From 5ded3accabce3aeb07f41fba3589fefe76661a17 Mon Sep 17 00:00:00 2001 From: Craig Younkins Date: Fri, 14 Dec 2018 14:12:08 -0500 Subject: [PATCH] net=host is the only way to use DHCP Signed-off-by: Craig Younkins --- README.md | 29 +++++++++++++++++++---------- docker_run.sh | 11 ++++++----- doco-example.yml | 5 ++++- jwilder-proxy-example-doco.yml | 8 ++++---- 4 files changed, 33 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index d360e656e..d286a268c 100644 --- a/README.md +++ b/README.md @@ -22,35 +22,44 @@ A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**. If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh) or summarized here: ```bash -IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" # May not work for VPN / tun0 -IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" # May not work for VPN / tun0 +#!/bin/bash +# Lookups may not work for VPN / tun0 +IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" +IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" + +# Just hard code these to your docker server's LAN IP if lookups aren't working IP="${IP:-$IP_LOOKUP}" # use $IP, if set, otherwise IP_LOOKUP IPv6="${IPv6:-$IPv6_LOOKUP}" # use $IPv6, if set, otherwise IP_LOOKUP -DOCKER_CONFIGS="$(pwd)" # Default of directory you run this from, update to where ever. + +# Default of directory you run this from, update to where ever. +DOCKER_CONFIGS="$(pwd)" echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}" + +# Default ports + daemonized docker container docker run -d \ --name pihole \ -p 53:53/tcp -p 53:53/udp \ - -p 67:67/udp \ -p 80:80 \ -p 443:443 \ + `# The 2 arguments below are required if Pi-hole is to provide DHCP:` \ + `# --net=host` \ + `# --cap-add=NET_ADMIN` \ -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \ -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \ -e ServerIP="${IP}" \ -e ServerIPv6="${IPv6}" \ --restart=unless-stopped \ - --cap-add=NET_ADMIN \ --dns=127.0.0.1 --dns=1.1.1.1 \ pihole/pihole:latest echo -n "Your password for https://${IP}/admin/ is " -docker logs pihole 2> /dev/null | grep 'password' +docker logs pihole 2> /dev/null | grep 'password:' ``` **This is just an example and might need changing.** Volumes are stored in the directory `$DOCKER_CONFIGS` and are recommended for persisting data across docker re-creations for updating images. The IP lookup variables may not work for everyone, please review their values and hard code IP and IPv6 if necessary. -Two recently added ports to the `docker run` and `docker-compose` examples are port 67 and 443. Port 67 is for users who wish to have Pi-hole run a DHCP server. Port 443 is to provide a sinkhole for ads that use SSL. If only port 80 is used, then blocked HTTPS queries will fail to connect to port 443 and may cause long loading times. Rejecting 443 on your firewall can also serve this same purpose. Ubuntu firewall example: `sudo ufw reject https` +Port 443 is to provide a sinkhole for ads that use SSL. If only port 80 is used, then blocked HTTPS queries will fail to connect to port 443 and may cause long loading times. Rejecting 443 on your firewall can also serve this same purpose. Ubuntu firewall example: `sudo ufw reject https` **Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs. **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight. @@ -80,8 +89,8 @@ Here is a rundown of the other arguments passed into the example `docker run`: | `--restart=unless-stopped`
**Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash | `-v /dir/for/pihole:/etc/pihole`
**Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates | `-v /dir/for/dnsmasq.d:/etc/dnsmasq.d`
**Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates -| `--net=host`
*Optional* | Alternative to `-p :` arguments (Cannot be used at same time as -p) if you don't run any other web application -| `--cap-add=NET_ADMIN`
*Optional* | If you're forwarding port 67 you will also needs this for DHCP to work. (DHCP Reportedly works, I have not used however) +| `--net=host`
*Optional* | Alternative to `-p :` arguments (Cannot be used at same time as -p) if you don't run any other web application. Required if Pi-hole is to provide DHCP. +| `--cap-add=NET_ADMIN`
*Optional* | Required if Pi-hole is to provide DHCP. | `--dns=127.0.0.1`
*Recommended* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq | `--dns=1.1.1.1`
*Optional* | Sets a backup server of your choosing in case DNSMasq has problems starting @@ -111,7 +120,7 @@ The primary docker tags / versions are explained in the following table. [Click | `v4.0.0-1` | auto detect | Versioned tags, if you want to pin against a specific version, use one of thesse | | | `v4.0.0-1_` | based on tag | Specific architectures tags | | | `dev` | auto detect | like latest tag, but for the development branch (pushed occasionally) | | - + ### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") This version of the docker aims to be as close to a standard Pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working). This enables fast updating when an update comes from Pi-hole. diff --git a/docker_run.sh b/docker_run.sh index fd7c3d3f6..322f4542d 100755 --- a/docker_run.sh +++ b/docker_run.sh @@ -1,14 +1,14 @@ #!/bin/bash # Lookups may not work for VPN / tun0 -IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" -IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" +IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" +IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')" # Just hard code these to your docker server's LAN IP if lookups aren't working IP="${IP:-$IP_LOOKUP}" # use $IP, if set, otherwise IP_LOOKUP IPv6="${IPv6:-$IPv6_LOOKUP}" # use $IPv6, if set, otherwise IP_LOOKUP # Default of directory you run this from, update to where ever. -DOCKER_CONFIGS="$(pwd)" +DOCKER_CONFIGS="$(pwd)" echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}" @@ -16,15 +16,16 @@ echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessa docker run -d \ --name pihole \ -p 53:53/tcp -p 53:53/udp \ - -p 67:67/udp \ -p 80:80 \ -p 443:443 \ + `# The 2 arguments below are required if Pi-hole is to provide DHCP:` \ + `# --net=host` \ + `# --cap-add=NET_ADMIN` \ -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \ -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \ -e ServerIP="${IP}" \ -e ServerIPv6="${IPv6}" \ --restart=unless-stopped \ - --cap-add=NET_ADMIN \ --dns=127.0.0.1 --dns=1.1.1.1 \ pihole/pihole:latest diff --git a/doco-example.yml b/doco-example.yml index 7c49a318a..62adce480 100644 --- a/doco-example.yml +++ b/doco-example.yml @@ -8,9 +8,12 @@ services: ports: - "53:53/tcp" - "53:53/udp" - - "67:67/udp" - "80:80/tcp" - "443:443/tcp" + # The 3 lines below are required if Pi-hole is to provide DHCP + # cap_add: + # - NET_ADMIN + # network_mode: "host" environment: # enter your docker host IP here ServerIP: diff --git a/jwilder-proxy-example-doco.yml b/jwilder-proxy-example-doco.yml index 999b36afa..5706f81e3 100644 --- a/jwilder-proxy-example-doco.yml +++ b/jwilder-proxy-example-doco.yml @@ -16,14 +16,14 @@ pihole: ports: - '53:53/tcp' - '53:53/udp' - - "67:67/udp" - '8053:80/tcp' - "443:443/tcp" volumes: - '/var/log/pihole.log:/var/log/pihole.log' - #net: host - cap_add: - - NET_ADMIN + # The 3 lines below are required if Pi-hole is to provide DHCP + # cap_add: + # - NET_ADMIN + # network_mode: "host" environment: ServerIP: 192.168.41.55 PROXY_LOCATION: pihole