Compare commits
27 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
33cebb3cfe | ||
|
|
55c88afaf8 | ||
|
|
96038ebbfa | ||
|
|
226fddf83a | ||
|
|
025a0a20c3 | ||
|
e936dbb95c | ||
|
d60ebfcd7d | ||
|
|
ecee22c5f9 | ||
|
2dd3f775c6 | ||
|
77c9778f61 | ||
|
|
8c1172acbc | ||
|
|
0e8351772a | ||
|
|
068d970f9e | ||
|
|
45a04753ff | ||
|
|
9c405c39e4 | ||
|
84741c9c1f | ||
|
0206d8049a | ||
|
|
d7741de332 | ||
|
|
d378aa3efb | ||
|
|
0a0b7ceb0c | ||
|
|
0814098044 | ||
|
|
0c87b090e1 | ||
|
|
5969c76ee1 | ||
|
5292809c0a | ||
|
adabe4c786 | ||
|
|
5d990c297b | ||
|
|
8cb2c34de4 |
10 changed files with 77 additions and 46 deletions
|
|
@ -10,25 +10,25 @@ The base image for the container is the [official Pi-Hole container](https://hub
|
||||||
|
|
||||||
First create a `.env` file to substitute variables for your deployment.
|
First create a `.env` file to substitute variables for your deployment.
|
||||||
|
|
||||||
|
### Pi-hole environment variables
|
||||||
|
|
||||||
### Required environment variables
|
> Vars and descriptions replicated from the [official pihole container](https://github.com/pi-hole/docker-pi-hole/#environment-variables):
|
||||||
|
|
||||||
> Vars and descriptions replicated from the [official pihole container](https://github.com/pi-hole/docker-pi-hole/):
|
| Variable | Default | Value | Description |
|
||||||
|
| -------- | ------- | ----- | ---------- |
|
||||||
| Docker Environment Var | Description|
|
| `TZ` | UTC | `<Timezone>` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
|
||||||
| --- | --- |
|
| `WEBPASSWORD` | random | `<Admin password>` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
|
||||||
| `ServerIP: <Host's IP>`<br/> | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address
|
| `FTLCONF_LOCAL_IPV4` | unset | `<Host's IP>` | Set to your server's LAN IP, used by web block modes and lighttpd bind address.
|
||||||
| `TZ: <Timezone>`<br/> | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
|
| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution |
|
||||||
| `WEBPASSWORD: <Admin password>`<br/> | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
|
| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
|
||||||
| `REV_SERVER: <"true"\|"false">`<br/> | Enable DNS conditional forwarding for device name resolution
|
| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router |
|
||||||
| `REV_SERVER_DOMAIN: <Network Domain>`<br/> | If conditional forwarding is enabled, set the domain of the local network router
|
| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) |
|
||||||
| `REV_SERVER_TARGET: <Router's IP>`<br/> | If conditional forwarding is enabled, set the IP of the local network router
|
| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"lcars">`| User interface theme to use.
|
||||||
| `REV_SERVER_CIDR: <Reverse DNS>`<br/>| If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`)
|
|
||||||
|
|
||||||
Example `.env` file in the same directory as your `docker-compose.yaml` file:
|
Example `.env` file in the same directory as your `docker-compose.yaml` file:
|
||||||
|
|
||||||
```
|
```
|
||||||
ServerIP=192.168.1.10
|
FTLCONF_LOCAL_IPV4=192.168.1.10
|
||||||
TZ=America/Los_Angeles
|
TZ=America/Los_Angeles
|
||||||
WEBPASSWORD=QWERTY123456asdfASDF
|
WEBPASSWORD=QWERTY123456asdfASDF
|
||||||
REV_SERVER=true
|
REV_SERVER=true
|
||||||
|
|
@ -37,10 +37,14 @@ REV_SERVER_TARGET=192.168.1.1
|
||||||
REV_SERVER_CIDR=192.168.0.0/16
|
REV_SERVER_CIDR=192.168.0.0/16
|
||||||
HOSTNAME=pihole
|
HOSTNAME=pihole
|
||||||
DOMAIN_NAME=pihole.local
|
DOMAIN_NAME=pihole.local
|
||||||
|
PIHOLE_WEBPORT=80
|
||||||
|
WEBTHEME=default-light
|
||||||
```
|
```
|
||||||
|
|
||||||
### Using Portainer stacks?
|
### Using Portainer stacks?
|
||||||
|
|
||||||
|
> 2022-3-11: I'm being told that the advice below is no longer true in Portainer. If you're using Portainer, first try it without removing the volumes declaration and see if it works.
