March 4, 2019

Block Ads and Trackers with Pihole in a Docker Container

Recently I stumbled upon Pihole, which is a tool that blocks advertisements and web trackers. The nifty idea of Pihole is that it is no web proxy as Privoxy but it acts as a DNS server in your network.

So, after installing Pihole, you setup your devices in a way that they use Pihole as a DNS server. Then, the device's DNS requests for “good” domains are answered and DNS requests for known, blacklisted ad/tracker domains are not answered (= blocked). Simple as that. The cool thing is that this works for the entire device. So you also block ads in apps or trackers used by apps!!

The amount of blocked stuff is surprising (or should I say: horrifying). Here is a screenshot that shows a quite typical page of the query log of my iPhone's DNS requests…

pihole

Installation

As I am already using Docker for a couple of things, I decided to use the docker image they provide (see documentation).

However, when setting up Pihole on my server, I stumbled upon two problems:

Problem 1: Port 80 already in use

As I already run a webserver on my server, there was a clash as Pihole needs port 80 and (or) 443 to deliver the web interface. Who ever used Docker before knows that ports exposed by Docker can be selected at will. So I immediately added something like -p 8888:80 to my Pihole Docker invocation and thought “done”. No. The web interface did not load when I tried to open it via http://serverIP:8888.

After researching on this issue for like two hours (orrrr!) I found an error report that explained that there is something wrong with yadda yaddy (I forgot) and you should instead open http://serverIP:8888/admin instead. That works. I can live with that.

Problem 2: Port 53 already in use

To my surprise, Ubuntu runs a local DNS resolver on port 53. Of cause, this one must go, as Pihole needs the DNS port to work. For me the following commands did the trick:

# permanently disable resolver start at boot
systemctl disable systemd-resolved.service
# stop the resolver
service systemd-resolved stop

Well, for the moment the machine has no DNS anymore. However, as soon as the Pihole runs, this gap is closed and DNS operation is restored.

My working Docker incantation for Pihole

So that is my final incantation to initially start the Pihole container. Settings and stuff are persisted in /docker/pihole.

docker run \
--detach \
--name pihole \
--restart=unless-stopped \
-p 8888:80 -p 53:53/tcp -p 53:53/udp \
-v /docker/pihole/pihole:/etc/pihole \
-v /docker/pihole/dnsmasq.d:/etc/dnsmasq.d \
-e WEBPASSWORD="1337passw0rd" \
-e ServerIP="192.168.178.1" \
-e TZ="Europe/Berlin" \
pihole/pihole

© holger 2015 - 2020 |