Pihole and Unbound in Docker

I see a few issues, you have pointed your pihole container to unbound but you have to configure PiHole to use unbound separately. You can do this by either logging into your pihole and selecting settings-DNS and add a custom dns entry that points to your unbound or add "- PIHOLE_DNS_=192.168.0.14" under DNS2 in the env section of pihole. A much easier way to do this is use the combined pihole-unbound image. I've modified my working compose file so you only have to change the volume locations and it should work for you in a singe container.

version: '3.0'

services:
  pihole-unbound:
    container_name: pihole-unbound
    image: cbcrowe/pihole-unbound:latest
    cap_add:
      - NET_ADMIN
    networks:
      homepi:
        ipv4_address: 192.168.0.13 # the IP of the pihole container
    ports:
      - 443:443/tcp
      - 53/tcp
      - 53/udp
      - 80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
      # - 5335:5335/tcp # Uncomment to enable unbound access on local server
      # - 22/tcp # Uncomment to enable SSH
    environment:
      - FTLCONF_LOCAL_IPV4=192.168.0.13
      - TZ=#TZ
      - WEBPASSWORD=$Password
      - PIHOLE_DNS_=127.0.0.1#5335
      - DNSSEC="true"
      - DNSMASQ_LISTENING=single
    volumes:
      - /some-location/etc-pihole:/etc/pihole:rw
      - /some-location/etc-dnsmasq.d:/etc/dnsmasq.d:rw
    restart: unless-stopped

networks:
  homepi:                                 # Name of network
    driver: macvlan                       # Use the macvlan network driver
    driver_opts:
      parent: enp5s0  # Name of the Network Interface (check in OMV GUI in Network >> Interfaces >> Name
    ipam:
      config:
        - subnet: 192.168.0.0/24          # Specify subnet
          gateway: 192.168.0.1            # Gateway address / address of router
          ip_range: 192.168.0.12/30       # 192.168.0.13 and 192.168.0.14

being on topic... I would also like to install pihole with docker compose... but I have doubts!!

1 I have a router inside my house that connects to a manager modem

2 I have services on my Nas Omv in my home network such as Qbitorrent Jellyfin etc...

3 I want all the devices connected to my local network to have no connection problems... on the contrary

4 I also have home assistants in my network who manage my home automation..

Could someone help me get pihole without making my life impossible on the internet?? sorry I'm inexperienced

Zitat von opennas

being on topic... I would also like to install pihole with docker compose... but I have doubts!!

1 I have a router inside my house that connects to a manager modem

2 I have services on my Nas Omv in my home network such as Qbitorrent Jellyfin etc...

3 I want all the devices connected to my local network to have no connection problems... on the contrary

4 I also have home assistants in my network who manage my home automation..

Could someone help me get pihole without making my life impossible on the internet?? sorry I'm inexperienced

Alles anzeigen

I've given up using Pihole on Docker in OMV. Because of my solar system, I wanted to have internet available at all times. But the NAS doesn't. Due to power consumption, OMV should only be available when it is needed. Nobody needs that at night. In the summer, there are also many periods when no one accesses the NAS. I outsourced Pihole/Unbound to a Dell Wyse 3040, consuming about 24 Wh per day (about 9kWh per year). The consumption is more than sufficiently compensated by the autoshutdown of the OMV server or you save electricity. If you use a Pi Zero 2 instead of a Dell Wyse 3040, the power consumption is even lower. So I'm satisfied. Pihole does not affect the local network.

Zitat von mischka

I've given up using Pihole on Docker in OMV. Because of my solar system, I wanted to have internet available at all times. But the NAS doesn't. Due to power consumption, OMV should only be available when it is needed. Nobody needs that at night. In the summer, there are also many periods when no one accesses the NAS. I outsourced Pihole/Unbound to a Dell Wyse 3040, consuming about 24 Wh per day (about 9kWh per year). The consumption is more than sufficiently compensated by the autoshutdown of the OMV server or you save electricity. If you use a Pi Zero 2 instead of a Dell Wyse 3040, the power consumption is even lower. So I'm satisfied. Pihole does not affect the local network.