|
||||||
|
|
||||||
Portainer stacks are a little weird and don't want you to declare your named volumes, so remove this block from the top of the `docker-compose.yaml` file before copy/pasting into Portainer's stack editor:
|
Portainer stacks are a little weird and don't want you to declare your named volumes, so remove this block from the top of the `docker-compose.yaml` file before copy/pasting into Portainer's stack editor:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
version: '2'
|
version: '3.0'
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
etc_pihole-unbound:
|
etc_pihole-unbound:
|
||||||
|
|
@ -14,22 +14,22 @@ services:
|
||||||
- 443:443/tcp
|
- 443:443/tcp
|
||||||
- 53:53/tcp
|
- 53:53/tcp
|
||||||
- 53:53/udp
|
- 53:53/udp
|
||||||
- 80:80/tcp
|
- ${PIHOLE_WEBPORT:-80}:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
|
||||||
# - 5335:5335/tcp # Uncomment to enable unbound access on local server
|
# - 5335:5335/tcp # Uncomment to enable unbound access on local server
|
||||||
# - 22/tcp # Uncomment to enable SSH
|
# - 22/tcp # Uncomment to enable SSH
|
||||||
environment:
|
environment:
|
||||||
ServerIP: ${ServerIP}
|
- FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
|
||||||
TZ: ${TZ}
|
- TZ=${TZ:-UTC}
|
||||||
WEBPASSWORD: ${WEBPASSWORD}
|
- WEBPASSWORD=${WEBPASSWORD}
|
||||||
REV_SERVER: ${REV_SERVER}
|
- WEBTHEME=${WEBTHEME:-default-light}
|
||||||
REV_SERVER_TARGET: ${REV_SERVER_TARGET}
|
- REV_SERVER=${REV_SERVER:-false}
|
||||||
REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
|
- REV_SERVER_TARGET=${REV_SERVER_TARGET}
|
||||||
REV_SERVER_CIDR: ${REV_SERVER_CIDR}
|
- REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
|
||||||
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
|
- REV_SERVER_CIDR=${REV_SERVER_CIDR}
|
||||||
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
|
- PIHOLE_DNS_=127.0.0.1#5335
|
||||||
DNSSEC: "true" # Enable DNSSEC
|
- DNSSEC="true"
|
||||||
|
- DNSMASQ_LISTENING=single
|
||||||
volumes:
|
volumes:
|
||||||
- etc_pihole-unbound:/etc/pihole:rw
|
- etc_pihole-unbound:/etc/pihole:rw
|
||||||
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
|
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
|
|
|
||||||
1
one-container/pihole-unbound/99-edns.conf
Normal file
1
one-container/pihole-unbound/99-edns.conf
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
edns-packet-max=1232
|
||||||
|
|
@ -1,9 +1,12 @@
|
||||||
FROM pihole/pihole:2021.10.1
|
ARG PIHOLE_VERSION
|
||||||
|
FROM pihole/pihole:${PIHOLE_VERSION:-latest}
|
||||||
RUN apt update && apt install -y unbound
|
RUN apt update && apt install -y unbound
|
||||||
|
|
||||||
COPY lighttpd-external.conf /etc/lighttpd/external.conf
|
COPY lighttpd-external.conf /etc/lighttpd/external.conf
|
||||||
COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pi-hole.conf
|
COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pi-hole.conf
|
||||||
COPY start_unbound_and_s6_init.sh start_unbound_and_s6_init.sh
|
COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf
|
||||||
|
RUN mkdir -p /etc/services.d/unbound
|
||||||
|
COPY unbound-run /etc/services.d/unbound/run
|
||||||
|
|
||||||
|
ENTRYPOINT ./s6-init
|
||||||
|
|
||||||
RUN chmod +x start_unbound_and_s6_init.sh
|
|
||||||
ENTRYPOINT ./start_unbound_and_s6_init.sh
|
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
2021.10.1
|
2023.05.2
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Run this once: docker buildx create --use --name build --node build --driver-opt network=host
|
# Run this once: docker buildx create --use --name build --node build --driver-opt network=host
|
||||||
docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:`cat VERSION` --push .
