Installing the Pi-hole docker image with DHCP server enabled

Introduction

Advertisements generate the income they need for many free websites. Although I understand that, there is something wrong in my vision. As a visitor, I pay to a large extent not only by looking at advertisements but often also with my personal information.
In addition to the fact that often personal data is collected, advertisements can make browsing slower and (in the worst case!) malicious code can be executed. And that is why my confidence in advertising networks is completely gone right now. It was time for me to install Pi-Hole.

–rknl


Related software & hardware

Docker

Docker is a modern platform for all applications and creates simple tooling and a universal packaging approach that bundles up all application dependencies inside a container. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Docker Engine enables containerized applications to run anywhere consistently on any infrastructure, solving “dependency hell” for developers and operations teams, and eliminating the “it works on my laptop!” problem – More information


Pi-hole

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server  – More information


Step 1: Pull and run the image from Docker Hub

First make sure you have installed Docker. Please see my post about installing Docker on my Raspberry Pi.

I decided to use the official Pi-hole Docker image. Login to the CLI and pull the image:

sudo docker pull pihole/pihole

Then go to your home, create the ‘pihole’ directory and the run file for Docker:

cd ~
mkdir pihole
cd pihole
sudo nano pihole_run.sh

After some searching and testing I used the following configuration:

#!/bin/bash
# Lookups may not work for VPN / tun0
IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"
IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"

# Just hard code these to your docker server's LAN IP if lookups aren't working
IP="${IP:-$IP_LOOKUP}"  # use $IP, if set, otherwise IP_LOOKUP
IPv6="${IPv6:-$IPv6_LOOKUP}"  # use $IPv6, if set, otherwise IP_LOOKUP

# Default of directory you run this from, update to where ever.
DOCKER_CONFIGS="$(pwd)"

echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}"

# Daemonized docker container
docker run -d \
    --name pihole \
    --net=host \
    -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
    -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
    -e ServerIP="${IP}" \
    -e ServerIPv6="${IPv6}" \
    -e TZ="Europe/Amsterdam" \
    -e WEBPASSWORD="<PASSWORD>" \
    --restart=unless-stopped \
    --cap-add=NET_ADMIN \
    --dns 127.0.0.1 \
    pihole/pihole:latest

Copy and paste this configuration to ‘pihole_run.sh’ and replace:

  • Europe/Amsterdam with the timezone setting of your location
  • <PASSWORD> with the password you want to use with the web interface of Pi-hole. This is very important! You need to provide the password here to make sure it persists after stopping/starting the Docker container

Now save your changes and close Nano. Run ‘docker_run.sh’:

sudo sh docker_run.sh

Note: You can check the status of the pihole container with the “docker ps -a” command. Make sure the container is up and running. When it is not running properly, start with checking the logs with the “docker logs pihole” command!


Step 2: Configuring Pi-hole

Now the container is up and running, browse to http://<ip>/admin. Replace <ip> with the ip of your Raspberry Pi. For example: http://192.168.1.2/admin. Then click Login:

The web interface of Pi-hole

Sign in with the password from Step 1
(see ‘pihole_run.sh’)

Now enter the following URL’s:

Now we want to add some more blocklists. The blocklists I added are very common and do not block ‘too much’ in my experience

Click Settings and then the tab Blocklists

https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
https://v.firebog.net/hosts/lists.php?type=nocross

Click the Save and Update button

Now you can make a choice which DNS server(s) you want to use. I chose to use my router IP (and therefore using the DNS server of my internet provider).

Click the DNS tab, uncheck all IPv4 and IPv6 checkboxes, and add the IP of your router as new Custom Upstream DNS Server:

The DNS settings of Pi-hole

I also switched on Conditional Forwarding (please read the explanation from the screenshot :)):

Conditional Forwarding setting of Pi-hole

My local domain name is ‘home’, if you don’t know the local domain name just login to your router and lookup the name which is used!

Now your devices need to know there is a Pi-hole! So it is necessary to change the DNS settings of the existing DHCP server (probably on your router): just replace the primary DNS setting with the IP address of the Raspberry Pi (and remove the secondary if needed).
When your devices are restarted they will automatically get the new DNS settings and all your traffic will go to the Pi-hole!

In my case it was not possible to modify the secondary DNS setting of the DHCP server on my router because my provider blocked it 🙁
Luckily for me Pi-hole has it’s own DHCP server, so I made the choice to disable the DHCP server of my router and to use the DHCP server of Pi-hole:

DHCP settings of Pi-hole

Click the DHCP tab, give the start and end ip (for example: 192.168.1.2 and 192.168.1.254). You can use the same range which is configured at the DHCP server of your router. Add again the IP of your router and your local domain name and enable the DHCP server!

Now disable the DHCP server of your router. Reboot a device and test if the device will get the right IP address and DNS (which is pointing to the Pi-hole).

Now visit some websites and watch the Pi-hole dashboard! Happy browsing 🙂

Note: You can configure a lot more, for example there are privacy options: I chose the option “Show everything and record everything” so I can evaluate the traffic. But what I really wanted, was to see only the data from the last 24 hours! Also I didn’t like the fact all my traffic was stored in log files.
So I added “0 3 * * * docker exec pihole cd /usr/local/bin/ pihole -f” to the crontab (with “sudo crontab -e”). This flushes the Pi-hole logs every night at 03:00 am


What’s next

My next blog entry will be about the installation of another Docker container. This time it is called Unbound, and it is a very valuable addition to Pi-hole!

Tags and version information