so it's fine... thanks... but do I have to create a virtual network in the compose file to avoid having problems?? also because I use qbittorent a lot and then I have a Wireguard VPN that I use with OMV

Zitat von opennas

so it's fine... thanks... but do I have to create a virtual network in the compose file to avoid having problems?? also because I use qbittorent a lot and then I have a Wireguard VPN that I use with OMV

Under Services/Compose/Network you create a macVLAN and map it in the compose file of pihole. Here's an example of a pihole yml using a macvlan network called "pinet".

version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    hostname: pihole
    environment:
      TZ: 'Europe/Berlin'
      WEBPASSWORD: 'xxx' # Passwort fuer pihole Web-Interface
    # Volumes store your data between container upgrades
    volumes:
      - '/appdata/pihole/etc-pihole:/etc/pihole' # Ordner etc-pihole unter /appdata/pihole erstellen
      - '/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d' # Ordner etc-dnsmasq.d unter /appdata/pihole erstellen
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: unless-stopped
    networks:
      pinet:
        ipv4_address: 192.168.178.81 # lokale IP4 Adresse des macVLAN Network eintragen
networks:
  pinet: # hier Name des erstellten macVLAN eintragen Beispiel hier pinet
    external: true

How to set up a vlan interface is described here (below): https://wiki.omv-extras.org/do…v6_plugins:docker_compose

Zitat von mischka

Under Services/Compose/Network you create a macVLAN and map it in the compose file of pihole. Here's an example of a pihole yml using a macvlan network called "pinet".

Code

version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    hostname: pihole
    environment:
      TZ: 'Europe/Berlin'
      WEBPASSWORD: 'xxx' # Passwort fuer pihole Web-Interface
    # Volumes store your data between container upgrades
    volumes:
      - '/appdata/pihole/etc-pihole:/etc/pihole' # Ordner etc-pihole unter /appdata/pihole erstellen
      - '/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d' # Ordner etc-dnsmasq.d unter /appdata/pihole erstellen
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: unless-stopped
    networks:
      pinet:
        ipv4_address: 192.168.178.81 # lokale IP4 Adresse des macVLAN Network eintragen
networks:
  pinet: # hier Name des erstellten macVLAN eintragen Beispiel hier pinet
    external: true

Alles anzeigen

How to set up a vlan interface is described here (below): https://wiki.omv-extras.org/do…v6_plugins:docker_compose

thanks... I'll try it and see what happens

I tried running pihole without a MacVLan or a bridge (in a VM) and it wouldn't bind to port 53 so it wouldn't work. I didn't look into the issue to far, I just run a MacVLan with docker and a bridge with a VM. The disadvantage with a MacVLan is the machine that is running the docker cannot connect to pihole. There is a way to configure it so it can loop into the MacVLan pihole for DNS, I configured it once but haven't since. If you run pihole in a VM with a bridge (br0) then the host can use it. I actually prefer running it in a small VM, Debian 12 and installed directly (not in docker), I find it more resilient to network disconnects. The VM fits in a 3gb image and uses less than 300mb of ram while running with almost no impact on cpu usage.

Zitat von jml79

Ho provato a eseguire pihole senza un MacVLan o un bridge (in una VM) e non si legava alla porta 53, quindi non funzionava. Non ho esaminato il problema fino a fondo, ho solo eseguito un MacVLan con docker e un bridge con una VM. Lo svantaggio di un MacVLan è che la macchina che esegue il docker non può connettersi a pihole. C'è un modo per configurarlo in modo che possa collegarsi al foro MacVLan per DNS, l'ho configurato una volta ma da allora non l'ho più fatto. Se si esegue pihole in una macchina virtuale con un bridge (br0), l'host può usarlo. In realtà preferisco eseguirlo in una piccola VM, Debian 12 e installato direttamente (non in docker), lo trovo più resiliente alle disconnessioni di rete. La macchina virtuale si adatta a un'immagine da 3 GB e utilizza meno di 300 MB di RAM durante l'esecuzione senza quasi alcun impatto sull'utilizzo della CPU.

Ok

There is a good (German) tutorial though I didn't complete it yet:

I managed to get my Pihole running in a docker container by follwing this guide after many unsuccessful attempts with other guieds.

The next step will be adding unbound.

But I still struggle understanding macvlan...

Maybe I can help with the experiences I made til I got this "beast" running:

Target: Using pihole and unbound each in a separate docker container to avoid any port conflict. Using macvlan

Start: Setting up MACVLAN

Go to "Services -> Compose -> Networks" and add a new network.

- Name: Choose unique name, like "myvlan"

- Driver: macvlan

- Parent network: Select adapter, where your vlan should be linked to

- Subnet: E.g. "192.168.1.0/24", your IP network

- Gateway: Usually your router, e.g. "192.168.1.1"

- IP range: You can reserve a certain amount of IP addresses to be used with docker. Very late I learned, that this is only optional. So if you manage your IP addresses outside DHCP on your own, just leave this blank to save a lot of trouble with potential misconfigurations

Save

Next: Setting up pihole

Go to "Services -> Compose -> Files" and add a new file

- Enter name and description

- Add this text to the file section and change all values to your network needs:

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole #Choose your hostname
    dns:
     - "192.168.1.X" #DNS1: Should be the address of your unbound system
     - "9.9.9.9"     #DNS2: Quad9 as an example, optional
    networks:
      myvlan:    #the network name you specified in the first step
        ipv4_address: 192.168.1.Y    #The IP address you want to assign to your pihole. Make sure this address is available to be used in your network
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Europe/London' #Choose your region
      WEBPASSWORD: 'secret' #Assign a password to login to your pihole
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: unless-stopped
networks:
  myvlan:  #the network name you specified in the first step
    external: true

Next: Setting up Unbound

Go to "Services -> Compose -> Files" and add a new file (I choose a separate file for Unbound to be more flexible, some guides put all in one file)

- Enter name and description

- Add this text to the file section and change all values to your network needs:

version: "3"

services:
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: unbound
    networks:
      myvlan: #the network name you specified in the first step
        ipv4_address: 192.168.1.X #The IP address you want to assign to Unbound. Make sure this address is available to be used in your network
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    #volumes:    #It's important to comment out these two lines if you don't want to use your own unbound configuration! An own configuration can be tricky as you have to provide several config files manually.
    #  - './etc-unbound:/opt/unbound/etc/unbound'
    restart: unless-stopped
networks:
  myvlan:  #the network name you specified in the first step
    external: true

Final: Start both containers

In the Files section use the "Up" button to start both containers.

Zitat von haschmi71

Maybe I can help with the experiences I made til I got this "beast" running:

Target: Using pihole and unbound each in a separate docker container to avoid any port conflict. Using macvlan

Start: Setting up MACVLAN

Go to "Services -> Compose -> Networks" and add a new network.

- Name: Choose unique name, like "myvlan"

- Driver: macvlan

- Parent network: Select adapter, where your vlan should be linked to

- Subnet: E.g. "192.168.1.0/24", your IP network

- Gateway: Usually your router, e.g. "192.168.1.1"

- IP range: You can reserve a certain amount of IP addresses to be used with docker. Very late I learned, that this is only optional. So if you manage your IP addresses outside DHCP on your own, just leave this blank to save a lot of trouble with potential misconfigurations

Save

Next: Setting up pihole

Go to "Services -> Compose -> Files" and add a new file

- Enter name and description

- Add this text to the file section and change all values to your network needs:

Code

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole #Choose your hostname
    dns:
     - "192.168.1.X" #DNS1: Should be the address of your unbound system
     - "9.9.9.9"     #DNS2: Quad9 as an example, optional
    networks:
      myvlan:    #the network name you specified in the first step
        ipv4_address: 192.168.1.Y    #The IP address you want to assign to your pihole. Make sure this address is available to be used in your network
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Europe/London' #Choose your region
      WEBPASSWORD: 'secret' #Assign a password to login to your pihole
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: unless-stopped
networks:
  myvlan:  #the network name you specified in the first step
    external: true

Alles anzeigen

Next: Setting up Unbound

Go to "Services -> Compose -> Files" and add a new file (I choose a separate file for Unbound to be more flexible, some guides put all in one file)

