wiki/wireguard-pihole/wireguard-mit-pihole-einrichten.md

181 lines
5.2 KiB
Markdown
Raw Permalink Normal View History

---
title: Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended und Pihole
description:
published: true
2024-06-17 12:52:08 +02:00
date: 2024-06-17T10:46:46.294Z
tags:
editor: markdown
2024-06-17 12:43:20 +02:00
dateCreated: 2024-06-17T10:37:08.232Z
---
# Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended
## Schritt 1: Docker Compose-Datei erstellen
Erstellen Sie eine Datei mit dem Namen `docker-compose.yml` und fügen Sie den folgenden Inhalt ein:
```yaml
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
#image: pihole/pihole:latest
image: cbcrowe/pihole-unbound:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "127.0.0.1:53:53/tcp"
- "127.0.0.1:53:53/udp"
#- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
#- "127.0.0.1:8084:80/tcp"
environment:
ServerIP: 10.8.1.3
TZ: 'Europe/Berlin'
WEBPASSWORD: '${PASSWORT}'
REV_SERVER: 'false'
DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNSSEC: 'true' # Enable DNSSEC
VIRTUAL_HOST: pihole.${WEBSEITE}
VIRTUAL_PORT: 80
LETSENCRYPT_HOST: pihole.${WEBSEITE}
LETSENCRYPT_EMAIL: admin@${WEBSEITE}
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: always
labels:
- "com.centurylinklabs.watchtower.enable=true"
- flame.type=application
- flame.name=Pi-hole
- flame.url=https://pihole.${WEBSEITE}/admin/
- flame.icon=dns
networks:
proxy:
edge-tier:
dns:
ipv4_address: 172.28.0.2
wg-easy:
ipv4_address: 10.8.1.3
wg-easy-extended:
container_name: wg-easy-extended
environment:
WG_HOST: brothertec.eu
PASSWORD: ${PASSWORT}
#- WG_DEFAULT_DNS=1.1.1.1
WG_DEFAULT_DNS: 10.8.1.3
WG_DEFAULT_ADDRESS: 10.8.0.x
# - WG_MTU=1420
WG_PERSISTENT_KEEPALIVE: 25
WG_ALLOWED_IPS: 10.8.0.0/24,10.8.1.3
WG_POST_UP: >
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE;
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE;
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE;
iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth3 -j MASQUERADE;
iptables-legacy -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
iptables-legacy -A FORWARD -i wg0 -j ACCEPT;
iptables-legacy -A FORWARD -o wg0 -j ACCEPT;
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
VIRTUAL_HOST: vpn.${WEBSEITE}
VIRTUAL_PORT: 51821
LETSENCRYPT_HOST: vpn.${WEBSEITE}
LETSENCRYPT_EMAIL: admin@${WEBSEITE}
volumes:
- ./wg-easy:/etc/wireguard
ports:
- 51820:51820/udp
#- 51821:51821/tcp
#- 9586:9586/tcp
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped
image: ghcr.io/tolkonepiu/wg-easy-extended
networks:
proxy:
edge-tier:
dns:
ipv4_address: 172.28.0.3
wg-easy:
ipv4_address: 10.8.1.2
labels:
- "com.centurylinklabs.watchtower.enable=true"
- flame.type=application
- flame.name=Wireguard
- flame.url=https://vpn.${WEBSEITE}
- flame.icon=vpn
networks:
proxy:
name: nginx-proxy
external: true
edge-tier:
name: edge
external: true
dns:
name: dns
external: true
wg-easy:
ipam:
config:
- subnet: 10.8.1.0/24
```
## Schritt 2: Erstellen des DNS Netzwerkes
~~~
docker network create --driver=bridge --subnet=172.28.0.0/16 dns
~~~
## Schritt 3: Docker-Container starten
Navigieren Sie im Terminal zum Verzeichnis, in dem sich die `docker-compose.yml`-Datei befindet, und führen Sie den folgenden Befehl aus, um den Docker-Container zu starten:
```bash
docker-compose up -d
```
Der Parameter `-d` startet den Container im Hintergrund.
Nachdem der Container gestartet wurde, ist Ihr wg-easy-extended-Dienst einsatzbereit.
## Quellen
https://github.com/pi-hole/docker-pi-hole
https://goneuland.de/pi-hole-mit-docker-compose-und-traefik-installieren/
https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-Pi-Hole
https://github.com/wg-easy/wg-easy/issues/291
https://github.com/tolkonepiu/wg-easy-extended
https://hub.docker.com/r/cbcrowe/pihole-unbound
https://docs.pi-hole.net/guides/dns/unbound/
https://www.cloudflare.com/de-de/learning/dns/dns-server-types/
https://www.kuketz-blog.de/pi-hole-einrichtung-und-konfiguration-mit-unbound-adblocker-teil2/