simono41/docker-pihole-unbound
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: simono41:main
Branches Tags
simono41:main
simono41:2023.11.0
simono41:2023.05.2
simono41:2023.02.2
simono41:2023.01.10
simono41:2022.12
simono41:2022.11.2
simono41:2022.11.1
simono41:2022.10
simono41:2022.09.3
simono41:2022.08.2
simono41:2022.07.1
simono41:2022.07
simono41:2022.05
simono41:2022.04.3
simono41:2022.04.2
simono41:2022.02.1-2
simono41:2022.02.1
simono41:2022.01.1
simono41:2021.12.1
simono41:2021.10.1
simono41:2021.10
simono41:2021.09
simono41:v5.8.1-1
simono41:v5.8.1
simono41:v5.8
simono41:v5.7-bridge
simono41:v5.7
simono41:v5.6
simono41:v5.5.1
simono41:1.0.0
..
compare: simono41:2022.02.1
Branches Tags
simono41:main
simono41:2023.11.0
simono41:2023.05.2
simono41:2023.02.2
simono41:2023.01.10
simono41:2022.12
simono41:2022.11.2
simono41:2022.11.1
simono41:2022.10
simono41:2022.09.3
simono41:2022.08.2
simono41:2022.07.1
simono41:2022.07
simono41:2022.05
simono41:2022.04.3
simono41:2022.04.2
simono41:2022.02.1-2
simono41:2022.02.1
simono41:2022.01.1
simono41:2021.12.1
simono41:2021.10.1
simono41:2021.10
simono41:2021.09
simono41:v5.8.1-1
simono41:v5.8.1
simono41:v5.8
simono41:v5.7-bridge
simono41:v5.7
simono41:v5.6
simono41:v5.5.1
simono41:1.0.0

No commits in common. "main" and "2022.02.1" have entirely different histories.
main ... 2022.02.1

9 changed files with 35 additions and 66 deletions
Show stats Expand all files Collapse all files

