Pi Hole - network-wide ad blocking
-
Haha, Pie Hole / Cake Hole is British for your mouth, as in; shut your pie hole
-
@marcusquinn
Pi-hole, not Pie hole -
@Hillside502 3.14159265359... hole
-
Last I checked it was quite tricky to deploy pi-hole with docker. Does anyone have experience with this style of deployment? It was really made like a "distribution"/"OS" instead of a separate app.
-
@girish It's pretty straightforward as far as I can tell. I've got two instances hosted via Docker on Raspberry Pis at my home.
I agree with folks above suggesting though that it'd be best to expose only to internal services and likely inside a VPN. There is probably a decent way to do this in a single app, but I wonder if there is value in creating a new way to expose particular Apps to other apps via a shared network.
This would allow exposing a Pi-Hole app that has no "public" ports to any VPN app (OpenVPN, Wireguard, etc) with an internal hostname (app name?).
-
@iamthefij So, let's say the VPN app had a way to set a custom name server and one could just edit some file and set it to the pi-hole app, would this be good enough already? Given that the OpenVPN app is custom anyway, we can even add a simple UI that allows a user to set the DNS server IP (as you say, this might be the internal host name since IP might be dynamic actually).
This seems quite doable.
-
I've got one up and running on a public endpoint, no sweat. I just set the server to only allow queries from my IP range, deny all by default.
-
@girish yea, that's pretty much all that should be required. As long as the two containers can communicate via their internal host names, it should be sufficient.
The other advantage here is that it enables you to use the DNS from a mobile phone. Otherwise whenever you switch to a new network you receive the networks DNS via DHCP.
-
@doodlemania2 I'm not sure exactly what you've configured, but many folks do not have static IP addresses to do this with. Not only does my home network frequently change IP addresses, but my mobile network does as well.
-
@Mallewax said in AdGuard - Network-wide ads & trackers blocking DNS server:
Pihole plus Wireguard
Let's vote more here: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking
In short why:
WireGuard is a very fast, safe and stateless VPN, great with mobile apps to be ALWAYS CONNECTED via your own VPN & covered by the Pi-hole adfilter & security platform. Faster (mobile) connections (no more ads and bulky stuff) to your own safe VPN (no more sniffing by mobile providers or obscure VPN providers).
Need to say more
-
@iamthefij For OpenVPN, I started a new thread - https://forum.cloudron.io/topic/3139/openvpn-admin-ui
-
While there is network connectivity between the apps (docker's
icc
is true), the apps do not know the internal IPs and thus cannot easily discover each other. We have to come up with some sort of standard hostname naming mechanism to allow easy configurability. -
@imc67 said in Pi Hole - network-wide ad blocking:
Only in combination with a VPN like WireGuard it's a perfect combination to be online, outside of your 'safe home wifi', without sniffing of mobile providers proxies and "free open wifi", and with a kind of safetynet by Pi-Hole.
This is a common misconception - Just because you are using a VPN does not mean you are completely safe. Sure you maybe safe from traffic sniffers at your local mcdonalds or starbucks, but a VPN that is tied to your name and a device that has other software on it like facebook, twitter, etc still makes you vulnerable to data leakage, tracking and more.