miracle091/MasterpieceDockerCompose
miracle091
/
MasterpieceDockerCompose
1
0
Fork 0
Code Issues Pull Requests Releases Activity
MasterpieceDockerCompose/pihole+dnscrypt/README.md

176 lines
6.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Pi-hole + DNSCrypt
<div align="center">
<img src="https://i0.wp.com/pi-hole.net/wp-content/uploads/2018/12/dashboard.png?zoom=1.75&w=3840&ssl=1" />
</div>
## Descrizione
[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (Pi-hole)>)](https://pi-hole.net/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (Pi-Hole)>)](https://github.com/pi-hole/docker-pi-hole) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (Pi-hole)>)](https://hub.docker.com/r/pihole/pihole) [![Docs (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (Pi-hole)>)](https://docs.pi-hole.net/) ![RPI Friendly](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=raspberrypi&style=flat&label=&message=RPi Friendly>)
[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (DNSCrypt)>)](https://dnscrypt.info/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (DNSCrypt)>)](https://github.com/klutchell/dnscrypt-proxy) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (DNSCrypt)>)](https://hub.docker.com/r/klutchell/dnscrypt-proxy/) [![Docs (DNSCrypt)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (DNSCrypt)>)](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) ![RPI Friendly](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=raspberrypi&style=flat&label=&message=RPi Friendly>)
Pi-hole + DNSCrypt è un mix tra un adblock di rete e un caching proxy DNS:
- Interfaccia web semplice per una semplice gestione
- Pieno supporto alle [blacklist](https://firebog.net/) e alle [whitelist](https://github.com/ijhuang/allowlist)
- Pieno supporto ai seguenti protocolli [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) e [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh.md)
## Struttura file e cartelle
```
/home/
└── docker/
└── pihole+dnscrypt/
├── dnscrypt/
├── dnsmasq.d/
├── pihole/
├── .env
└── docker-compose.yml
```
- `dnscrypt/` - cartella dove risiedono i dati che servono a dnscrypt
- `dnsmasq.d/` - cartella dove risiedono i dati che servono a dnsmasq.d
- `pihole/` - cartella dove risiedono i dati che servono a pihole
- `.env` - file contenenti le variabili environment per il docker-compose
- `docker-compose.yml` - file usato per creare il container
**N.B. Tutti i file e le cartelle devono essere creati a mano**
## Esempi
Semplice esempio per iniziare ad usare subito il container
### network
`docker`
```bash
docker network create custom-bridge
```
`podman`
```bash
podman network create custom-bridge
```
### docker-compose
`docker-compose.yml`
```yml
version: "3"
services:
dnscrypt:
container_name: dnscrypt-proxy
image: klutchell/dnscrypt-proxy
security_opt:
- no-new-privileges:true
networks:
custom-bridge:
ipv4_address: 10.0.1.2
expose:
- 5053/udp
- 5053/tcp
env_file: .env
volumes:
- ${DNSCRYPT_CONFIG:-/home/docker/pihole+dnscrypt/dnscrypt}:/config
dns:
- 185.222.222.222 # https://dns.sb/privacy/
- 45.11.11.11
restart: unless-stopped
pihole:
container_name: pihole
image: pihole/pihole
security_opt:
- no-new-privileges:true
networks:
custom-bridge:
ipv4_address: 10.0.1.3
ports:
- ${PIHOLE_DNS_PORT:-53}:53/tcp
- ${PIHOLE_DNS_PORT:-53}:53/udp
- ${PIHOLE_DHCP_PORT:-67}:67/udp
- ${PIHOLE_WEBUI_PORT:-80}:80/tcp
env_file: .env
volumes:
- ${PIHOLE_CONFIG:-/home/docker/pihole+dnscrypt/pihole}:/etc/pihole/
- ${PIHOLE_DNSMASQD:-/home/docker/pihole+dnscrypt/dnsmasq.d}:/etc/dnsmasq.d/
dns:
- 185.222.222.222 # https://dns.sb/privacy
- 45.11.11.11
cap_add:
- NET_ADMIN
restart: unless-stopped
depends_on:
- dnscrypt
networks:
custom-bridge:
name: custom-bridge
driver: bridge
ipam:
config:
- subnet: 10.0.1.0/24
```
`.env`
```bash
# Generale
PIHOLE_DNS_PORT=53
PIHOLE_DHCP_PORT=67
PIHOLE_WEBUI_PORT=80
DNSCRYPT_CONFIG=/home/docker/pihole+dnscrypt/dnscrypt
PIHOLE_CONFIG=/home/docker/pihole+dnscrypt/pihole
PIHOLE_DNSMASQD=/home/docker/pihole+dnscrypt/dnsmasq.d
TZ=Europe/Amdsterdam
# Pi-hole
WEBPASSWORD=cambiamiperfavore
DNS1: "10.0.1.2#5053"
DNS2: "no"
```
## Reverse proxy
Vedi [Todo](#Todo)
## Aggiornamento
### Automatico
Usando [watchtower](../watchtower) il container si aggiorna automaticamente
### Manuale
1. `docker-compose up -d`
2. `docker image prune`
## Backup e ripristino
### Backup
Usate [borg](../borg) per fare i backup giornalieri dell'intera cartella `pihole+dnscrypt`
### Ripristino
Per una maggiore spiegazione sui passaggi da fare, controllate [qua](../borg#user-content-controllare-la-cartella-dei-backup)
1. fermare il container `docker-compose down`
2. cancellare l'intera cartella `pihole+dnscrypt`
3. dal backup copiare la cartella `pihole+dnscrypt`
4. far ripartire il container `docker-compose up -d`
## Todo
Implementare:
- reverse proxy: **[caddy](https://caddyserver.com/)** o **[traefik](https://doc.traefik.io/traefik/)**
---
Licenza: [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt)
Reference in New Issue View Git Blame Copy Permalink