Support and Documentation

pfSense and OPNsense boast vibrant communities that actively contribute to user forums, offer advice, and share their expertise. If you encounter any issues or need guidance on setting up specific features, chances are you’ll find a wealth of information through their community support channels. Furthermore, both projects maintain extensive documentation, making it easier for users to understand and utilize the vast array of features these firewalls offer.

  1. Transparency and Open-Source Assurance

Default routers typically run on closed-source firmware, making it challenging for users to scrutinize the code for potential security flaws or backdoors. In contrast, pfSense and OPNsense are open-source projects, which means their source code is publicly available for review by anyone. This level of transparency fosters trust among users, ensuring that there are no hidden vulnerabilities or privacy concerns within the firewall software.

Conclusion

In conclusion, upgrading from a default router to a robust and feature-rich firewall like pfSense or OPNsense can significantly enhance your home network’s security. By leveraging their comprehensive security features, receiving regular updates, and enjoying the flexibility of customization, you can better protect your network and data from potential cyber threats. Additionally, the strong community support, extensive documentation, and open-source assurance offer an added layer of confidence in the security of these firewall solutions. So, why settle for an outdated and vulnerable router when you can empower your home network with the cutting-edge protection of pfSense or OPNsense?




Installing Searxng on ARM64 Architecture with Docker

Introduction:
Searxng is a privacy-friendly and open-source metasearch engine that aggregates search results from various sources. In this guide, we’ll walk you through the process of installing Searxng on an ARM64 architecture using Docker, allowing you to set up your own search engine.

Step 1: Install Searxng with Docker

To install Searxng and run it in Docker on ARM64, execute the following command:

docker run -d -p 8888:8080 \
  --name=searxng \
  -v "searxng_data:/etc/searx" \
  -v "searxng_data:/etc/searxng" \
  -e "BASE_URL=http://192.168.0.224:8888" \
  -e "INSTANCE_NAME=searxng" \
  searxng/searxng:latest

Explanation of options used:

  • -d: Run the container in the background (detached mode).
  • -p 8888:8080: Map port 8080 from the container to port 8888 on the host system. This allows you to access Searxng’s web interface at http://localhost:8888.
  • --name=searxng: Assign the name “searxng” to the container for easy management.
  • -v "searxng_data:/etc/searx": Create a Docker volume named “searxng_data” and mount it to the “/etc/searx” directory inside the container. This volume allows you to persist Searxng’s data and configurations.
  • -e "BASE_URL=http://192.168.0.224:8888": Set the base URL for the Searxng instance. Replace “192.168.0.224” with the IP address or domain name of your server.
  • -e "INSTANCE_NAME=searxng": Specify a custom name for the Searxng instance.

Step 2: Access Searxng Web Interface

Once the Searxng container is up and running, open a web browser and navigate to http://localhost:8888. You will be directed to Searxng’s web interface, where you can perform searches and explore the search engine’s features.

Conclusion:
By following these steps and using Docker, you have successfully installed Searxng on an ARM64 architecture. You now have your own private search engine, Searxng, up and running, allowing you to search the web with enhanced privacy and control.

Enjoy the benefits of Searxng and have fun searching! Happy exploring!