Add Pi-hole (DNS & Network-wide Ad Blocking) docker container support #147
Comments
bcurran3
changed the title
|
I tested both Pi-hole and AdGuard Home (https://github.com/AdguardTeam/AdGuardHome) and I preferred the latter. It has more features out-of-the-box (there's a comparison table on the project's GitHub page) and I found the web interface easier to use. |
|
Cool. Thanks. Never heard of it. On my RADAR now as that comparison chart is great at pointing out the features. It does have a docker container, https://hub.docker.com/r/adguard/adguardhome. I'd vote for both but am going to bump this one up on my personal list for testing. |
|
It's worth anyone interested in this reading #54. There are issues in supporting ad-blocking services as it's required to have 80/443 dedicated to them, which we can't do easily/simply due to Traefik. |
davestephens
changed the title
|
RE: AdGuardHome - management via port 3000 will also conflict with Grafana. Both Pi-hole and AdGuardHome have mentions of working via proxy. I'm sure it ads a lot of configuration overhead, but it looks doable. Maybe we can leave this open until someone can work through it and share (help wanted). If so, this issue can be renamed for AdGuardHome to make it not a duplicate and the original Pi-hole issue could be re-opened. |
|
@davestephens @bcurran3 The port 3000 conflict isn't an issue as you can map the external port separately to the internal port in the container settings. |
|
Bridged networking doesn't solve the problem, sadly. The reasons are
detailed further up in this issue, but tl;dr; to work correctly ad blockers
need port 80 and 443 on the box you host the software on.
…On Sun, 5 Jan 2020, 14:03 animeai, ***@***.***> wrote:
@davestephens <https://github.com/davestephens>
I'd have thought this would be best addressed by using bridged networking
so the PiHole container has its own local IP address.
@bcurran3 <https://github.com/bcurran3> The port 3000 conflict isn't an
issue as you can map the external port separately to the internal port in
the container settings.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#147?email_source=notifications&email_token=AAFDGMEZG6ABMOQ72Q3MWV3Q4HSDRA5CNFSM4JAYKUC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDXVIQ#issuecomment-570915490>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFDGMCLOH4X3LMJN5TUHRDQ4HSDRANCNFSM4JAYKUCQ>
.
|
|
Looks like it IS possible: I'll try it at some point in the future. |
|
No reason it shouldn't work inside a container with bridged networking; piHole is really only doing its magic on port 53 (DNS); 80 and 443 are there for administration to my understanding. EDIT: might also be worth looking at enabling DNS-over-HTTPS via CloudFlare, but that could get even messier. (https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) |
|
Port 80 and 443 absolutely are used for ad blocking. See
#54 (comment)
for info.
Traefik internal ports were made configurable for this reason.
…On Mon, 4 May 2020, 23:11 Eric, ***@***.***> wrote:
No reason it shouldn't work inside a container with bridged networking;
piHole is really only doing its magic on port 53 (DNS); 80 and 443 are
there for administration to my understanding.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#147 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFDGMD6U7GXC4ZANV2GOZLRP44RTANCNFSM4JAYKUCQ>
.
|
|
I stand corrected/knowledge-upgraded, especially after reading more of the docs. :) |
|
I've got this done and working. Very happy about the results. I'll submit a PR once I create the pihole_without_traefik task... 24 hour results: |
|
What is the status of this request? This would be an awesome feature for me (and others) to be included in Ansible-NAS |
|
@nicpayne713 if you want to have it and can live with doing a bit more work than setting
version: '2'
services:
pihole:
container_name: pihole-unbound
image: cbcrowe/pihole-unbound:latest
environment:
FTLCONF_REPLY_ADDR4: ${FTLCONF_REPLY_ADDR4}
TZ: ${TZ}
WEB_PORT: ${WEB_PORT}
PIHOLE_DNS_: 127.0.0.1#5335
DNSSEC: "true"
INTERFACE: ${INTERFACE}
volumes:
- ${CONFIG_FOLDER}/etc-pihole:/etc/pihole:rw
- ${CONFIG_FOLDER}/etc-dnsmasq:/etc/dnsmasq.d:rw
restart: unless-stopped
network_mode: host
mem_limit: 1Gb
Deploy the stack, pihole won't work as it's trying to bind port 53. This is fine as we needed dns access when deploying the stack. shut down the Now you can use pihole as dns resolver for all your network, just set your nas ip as primary dns server on your router page (and leave the secondary server set to 0.0.0.0). If you have connected devices just disconnect from the network and rejoin it to update the dns preferences |
|
Thanks @HitLuca , personally I decided to move pi-hole to a VM to isolate it (and pi-vpn with wireguard) from the rest of my setup. I tried it with docker and had some network issues I couldn't figure out with my vpn. |
|
@nicpayne713 - Ha! Me too. I moved pihole (using diet-pi and love it) to a VM on an ESXI server that gets rebooted a lot less than my ansible-nas server (Linux kernels seem to come out every week now days). |
Pi-hole is something I've been wanting to test out but haven't had the time. I think a containerized DNS server that does ad blocking is something everyone is going to want and Pi-hole seems to be "it."
https://hub.docker.com/r/pihole/pihole
The text was updated successfully, but these errors were encountered: