Recently I moved from my old PI3B to a Intel NUC i3 as my "Home Server" enough power to run all my local services and still not so wasteful in terms of Power consumption and Space requirement like a "real" Server and it is fanless.
Due to the gained CPU Power and a bit more flexibility over my previous used pfBlockerNG, I decided to give pihole a try. If you do not Know Pihole, in short: A local GUI Managed Filtering DNS Cache using Blocklists to block Malware/Ads/phising/... you could say a "uBlock Origin" server based.
docker-compose and piholeInstead of Running the pihole directly on my Ubuntu LTS I decided to go the Docker way, should give me a much easier way to update it. Instead of the "manual" docker way I prefer to go with docker-compose. That's a tool for easily manage, upgrade and deploy docker containers / images by just one Config file. So what you need to do is actually very simple. First install docker and docker-compose package on your system, in Ubuntu this is:
Docker-compose is handling everything for you, only thing you need to tell is what to do exactly in a YML Config. This is mine:
apt update apt install docker docker-compose
So to get started best is to create a new user named pihole and in it's homedir create above docker-compose.yml after that make sure you are in the same directory (cd /home/pihole) and you can install everything with the command docker-compose up
version: "3" # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: pihole: container_name: pihole image: pihole/pihole:latest ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "80:80/tcp" - "443:443/tcp" environment: TZ: 'Europe/Berlin' # WEBPASSWORD: 'set a secure password here or it will be random' WEBPASSWORD: 'yourTopSecretPassword!' INTERFACE: 'eno1' DNSMASQ_USER: 'pihole' # Volumes store your data between container upgrades volumes: - './etc-pihole/:/etc/pihole/' - './etc-dnsmasq.d/:/etc/dnsmasq.d/' # first always should be 127.0.0.1 the second here should be your router or # a public available DNS. Those are not your pihole upstream servers later used! # The pihole upstream servers can be configured in the GUI Later. dns: - 127.0.0.1 - 18.104.22.168 # Recommended but not required (DHCP needs NET_ADMIN) # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities cap_add: - NET_ADMIN - CAP_NET_BIND_SERVICE - CAP_NET_RAW restart: unless-stopped
You should now see docker-compose downloading and installing the new container and spawning it, when it's done check the pihole admin interface at /admin in your webbrowser and use the previous set password to login. If everything works as intended you can use your pihole local IP as DNS Server for your clients. In my case I do not use piholes DHCP Server Feature, instead I let my router (pfSense) distribute my piholes IP as DNS to my LAN Clients and created some rules to forbid all other tcp/udp Port 53 Outgoing Traffic for LAN Clients with exception the pihole itself.
To start it in background you can use docker-compose start command, also make sure that docker itself is auto started after boot by systemctl enable docker
Useful is the command docker-compose logs to see the recent logs of the composer and container.
Another useful thing is adding a Alias to your bash aliases. If you run pihole without a container you can use the pihole command to see the live log or issu some commands like adding Whitelist entries from CLI and so on. In a docker conatiner you can't run the pihole binary just in the cli, you need to run it thorugh docker exec. As a Shortcut you can add this to your ~/.bash_aliases
After relogin to your shell you now have the direct pihole cli available. For example you can now tail the pihole live log with pihole -t
alias pihole='docker exec pihole pihole [email protected]'
So basically thats it. Having a pihole Running in 5 minutes. Next thing to add is full internal IPv6 Support.
Update: I was asked what List's I can recommend for pihole - well that is a very personal decission. Most ppl do not need the China List for Example, but because we use a lot of chinese websites here it is a welcome addition for me. I can only give one Tip, whatever lists you choose - have a look that they are regulary maintained and old non existing hosts removed. Here is a gist with my current (tbc) used Lists.