174 lines
5.8 KiB
Markdown
174 lines
5.8 KiB
Markdown
|
# Pi-hole + DNSCrypt
|
|||
|
|
|||
|
<div align="center">
|
|||
|
<img src="https://i0.wp.com/pi-hole.net/wp-content/uploads/2018/12/dashboard.png?zoom=1.75&w=3840&ssl=1" />
|
|||
|
</div>
|
|||
|
|
|||
|
## Descrizione
|
|||
|
|
|||
|
[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (Pi-hole)>)](https://pi-hole.net/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (Pi-Hole)>)](https://github.com/pi-hole/docker-pi-hole) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (Pi-hole)>)](https://hub.docker.com/r/pihole/pihole) [![Docs (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (Pi-hole)>)](https://docs.pi-hole.net/)
|
|||
|
|
|||
|
[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (DNSCrypt)>)](https://dnscrypt.info/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (DNSCrypt)>)](https://github.com/klutchell/dnscrypt-proxy) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (DNSCrypt)>)](https://hub.docker.com/r/klutchell/dnscrypt-proxy/) [![Docs (DNSCrypt)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (DNSCrypt)>)](https://github.com/DNSCrypt/dnscrypt-proxy/wiki)
|
|||
|
|
|||
|
Pi-hole + DNSCrypt è un mix tra un adblock di rete e un caching proxy DNS:
|
|||
|
|
|||
|
- Interfaccia web semplice per una semplice gestione
|
|||
|
- Pieno supporto alle [blacklist](https://firebog.net/) e alle [whitelist](https://github.com/ijhuang/allowlist)
|
|||
|
- Pieno supporto ai seguenti protocolli [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) e [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh.md)
|
|||
|
|
|||
|
## Struttura file e cartelle
|
|||
|
|
|||
|
```
|
|||
|
/home/
|
|||
|
└── docker/
|
|||
|
└── pihole+dnscrypt/
|
|||
|
├── dnscrypt/
|
|||
|
├── dnsmasq.d/
|
|||
|
├── pihole/
|
|||
|
├── .env
|
|||
|
└── docker-compose.yml
|
|||
|
```
|
|||
|
|
|||
|
- `dnscrypt/` - cartella dove risiedono i dati che servono a dnscrypt
|
|||
|
- `dnsmasq.d/` - cartella dove risiedono i dati che servono a dnsmasq.d
|
|||
|
- `pihole/` - cartella dove risiedono i dati che servono a pihole
|
|||
|
- `.env` - file contenenti le variabili environment per il docker-compose
|
|||
|
- `docker-compose.yml` - file usato per creare il container
|
|||
|
|
|||
|
**N.B. Tutti i file e le cartelle devono essere creati a mano.**
|
|||
|
|
|||
|
## Esempi
|
|||
|
|
|||
|
Semplice esempio per iniziare ad usare subito il container
|
|||
|
|
|||
|
### network
|
|||
|
|
|||
|
`docker`
|
|||
|
|
|||
|
```bash
|
|||
|
docker network create custom-bridge
|
|||
|
```
|
|||
|
|
|||
|
`podman`
|
|||
|
|
|||
|
```bash
|
|||
|
podman network create custom-bridge
|
|||
|
```
|
|||
|
|
|||
|
### docker-compose
|
|||
|
|
|||
|
`docker-compose.yml`
|
|||
|
|
|||
|
```yml
|
|||
|
version: "3"
|
|||
|
services:
|
|||
|
dnscrypt:
|
|||
|
container_name: dnscrypt-proxy
|
|||
|
image: klutchell/dnscrypt-proxy
|
|||
|
security_opt:
|
|||
|
- no-new-privileges:true
|
|||
|
networks:
|
|||
|
custom-bridge:
|
|||
|
ipv4_address: 10.0.1.2
|
|||
|
expose:
|
|||
|
- 5053/udp
|
|||
|
- 5053/tcp
|
|||
|
env_file: .env
|
|||
|
volumes:
|
|||
|
- ${DNSCRYPT_CONFIG:-/home/docker/pihole+dnscrypt/dnscrypt}:/config
|
|||
|
dns:
|
|||
|
- 185.222.222.222 # https://dns.sb/privacy/
|
|||
|
restart: unless-stopped
|
|||
|
|
|||
|
pihole:
|
|||
|
container_name: pihole
|
|||
|
image: pihole/pihole
|
|||
|
security_opt:
|
|||
|
- no-new-privileges:true
|
|||
|
networks:
|
|||
|
custom-bridge:
|
|||
|
ipv4_address: 10.0.1.3
|
|||
|
ports:
|
|||
|
- ${PIHOLE_DNS_PORT:-53}:53/tcp
|
|||
|
- ${PIHOLE_DNS_PORT:-53}:53/udp
|
|||
|
- ${PIHOLE_DHCP_PORT:-67}:67/udp
|
|||
|
- ${PIHOLE_WEBUI_PORT:-80}:80/tcp
|
|||
|
env_file: .env
|
|||
|
volumes:
|
|||
|
- ${PIHOLE_CONFIG:-/home/docker/pihole+dnscrypt/pihole}:/etc/pihole/
|
|||
|
- ${PIHOLE_DNSMASQD:-/home/docker/pihole+dnscrypt/dnsmasq.d}:/etc/dnsmasq.d/
|
|||
|
dns:
|
|||
|
- 185.222.222.222 # https://dns.sb/privacy
|
|||
|
cap_add:
|
|||
|
- NET_ADMIN
|
|||
|
restart: unless-stopped
|
|||
|
depends_on:
|
|||
|
- dnscrypt
|
|||
|
|
|||
|
networks:
|
|||
|
custom-bridge:
|
|||
|
name: custom-bridge
|
|||
|
driver: bridge
|
|||
|
ipam:
|
|||
|
config:
|
|||
|
- subnet: 10.0.1.0/24
|
|||
|
```
|
|||
|
|
|||
|
`.env`
|
|||
|
|
|||
|
```bash
|
|||
|
# Generale
|
|||
|
PIHOLE_DNS_PORT=53
|
|||
|
PIHOLE_DHCP_PORT=67
|
|||
|
PIHOLE_WEBUI_PORT=80
|
|||
|
DNSCRYPT_CONFIG=/home/docker/pihole+dnscrypt/dnscrypt
|
|||
|
PIHOLE_CONFIG=/home/docker/pihole+dnscrypt/pihole
|
|||
|
PIHOLE_DNSMASQD=/home/docker/pihole+dnscrypt/dnsmasq.d
|
|||
|
TZ=Europe/Amdsterdam
|
|||
|
|
|||
|
# Pi-hole
|
|||
|
WEBPASSWORD=cambiamiperfavore
|
|||
|
DNS1: "10.0.1.2#5053"
|
|||
|
DNS2: "no"
|
|||
|
```
|
|||
|
|
|||
|
## Reverse proxy
|
|||
|
|
|||
|
Vedi [Todo](#Todo)
|
|||
|
|
|||
|
## Aggiornamento
|
|||
|
|
|||
|
### Automatico
|
|||
|
|
|||
|
Usando [watchtower](../watchtower) il container si aggiorna automaticamente
|
|||
|
|
|||
|
### Manuale
|
|||
|
|
|||
|
1. `docker-compose up -d`
|
|||
|
2. `docker image prune`
|
|||
|
|
|||
|
## Backup e ripristino
|
|||
|
|
|||
|
### Backup
|
|||
|
|
|||
|
Usate [borg](../borg) per fare i backup giornalieri dell'intera cartella `pihole+dnscrypt`
|
|||
|
|
|||
|
### Ripristino
|
|||
|
|
|||
|
Per una maggiore spiegazione sui passaggi da fare, controllate [qua](../borg#user-content-controllare-la-cartella-dei-backup)
|
|||
|
|
|||
|
1. fermare il container `docker-compose down`
|
|||
|
2. cancellare l'intera cartella `pihole+dnscrypt`
|
|||
|
3. dal backup copiare la cartella `pihole+dnscrypt`
|
|||
|
4. far ripartire il container `docker-compose up -d`
|
|||
|
|
|||
|
## Todo
|
|||
|
|
|||
|
Implementare:
|
|||
|
|
|||
|
- reverse proxy: **[caddy](https://caddyserver.com/)** o **[traefik](https://doc.traefik.io/traefik/)**
|
|||
|
|
|||
|
---
|
|||
|
|
|||
|
Licenza: [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt)
|