Pi-hole DNS Ad-blocking Server
Networkwide ad blocking via your own Linux hardware. No client-side software required
Deprecated!
Installation von Docker und Docker-Compose
Update the System and install Docker:
# apt-get update # apt-get upgrade # apt-get install docker
Compile and install docker-compose:
# cd /tmp/ # git clone https://github.com/docker/compose.git # cd compose # docker build -t docker-compose:armhf -f Dockerfile.armhf . # docker run --rm --entrypoint="script/build/linux-entrypoint" -v $(pwd)/dist:/code/dist -v $(pwd)/.git:/code/.git "docker-compose:armhf" # ls -l # cp dist/docker-compose-Linux-armv7l /usr/local/bin/docker-compose # chmod 0755 /usr/local/bin/docker-compose # docker-compose version
Install manpages for docker-compose:
# curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
Vorbereitung und Deployment von Pi-hole
Erstellen des benötigten Verzeichnisses:
# mkdir /opt/docker-pihole
Anlegen des docker-compose files für Pi-hole:
# vim /opt/docker-pihole/docker_compose.yml
version: "3" services: # ---------------------------------------------------------------------------- pihole: image: diginc/pi-hole-multiarch:debian_armhf container_name: "pihole-main" volumes: - /opt/docker-pihole/pihole/:/etc/pihole/ - /opt/docker-pihole/dnsmasq.d/:/etc/dnsmasq.d/ - /etc/localtime:/etc/localtime:ro environment: - VIRTUAL_HOST=www.blackgate.org - ServerIP=192.168.1.6 - DNS1=192.168.1.1 - TZ=Europe/Zurich - WEBPASSWORD=ADMIN_PASSWORD ports: - 53:53/tcp - 53:53/udp - 81:80 networks: - local restart: always # ------------------------------------------------------------------------------ networks: local: driver: bridge
Starten und aktivieren des Pi-hole Docker Containers:
# docker-compose -f /opt/docker-pihole/docker_compose.yml up -d # docker ps
Konfiguration von Apache für Reverse Proxy kompatibles Pi-hole Setup /
Pi-hole Virtual-Host Setup
Anlegen eines lokalen Virtual-Hosts für Pi-hole:
# vim /etc/apache2/sites-available/blackgate.org.conf
<VirtualHost *:80> # ServerName blackgate.org ServerName localhost # ServerAdmin michael.r467@gmail.com DocumentRoot /var/www/html <Directory /var/www/html/> <FilesMatch "a.gif$"> Header set Cache-Control "max-age=290304000, public" </FilesMatch> RewriteEngine On RewriteBase "/" RewriteRule ^wakeonlan($|/) - [L] #Rewrite all other requests to emty file! RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule ^(.*)$ http://192.168.1.6/a.gif </Directory> # </VirtualHost>
Reverse Proxy Beispiel Setup
# vim /etc/apache2/sites-available/blackgate.org.conf
<VirtualHost *:443> ServerName www.blackgate.org # ServerAdmin ${blackgate_serveradmin} Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" SSLEngine on SSLCertificateFile ${blackgate_ssl_path}/cert.pem SSLCertificateKeyFile ${blackgate_ssl_path}/privkey.pem SSLCertificateChainFile ${blackgate_ssl_path}/chain.pem ProxyPass /error_docs ! ErrorDocument 503 /error_docs/ServiceUnavailable.html RewriteEngine on RewriteRule ^/pi-hole$ /pi-hole/ [R] ProxyPass /pi-hole/ http://127.0.0.1:81/admin/ ProxyPassReverse /pi-hole/ http://127.0.0.1:81/admin/ ProxyPass / http://192.168.1.21/ ProxyPassReverse / http://192.168.1.21/ <Proxy http://127.0.0.1:81/admin/> Order deny,allow Allow from all Authtype Basic Authname "Password Required" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Proxy> </VirtualHost>
Weiteres
- Add Domain to authorized Hostnames on pi-hole:
# vim /var/www/html/admin/scripts/pi-hole/php/auth.php
$AUTHORIZED_HOSTNAMES = array( $ipv4, $ipv6, str_replace(array("[","]"), array("",""), $_SERVER["SERVER_NAME"]), "pi.hole", "localhost", "www.blackgate.org" );