[How To] Install Pi-Hole in Docker: Update - 08/10/18

    • core-plugin
    • [How to] Install Pi-Hole in the Docker Plugin

      Pi-Hole is a network wide ad blocker which, also, provides protection from malware sites for the users of your LAN. It functions as a DNS proxy where, by blocking name requests to known malware and advertising sites, network security and the client Internet browsing experience are improved. Telemetry servers are blocked, which helps to preserve user privacy, and by eliminating many video advertising pop-up's, performance is improved as well.

      For more information visit the Pi-Hole home page.

      Update (01/09/18):
      This Docker guide was tested on OMV3.0.96, with the docker-gui 3.1.9 plugin, and Pi-hole/Docker
      diginc/pi-hole image ID: 6b77d5329fd4

      Update (05/17/18):

      This Docker guide was tested on OMV4.1.6, with the docker-gui 4.0.1 plugin, and Pi-hole/Docker
      diginc/pi-hole image ID: eb902c685095

      Update (08/10/18):
      This Docker guide was tested on OMV4.1.9, with the docker-gui 4.0.1 plugin, and Pi-hole/Docker
      pihole/pihole image ID: 9a1363998a45

      If upgrading to the latest image, it is recommended that the previous container is stopped/deleted, delete the previous image, delete the macvlan driver in the networks tab and delete the file contents of [b]/dockerparms/pihole . [/b]Then proceed with the installation of the new image as follows.**

      To insure that any potential issues with Pi-Hole do not interfere with the OMV host/server, a direct DNS server entry should be configured in OMV as follows:

      Under System, Network,click on Interfaces and Edit.

      **This example uses one of Google's DNS servers. There are other, reliable, public DNS servers available. Chose a server that has low latency for your location. (Ping servers from the command line - lower times are better.)**

      While in System, Network, Interfaces, note the interface Name as shown below. (In this example, the int name is enp0s4.)
      The name found is a variable that will be used in the creation of a MacVlan interface, later.



      Under Services, Docker,click on the Overview Tab.

      Begin typing pihole/pihole in the Search bar. After a few letters are typed in, selections will appear. Click on the image, named pihole/pihole as shown.


      The following dialog box appears.
      - For x86 and x64, the Tag field is empty. The "latest" image will be pulled by default.
      - If installing to an ARM device - Odriod, Raspberry PI, etc., add the following entry in the Tag field: v4.0_armhf

      Click Start.


      When the download is complete and the check sum is verified, click Close.


      Click on the Networks tab and the Create button.

      In the Network driver drop down, select macvlan.

      Fill in the remaining highlighted fields:
      Network name: your workgroup name or domain
      Subnet: your subnetwork. (In the example provided, a subnet mask of equates to /24)
      Gateway: the IP address of your router
      Parent: **enp0s4 <-This is an example only.** Use the interface name found under System, Network, Interfaces, in the Name column, as noted above.


      Click Save.


      Click on the Overview Tab, then the pihole/pihole image and the Run Image button.



      The Run image dialog box appears. In the following, there are three separate screen captures of the same dialog box. Scroll the box to fill in the required entries. (Leave the other un-highlighted, entries as they are.)

      Container Name:optional, but suggested
      Restart Policy: always

      Network mode: Macvaln
      Host name: optional,but suggested
      Select macvlan: select the network previously created
      IP address: ** Required **The IP address assigned to Pi-Hole should not be the same IP address your OMV server is using. Use a separate static address, outside of the scope of your DHCP server.**


      Scroll down to the following:

      When adding Environment variables:
      Fill out lines, as shown in the following, but note that entries will NOT be saved until the + button on each line is clicked!


      Add the following three lines to environment variables:

      ServerIP ___________ _ your-pihole-static-ip-here __....__________ <click the +>
      WEBPASSWORD ______ yourpasswordhere ______________________<click the +>
      TZ __________________ yourtimezonehere _____________________ <click the +>

      (The correct entry, for your time zone, can be found here-> Time Zones in the TZ column.

