Pi Hole - network-wide ad blocking
necrevistonnezr last edited by necrevistonnezr
Especially interesting for on-premises Cloudrons
- Network-wide ad blocking via your own Linux hardware
- Block Over 100,000 Ad-serving Domains: Known ad-serving domains are pulled from third party sources and compiled into one list.
- Block Advertisements On Any Device: Network-level blocking you to block ads in non-traditional placed such as mobile apps and smart TVs, regardless of hardware or OS.
- Improve Overall Network Performance: Since ads are blocked before they are downloaded, your network will perform better.
- Reduce Cellular Data Usage: Pair your Pi-hole with a VPN for on-the-go ad-blocking and save on data costs.
- Monitor Performance And Statistics: The Web interface shows how many ads were blocked, a query log, and more.
- API: Utilize Pi-hole’s API in your scripting or programing projects.
Docker image: https://hub.docker.com/r/diginc/pi-hole/
Pi-Hole on Docker how-to: https://dxpetti.com/blog/2018/running-pi-hole-on-docker/ (part 1) and https://dxpetti.com/blog/2018/keeping-your-pi-hole-container-fresh-with-cron/ (part 2)
Looks like this can be easily packaged as an app once we have UDP support in Cloudron. https://git.cloudron.io/cloudron/box/issues/504
Should ideally provide an option to limit access to the local network only. I wonder if this would entail changes to
Hillside502 last edited by
For "Pi Hole" read "Pi-hole"
necrevistonnezr last edited by
This is easy to get on Cloudron indeed. Two outstanding issues are:
- Cloudron currently does not allow apps to use port < 1024. DNS requires port 53. This is fixable, I guess.
- Exposing Pi-Hole on port 53 would mean, anyone can access it, not just you. DNS has no auth mechanism afaik. So, I can start using your Pi-Hole server as well as the DNS. Not sure if that is good/bad. Maybe with some firewall rules we can make it so that it is IP locked.
@girish Would be nice to either have the possibility of keeping it open, or (my preferred option) to be able to add IP rules for oneself (ie. add rules so I can choose IPs/IP-ranges that could access this Pi-Hol).
imc67 last edited by imc67
@girish it would be great to have Pi-hole in Cloudron and I agree with you it should be save so it would be great to have it together with WireGuard.
Is it possible to make a Cloudron-app with Pi-hole in VPN so you can make use of it anywhere AND safe!?
hiyukoim last edited by
Upvoted! I'd love to see Pi-hole on Cloudron.
I love getting to know more about Pi Hole: blocking ads throughout the network, it is very useful for me that I am starting in this. Thank you
imc67 last edited by
@hiyukoim this is only possible/safe behind a VPN server like OpenVPN or even better WireGuard. I would really like to see an app with Pi-Hole and WireGuard.
Sorry to ask. I don't understand the use case. Why do you need Pi-hole on Cloudron?
For your local network and 53 portforward?
For (potential) ads/bugs inside apps from the appstore?
For your local network with a local Cloudron instance?
yusf last edited by yusf
@yusf Ok. That makes sense. (but it's not my use case)
We can also use it on a VPS and point the DNS to the VPS. Sure, dns queries are a bit slower but maybe websites load faster because of the ad block
@girish yep. Perfectly understandable. But a raspberry pi costs $50, and you can install your smarthome system (e.g. homeassistant or openHAB.) on the same pi. And then it runs on your local network. I'm just thinking.
imc67 last edited by imc67
Pi-Hole on Cloudron is useless IMHO for only internal "filtering".
Only in combination with a VPN like WireGuard it's a perfect combination to be online, outside of your 'safe home wifi', without sniffing of mobile providers proxies and "free open wifi", and with a kind of safetynet by Pi-Hole.
@luckow yes I do have a RaspberryPi with Wireguard AND Pi-Hole at home, but as an extra "external" backup its very welcome (and very easy) to have Pi-Hole+WireGuard in a Cloudron app.
Actually, one could do this (if you know what you're doing) by offering the pihole externally. In order to be safe, you would want to make sure to whitelist ONLY the IPs coming in to connect to it you intend to allow, otherwise you open your self up to DNS hijacking. I do this now by exposing a pihole on Azure that only my home router can connect to. Works great. FWIW, I took a look at packaging pihole the other day, cause of my use case. It looks...possible, but there are a LOT of moving parts and it really wants some pretty low level access, so, challenges will persist.
looking really forward for PI-Hole and Wireguard really
Mallewax last edited by Mallewax
@imc67 @doodlemania2 Right now I am using this setup on a separate, cloud hosted VM. Wireguard and Pihole, configured so that the system can only be accessed over VPN, not by external parties. Works beautifully and would be so cool, if this was working on Cloudron.
Excellent idea and request. Thanks for bringing this up.