Pi Hole - network-wide ad blocking

hiyukoim

Upvoted! I'd love to see Pi-hole on Cloudron.

Marta Hernández

I love getting to know more about Pi Hole: blocking ads throughout the network, it is very useful for me that I am starting in this. Thank you

imc67

@hiyukoim this is only possible/safe behind a VPN server like OpenVPN or even better WireGuard. I would really like to see an app with Pi-Hole and WireGuard.

luckow

Sorry to ask. I don't understand the use case. Why do you need Pi-hole on Cloudron?
For your local network and 53 portforward?
For (potential) ads/bugs inside apps from the appstore?
For your local network with a local Cloudron instance?
???

yusf

@luckow said in Pi Hole - network-wide ad blocking:

For your local network with a local Cloudron instance?

I think this, as I’ve read about several home-hosters.

luckow

@yusf Ok. That makes sense. (but it's not my use case)

girish

We can also use it on a VPS and point the DNS to the VPS. Sure, dns queries are a bit slower but maybe websites load faster because of the ad block

luckow

@girish yep. Perfectly understandable. But a raspberry pi costs $50, and you can install your smarthome system (e.g. homeassistant or openHAB.) on the same pi. And then it runs on your local network. I'm just thinking.

imc67

Pi-Hole on Cloudron is useless IMHO for only internal "filtering".

Only in combination with a VPN like WireGuard it's a perfect combination to be online, outside of your 'safe home wifi', without sniffing of mobile providers proxies and "free open wifi", and with a kind of safetynet by Pi-Hole.

@luckow yes I do have a RaspberryPi with Wireguard AND Pi-Hole at home, but as an extra "external" backup its very welcome (and very easy) to have Pi-Hole+WireGuard in a Cloudron app.

doodlemania2

Actually, one could do this (if you know what you're doing) by offering the pihole externally. In order to be safe, you would want to make sure to whitelist ONLY the IPs coming in to connect to it you intend to allow, otherwise you open your self up to DNS hijacking. I do this now by exposing a pihole on Azure that only my home router can connect to. Works great. FWIW, I took a look at packaging pihole the other day, cause of my use case. It looks...possible, but there are a LOT of moving parts and it really wants some pretty low level access, so, challenges will persist.

savity

looking really forward for PI-Hole and Wireguard really

Mallewax

@imc67 @doodlemania2 Right now I am using this setup on a separate, cloud hosted VM. Wireguard and Pihole, configured so that the system can only be accessed over VPN, not by external parties. Works beautifully and would be so cool, if this was working on Cloudron.

https://www.sethenoka.com/build-your-own-wireguard-vpn-server-with-pi-hole-for-dns-level-ad-blocking/

Excellent idea and request. Thanks for bringing this up.

girish

Currently, what is holding back pi-hole is a couple of Cloudron limitations:

• Cloudron reserves port 53 (dns) on the server. Have to fix unbound to listen only on internal interfaces (we listen on 0.0.0.0 and rely on firewall and access control policies to block requests).

• Some IP based firewall as @savity has been requesting in another thread. This is required to block requests to pi-hole to just your machines/network.

imc67

@girish you don't have these issues if you combine with Wireguard.

girish

@imc67 indeed. If we bundle them together, it's not a problem. Is this the "preferred" way to package pi-hole?

savity

yeah i mean it would be for me i would never create pihole acessable for others its for private reasons vpn+pihole. So pihole would be listening, lets say on 10.9.0.0

Maybe in the future the idea could to configure other apps only availaie in the same VPN Network

Mallewax

@girish @imc67 Same here, I think the combination is awesome and makes a lot of sense. PLEASE, PLEASE...Yes...:-)

savity

@Mallewax i think this would lead also to new people using cloudron

Mallewax

@savity couldn’t agree more. For me it would be a killer feature. And would make for a nice campaign on Twitter, Reddit et. all. Just look how many people google this and try to establish it manually....this is a mainstream feature, that would be appreciated by the entire user base, much more than specific applications that appeal only to certain users.... my opinion

imc67

@girish definately!