Pi-hole Howto (1)

This howto is based on the following documentation:

Docker Pi-hole [EN] @ GitHub
Enabling HTTPS for your Pi-hole Web Interface [EN] @ Pi-hole Forum

Requirements

Podman installation (See Howto "Podman on Fedora")

Installation

[Server Shell]: Edit the setup script

~/dev/podman/pihole.sh

[Server Shell]: Run the script

~/dev/podman/pihole.sh

Update

NOTE:

This procedure updates all containers on the current system which are configured with an io.containers.autoupdate label.

[Server Shell]: Check if any image has been updated, if present, download the new image and restart the container

sudo podman auto-update

[Server Shell]: Delete unused images

sudo podman image prune

Configuration

[Server Shell]: Log in into the container using Bash

sudo podman exec --interactive --tty 'pihole-main' '/bin/bash'

[Container Shell]: Change the WebGUI password

pihole -a -p

[Server Shell]: Edit the lighttpd configuration file to enable HTTPS

/var/lib/containers/volumes/pihole/etc-lighttpd/external.conf

[Server Shell]: Log in into the container using Bash

sudo podman exec --interactive --tty 'pihole-main' '/bin/bash'

[Container Shell]: Test the lighttpd configuration

lighttpd -f '/etc/lighttpd/lighttpd.conf' -tt

[Server Shell]: Restart the container to activate the changed lighttpd configuration

sudo systemctl restart 'container-pihole-main.service'

[Pi-hole WebGUI]: Add additional URL lists to the Adlists (Menu: Group Management => Adlists)

http://sysctl.org/cameleon/hosts
https://raw.githubusercontent.com/blocklistproject/Lists/master/abuse.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/crypto.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/fraud.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/malware.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/phishing.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/piracy.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/ransomware.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/redirect.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/scam.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/tracking.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt

Test

[Server Shell]: Verify if the pod is running

sudo podman pod ps

Output:

POD ID        NAME        STATUS      CREATED       INFRA ID      # OF CONTAINERS
6b977c5d1059  pihole      Running     20 hours ago  fe14f36b325d  2

[Server Shell]: Verify if the containers are running

sudo podman ps --pod

Output:

fe14f36b325d  k8s.gcr.io/pause:3.5              20 hours ago  Up 20 hours ago  0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp                  6b977c5d1059-infra  6b977c5d1059  pihole
f6f7632bfa75  docker.io/pihole/pihole:latest    20 hours ago  Up 20 hours ago  0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp                  pihole-main         6b977c5d1059  pihole

[Server Shell]: Check the container logs

sudo podman logs --follow 'pihole-main'

[Server Shell]: Verify if ports are open

sudo lsof -i ':53,80,443' -n -P

Output:

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
conmon  72942 root    5u  IPv4 357547      0t0  TCP *:53 (LISTEN)
conmon  72942 root    6u  IPv4 357548      0t0  UDP *:53
conmon  72942 root    7u  IPv4 357549      0t0  TCP *:80 (LISTEN)
conmon  72942 root    8u  IPv4 357550      0t0  TCP *:443 (LISTEN)

[Client Shell]: Resolve FQDN

dig '@arsenic.raysoft.loc' 'raysoft.ch' +short

Output:

217.26.53.37

[Client Shell]: Open the WebGUI

open 'http://arsenic.raysoft.loc/'