Getting Started
Overview: What is Pihole?
Overview: What is Pihole?
Pi-hole is a network-wide ad blocker that acts as a DNS sinkhole, filtering out unwanted content, advertisements, and tracking at the network level. It's typically installed on small devices like a Raspberry Pi but can be deployed on any Linux-based system.
Key Features:
- Ad Blocking: Blocks ads at the DNS level, preventing them from being loaded on any device connected to the network.
- Privacy Protection: Blocks tracking scripts and domains, enhancing user privacy across devices.
- Network-wide Filtering: Applies ad-blocking to all devices on the network, regardless of platform or browser.
- Customizable Blocklists: Supports user-defined blocklists, allowing for granular control over what gets blocked.
- Web Interface: Provides an easy-to-use web dashboard for managing blocklists, monitoring DNS requests, and viewing statistics.
- Low Resource Usage: Can run efficiently on low-power devices like Raspberry Pi without affecting network performance.
- Whitelist/Blacklist Control: Allows users to add specific domains to whitelist or blacklist for customized filtering.
- DNS Performance: Acts as a local DNS resolver, improving browsing speed by reducing the need for external DNS queries.
Pi-hole is widely used for ad-blocking, network security, and improving overall internet performance.
Step-by-Step Install Guide for Pihole with Traefik on Docker Swarm
This guide will walk you through setting up Pi-hole, a powerful network-wide ad blocker, on a Docker Swarm with Traefik as the reverse proxy. We will use Docker to deploy Pi-hole and Traefik for secure and managed access.
Prerequisites
- A Docker Swarm environment with at least one Linux node. -> Check this Article
- Traefik set up as a reverse proxy (Assuming a Traefik stack is already configured). -> Check this Article
- A mounted shared volume with GlusterFS for data persistence. -> Check this Article
- A domain or local DNS entry pointing to your Pi-hole service (e.g.,
pihole.local
). - Access to Docker CLI and necessary credentials.
Step 1: Prepare the Directory Structure
To ensure persistent storage for Pi-hole, we will create directories on the shared GlusterFS mount:
mkdir /mnt/glustermount/data/pihole_data
mkdir /mnt/glustermount/data/pihole_data/dns
mkdir /mnt/glustermount/data/pihole_data/etc
These directories will store Pi-hole's configuration files and DNS settings.
Step 2: Create the docker-compose.yml
File
In your working directory, create a docker-compose.yml
file with the following content:
version: '3'
services:
pihole:
networks:
- management_net # For management via Traefik
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "888:80"
environment:
TZ: 'Europe/Zurich'
WEBPASSWORD: '${PIHOLE_PASSWORD}'
volumes:
- '/mnt/glustermount/data/pihole_data/etc:/etc/pihole'
- '/mnt/glustermount/data/pihole_data/dns:/etc/dnsmasq.d'
restart: unless-stopped
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.platform.os == linux]
labels:
- 'traefik.enable=true'
- "traefik.http.services.pihole.loadbalancer.server.port=888"
networks:
management_net:
external: true
- Volumes: The
/mnt/glustermount/data/pihole_data/etc
and/mnt/glustermount/data/pihole_data/dns
directories are used to persist Pi-hole data. - Ports: Port
53
for DNS queries is exposed on both TCP and UDP. - Environment Variables: Set the timezone (
TZ
) and the Pi-hole admin password (WEBPASSWORD
). - Traefik Labels: These labels enable Pi-hole to be accessible through Traefik via the domain
pihole.local
using HTTPS.
Step 3: Deploy the Stack
Deploy the Stack: Use the following command to deploy Pi-hole with Traefik in Docker Swarm.
docker stack deploy -c docker-compose.yml pihole
Step 4: Access Pi-hole Web Interface
After the deployment completes, you can access Pi-hole's admin interface by navigating to https://pihole.local/admin
in your browser. Log in with the password you specified in the environment variable (PIHOLE_PASSWORD
).
Step 5: Update DNS Settings
To start using Pi-hole, configure your router or devices to use your Pi-hole instance as the DNS server. The IP address of your Pi-hole service is the one assigned by Docker, which you can retrieve using:
docker service ps pihole_pihole
OR if you use Keepalived you can use your VIP.
Conclusion
Setting up Pi-hole in a Docker Swarm environment with Traefik as a reverse proxy provides network-wide ad blocking, improving privacy and performance for all devices connected to your network. By leveraging Docker Swarm and Traefik, you achieve high availability, flexibility, and ease of management for your Pi-hole deployment.