pihole

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
pihole [2020/08/06 14:53]
Stephane de Labrusse [Pihole wrapper]
pihole [2022/02/15 19:30] (current)
Stephane de Labrusse
Line 1: Line 1:
 {{page>stephdl_donate}} {{page>stephdl_donate}}
  
-===== Pihole =====+===== Pihole (ads killer)=====
 <wrap hi>Available for NS7</wrap> <wrap hi>Available for NS7</wrap>
  
Line 8: Line 8:
 Pi-hole has the ability to block traditional website advertisements as well as advertisements in unconventional places, such as smart TVs and mobile operating system advertisements. Pi-hole has the ability to block traditional website advertisements as well as advertisements in unconventional places, such as smart TVs and mobile operating system advertisements.
  
-nethserver-pihole relie on nethserver-docker, you will run a docker container either on the ``aeria`` network (experimental) or on the ``macvlan`` network (Recommended). Saying that the pihole container will have an IP on your network, you will just have to set in the DHCP server of your network that the DNS server is the IP of pihole+nethserver-pihole relie on nethserver-docker, you will run a docker container either on the ''aeria'' network (experimental) on the ''macvlan'' network or on the ''aqua'' network (Recommended). You will just have to set in the DHCP server of your network that the DNS server is the IP of pihole (for ''aeria'' and ''macvlan'' network) or the NethServer (for ''aqua'' network)
  
 ====Maintainer==== ====Maintainer====
Line 20: Line 20:
  
   yum install nethserver-pihole --enablerepo=stephdl   yum install nethserver-pihole --enablerepo=stephdl
 +
 +===aqua===
 +if you have decided to use the ''aeria network'', please jump to the next [[pihole#aeria|chapter]]. If you want to use ''macvlan network'', please jump to the chapter [[pihole#macvlan|below]] 
 +
 +''aqua'' is the network for all containers on NethServer, all containers can contact each others, the host can contact the container, it is fast and secure. You have no special network configuration to do but the hosts on your local network cannot contact directly the container of pihole. You have to set the DNS server of your host to the NethServer IP and set the container IP as the DNS server of your NethServer.
 +
 +<WRAP center round tip 60%>
 +The aqua network got a cons, the DNS requests are seen from the NethServer, you cannot know which host is initiating the request 
 +</WRAP>
 +
 +  * We have to set the network of the pihole container, do: 
 +
 +<file>
 +config setprop pihole piholeNetwork aqua
 +</file>
 +
 +go to create the container, please jump to the next [[pihole#create_the_container|chapter]] 
 +
 +Once the container is up
 +  * Go to the cockpit dashboard, set the IP of the primary DNS server to the IP ''172.28.45.1'' (default of the pihole container). Alternatively you can set also a second dns server if needed ''172.28.45.1,8.8.8.8'' (for example)
 +  * Then use NethServer as the DNS server of your network (by adding it manually in each host or by DHCP)
 +
  
 ===Macvlan=== ===Macvlan===
-if you have decided to use the `aeria network`, please jump to the next [[pihole#aeria|chapter]] +if you have decided to use the ''aeria network'', please jump to the next [[pihole#aeria|chapter]] 
  
 Macvlan is particuliar network, this is the documentation for explanation, please refer there to understand: https://github.com/NethServer/nethserver-docker/blob/master/README.rst#macvlan Macvlan is particuliar network, this is the documentation for explanation, please refer there to understand: https://github.com/NethServer/nethserver-docker/blob/master/README.rst#macvlan
  
 <WRAP center round tip 60%> <WRAP center round tip 60%>
-You must have a bridge, here called `br0`, if you have installed SAMBA AD, then it is already created. Else you can use the network panel to make it available.+You must have a bridge, here called ''br0'', if you have installed SAMBA AD, then it is already created. Else you can use the network panel to make it available.
 </WRAP> </WRAP>
  
-```+ 
 +<file>
 config setprop  docker macVlanGateway 192.168.1.1 macVlanLocalNetwork 192.168.1.0/24 macVlanNetwork 192.168.1.224/27 macVlanNic br0 config setprop  docker macVlanGateway 192.168.1.1 macVlanLocalNetwork 192.168.1.0/24 macVlanNetwork 192.168.1.224/27 macVlanNic br0
 signal-event nethserver-docker-update signal-event nethserver-docker-update
-```+</file>
  
-- check macvlan is up : `docker network ls` 
-- then assign `macvlan` to `piholeNetwork` and set the IP to `piholeMacVlanIP` (in macvlan range) 
  
-```+- check macvlan is up : ''docker network ls'' 
 +- then assign ''macvlan'' to ''piholeNetwork'' and set the IP to ''piholeMacVlanIP'' (in macvlan range) 
 + 
 + 
 +<file>
 config setprop pihole piholeNetwork macvlan piholeMacVlanIP 192.168.1.234 config setprop pihole piholeNetwork macvlan piholeMacVlanIP 192.168.1.234
-```+</file> 
 + 
 +go to create the container, please jump to the next [[pihole#create_the_container|chapter]]  
 === Aeria === === Aeria ===
  
-if you have decided to use the `macvlan network`, please jump to the next [[pihole#create_the_container|chapter]] +if you have decided to use the ''macvlan network'' or ''aqua network'', please jump to the next [[pihole#create_the_container|chapter]] 
  
 To create the AERIA network please review https://github.com/NethServer/nethserver-docker/blob/master/README.rst#aeria-network To create the AERIA network please review https://github.com/NethServer/nethserver-docker/blob/master/README.rst#aeria-network
 <WRAP center round tip 60%> <WRAP center round tip 60%>
-You must have a bridge, here called `br0`, if you have installed SAMBA AD, then it is already created. Else you can use the network panel to make it available.+You must have a bridge, here called ''br0'', if you have installed SAMBA AD, then it is already created. Else you can use the network panel to make it available.
 </WRAP> </WRAP>
  
-```+ 
 +<file>
 config setprop docker bridgeAeria br0 config setprop docker bridgeAeria br0
 signal-event nethserver-docker-update signal-event nethserver-docker-update
-``` +</file>
-- check aeria is up : `docker network ls`+
  
-then assign `aeria` to piholeNetwork+check aeria is up : ''docker network ls''
  
-`config setprop pihole piholeNetwork aeria`+- then assign ''aeria'' to piholeNetwork 
 + 
 +''config setprop pihole piholeNetwork aeria'' 
 + 
 +go to create the container, please jump to the next [[pihole#create_the_container|chapter]] 
  
 === Create the container === === Create the container ===
  
-review the pihole conf : `config show pihole`+review the pihole conf : ''config show pihole'' 
  
-```+<file>
 pihole=configuration pihole=configuration
     DNS1=8.8.8.8    #upstream dns     DNS1=8.8.8.8    #upstream dns
     DNS2=8.8.4.4    #upstream dns     DNS2=8.8.4.4    #upstream dns
     mac=00:60:2f:0a:66:06    # once generated, it is static mac     mac=00:60:2f:0a:66:06    # once generated, it is static mac
 +    PhpMemoryLimit=512M
     password=admin  #web admin password     password=admin  #web admin password
     piholeMacVlanIP=192.168.1.234     piholeMacVlanIP=192.168.1.234
     piholeNetwork=macvlan     piholeNetwork=macvlan
     timezone=UTC     timezone=UTC
-```+</file>
  
-- change the admin password (default is `admin`)+ 
 +- change the admin password (default is ''admin'')
  
 By default the password is admin, you should change it obviously, once created with a password, you must destroy the container, change the password and create it again. By default the password is admin, you should change it obviously, once created with a password, you must destroy the container, change the password and create it again.
  
-`config setprop docker password azertyuiop`+<file> 
 +config setprop pihole password azertyuiop 
 +</file>
  
  
Line 90: Line 127:
 If you want to filter porn, set DNS1 and DNS2 to  If you want to filter porn, set DNS1 and DNS2 to 
  
-```+ 
 +<file>
 Family filter Family filter
     DNS1=185.228.168.168    #upstream dns     DNS1=185.228.168.168    #upstream dns
     DNS2=185.228.169.168    #upstream dns     DNS2=185.228.169.168    #upstream dns
-``` +
-```+
 Adult filter Adult filter
     DNS1=185.228.168.10    #upstream dns     DNS1=185.228.168.10    #upstream dns
     DNS2=185.228.169.11    #upstream dns     DNS2=185.228.169.11    #upstream dns
-```+</file> 
 set DNS1 and DNS2 accordingly set DNS1 and DNS2 accordingly
-```+ 
 +<file>
 config setprop pihole DNS1 185.228.168.168 DNS2 185.228.169.168 config setprop pihole DNS1 185.228.168.168 DNS2 185.228.169.168
-```+ 
 +</file>
 or or
  
-```+ 
 +<file>
 config setprop pihole DNS1 185.228.168.10 DNS2 185.228.169.11 config setprop pihole DNS1 185.228.168.10 DNS2 185.228.169.11
-```+</file>
  
 - trigger the event to create the container - trigger the event to create the container
  
-```+ 
 +<file>
 signal-event nethserver-pihole-update signal-event nethserver-pihole-update
-```+</file>
  
 - The time depends of your internet bandwith - The time depends of your internet bandwith
Line 120: Line 162:
 - check docker pihole is up :  - check docker pihole is up : 
  
-`docker ps`+''docker ps''
  
-`pihole status`+''pihole status''
  
 +=== Modify the PHP CGI memory limit ===
 +
 +The php memory limit for CGI is set to 512M, this should be good but when you browse the long-term data graphs you might need to increase it
 +
 +<file>
 +config setprop pihole PhpMemoryLimit 1024M
 +signal-event nethserver-pihole-update
 +pihole upgrade
 +</file>
 ==== Documentation ==== ==== Documentation ====
  
Line 130: Line 181:
 ==== Where to start ==== ==== Where to start ====
  
-Once installed pihole is available at the ip of the container, to find it do `pihole ipin the terminal, use the IP of the container in your browser, then log with the credential `adminand the password set in the `passwordesmith property+  * for ''macvlan'' or ''aeria'' 
 +Once installed pihole is available at the ip of the container, to find it do ''pihole ip'' in the terminal, use the IP of the container in your browser, then log with the credential ''admin'' and the password set in the ''password'' esmith property 
 + 
 +  * for ''aqua''
  
 +Once installed pihole is available at the https://pi.hole, then log with the credential ''admin'' and the password set in the ''password'' esmith property
  
 ====Making devices use Pi-hole==== ====Making devices use Pi-hole====
Line 148: Line 203:
 ==== Pihole wrapper ==== ==== Pihole wrapper ====
  
-do `piholein your terminal to get help+do ''pihole'' in your terminal to get help
  
 pihole facilities wrapper to docker command pihole facilities wrapper to docker command
Line 169: Line 224:
 As many docker container the upgrade of a container means you must destroy it before As many docker container the upgrade of a container means you must destroy it before
  
-`pihole build`+''pihole upgrade''
  
-delete then build again the container+Upgrade the docker image, delete then build again the container
  
 ====Backup==== ====Backup====
-All the container data are in `/var/lib/pihole`, it is included in the backup-data of your NethServer if used.+All the container data are in ''/var/lib/pihole'', it is included in the backup-data of your NethServer if used.
 ====Bugs==== ====Bugs====