      After entering the above 3 lines, Environment variables should appear as follows:



      Continued, two posts below:

      Good backup takes the "drama" out of computing
      Primary: OMV 3.0.99, ThinkServer TS140, 12GB ECC, 32GB USB boot, 4TB+4TB zmirror, 3TB client backup.
      Backup: OMV 4.1.9, Acer RC-111, 4GB, 32GB USB boot, 3TB+3TB zmirror, 4TB Rsync'ed disk
      2nd Data Backup: OMV 3.0.99, R-PI 2B, 16GB boot, 4TB WD USB MyPassport - direct connect (no hub)

      The post was edited 40 times, last by flmaxey: minor edits, upgrade revisions, etc. ().

    • [How To] Install Pi-Hole in Docker: Update - 08/10/18

      This applies more to the docker plugin in general but if you are running this docker on ESXi, promiscuous mode needs to enabled on VM's virtual switch.
      omv 4.1.12 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.11
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Continued, from above:

      Continue to scroll to Volumes and Bind mounts:
      Add the following entries into host path and container path fields as shown.

      **Note: If a space is inadvertently added before the "/" in any of the paths shown below, the container will produce an error dialog box that ends with "If you intended to pass a host directory, use absolute path", and refuse to save. **

      Host path _______________________ Container Path

      /dockerparms/pihole_______________/etc/pihole _________________ click the + button
      /dockerparms/pihole/dnsmasq.d _____ /etc/dnsmasq.d _____________ click the + button

      In Extra arguments,copy and paste the following line in.

      -p 53:53/tcp -p53:53/udp -p 67:67/udp -p 80:80 -p 443:443

      The final result should appear as follows:

      Click Save.

      Test your container in a Web Browser

      - ** After saving - allow 2 to 3 minutes for the console web page to start.
      - Type in pihole's IPaddress/admin in the address bar.
      (In this example it's Enter the password you added to Environmental Variables.

      To finish the set up for your network, change your Router's DNS server entry to the Pi-hole's IP address.

      Final Notes

      1. For statically addressed clients, it will be necessary to change the DNS entry, for each client, to Pi-Hole's IP address.
      2. Use only Pi-Hole's IP address as the DNS server. Setting a second, "alternate DNS address" will allow Pi-Hole to be bypassed under certain conditions.
      3. Pi-Hole can be bypassed, on a per client basis, by entering a public DNS server IP address in your client's network attributes.
      4. After your docker container is running and the Pi-Hole server is working and tested, avoid using the Container Modify button. While white and blacklists are persistent, as the Modify dialog warning indicates, the most minor change will result in the loss of Pi-hole's log files.
      5. Configuring pi-hole to use a DNS server that supports DNSSEC is recommended. DNSSEC protects against "Man in the Middle" attacks and DNS cache poisoning.
      6. Multicast and minidlna were not tested.

      **For those who what to block all IP-ver6 traffic, see this-> link.
      Given the use of Pi-Hole in a Docker, the text file to be created and edited (pihole-FTL.conf) will not be in the standard location as described in the link.
      Create the file under /dockerparms/pihole. After the file is created, the line AAAA_QUERY_ANALYSIS=no is added and the file is saved, the Docker would need to be restarted or the OMV server would need a reboot.**


      Additional Information:
      Pi-Hole Web Site: pi-hole.net
      A Docker tutorial is available at: docker-curriculum.com/
      Good backup takes the "drama" out of computing
      Primary: OMV 3.0.99, ThinkServer TS140, 12GB ECC, 32GB USB boot, 4TB+4TB zmirror, 3TB client backup.
      Backup: OMV 4.1.9, Acer RC-111, 4GB, 32GB USB boot, 3TB+3TB zmirror, 4TB Rsync'ed disk
      2nd Data Backup: OMV 3.0.99, R-PI 2B, 16GB boot, 4TB WD USB MyPassport - direct connect (no hub)

      The post was edited 14 times, last by flmaxey: edits ().