Pi Hole - network-wide ad blocking
-
@imc67 indeed. If we bundle them together, it's not a problem. Is this the "preferred" way to package pi-hole?
-
Haha, Pie Hole / Cake Hole is British for your mouth, as in; shut your pie hole
-
Haha, Pie Hole / Cake Hole is British for your mouth, as in; shut your pie hole
-
@marcusquinn
Pi-hole, not Pie hole@Hillside502 3.14159265359... hole
-
How is the progress here?
-
How is the progress here?
-
Last I checked it was quite tricky to deploy pi-hole with docker. Does anyone have experience with this style of deployment? It was really made like a "distribution"/"OS" instead of a separate app.
@girish It's pretty straightforward as far as I can tell. I've got two instances hosted via Docker on Raspberry Pis at my home.
I agree with folks above suggesting though that it'd be best to expose only to internal services and likely inside a VPN. There is probably a decent way to do this in a single app, but I wonder if there is value in creating a new way to expose particular Apps to other apps via a shared network.
This would allow exposing a Pi-Hole app that has no "public" ports to any VPN app (OpenVPN, Wireguard, etc) with an internal hostname (app name?).
-
@iamthefij So, let's say the VPN app had a way to set a custom name server and one could just edit some file and set it to the pi-hole app, would this be good enough already? Given that the OpenVPN app is custom anyway, we can even add a simple UI that allows a user to set the DNS server IP (as you say, this might be the internal host name since IP might be dynamic actually).
This seems quite doable.
-
@iamthefij So, let's say the VPN app had a way to set a custom name server and one could just edit some file and set it to the pi-hole app, would this be good enough already? Given that the OpenVPN app is custom anyway, we can even add a simple UI that allows a user to set the DNS server IP (as you say, this might be the internal host name since IP might be dynamic actually).
This seems quite doable.
@girish yea, that's pretty much all that should be required. As long as the two containers can communicate via their internal host names, it should be sufficient.
The other advantage here is that it enables you to use the DNS from a mobile phone. Otherwise whenever you switch to a new network you receive the networks DNS via DHCP.
-
I've got one up and running on a public endpoint, no sweat. I just set the server to only allow queries from my IP range, deny all by default.
-
@Mallewax said in AdGuard - Network-wide ads & trackers blocking DNS server:
Pihole plus Wireguard
Let's vote more here: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking
In short why:
WireGuard is a very fast, safe and stateless VPN, great with mobile apps to be ALWAYS CONNECTED via your own VPN & covered by the Pi-hole adfilter & security platform. Faster (mobile) connections (no more ads and bulky stuff) to your own safe VPN (no more sniffing by mobile providers or obscure VPN providers).
Need to say more
-
@girish yea, that's pretty much all that should be required. As long as the two containers can communicate via their internal host names, it should be sufficient.
The other advantage here is that it enables you to use the DNS from a mobile phone. Otherwise whenever you switch to a new network you receive the networks DNS via DHCP.
@iamthefij For OpenVPN, I started a new thread - https://forum.cloudron.io/topic/3139/openvpn-admin-ui
-
While there is network connectivity between the apps (docker's
iccis true), the apps do not know the internal IPs and thus cannot easily discover each other. We have to come up with some sort of standard hostname naming mechanism to allow easy configurability. -
Cool! Do apps already have access to each other through the bridge? Or would that need to be made possible as well?
-
Pi-Hole on Cloudron is useless IMHO for only internal "filtering".
Only in combination with a VPN like WireGuard it's a perfect combination to be online, outside of your 'safe home wifi', without sniffing of mobile providers proxies and "free open wifi", and with a kind of safetynet by Pi-Hole.
@luckow yes I do have a RaspberryPi with Wireguard AND Pi-Hole at home, but as an extra "external" backup its very welcome (and very easy) to have Pi-Hole+WireGuard in a Cloudron app.
@imc67 said in Pi Hole - network-wide ad blocking:
Only in combination with a VPN like WireGuard it's a perfect combination to be online, outside of your 'safe home wifi', without sniffing of mobile providers proxies and "free open wifi", and with a kind of safetynet by Pi-Hole.
This is a common misconception - Just because you are using a VPN does not mean you are completely safe. Sure you maybe safe from traffic sniffers at your local mcdonalds or starbucks, but a VPN that is tied to your name and a device that has other software on it like facebook, twitter, etc still makes you vulnerable to data leakage, tracking and more.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@imc67 said in Pi Hole - network-wide ad blocking:
Only in combination with a VPN like WireGuard it's a perfect combination to be online, outside of your 'safe home wifi', without sniffing of mobile providers proxies and "free open wifi", and with a kind of safetynet by Pi-Hole.
This is a common misconception - Just because you are using a VPN does not mean you are completely safe. Sure you maybe safe from traffic sniffers at your local mcdonalds or starbucks, but a VPN that is tied to your name and a device that has other software on it like facebook, twitter, etc still makes you vulnerable to data leakage, tracking and more.
@murgero Exactly that! There's a reason why not one single bank in the world has "Login with Google/Facebook/Twitter" etc.
