Updating README and cleaning up docker-compose
This commit is contained in:
Chris Crowe
parent
6bfcb147fe
commit
a4c8e0932f
2 changed files with 50 additions and 6 deletions
50
README.md
50
README.md
|
|
@ -1,4 +1,52 @@
|
|||
# docker-pihole-unbound
|
||||
# Pi-Hole + Unbound on Docker (works on Synology)
|
||||
|
||||
## Description
|
||||
|
||||
Running Pi-Hole in Docker can be challenging due to networking requirements by Pi-Hole, this is especially true when the ports that Pi-Hole uses are shared by the host it's running on (this is true for Synology in the default configuration).
|
||||
|
||||
This project uses a [`macvlan` Docker network](https://docs.docker.com/network/macvlan/) to place your containers on your main network, with their own IP addresses and MAC addresses. Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) upstream in order to support DNSSEC and DNS-over-TLS.
|
||||
|
||||
- Uses 2 Containers
|
||||
- Pi-Hole ([pihole/pihole](https://hub.docker.com/r/pihole/pihole)) - Official from Pi-Hole
|
||||
- Unbound ([mvance/unbound](https://hub.docker.com/r/mvance/unbound))
|
||||
|
||||
## Instructions
|
||||
|
||||
#### Before running
|
||||
|
||||
- Update some things in the docker compose, such as your IP addresses/subnets.
|
||||
- Add a `.env` file next to the docker-compose.yaml so you can pass in the `${WEBPASSWORD}`
|
||||
- Update the secondary/backup nameserver in the `resolv.conf` file
|
||||
- Lastly you might want to provide some manual DNS entries in the `dnsmasq.conf` and/or `hosts` files
|
||||
|
||||
#### Then run it
|
||||
|
||||
```bash
|
||||
sudo docker-compose up -d
|
||||
```
|
||||
|
||||
#### After
|
||||
|
||||
Test your configuration with dig:
|
||||
|
||||
```bash
|
||||
dig @192.168.1.248 google.com
|
||||
# Expecting "status: NOERROR"
|
||||
```
|
||||
|
||||
You can also test for DNSSEC functionality:
|
||||
|
||||
```bash
|
||||
dig sigfail.verteiltesysteme.net @ 192.168.1.248
|
||||
# Expecting "status: SERVFAIL"
|
||||
|
||||
dig sigok.verteiltesysteme.net @ 192.168.1.248
|
||||
# Expecting "status: NOERROR"
|
||||
```
|
||||
|
||||
If all looks good, configure your router/DHCP server to serve your new Pi-Hole IP address (`192.168.1.248`) to your clients.
|
||||
|
||||
|
||||
|
||||
### Acknowledgements
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ services:
|
|||
container_name: pihole
|
||||
image: pihole/pihole:latest
|
||||
hostname: syn-hole
|
||||
# domainname: my.network
|
||||
mac_address: d0:ca:ab:cd:ef:01
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
|
|
@ -13,12 +12,11 @@ services:
|
|||
- 443/tcp
|
||||
- 53/tcp
|
||||
- 53/udp
|
||||
# - 67/udp
|
||||
# - 67/udp # Uncomment if you want to use Pi-Hole for DHCP
|
||||
- 80/tcp
|
||||
environment:
|
||||
ServerIP: 192.168.1.248
|
||||
WEBPASSWORD: ${WEBPASSWORD}
|
||||
# VIRTUAL_HOST: pihole.my.network
|
||||
DNS1: 192.168.1.249
|
||||
DNS2: 192.168.1.13
|
||||
volumes:
|
||||
|
|
@ -36,8 +34,6 @@ services:
|
|||
image: mvance/unbound:latest
|
||||
hostname: syn-unbound
|
||||
mac_address: d0:ca:ab:cd:ef:02
|
||||
# cap_add:
|
||||
# - NET_ADMIN
|
||||
ports:
|
||||
- 53/tcp
|
||||
- 53/udp
|
||||
|
|
|
|||
Loading…
Reference in a new issue