|
PIHOLE_VER=`cat VERSION`
|
||||||
docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:latest --push .
|
docker buildx build --build-arg PIHOLE_VERSION=$PIHOLE_VER --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:$PIHOLE_VER --push .
|
||||||
|
docker buildx build --build-arg PIHOLE_VERSION=$PIHOLE_VER --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:latest --push .
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
/etc/init.d/unbound start
|
|
||||||
/s6-init
|
|
||||||
|
|
@ -34,7 +34,7 @@ server:
|
||||||
|
|
||||||
# Reduce EDNS reassembly buffer size.
|
# Reduce EDNS reassembly buffer size.
|
||||||
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
||||||
edns-buffer-size: 1472
|
edns-buffer-size: 1232
|
||||||
|
|
||||||
# Perform prefetching of close to expired message cache entries
|
# Perform prefetching of close to expired message cache entries
|
||||||
# This only applies to domains that have been frequently queried
|
# This only applies to domains that have been frequently queried
|
||||||
|
|
@ -44,7 +44,8 @@ server:
|
||||||
num-threads: 1
|
num-threads: 1
|
||||||
|
|
||||||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||||||
so-rcvbuf: 1m
|
# Be aware that if enabled (requires CAP_NET_ADMIN or privileged), the kernel buffer must have the defined amount of memory, if not, a warning will be raised.
|
||||||
|
#so-rcvbuf: 1m
|
||||||
|
|
||||||
# Ensure privacy of local IP ranges
|
# Ensure privacy of local IP ranges
|
||||||
private-address: 192.168.0.0/16
|
private-address: 192.168.0.0/16
|
||||||
|
|
|
||||||
25
one-container/pihole-unbound/unbound-run
Executable file
25
one-container/pihole-unbound/unbound-run
Executable file
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/command/with-contenv bash
|
||||||
|
|
||||||
|
s6-echo "Starting unbound"
|
||||||
|
|
||||||
|
NAME="unbound"
|
||||||
|
DESC="DNS server"
|
||||||
|
DAEMON="/usr/sbin/unbound"
|
||||||
|
PIDFILE="/run/unbound.pid"
|
||||||
|
|
||||||
|
HELPER="/usr/lib/unbound/package-helper"
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
|
||||||
|
# Override this variable by editing or creating /etc/default/unbound.
|
||||||
|
DAEMON_OPTS=""
|
||||||
|
|
||||||
|
if [ -f /etc/default/unbound ]; then
|
||||||
|
. /etc/default/unbound
|
||||||
|
fi
|
||||||
|
|
||||||
|
$HELPER chroot_setup
|
||||||
|
$HELPER root_trust_anchor_update 2>&1 | logger -p daemon.info -t unbound-anchor
|
||||||
|
|
||||||
|
$DAEMON -d $DAEMON_OPTS
|
||||||
|
|
||||||
|
|
@ -16,10 +16,9 @@ services:
|
||||||
- 80/tcp
|
- 80/tcp
|
||||||
- 22/tcp
|
- 22/tcp
|
||||||
environment:
|
environment:
|
||||||
ServerIP: 192.168.1.5
|
- FTLCONF_LOCAL_IPV4=192.168.1.5
|
||||||
WEBPASSWORD: ${WEBPASSWORD}
|
- WEBPASSWORD=${WEBPASSWORD}
|
||||||
DNS1: 192.168.1.6
|
- PIHOLE_DNS_=192.168.1.6;192.168.1.13
|
||||||
DNS2: 192.168.1.13
|
|
||||||
volumes:
|
volumes:
|
||||||
- /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
|
- /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
|
||||||
- /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
|
- /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue