176 lines
6.1 KiB
Markdown
176 lines
6.1 KiB
Markdown
# Pi-hole + DNSCrypt
|
||
|
||
<div align="center">
|
||
<img src="https://i0.wp.com/pi-hole.net/wp-content/uploads/2018/12/dashboard.png?zoom=1.75&w=3840&ssl=1" />
|
||
</div>
|
||
|
||
## Descrizione
|
||
|
||
[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (Pi-hole)>)](https://pi-hole.net/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (Pi-Hole)>)](https://github.com/pi-hole/docker-pi-hole) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (Pi-hole)>)](https://hub.docker.com/r/pihole/pihole) [![Docs (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (Pi-hole)>)](https://docs.pi-hole.net/) ![RPI Friendly](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=raspberrypi&style=flat&label=&message=RPi Friendly>)
|
||
|
||
[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (DNSCrypt)>)](https://dnscrypt.info/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (DNSCrypt)>)](https://github.com/klutchell/dnscrypt-proxy) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (DNSCrypt)>)](https://hub.docker.com/r/klutchell/dnscrypt-proxy/) [![Docs (DNSCrypt)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (DNSCrypt)>)](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) ![RPI Friendly](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=raspberrypi&style=flat&label=&message=RPi Friendly>)
|
||
|
||
Pi-hole + DNSCrypt è un mix tra un adblock di rete e un caching proxy DNS:
|
||
|
||
- Interfaccia web semplice per una semplice gestione
|
||
- Pieno supporto alle [blacklist](https://firebog.net/) e alle [whitelist](https://github.com/ijhuang/allowlist)
|
||
- Pieno supporto ai seguenti protocolli [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) e [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh.md)
|
||
|
||
## Struttura file e cartelle
|
||
|
||
```
|
||
/home/
|
||
└── docker/
|
||
└── pihole+dnscrypt/
|
||
├── dnscrypt/
|
||
├── dnsmasq.d/
|
||
├── pihole/
|
||
├── .env
|
||
└── docker-compose.yml
|
||
```
|
||
|
||
- `dnscrypt/` - cartella dove risiedono i dati che servono a dnscrypt
|
||
- `dnsmasq.d/` - cartella dove risiedono i dati che servono a dnsmasq.d
|
||
- `pihole/` - cartella dove risiedono i dati che servono a pihole
|
||
- `.env` - file contenenti le variabili environment per il docker-compose
|
||
- `docker-compose.yml` - file usato per creare il container
|
||
|
||
**N.B. Tutti i file e le cartelle devono essere creati a mano**
|
||
|
||
## Esempi
|
||
|
||
Semplice esempio per iniziare ad usare subito il container
|
||
|
||
### network
|
||
|
||
`docker`
|
||
|
||
```bash
|
||
docker network create custom-bridge
|
||
```
|
||
|
||
`podman`
|
||
|
||
```bash
|
||
podman network create custom-bridge
|
||
```
|
||
|
||
### docker-compose
|
||
|
||
`docker-compose.yml`
|
||
|
||
```yml
|
||
version: "3"
|
||
services:
|
||
dnscrypt:
|
||
container_name: dnscrypt-proxy
|
||
image: klutchell/dnscrypt-proxy
|
||
security_opt:
|
||
- no-new-privileges:true
|
||
networks:
|
||
custom-bridge:
|
||
ipv4_address: 10.0.1.2
|
||
expose:
|
||
- 5053/udp
|
||
- 5053/tcp
|
||
env_file: .env
|
||
volumes:
|
||
- ${DNSCRYPT_CONFIG:-/home/docker/pihole+dnscrypt/dnscrypt}:/config
|
||
dns:
|
||
- 185.222.222.222 # https://dns.sb/privacy/
|
||
- 45.11.11.11
|
||
restart: unless-stopped
|
||
|
||
pihole:
|
||
container_name: pihole
|
||
image: pihole/pihole
|
||
security_opt:
|
||
- no-new-privileges:true
|
||
networks:
|
||
custom-bridge:
|
||
ipv4_address: 10.0.1.3
|
||
ports:
|
||
- ${PIHOLE_DNS_PORT:-53}:53/tcp
|
||
- ${PIHOLE_DNS_PORT:-53}:53/udp
|
||
- ${PIHOLE_DHCP_PORT:-67}:67/udp
|
||
- ${PIHOLE_WEBUI_PORT:-80}:80/tcp
|
||
env_file: .env
|
||
volumes:
|
||
- ${PIHOLE_CONFIG:-/home/docker/pihole+dnscrypt/pihole}:/etc/pihole/
|
||
- ${PIHOLE_DNSMASQD:-/home/docker/pihole+dnscrypt/dnsmasq.d}:/etc/dnsmasq.d/
|
||
dns:
|
||
- 185.222.222.222 # https://dns.sb/privacy
|
||
- 45.11.11.11
|
||
cap_add:
|
||
- NET_ADMIN
|
||
restart: unless-stopped
|
||
depends_on:
|
||
- dnscrypt
|
||
|
||
networks:
|
||
custom-bridge:
|
||
name: custom-bridge
|
||
driver: bridge
|
||
ipam:
|
||
config:
|
||
- subnet: 10.0.1.0/24
|
||
```
|
||
|
||
`.env`
|
||
|
||
```bash
|
||
# Generale
|
||
PIHOLE_DNS_PORT=53
|
||
PIHOLE_DHCP_PORT=67
|
||
PIHOLE_WEBUI_PORT=80
|
||
DNSCRYPT_CONFIG=/home/docker/pihole+dnscrypt/dnscrypt
|
||
PIHOLE_CONFIG=/home/docker/pihole+dnscrypt/pihole
|
||
PIHOLE_DNSMASQD=/home/docker/pihole+dnscrypt/dnsmasq.d
|
||
TZ=Europe/Amdsterdam
|
||
|
||
# Pi-hole
|
||
WEBPASSWORD=cambiamiperfavore
|
||
DNS1: "10.0.1.2#5053"
|
||
DNS2: "no"
|
||
```
|
||
|
||
## Reverse proxy
|
||
|
||
Vedi [Todo](#Todo)
|
||
|
||
## Aggiornamento
|
||
|
||
### Automatico
|
||
|
||
Usando [watchtower](../watchtower) il container si aggiorna automaticamente
|
||
|
||
### Manuale
|
||
|
||
1. `docker-compose up -d`
|
||
2. `docker image prune`
|
||
|
||
## Backup e ripristino
|
||
|
||
### Backup
|
||
|
||
Usate [borg](../borg) per fare i backup giornalieri dell'intera cartella `pihole+dnscrypt`
|
||
|
||
### Ripristino
|
||
|
||
Per una maggiore spiegazione sui passaggi da fare, controllate [qua](../borg#user-content-controllare-la-cartella-dei-backup)
|
||
|
||
1. fermare il container `docker-compose down`
|
||
2. cancellare l'intera cartella `pihole+dnscrypt`
|
||
3. dal backup copiare la cartella `pihole+dnscrypt`
|
||
4. far ripartire il container `docker-compose up -d`
|
||
|
||
## Todo
|
||
|
||
Implementare:
|
||
|
||
- reverse proxy: **[caddy](https://caddyserver.com/)** o **[traefik](https://doc.traefik.io/traefik/)**
|
||
|
||
---
|
||
|
||
Licenza: [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt)
|