What we'll do:

  • Install Docker
  • PiHole Setup
  • DoH (DNS Over HTTPS)

What you need:

  • Raspberry Pi or Ubuntu/Debian Box

Outcome:

  • Network wide ad block
  • Encrypted DNS using DoH

This works on Raspberry Pi OS, Ubuntu and Debian.


Install

  1. Update Linux
    sudo apt update && sudo apt upgrade
  1. Install docker
    Raspberry Pi: https://phoenixnap.com/kb/docker-on-raspberry-pi
    Ubuntu: https://docs.docker.com/engine/install/ubuntu/
    Debian: https://docs.docker.com/engine/install/debian/
  1. Install docker-compose
    sudo apt install docker-compose
  1. Create a Docker Network
    This will allow us to set static IP's for the docker containers.
    sudo docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 dockernet
  1. Configure directories
    sudo mkdir pihole
    sudo mkdir doh
    cd pihole
    sudo mkdir data
    sudo mkdir dnsmasq
    cd ..
  1. Setup DoH Docker
    Go to doh directory:
    cd doh
    Create docker compose file:
    sudo nano docker-compose.yaml

Paste the yaml below into the docker-compose.yaml file:

version: "3.5"

services:
  cloudflared:
    image: crazymax/cloudflared:latest
    container_name: cloudflared
    ports:
      - '5053:5053/udp'
      - '5053:5053/tcp'
    environment:
      - "TZ=Europe/London"
      - "TUNNEL_DNS_UPSTREAM=https://9.9.9.9/dns-query,https://149.112.112.112/dns-query,https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
    restart: always
    networks:
      default:
        ipv4_address: 10.10.10.3

networks:
  default:
    external:
      name: dockernet

The above template will use Quad9 first and then Cloudflare 1.1.1.1 DNS. Feel free to change these to your prefered dns provider.

  1. Start the container
    sudo docker-compose up -d

  1. Setup Pi-hole Docker
    Go to pihole directory:
    cd ../pihole
    Create docker compose file:
    sudo nano docker-compose.yaml

Paste the yaml below into the docker-compose.yaml file:

version: "3"
services:
  pi-hole:
    container_name: pi-hole
    image: pihole/pihole
    restart: unless-stopped
    hostname: pihole
    ports:
      - "80:80/tcp"
      - "<PI IP>:53:53/tcp"
      - "<PI IP>:53:53/udp"
      - "443:443/tcp"
    volumes:
      - "pihole-data:/etc/pihole"
      - "pihole-dnsmasq:/etc/dnsmasq.d"
    environment:
      - DNS1='<DOH IP>#5053'
      - DNS2='<DOH IP>#5053'
      - IPv6=false
      - TZ=Europe/London
      - WEBPASSWORD=PASSWORD
      - ServerIP:'10.10.10.2'
    networks:
      default:
        ipv4_address: 10.10.10.2
    dns:
      - 127.0.0.1
      - 9.9.9.9
    cap_add:
      - NET_ADMIN

volumes:
  pihole-data:
     driver_opts:
           type: none
           device: PATH
           o: bind
  pihole-dnsmasq:
     driver_opts:
           type: none
           device: PATH2
           o: bind

networks:
  default:
    external:
      name: dockernet

Make sure you change PI-IP, DOH-IP, PASSWORD, PATH, PATH2

PI-IP: The external IP if the Raspberry Pi, probably 192.168.x.x
DOH-IP: The internal IP of the DoH container, this should be 10.10.10.3
PASSWORD: Password to access the WebUI
PATH: This is the volume path. Eg /home/john/pihole/data
PATH2: This is the volume path. Eg /home/john/pihole/dnsmasq

  1. Start the container
    sudo docker-compose up -d
  1. Test
    Now test everthing is working
    Linux: dig cyberhost.uk <IP of the Pi>
    Windows: nslookup cyberhost.uk <IP of the Pi>

Now set the Pi's IP Address (eg 192.168.x.x) as the DNS on your router's DHCP settings, for network wide ad blocking.

Done GIF

Cover Image Credit: harrisonbroadbent.com