Updating to new v5.8.1 base container

Seems the Pi-Hole team reused the same Docker image tag...
2021-08-10 22:41:24 -07:00
11 changed files with 47 additions and 79 deletions
--- a/README.md
+++ b/README.md
@ -6,7 +6,6 @@ This repo has 2 different `docker-compose` configs-- choose your favorite. The `
 - [`one-container`](one-container/) (new) - Install Unbound directly into the Pi-Hole container
  - This configuration contacts the DNS root servers directly, please read the Pi-Hole docs on [Pi-hole as All-Around DNS Solution](https://docs.pi-hole.net/guides/unbound/) to understand what this means.
-  - With this approach, we can also simplify our Docker networking since `macvlan` is no longer necessary.
+  - With this approach, we can also simply our networking since `macvlan` is no longer necessary.
 - [`two-container`](two-container/) (legacy) - Use separate containers for Pi-Hole and Unbound
  - This configuration uses MatthewVance's [unbound-docker](https://github.com/MatthewVance/unbound-docker) container to implement encrypted DNS to third party DNS resolvers (eg Cloudflare). This is arguably less privacy-friendly since you're handing your DNS queries to those 3rd party providers.
--- a/one-container/README.md
+++ b/one-container/README.md
@ -2,33 +2,33 @@
 ## Description
-This Docker deployment runs both Pi-Hole and Unbound in a single container.
+This Docker deployment runs both Pi-Hole and Unbound in a single container. 
 The base image for the container is the [official Pi-Hole container](https://hub.docker.com/r/pihole/pihole), with an extra build step added to install the Unbound resolver directly into to the container based on [instructions provided directly by the Pi-Hole team](https://docs.pi-hole.net/guides/unbound/).
 ## Usage
-First create a `.env` file to substitute variables for your deployment.
+First create a `.env` file to substitute variables for your deployment. 
 ### Pi-hole environment variables
-> Vars and descriptions replicated from the [official pihole container](https://github.com/pi-hole/docker-pi-hole/#environment-variables):
+### Required environment variables
-| Variable | Default | Value | Description |
+> Vars and descriptions replicated from the [official pihole container](https://github.com/pi-hole/docker-pi-hole/):
-| -------- | ------- | ----- | ---------- |
+
-| `TZ` | UTC | `<Timezone>` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
+| Docker Environment Var | Description|
-| `WEBPASSWORD` | random | `<Admin password>` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
+| --- | --- |
-| `FTLCONF_LOCAL_IPV4` | unset | `<Host's IP>` | Set to your server's LAN IP, used by web block modes and lighttpd bind address.
+| `ServerIP: <Host's IP>`<br/> | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address
-| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution |
+| `TZ: <Timezone>`<br/> | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
-| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
+| `WEBPASSWORD: <Admin password>`<br/> | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
-| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router |
+| `REV_SERVER: <"true"\|"false">`<br/> | Enable DNS conditional forwarding for device name resolution
-| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) |
+| `REV_SERVER_DOMAIN: <Network Domain>`<br/> | If conditional forwarding is enabled, set the domain of the local network router
-| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"lcars">`| User interface theme to use.
+| `REV_SERVER_TARGET: <Router's IP>`<br/> | If conditional forwarding is enabled, set the IP of the local network router
 | `REV_SERVER_CIDR: <Reverse DNS>`<br/>| If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`)
 Example `.env` file in the same directory as your `docker-compose.yaml` file:
 ```
-FTLCONF_LOCAL_IPV4=192.168.1.10
+ServerIP=192.168.1.10
 TZ=America/Los_Angeles
 WEBPASSWORD=QWERTY123456asdfASDF
 REV_SERVER=true
@ -37,14 +37,10 @@ REV_SERVER_TARGET=192.168.1.1
 REV_SERVER_CIDR=192.168.0.0/16
 HOSTNAME=pihole
 DOMAIN_NAME=pihole.local
 PIHOLE_WEBPORT=80
 WEBTHEME=default-light
 ```
 ### Using Portainer stacks?
 > 2022-3-11: I'm being told that the advice below is no longer true in Portainer. If you're using Portainer, first try it without removing the volumes declaration and see if it works.
 Portainer stacks are a little weird and don't want you to declare your named volumes, so remove this block from the top of the `docker-compose.yaml` file before copy/pasting into Portainer's stack editor:
 ```yaml
--- a/one-container/docker-compose.yaml
+++ b/one-container/docker-compose.yaml
@ -1,4 +1,4 @@
-version: '3.0'
+version: '2'
 volumes:
  etc_pihole-unbound:
@ -14,22 +14,22 @@ services:
      - 443:443/tcp
      - 53:53/tcp
      - 53:53/udp
-      - ${PIHOLE_WEBPORT:-80}:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
+      - 80:80/tcp
      # - 5335:5335/tcp # Uncomment to enable unbound access on local server
      # - 22/tcp # Uncomment to enable SSH
    environment:
-      - FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
+      ServerIP: ${ServerIP}
-      - TZ=${TZ:-UTC}
+      TZ: ${TZ}
-      - WEBPASSWORD=${WEBPASSWORD}
+      WEBPASSWORD: ${WEBPASSWORD}
-      - WEBTHEME=${WEBTHEME:-default-light}
+      REV_SERVER: ${REV_SERVER}
-      - REV_SERVER=${REV_SERVER:-false}
+      REV_SERVER_TARGET: ${REV_SERVER_TARGET}
-      - REV_SERVER_TARGET=${REV_SERVER_TARGET}
+      REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
-      - REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
+      REV_SERVER_CIDR: ${REV_SERVER_CIDR}
-      - REV_SERVER_CIDR=${REV_SERVER_CIDR}
+      DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
-      - PIHOLE_DNS_=127.0.0.1#5335
+      DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
-      - DNSSEC="true"
+      DNSSEC: "true" # Enable DNSSEC
      - DNSMASQ_LISTENING=single
    volumes:
      - etc_pihole-unbound:/etc/pihole:rw
      - etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
    restart: unless-stopped
--- a/one-container/pihole-unbound/99-edns.conf
+++ b/one-container/pihole-unbound/99-edns.conf
@ -1 +0,0 @@
 edns-packet-max=1232
--- a/one-container/pihole-unbound/Dockerfile
+++ b/one-container/pihole-unbound/Dockerfile
@ -1,12 +1,9 @@
-ARG PIHOLE_VERSION
+FROM pihole/pihole:v5.8.1
 FROM pihole/pihole:${PIHOLE_VERSION:-latest}
 RUN apt update && apt install -y unbound
 COPY lighttpd-external.conf /etc/lighttpd/external.conf 
 COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pi-hole.conf
-COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf
+COPY start_unbound_and_s6_init.sh start_unbound_and_s6_init.sh
 RUN mkdir -p /etc/services.d/unbound
 COPY unbound-run /etc/services.d/unbound/run
 ENTRYPOINT ./s6-init
 RUN chmod +x start_unbound_and_s6_init.sh
 ENTRYPOINT ./start_unbound_and_s6_init.sh
--- a/one-container/pihole-unbound/VERSION
+++ b/one-container/pihole-unbound/VERSION
@ -1 +1 @@
-2023.05.2
+v5.8.1-1
--- a/one-container/pihole-unbound/build_and_push.sh
+++ b/one-container/pihole-unbound/build_and_push.sh
@ -1,7 +1,6 @@
 #!/bin/bash
 # Run this once: docker buildx create --use --name build --node build --driver-opt network=host
-PIHOLE_VER=`cat VERSION`
+docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:`cat VERSION` --push .
-docker buildx build --build-arg PIHOLE_VERSION=$PIHOLE_VER --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:$PIHOLE_VER --push .
+docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:latest --push .
 docker buildx build --build-arg PIHOLE_VERSION=$PIHOLE_VER --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t cbcrowe/pihole-unbound:latest --push .
--- a/one-container/pihole-unbound/start_unbound_and_s6_init.sh
+++ b/one-container/pihole-unbound/start_unbound_and_s6_init.sh
@ -0,0 +1,3 @@
 #!/bin/bash -e
 /etc/init.d/unbound start
 /s6-init
--- a/one-container/pihole-unbound/unbound-pihole.conf
+++ b/one-container/pihole-unbound/unbound-pihole.conf
@ -34,7 +34,7 @@ server:
    # Reduce EDNS reassembly buffer size.
    # Suggested by the unbound man page to reduce fragmentation reassembly problems
-    edns-buffer-size: 1232
+    edns-buffer-size: 1472
    # Perform prefetching of close to expired message cache entries
    # This only applies to domains that have been frequently queried
@ -44,8 +44,7 @@ server:
    num-threads: 1
    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
-    # Be aware that if enabled (requires CAP_NET_ADMIN or privileged), the kernel buffer must have the defined amount of memory, if not, a warning will be raised.
+    so-rcvbuf: 1m
    #so-rcvbuf: 1m
    # Ensure privacy of local IP ranges
    private-address: 192.168.0.0/16
@ -53,4 +52,4 @@ server:
    private-address: 172.16.0.0/12
    private-address: 10.0.0.0/8
    private-address: fd00::/8
-    private-address: fe80::/10
+    private-address: fe80::/10
--- a/one-container/pihole-unbound/unbound-run
+++ b/one-container/pihole-unbound/unbound-run
@ -1,25 +0,0 @@
 #!/command/with-contenv bash
 s6-echo "Starting unbound"
 NAME="unbound"
 DESC="DNS server"
 DAEMON="/usr/sbin/unbound"
 PIDFILE="/run/unbound.pid"
 HELPER="/usr/lib/unbound/package-helper"
 test -x $DAEMON || exit 0
 # Override this variable by editing or creating /etc/default/unbound.
 DAEMON_OPTS=""
 if [ -f /etc/default/unbound ]; then
    . /etc/default/unbound
 fi
 $HELPER chroot_setup
 $HELPER root_trust_anchor_update 2>&1 | logger -p daemon.info -t unbound-anchor
 $DAEMON -d $DAEMON_OPTS
--- a/two-container/docker-compose.yaml
+++ b/two-container/docker-compose.yaml
@ -16,9 +16,10 @@ services:
      - 80/tcp
      - 22/tcp
    environment:
-      - FTLCONF_LOCAL_IPV4=192.168.1.5
+      ServerIP: 192.168.1.5
-      - WEBPASSWORD=${WEBPASSWORD}
+      WEBPASSWORD: ${WEBPASSWORD}
-      - PIHOLE_DNS_=192.168.1.6;192.168.1.13
+      DNS1: 192.168.1.6
      DNS2: 192.168.1.13
    volumes:
      - /volume1/docker/pihole-unbound/pihole/volume:/etc/pihole:rw
      - /volume1/docker/pihole-unbound/pihole/config/hosts:/etc/hosts:ro
@ -51,4 +52,4 @@ networks:
      config:
        - subnet: 192.168.1.0/24
          gateway: 192.168.1.1
-          ip_range: 192.168.1.5/30 # 192.168.1.5 and 192.168.1.6
+          ip_range: 192.168.1.5/30 # 192.168.1.5 and 192.168.1.6