Updated README

-More clarity around initial setup on host
-Added how-to on updating
This commit is contained in:
Chris Crowe 2019-02-05 07:24:21 -08:00
parent 781da82008
commit fa12905e9e

View file

@ -6,12 +6,39 @@
Running Pi-Hole in Docker can be challenging due to networking requirements by Pi-Hole, this is especially true when the ports that Pi-Hole uses are shared by the host it's running on (this is true for Synology in the default configuration).
This project uses a [`macvlan` Docker network](https://docs.docker.com/network/macvlan/) to place your containers on your main network, with their own IP addresses and MAC addresses. Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) upstream in order to support DNSSEC and DNS-over-TLS.
This project uses a [`macvlan` Docker network](https://docs.docker.com/network/macvlan/) to place your containers on your main network, with their own IP addresses and MAC addresses.
- This docker-compose runs the following 2 containers
- Pi-Hole ([pihole/pihole](https://hub.docker.com/r/pihole/pihole)) - Official from Pi-Hole
- Unbound ([mvance/unbound](https://hub.docker.com/r/mvance/unbound)) - There are several choices here but I like this one the best
Pi-Hole uses Unbound as it's resolver, and Unbound uses Cloudflare (1.1.1.1) and CleanBrowsing upstream in order to support DNSSEC and DNS-over-TLS. **This is an important detail** about this particular setup-- we are not making queries direct to the root servers as some of the Pi-Hole docs show in their examples. Here's a snippet from the [Unbound config](https://github.com/MatthewVance/unbound-docker/blob/master/1.8.3/unbound.sh) (v1.8.3 as of writing this doc) showing what's happening:
```
...
forward-zone:
# Forward all queries (except those in cache and local zone) to
# upstream recursive servers
name: "."
# Queries to this forward zone use TLS
forward-tls-upstream: yes
# https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers
# Cloudflare
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# CleanBrowsing
forward-addr: 185.228.168.9@853#security-filter-dns.cleanbrowsing.org
forward-addr: 185.228.169.9@853#security-filter-dns.cleanbrowsing.org
...
```
If you want to change any of this Unbound config then you can fork MatthewVance's [unbound-docker repo](https://github.com/MatthewVance/unbound-docker) and modify his `unbound.sh` file.
## Instructions
@ -25,7 +52,22 @@ This project uses a [`macvlan` Docker network](https://docs.docker.com/network/m
### Run it!
Copy the files up to your Docker host (eg Synology)
On client machine:
```bash
# Make sure the target directory exists first!
# Can use something like `mkdir -p /volume1/docker/pihole-unbound`
cd docker-pihole-unbound
scp -r ./* myuser@synology.local:/volume1/docker/pihole-unbound/
```
On the Docker host (eg Synology)
```bash
cd /volume1/docker/pihole-unbound
sudo docker-compose up -d
```
@ -58,6 +100,16 @@ If all looks good, configure your router/DHCP server to serve your new Pi-Hole I
> Note: it may take some time for the current DHCP leases to renew and for clients to get the new DNS service info -- generally the default is 24 hours or less.
### Update it!
When updated container images are released you can execute these commands on your Docker host to pull them in and run them
```bash
cd /volume1/docker/pihole-unbound
sudo docker-compose down
sudo docker-compose pull
sudo docker-compose up -d
```
## Acknowledgements