Araa installation guide

To write this guide, I was using Ubuntu Server 22.04 LTS. This guide assumes you're using sudo or root.

Install required packages:

apt install nginx nginx-extras python3-pip certbot python3-certbot-nginx gunicorn

Clone Araa:

git clone

Configure opensearch.xml by replacing with make sure to replace http:// with https://:

cd araa-search/
cd static/
mv opensearch.xml.example opensearch.xml
nano opensearch.xml

Once you've done that, cd back into the Araa directory and install the required packages:

cd ~/araa-search
pip install flask lxml bs4

Configure nginx by replacing with your own domain:

cd /etc/nginx/sites-enabled/
rm default
wget -O araa
nano araa

Now cd into /etc/nginx/ and replace nginx.conf; this will disable logging and improve server security:

cd /etc/nginx/
rm nginx.conf
wget -O nginx.conf
nginx -t && nginx -s reload

Expected output:

root@ubuntu-s-1vcpu-1gb-tor1-01:/etc/nginx# nginx -t && nginx -s reload
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Obtain an SSL/TLS certificate, but before doing so, make sure you have an A record pointed to your server for that domain:

certbot --nginx -d

Once you've done that, open the crontab file:

crontab -e

Then paste this at the bottom of the crontab file. This will automatically renew your Let’s Encrypt certificate:

0 12 * * * /usr/bin/certbot renew --quiet

Setup a firewall with UFW:

ufw default deny
ufw allow ssh
ufw allow https
ufw allow http
ufw enable

Run the status command:

ufw status verbose

You should see an output like this:

root@ubuntu-s-1vcpu-1gb-tor1-01:~/araa-search# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             

Now we need to disable IPv6 because many websites, like Google, are more likely to block IPv6:

bash -c 'cat <> /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Now you need to configure your SSH daemon to only listen over IPv4:

echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config

Now cd back into the Araa directory:

cd ~/araa-search

Run this command to start Araa:

gunicorn -w 4 __init__:app