Solved AdGuard - Network-wide ads & trackers blocking DNS server
-
-
Interesting, didn't know you could self-host this. Highly rated.
-
@marcusquinn yes, I was pleasently surprised that this can be selfhosted. The github page has a comparison to pihole as well.
-
I currently use https://ublockorigin.com/ - seemed to be the best of the bunch when I researched and works pretty well but there's still a level of trust needed with that.
It's a long road moving things bit-by-bit to be self-hosted, even for a techie, but happy to keep moving in the direction.
Social logins, website javascripts and browser extensions are all effectively trojans really, so it's quite a challenge to completely decouple from the user data scrapers but certainly the right direction having watched what the alternatives have been up to over the years.
We're not here for a long time - but we are here for a good time :)
Jersey/UK
Work & Ecommerce Advice: https://brandlight.org
Personal & Software Tips: https://marcusquinn.com -
@marcusquinn said in AdGuard - Network-wide ads & trackers blocking DNS server:
I currently use Ublock.org - seemed to be the best of the bunch when I researched and works pretty well but there's still a level of trust needed with that.
It's a long road moving things bit-by-bit to be self-hosted, even for a techie, but happy to keep moving in the direction.
Social logins, website javascripts and browser extensions are all effectively trojans really, so it's quite a challenge to completely decouple from the user data scrapers but certainly the right direction having watched what the alternatives have been up to over the years.
I would recommend the open uBlock Origin. From https://en.wikipedia.org/wiki/UBlock_Origin?wprov=sfti1:
The uBlock project official repository was transferred to Chris Aljoudi by original developer Raymond Hill in April 2015, due to frustration of dealing with requests. However Hill immediately self-forked it and continued the effort there. This version was later renamed uBlock Origin and it has been completely divorced from Aljoudi's uBlock. Aljoudi created ublock.org to host and promote uBlock and to request donations. In response, uBlock's founder Raymond Hill stated that "the donations sought by ublock.org are not benefiting any of those who contributed most to create uBlock Origin." The development of uBlock stopped in August 2015 and it has been sporadically updated since January 2017. In July 2018, uBlock.org was acquired by AdBlock and since February 2019 began allowing "Acceptable Ads", a program run by Adblock Plus that allows some ads which are deemed "acceptable", and for which the larger publishers pay a fee.
-
I used Pi-hole for already a long time without any problems and great results. Though the responses on AdGuard were also positive so I gave it a try. Within 24 hours my home network was down, couldn't find the reason so switched back immediately to Pi-hole and everything is ok again!
So, I personally prefer Pi-hole (not in the least because AdGuard is a Russian company) but would really like to see it in 1 app with WireGuard.
This is already for a long time on the Wishlist and in the top 3 of most liked: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking
-
@necrevistonnezr Interesting! Yeah I have uBlock Origin but that is a sneaky move on that URL, I'll updated to avoid people getting to the wrong extensions.
-
Interesting !
-
@imc67 @girish Yep, couldn't agree more and am repeating myself. Pihole plus Wireguard would be a killer combination and I bet, so many more users, who don't even know what they are missing would start using it.
-
@Mallewax said in AdGuard - Network-wide ads & trackers blocking DNS server:
Pihole plus Wireguard
Let's vote more here: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking
In short why:
WireGuard is a very fast, safe and stateless VPN, great with mobile apps to be ALWAYS CONNECTED via your own VPN & covered by the Pi-hole adfilter & security platform. Faster (mobile) connections (no more ads and bulky stuff) to your own safe VPN (no more sniffing by mobile providers or obscure VPN providers).
Need to say more
-
Just leaving a note here: I did give pi-hole a try but it was really hard to package from source easily. I managed to package AdGuard easily instead. Some reviews here https://home-assistant-guide.com/2020/09/26/adguard-home-vs-pi-hole-2020-two-ad-and-internet-tracker-blockers-compared/ and https://mariushosting.com/synology-adguard-vs-pi-hole/ .
It requires some support from the platform so there is no unstable package published, depending on time we might add it to Cloudron 6 (or the release after).
-
AdGuard Home is ready
https://git.cloudron.io/cloudron/adguard-home-appThis requires features in Cloudron 6, so I will wait until I make the announcement.
-
@girish How do you handle the port exposure ? Like, if you install this on a publicly accessible IP, not behind a LAN, anybody could access the DNS server ?
-
@mehdi Yes, currently anyone can access it. I think we have to add some sort of firewall feature in the future to limit access to apps by IP in a future release.
-
@girish I strongly second this firewall proposal
-
@mehdi I wasn't sure if it's worth the effort because most VPS providers these days have a firewall in their control panel (which is better than iptables since packets won't even hit the VM now and will get stopped at the cloud provider's edge).
-
@girish adguard itself actually also has a whitelist feature for ips it will reply to. But that would even be one level further down from the effectiveness of iptables.
-
@fbartels you are right! It's under DNS setings.
-
@girish afaik all settings are stored in an ini file. Maybe it could be auto setup only for the internal network towards the app containers?
-
@fbartels 2nd this!
-
@girish said in AdGuard - Network-wide ads & trackers blocking DNS server:
@mehdi I wasn't sure if it's worth the effort because most VPS providers these days have a firewall in their control panel (which is better than iptables since packets won't even hit the VM now and will get stopped at the cloud provider's edge).
Don't forget us bedroom server adminstrators...
-
Nor us bare-metal people!
-
I'm a big fan of the "belt-and-suspenders" approach to firewalls locally and out in the magical ingress/networking land. Never a bad thing to have more controls or choices over where to manage/place certain controls. Portability is a big thing too, and a lot of the cloud provider firewalls are rather bespoke, with a wide range (or lack) of features.
-
@necrevistonnezr @mehdi Haha, innuendo bingo! Only a matter of time before Only Fans stars start using Cloudron to avoid de-platforming issues and cut-out the middle-men.