- Enter name and description

- Add this text to the file section and change all values to your network needs:

Code

version: "3"

services:
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: unbound
    networks:
      myvlan: #the network name you specified in the first step
        ipv4_address: 192.168.1.X #The IP address you want to assign to Unbound. Make sure this address is available to be used in your network
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    #volumes:    #It's important to comment out these two lines if you don't want to use your own unbound configuration! An own configuration can be tricky as you have to provide several config files manually.
    #  - './etc-unbound:/opt/unbound/etc/unbound'
    restart: unless-stopped
networks:
  myvlan:  #the network name you specified in the first step
    external: true

Alles anzeigen

Final: Start both containers

In the Files section use the "Up" button to start both containers.

Alles anzeigen

Dude!!!! you are amazing and that is the exact thing I have been looking for. I tried a lot of other ones with faking ports and creating custom config files...but your instructions works perfectly with the new OMV6 Docker inside of OMV.

Thanks for the work and I appreciate you posting it.

the only thing I would add is Point your DNS address to the PiHole IP that you assign. that is the only bit of instruction that I think you left off. But if anyone needs that info, they might be in over their head.

JE

Zitat von haschmi71

Maybe I can help with the experiences I made til I got this "beast" running:

Target: Using pihole and unbound each in a separate docker container to avoid any port conflict. Using macvlan

Start: Setting up MACVLAN

Go to "Services -> Compose -> Networks" and add a new network.

- Name: Choose unique name, like "myvlan"

- Driver: macvlan

- Parent network: Select adapter, where your vlan should be linked to

- Subnet: E.g. "192.168.1.0/24", your IP network

- Gateway: Usually your router, e.g. "192.168.1.1"

- IP range: You can reserve a certain amount of IP addresses to be used with docker. Very late I learned, that this is only optional. So if you manage your IP addresses outside DHCP on your own, just leave this blank to save a lot of trouble with potential misconfigurations

Save

Next: Setting up pihole

Go to "Services -> Compose -> Files" and add a new file

- Enter name and description

- Add this text to the file section and change all values to your network needs:

Code

version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole #Choose your hostname
    dns:
     - "192.168.1.X" #DNS1: Should be the address of your unbound system
     - "9.9.9.9"     #DNS2: Quad9 as an example, optional
    networks:
      myvlan:    #the network name you specified in the first step
        ipv4_address: 192.168.1.Y    #The IP address you want to assign to your pihole. Make sure this address is available to be used in your network
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Europe/London' #Choose your region
      WEBPASSWORD: 'secret' #Assign a password to login to your pihole
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: unless-stopped
networks:
  myvlan:  #the network name you specified in the first step
    external: true

Alles anzeigen

Next: Setting up Unbound

Go to "Services -> Compose -> Files" and add a new file (I choose a separate file for Unbound to be more flexible, some guides put all in one file)

- Enter name and description

- Add this text to the file section and change all values to your network needs:

Code

version: "3"

services:
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: unbound
    networks:
      myvlan: #the network name you specified in the first step
        ipv4_address: 192.168.1.X #The IP address you want to assign to Unbound. Make sure this address is available to be used in your network
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    #volumes:    #It's important to comment out these two lines if you don't want to use your own unbound configuration! An own configuration can be tricky as you have to provide several config files manually.
    #  - './etc-unbound:/opt/unbound/etc/unbound'
    restart: unless-stopped
networks:
  myvlan:  #the network name you specified in the first step
    external: true

Alles anzeigen

Final: Start both containers

In the Files section use the "Up" button to start both containers.

Alles anzeigen

Thanks a lot!! It works perfectly! 2 Tipps: If someone try to set this up like me on an a Raspberry-Pi 5 based device you need to use this unbound image: mvance/unbound-rpi:latest

And to access the pi-Hole Web interface you have add an /admin to your Pi-Hole IP Address.

I had also to make mi Pi-Hole to act as my DHCP Server because my router doesn't allow me to define a custom DNS. For this you need to add

cap_add:

- NET_ADMIN #necessary if you wanna Pi-Hole to act as your DHCP Server