Pi-hole and DoH quick install with docker compose

Self-Hosting Oct 22, 2020

What we'll do:

  • Install Docker
  • PiHole Setup
  • DoH (DNS Over HTTPS)

What you need:

  • Raspberry Pi or Ubuntu/Debian Box

Outcome:

  • Network wide ad block
  • Encrypted DNS using DoH

This works on Raspberry Pi OS, Ubuntu and Debian.


Install

  1. Update Linux
    sudo apt update && sudo apt upgrade
  1. Install docker
    Raspberry Pi: https://phoenixnap.com/kb/docker-on-raspberry-pi
    Ubuntu: https://docs.docker.com/engine/install/ubuntu/
    Debian: https://docs.docker.com/engine/install/debian/
  1. Install docker-compose
    sudo apt install docker-compose
  1. Create a Docker Network
    This will allow us to set static IP's for the docker containers.
    sudo docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 dockernet
  1. Configure directories
    sudo mkdir pihole
    sudo mkdir doh
    cd pihole
    sudo mkdir data
    sudo mkdir dnsmasq
    cd ..
  1. Setup DoH Docker
    Go to doh directory:
    cd doh
    Create docker compose file:
    sudo nano docker-compose.yaml

Paste the yaml below into the docker-compose.yaml file:

version: "3.5"

services:
  cloudflared:
    image: crazymax/cloudflared:latest
    container_name: cloudflared
    ports:
      - '5053:5053/udp'
      - '5053:5053/tcp'
    environment:
      - "TZ=Europe/London"
      - "TUNNEL_DNS_UPSTREAM=https://9.9.9.9/dns-query,https://149.112.112.112/dns-query,https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
    restart: always
    networks:
      default:
        ipv4_address: 10.10.10.3

networks:
  default:
    external:
      name: dockernet

The above template will use Quad9 first and then Cloudflare 1.1.1.1 DNS. Feel free to change these to your prefered dns provider.

  1. Start the container
    sudo docker-compose up -d

  1. Setup Pi-hole Docker
    Go to pihole directory:
    cd ../pihole
    Create docker compose file:
    sudo nano docker-compose.yaml

Paste the yaml below into the docker-compose.yaml file:

version: "3"
services:
  pi-hole:
    container_name: pi-hole
    image: pihole/pihole
    restart: unless-stopped
    hostname: pihole
    ports:
      - "80:80/tcp"
      - "<PI IP>:53:53/tcp"
      - "<PI IP>:53:53/udp"
      - "443:443/tcp"
    volumes:
      - "pihole-data:/etc/pihole"
      - "pihole-dnsmasq:/etc/dnsmasq.d"
    environment:
      - DNS1='<DOH IP>#5053'
      - DNS2='<DOH IP>#5053'
      - IPv6=false
      - TZ=Europe/London
      - WEBPASSWORD=PASSWORD
      - ServerIP:'10.10.10.2'
    networks:
      default:
        ipv4_address: 10.10.10.2
    dns:
      - 127.0.0.1
      - 9.9.9.9
    cap_add:
      - NET_ADMIN

volumes:
  pihole-data:
     driver_opts:
           type: none
           device: PATH
           o: bind
  pihole-dnsmasq:
     driver_opts:
           type: none
           device: PATH2
           o: bind

networks:
  default:
    external:
      name: dockernet

Make sure you change PI-IP, DOH-IP, PASSWORD, PATH, PATH2

PI-IP: The external IP if the Raspberry Pi, probably 192.168.x.x
DOH-IP: The internal IP of the DoH container, this should be 10.10.10.3
PASSWORD: Password to access the WebUI
PATH: This is the volume path. Eg /home/john/pihole/data
PATH2: This is the volume path. Eg /home/john/pihole/dnsmasq

  1. Start the container
    sudo docker-compose up -d
  1. Test
    Now test everthing is working
    Linux: dig cyberhost.uk <IP of the Pi>
    Windows: nslookup cyberhost.uk <IP of the Pi>

Now set the Pi's IP Address (eg 192.168.x.x) as the DNS on your router's DHCP settings, for network wide ad blocking.

Done GIF

Cover Image Credit: harrisonbroadbent.com

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.