34
one-container/README.md
View file

@ -2,33 +2,33 @@
## Description ## Description
This Docker deployment runs both Pi-Hole and Unbound in a single container. This Docker deployment runs both Pi-Hole and Unbound in a single container.
The base image for the container is the [official Pi-Hole container](https://hub.docker.com/r/pihole/pihole), with an extra build step added to install the Unbound resolver directly into to the container based on [instructions provided directly by the Pi-Hole team](https://docs.pi-hole.net/guides/unbound/). The base image for the container is the [official Pi-Hole container](https://hub.docker.com/r/pihole/pihole), with an extra build step added to install the Unbound resolver directly into to the container based on [instructions provided directly by the Pi-Hole team](https://docs.pi-hole.net/guides/unbound/).
## Usage ## Usage
First create a `.env` file to substitute variables for your deployment. First create a `.env` file to substitute variables for your deployment.
### Pi-hole environment variables
> Vars and descriptions replicated from the [official pihole container](https://github.com/pi-hole/docker-pi-hole/#environment-variables): ### Required environment variables
| Variable | Default | Value | Description | > Vars and descriptions replicated from the [official pihole container](https://github.com/pi-hole/docker-pi-hole/):
| -------- | ------- | ----- | ---------- |
| `TZ` | UTC | `<Timezone>` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. | Docker Environment Var | Description|
| `WEBPASSWORD` | random | `<Admin password>` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. | --- | --- |
| `FTLCONF_LOCAL_IPV4` | unset | `<Host's IP>` | Set to your server's LAN IP, used by web block modes and lighttpd bind address. | `ServerIP: <Host's IP>`<br/> | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address
| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution | | `TZ: <Timezone>`<br/> | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router | | `WEBPASSWORD: <Admin password>`<br/> | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router | | `REV_SERVER: <"true"\|"false">`<br/> | Enable DNS conditional forwarding for device name resolution
| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) | | `REV_SERVER_DOMAIN: <Network Domain>`<br/> | If conditional forwarding is enabled, set the domain of the local network router
| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"lcars">`| User interface theme to use. | `REV_SERVER_TARGET: <Router's IP>`<br/> | If conditional forwarding is enabled, set the IP of the local network router
| `REV_SERVER_CIDR: <Reverse DNS>`<br/>| If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`)
Example `.env` file in the same directory as your `docker-compose.yaml` file: Example `.env` file in the same directory as your `docker-compose.yaml` file:
``` ```
FTLCONF_LOCAL_IPV4=192.168.1.10 ServerIP=192.168.1.10
TZ=America/Los_Angeles TZ=America/Los_Angeles
WEBPASSWORD=QWERTY123456asdfASDF WEBPASSWORD=QWERTY123456asdfASDF
REV_SERVER=true REV_SERVER=true
@ -37,14 +37,10 @@ REV_SERVER_TARGET=192.168.1.1
REV_SERVER_CIDR=192.168.0.0/16 REV_SERVER_CIDR=192.168.0.0/16
HOSTNAME=pihole HOSTNAME=pihole
DOMAIN_NAME=pihole.local DOMAIN_NAME=pihole.local
PIHOLE_WEBPORT=80
WEBTHEME=default-light
``` ```
### Using Portainer stacks? ### Using Portainer stacks?
> 2022-3-11: I'm being told that the advice below is no longer true in Portainer. If you're using Portainer, first try it without removing the volumes declaration and see if it works.
Portainer stacks are a little weird and don't want you to declare your named volumes, so remove this block from the top of the `docker-compose.yaml` file before copy/pasting into Portainer's stack editor: Portainer stacks are a little weird and don't want you to declare your named volumes, so remove this block from the top of the `docker-compose.yaml` file before copy/pasting into Portainer's stack editor:
```yaml ```yaml

13
one-container/docker-compose.yaml
View file

@ -1,4 +1,4 @@
version: '3.0' version: '2'
volumes: volumes:
etc_pihole-unbound: etc_pihole-unbound:
@ -14,22 +14,21 @@ services:
- 443:443/tcp - 443:443/tcp
- 53:53/tcp - 53:53/tcp
- 53:53/udp - 53:53/udp
- ${PIHOLE_WEBPORT:-80}:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80 - 80:80/tcp
# - 5335:5335/tcp # Uncomment to enable unbound access on local server # - 5335:5335/tcp # Uncomment to enable unbound access on local server
# - 22/tcp # Uncomment to enable SSH # - 22/tcp # Uncomment to enable SSH
environment: environment:
- FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4} - ServerIP=${ServerIP}
- TZ=${TZ:-UTC} - TZ=${TZ}
- WEBPASSWORD=${WEBPASSWORD} - WEBPASSWORD=${WEBPASSWORD}
- WEBTHEME=${WEBTHEME:-default-light} - REV_SERVER=${REV_SERVER}
- REV_SERVER=${REV_SERVER:-false}
- REV_SERVER_TARGET=${REV_SERVER_TARGET} - REV_SERVER_TARGET=${REV_SERVER_TARGET}
- REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN} - REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
- REV_SERVER_CIDR=${REV_SERVER_CIDR} - REV_SERVER_CIDR=${REV_SERVER_CIDR}
- PIHOLE_DNS_=127.0.0.1#5335 - PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC="true" - DNSSEC="true"
- DNSMASQ_LISTENING=single
volumes: volumes:
- etc_pihole-unbound:/etc/pihole:rw - etc_pihole-unbound:/etc/pihole:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw - etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
restart: unless-stopped restart: unless-stopped

10
one-container/pihole-unbound/Dockerfile
View file

@ -1,12 +1,10 @@
ARG PIHOLE_VERSION FROM pihole/pihole:2022.02.1
FROM pihole/pihole:${PIHOLE_VERSION:-latest}
RUN apt update && apt install -y unbound RUN apt update && apt install -y unbound
COPY lighttpd-external.conf /etc/lighttpd/external.conf COPY lighttpd-external.conf /etc/lighttpd/external.conf
COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pi-hole.conf COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pi-hole.conf
COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf
RUN mkdir -p /etc/services.d/unbound COPY start_unbound_and_s6_init.sh start_unbound_and_s6_init.sh
COPY unbound-run /etc/services.d/unbound/run
ENTRYPOINT ./s6-init
RUN chmod +x start_unbound_and_s6_init.sh
ENTRYPOINT ./start_unbound_and_s6_init.sh

2
one-container/pihole-unbound/VERSION
View file

@ -1 +1 @@
2023.05.2 2022.02.1

5
one-container/pihole-unbound/build_and_push.sh
View file

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
# Run this once: docker buildx create --use --name build --node build --driver-opt network=host # Run this once: docker buildx create --use --name build --node build --driver-opt network=host
PIHOLE_VER=`cat VERSION` docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:`cat VERSION` --push .
docker buildx build --build-arg PIHOLE_VERSION=$PIHOLE_VER --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:$PIHOLE_VER --push . docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:latest --push .
docker buildx build --build-arg PIHOLE_VERSION=$PIHOLE_VER --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:latest --push .

3
one-container/pihole-unbound/start_unbound_and_s6_init.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash -e
/etc/init.d/unbound start
/s6-init

5
one-container/pihole-unbound/unbound-pihole.conf
View file

@ -44,8 +44,7 @@ server:
num-threads: 1 num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes # Ensure kernel buffer is large enough to not lose messages in traffic spikes
# Be aware that if enabled (requires CAP_NET_ADMIN or privileged), the kernel buffer must have the defined amount of memory, if not, a warning will be raised. so-rcvbuf: 1m
#so-rcvbuf: 1m
# Ensure privacy of local IP ranges # Ensure privacy of local IP ranges
private-address: 192.168.0.0/16 private-address: 192.168.0.0/16
@ -53,4 +52,4 @@ server:
private-address: 172.16.0.0/12 private-address: 172.16.0.0/12
private-address: 10.0.0.0/8 private-address: 10.0.0.0/8
private-address: fd00::/8 private-address: fd00::/8
private-address: fe80::/10 private-address: fe80::/10

25
one-container/pihole-unbound/unbound-run
View file

@ -1,25 +0,0 @@
#!/command/with-contenv bash
s6-echo "Starting unbound"
NAME="unbound"
DESC="DNS server"
DAEMON="/usr/sbin/unbound"
PIDFILE="/run/unbound.pid"
HELPER="/usr/lib/unbound/package-helper"
test -x $DAEMON || exit 0
# Override this variable by editing or creating /etc/default/unbound.
DAEMON_OPTS=""
if [ -f /etc/default/unbound ]; then
. /etc/default/unbound
fi
$HELPER chroot_setup
$HELPER root_trust_anchor_update 2>&1 | logger -p daemon.info -t unbound-anchor
$DAEMON -d $DAEMON_OPTS

4
two-container/docker-compose.yaml
View file

@ -16,9 +16,9 @@ services:
- 80/tcp - 80/tcp
- 22/tcp - 22/tcp
environment: environment:
- FTLCONF_LOCAL_IPV4=192.168.1.5 - ServerIP=192.168.1.5
- WEBPASSWORD=${WEBPASSWORD} - WEBPASSWORD=${WEBPASSWORD}
- PIHOLE_DNS_=192.168.1.6;192.168.1.13 - PIHOLE_DNS_192.168.1.6;192.168.1.13
volumes: volumes:
- /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw - /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
- /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro - /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro