When surfing over the web, you may be pestered with pop-up ads when reading articles. It is possible to block them by installing centralized ads and trackers blocking solution known as Pi-hole.
Pi-hole is open-source software available for Linux operation systems. Its main function is to block tracking and adverts running on your website, application, or product. Advertisements generate revenue for most online websites including ours, but with the growing fractions of flawed advertising, many people tend o use AdBlockers and integrate them with their browsers.
With Pi-hole, one can set up an internal DNS server that routes all the network traffic. By doing so, the desired filters can be made across the network and annoying ads segregated.
The cool features brought by Pi-hole are:
- Lightweight: It is able to run on minimal hardware and software requirements
- Robust: with a command-line interface that is quality assured for interoperability
- Versatile: it can optionally be used as a DHCP server, ensuring all your devices are protected automatically
- Scalable: it has the ability to handle hundreds of millions of queries when installed on server-grade hardware
- Modern: it blocks ads over both IPv4 and IPv6
- Easy-to-install: the installation process takes less than ten minutes
- Responsive: It seamlessly speeds up the feel of everyday browsing by caching DNS queries
- Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
Install Pi-hole on Linux
Pi-hole can be installed quickly using the automated script below:
curl -sSL https://install.pi-hole.net | bash
There are other methods such as cloning the repo:
git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
cd "Pi-hole/automated install/"
sudo bash basic-install.sh
Or manually download the installer:
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh
The method covered here is by using Docker containers. The steps below can be used to run the Pi-hole ad blocking software in Docker Containers:
Step 1 – Install Docker on Linux
The first step is to ensure that you have Docker installed on your system. If not, use the guide below to achieve this:
Start and enable docker
sudo systemctl start docker && sudo systemctl enable docker
Add your system user to the docker group:
sudo usermod -aG docker $USER
newgrp docker
Check the installed docker version.
$ docker -v
Docker version 20.10.17, build 100c701
You can also install docker-compose using the aid in the guide below:
Step 2 – Create Persistent storage volumes
When setting up Pi-hole, it is recommended that you create two docker volumes, one for Pi-hole and the other for dnsmasq
Accomplish that using the commands:
docker volume create pihole_app
docker volume create dns_config
Check the created volumes:
$ docker volume ls
DRIVER VOLUME NAME
local dns_config
local pihole_app
Step 3 – Run Pi-hole in Docker Container
Begin by disabling the system-resolved service running on port 53.
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
Now Pi-hole can be run using the following command with environment variables declared:
sudo docker run -d \
--name pihole \
-p 53:53/tcp \
-p 53:53/udp \
-p 67:67 -p 80:80 \
-p 443:443 \
-e TZ="Africa/Nairobi" \
-e WEBPASSWORD=password \
--dns=1.1.1.1 \
--dns=127.0.0.1 \
--restart=unless-stopped \
--hostname pi.hole \
-v pihole_app:/etc/pihole/ \
-v dns_config:/etc/dnsmasq.d/ \
pihole/pihole:latest
Just to explain the above variables:
- Name pihole – Names the container to pihole.
- TZ = “Africa/Nairobi” – Specifies the time zone.
- -p – Releases ports 53 (DNS), 67 (DHCP), 80 (Webadmin), 443 (HTTPS Webadmin) on the host system.
- DNS = 127.0.0.1 – Specifies a forced DNS server for the container. In this case the container pi-hole itself.
- -e WEBPASSWORD=password – sets a password for the Pi-hole interface.
- -e ServerIP = “127.0.0.1 ″- Defines the LAN IP address for the Web and Lighttpd modules.
It is possible to run the above container using docker-compose. First, create the YAML file.
vim docker-compose.yml
Add the below lines to the container, replacing where required:
version: "3"
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
TZ: 'Africa/Nairobi'
WEBPASSWORD: 'password'
volumes:
- './pihole_app:/etc/pihole'
- './dns_config:/etc/dnsmasq.d'
dns:
- 127.0.0.1
- 1.1.1.1
cap_add:
- NET_ADMIN
restart: unless-stopped
Run the container with the command:
docker-compose up -d
Verify if the container is running:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0e8bfc3e2a4 pihole/pihole:latest "/s6-init" 4 seconds ago Up 3 seconds (health: starting) 0.0.0.0:53->53/tcp, :::53->53/tcp, 0.0.0.0:67->67/tcp, :::67->67/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:53->53/udp, :::443->443/tcp, :::53->53/udp, 67/udp pihole
Step 4 – Access the Pi-hole Dashboard Web Interface
At this time the, Pi-hole web interface is available on port 80 and can be accessed with the URL http://IP_address/admin or http://domain_name/admin
Login using the created password and proceed to access the dashboard.
Now on this dashboard, there are several activities one needs to perform. They include:
1. Set DNS in router or PC to block ads
For Pi-hole to act as a DNS server for your network, you need to supply the IP Address of the Pi-hole server as the DNS of all systems.
There are two methods how to achieve this:
Home Network-Wide Blocking via Router Settings
This can be done by navigating to your router network settings. This hasn’t been covered since routers differ in models. But you can get a specific way to achieve that online.
Configuring a Single Device’s DNS
Alternatively, you can configure the DNS manually on each system. For example on
Linux
On Windows:
Open Adapter properties.
Provide the IP Address of the Pi-hole server.
You can also make the same configuration on a mobile phone.
2. Block or unblock Websites via Pi-hole Dashboard
The easiest method to block or unblock a site is by using the blacklist feature. For example, you want to block adult sites, social media e.t.c for kids or office use.
To Whitelist a site, navigate to the Whitelist option and select “Add Domain as Wildcard”. Provide the URL of the site and add it.
To block a site, proceed to the blacklist tab then provide the name of the site and click Add to Blacklist
3. Disable Ad-block for a Given period of time
From the dashboard, you can disable the Ad-block features for a specific time. This can be done by navigating to disable
4. Update list of blocked domains(Gravity)
By default, Pi-hole comes with a list of blocked sites/ads provided in the Gravity database. With time the list starts creating junk by when domains are added. This feature will flush the database. This can be done from the command line with the command:
docker exec -it pihole /bin/bash
pihole -g
From the web, you can still perform the action under Settings -> Update Gravity
Step 5 – Manage the Pi-hole Container
The Pi-hole container can be configured to start automatically on system boot by creating a systemd file as shown.
sudo vim /etc/systemd/system/Pi-hole_container.service
Add the lines below to the file:
[Unit]
Description=Pi-hole container
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a pihole
ExecStop=/usr/bin/docker stop -t 2 pihole
[Install]
WantedBy=local.target
Save the file and reload daemons:
sudo systemctl daemon-reload
The container can be restarted, stopped, and enabled just like any other systemd service:
sudo systemctl start Pi-hole_container
sudo systemctl enable Pi-hole_container
Check the status of the service:
$ systemctl status Pi-hole_container
● Pi-hole_container.service - Pi-hole container
Loaded: loaded (/etc/systemd/system/Pi-hole_container.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2022-06-12 14:45:04 UTC; 3s ago
Main PID: 73206 (docker)
Tasks: 5 (limit: 4607)
Memory: 17.2M
CGroup: /system.slice/Pi-hole_container.service
└─73206 /usr/bin/docker start -a pihole
Jun 12 14:45:05 ubuntu docker[73206]: AdminLTE version is v5.12 (Latest: v5.12)
Jun 12 14:45:05 ubuntu docker[73206]: FTL version is v5.15 (Latest: v5.15)
Jun 12 14:45:05 ubuntu docker[73206]: Container tag is: 2022.05
Jun 12 14:45:05 ubuntu docker[73206]: [cont-init.d] 20-start.sh: exited 0.
Jun 12 14:45:05 ubuntu docker[73206]: [cont-init.d] done.
Final Thoughts
This tutorial has provided the required steps on how to run Pi-hole ad blocking software in Docker Container. Now perform your desired blocking. I hope this was significant.
Related: