Pi Hole - network-wide ad blocking
@girish It's pretty straightforward as far as I can tell. I've got two instances hosted via Docker on Raspberry Pis at my home.
I agree with folks above suggesting though that it'd be best to expose only to internal services and likely inside a VPN. There is probably a decent way to do this in a single app, but I wonder if there is value in creating a new way to expose particular Apps to other apps via a shared network.
This would allow exposing a Pi-Hole app that has no "public" ports to any VPN app (OpenVPN, Wireguard, etc) with an internal hostname (app name?).
@iamthefij So, let's say the VPN app had a way to set a custom name server and one could just edit some file and set it to the pi-hole app, would this be good enough already? Given that the OpenVPN app is custom anyway, we can even add a simple UI that allows a user to set the DNS server IP (as you say, this might be the internal host name since IP might be dynamic actually).
This seems quite doable.
doodlemania2 last edited by
I've got one up and running on a public endpoint, no sweat. I just set the server to only allow queries from my IP range, deny all by default.
@girish yea, that's pretty much all that should be required. As long as the two containers can communicate via their internal host names, it should be sufficient.
The other advantage here is that it enables you to use the DNS from a mobile phone. Otherwise whenever you switch to a new network you receive the networks DNS via DHCP.
@doodlemania2 I'm not sure exactly what you've configured, but many folks do not have static IP addresses to do this with. Not only does my home network frequently change IP addresses, but my mobile network does as well.
imc67 last edited by
Pihole plus Wireguard
Let's vote more here: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking
In short why:
WireGuard is a very fast, safe and stateless VPN, great with mobile apps to be ALWAYS CONNECTED via your own VPN & covered by the Pi-hole adfilter & security platform. Faster (mobile) connections (no more ads and bulky stuff) to your own safe VPN (no more sniffing by mobile providers or obscure VPN providers).
Need to say more
@iamthefij For OpenVPN, I started a new thread - https://forum.cloudron.io/topic/3139/openvpn-admin-ui
Cool! Do apps already have access to each other through the bridge? Or would that need to be made possible as well?
While there is network connectivity between the apps (docker's
iccis true), the apps do not know the internal IPs and thus cannot easily discover each other. We have to come up with some sort of standard hostname naming mechanism to allow easy configurability.
yusf last edited by yusf
Being able to host Cloudron behind Wireguard in a way where apps would only be accessed through WG would be a nice feature for security-demanding deployments.
Edit: Sorry, wrong thread.