Table of Contents
Pi-hole DNS Ad-blocking Server
Networkwide ad blocking via your own Linux hardware. No client-side software required
Deprecated!
Installation von Docker und Docker-Compose
Update the System and install Docker:# apt-get update # apt-get upgrade # apt-get install docker
Compile and install docker-compose:# cd /tmp/ # git clone https://github.com/docker/compose.git # cd compose # docker build -t docker-compose:armhf -f Dockerfile.armhf . # docker run --rm --entrypoint="script/build/linux-entrypoint" -v $(pwd)/dist:/code/dist -v $(pwd)/.git:/code/.git "docker-compose:armhf" # ls -l # cp dist/docker-compose-Linux-armv7l /usr/local/bin/docker-compose # chmod 0755 /usr/local/bin/docker-compose # docker-compose version
Install manpages for docker-compose:# curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
Vorbereitung und Deployment von Pi-hole
Erstellen des benötigten Verzeichnisses:# mkdir /opt/docker-pihole
Anlegen des docker-compose files für Pi-hole:# vim /opt/docker-pihole/docker_compose.yml
version: "3" services: # ---------------------------------------------------------------------------- pihole: image: diginc/pi-hole-multiarch:debian_armhf container_name: "pihole-main" volumes: - /opt/docker-pihole/pihole/:/etc/pihole/ - /opt/docker-pihole/dnsmasq.d/:/etc/dnsmasq.d/ - /etc/localtime:/etc/localtime:ro environment: - VIRTUAL_HOST=www.blackgate.org - ServerIP=192.168.1.6 - DNS1=192.168.1.1 - TZ=Europe/Zurich - WEBPASSWORD=ADMIN_PASSWORD ports: - 53:53/tcp - 53:53/udp - 81:80 networks: - local restart: always # ------------------------------------------------------------------------------ networks: local: driver: bridgeStarten und aktivieren des Pi-hole Docker Containers:# docker-compose -f /opt/docker-pihole/docker_compose.yml up -d # docker ps
Konfiguration von Apache für Reverse Proxy kompatibles Pi-hole Setup /
Pi-hole Virtual-Host Setup
Anlegen eines lokalen Virtual-Hosts für Pi-hole:# vim /etc/apache2/sites-available/blackgate.org.conf
<VirtualHost *:80> # ServerName blackgate.org ServerName localhost # ServerAdmin michael.r467@gmail.com DocumentRoot /var/www/html <Directory /var/www/html/> <FilesMatch "a.gif$"> Header set Cache-Control "max-age=290304000, public" </FilesMatch> RewriteEngine On RewriteBase "/" RewriteRule ^wakeonlan($|/) - [L] #Rewrite all other requests to emty file! RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule ^(.*)$ http://192.168.1.6/a.gif </Directory> # </VirtualHost>
Reverse Proxy Beispiel Setup
# vim /etc/apache2/sites-available/blackgate.org.conf
<VirtualHost *:443>
ServerName www.blackgate.org
#
ServerAdmin ${blackgate_serveradmin}
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
SSLEngine on
SSLCertificateFile ${blackgate_ssl_path}/cert.pem
SSLCertificateKeyFile ${blackgate_ssl_path}/privkey.pem
SSLCertificateChainFile ${blackgate_ssl_path}/chain.pem
ProxyPass /error_docs !
ErrorDocument 503 /error_docs/ServiceUnavailable.html
RewriteEngine on
RewriteRule ^/pi-hole$ /pi-hole/ [R]
ProxyPass /pi-hole/ http://127.0.0.1:81/admin/
ProxyPassReverse /pi-hole/ http://127.0.0.1:81/admin/
ProxyPass / http://192.168.1.21/
ProxyPassReverse / http://192.168.1.21/
<Proxy http://127.0.0.1:81/admin/>
Order deny,allow
Allow from all
Authtype Basic
Authname "Password Required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Proxy>
</VirtualHost>
Weiteres
- Add Domain to authorized Hostnames on pi-hole:
# vim /var/www/html/admin/scripts/pi-hole/php/auth.php
$AUTHORIZED_HOSTNAMES = array( $ipv4, $ipv6, str_replace(array("[","]"), array("",""), $_SERVER["SERVER_NAME"]), "pi.hole", "localhost", "www.blackgate.org" );