Pihole is an awesome little DNS Server with Blacklists for Ad Sites and the ideal tool to install a small and powerful ad filter for the whole network (Intro Video here).
As diginc designed an Docker Image around the Pihole server (which was normally run on a RPi :)) - and made it x86, you can also run it on your normal Homeserver :)!
Important things just before we start: The Docker container needs to bind to ports 53 (DNS) and 80 (HTTP) - so, if you need to run your own DNS - that could interfere. If you need port 80 for some other website - you'll have to make an reverse proxy.
To make the setup easier, I wrote an little docker-compose.yml:
pihole: restart: unless-stopped container_name: pihole image: diginc/pi-hole:alpine volumes: - /var/pihole:/etc/pihole environment: - ServerIP=YOURLANIPHERE cap_add: - NET_ADMIN ports: - "53:53/tcp" - "53:53/udp" - "80:80"
You'll need to change the YOURLANIPHERE to the IP Address of your Servers LAN Interface - and you'll need to create the folder /var/pihole and make it writable for your Docker User.
sudo mkdir /var/pihole sudo chown -R MYLINUXUSER:MYLINUXUSER /var/pihole
After that, we can start the service via docker-compose up -d.
You'll have access to the Web interface of pihole on YOURLANIPHERE/admin
However, this interface is NOT protected - so we'll do this now:
docker exec -it pihole /bin/bash # create an password protection for your pihole web interface pihole -a -p somepasswordhere # You can also remove the password by not passing an argument. pihole -a -p
Also, pihole does create a lot of log files, which should be removed from time to time, the block lists should be updated and pihole itself should be updated. This can also be achieved via an cron file, available here.
# [...] # Your container name goes here: DOCKER_NAME=pihole PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # Pi-hole: Update the ad sources once a week on Sunday at 01:59 # Download any updates from the adlists 59 1 * * 7 root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updateGravity > /dev/null # Update docker-pi-hole by pulling the latest docker image ane re-creating your container. # pihole software update commands are unsupported in docker! 30 2 * * 7 root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updatePihole > /dev/null # Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control # Stats will be viewable in the Web interface thanks to the cron job above 00 00 * * * root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole flush > /dev/null
I actually did just open my cron with crontab -e and entered the last lines into there - so that should work. You can now test your new Adblocker by entering the IP of your Server as DNS on your Clients - and if you're happy with it, just replace the DNS server entry on your DHCP server with that IP - to rollout pihole to your complete network :).
More Info:
https://github.com/diginc/docker-pi-hole
https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328
https://www.reddit.com/r/pihole/comments/5rudb3/running_pihole_in_a_docker_container/
Hello,
i use your docker-compose.yml but i get an error 502.
i changed this Part to
ports:
- "55:53/tcp"
- "55:53/udp"
- "8081:80"
Port 53 and 80 already in use.
My Apache config:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://domain.tld:8081/
ProxyPassReverse / https://domain.tld:8081/
Hi Lars,
changing the ports part in the way you did, will map the needed ports for pihole to different ports on your host, so after that, you should be able to access the pihost webpage via http://localhost:8081 on your pc.
But you will have the problem of getting your other pcs in your network to use yourpcsip:55 as DNS server, as the mostly bind to the normal port 53 as DNS.
It looks like you want to access the pi-hole website via an Apache as reverse proxy, which should be fine, except for the part, where you try to get it to access pihole via HTTPS protocol, which won't work, as it should only be giving out HTTP on port 80 -> 8081 on your pc. So, changing that ProxyPass / ProxyPassReverse to http://domain.tld:8081/ (or whetever real domain you have to use there, becasue domain.tld won't work, except you *really* set that up) should work. However, it has been some time since I have been using Apache as reverse proxy, I went for Nginx and especially traefik in the Docker context, as it is more usable - and I should be looking out for haproxy as well - soon, but.. yeah, no time on my hands. Good luck :)! Nico
It works but there is an bug. Dnsmasq won't run inside the docker image. Also no working pihole. I must wait for the dev.
Hello Nico
I Would like to setup Pi-Hole in a docker container on an OpenMediaVault 5 on raspberry Pi 4. Thus far i've succeeded to set my OMV up on a raspberry pi 4 but i am a bit at a loss on how to set pi-hole up in my docker / portainer environement. Would you help me out ?
Hi Stefaan,
sorry I cannot support due to time constraints - and I am currently neither using PiHole nor OMV :).
However, I found a nice video where they explain on how to integrate PiHole in OMV, maybe this clears up things :)!
Best regards,
Nico