pihole docker with docker-compose in my LAN

  1. tcpip.wtf
  2. Posts
  3. pihole docker with docker-compose in my LAN

Recently I moved from my old PI3B to a Intel NUC i3 as my "Home Server" enough power to run all my local services and still not so wasteful in terms of Power consumption and Space requirement like a "real" Server and it is fanless.

Due to the gained CPU Power and a bit more flexibility over my previous used pfBlockerNG, I decided to give pihole a try. If you do not Know Pihole, in short: A local GUI Managed Filtering DNS Cache using Blocklists to block Malware/Ads/phising/... you could say a "uBlock Origin" server based.
 

docker-compose and pihole

Instead of Running the pihole directly on my Ubuntu LTS I decided to go the Docker way, should give me a much easier way to update it. Instead of the "manual" docker way I prefer to go with docker-compose. That's a tool for easily manage, upgrade and deploy docker containers / images by just one Config file. So what you need to do is actually very simple. First install docker and docker-compose package on your system, in Ubuntu this is:
apt update
apt install docker docker-compose
Bash
Docker-compose is handling everything for you, only thing you need to tell is what to do exactly in a YML Config. This is mine:

docker-compose.yml
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Europe/Berlin'
      # WEBPASSWORD: 'set a secure password here or it will be random'
      WEBPASSWORD: 'yourTopSecretPassword!'
      INTERFACE: 'eno1'
      DNSMASQ_USER: 'pihole'
    # Volumes store your data between container upgrades
    volumes:
       - './etc-pihole/:/etc/pihole/'
       - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    # first always should be 127.0.0.1 the second here should be your router or
    # a public available DNS. Those are not your pihole upstream servers later used!
    # The pihole upstream servers can be configured in the GUI Later.
    dns:
      - 127.0.0.1
      - 1.1.1.1
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
      - CAP_NET_BIND_SERVICE
      - CAP_NET_RAW
    restart: unless-stopped
YAML
So to get started best is to create a new user named pihole and in it's homedir create above docker-compose.yml after that make sure you are in the same directory (cd /home/pihole) and you can install everything with the command docker-compose up

You should now see docker-compose downloading and installing the new container and spawning it, when it's done check the pihole admin interface at /admin in your webbrowser and use the previous set password to login. If everything works as intended you can use your pihole local IP as DNS Server for your clients. In my case I do not use piholes DHCP Server Feature, instead I let my router (pfSense) distribute my piholes IP as DNS to my LAN Clients and created some rules to forbid all other tcp/udp Port 53 Outgoing Traffic for LAN Clients with exception the pihole itself.

To start it in background you can use docker-compose start command, also make sure that docker itself is auto started after boot by systemctl enable docker

Useful is the command docker-compose logs to see the recent logs of the composer and container.

Another useful thing is adding a Alias to your bash aliases. If you run pihole without a container you can use the pihole command to see the live log or issu some commands like adding Whitelist entries from CLI and so on. In a docker conatiner you can't run the pihole binary just in the cli, you need to run it thorugh docker exec. As a Shortcut you can add this to your ~/.bash_aliases
alias pihole='docker exec pihole pihole $@'
Bash
After relogin to your shell you now have the direct pihole cli available. For example you can now tail the pihole live log with pihole -t

So basically thats it. Having a pihole Running in 5 minutes. Next thing to add is full internal IPv6 Support.

Update: I was asked what List's I can recommend for pihole - well that is a very personal decission. Most ppl do not need the China List for Example, but because we use a lot of chinese websites here it is a welcome addition for me. I can only give one Tip, whatever lists you choose - have a look that they are regulary maintained and old non existing hosts removed. Here is a gist with my current (tbc) used Lists.
 

How to update pihole docker?

Due your config is saved outside the actual container it is really just a pull, stop and run. Very simple, no headache.
docker pull pihole/pihole
docker-compose down
docker-compose up -d
Bash




✉ MG// CEST

Follow Icon
Don’t miss out and subscribe by email:
Don't worry! NO Spam and FREE; Receive a summarizing email for new posts, easy to unsubscribe at any time.
← Other Blog Posts