Skip to content

Pi-Hole+cloudflare DoH

背景

家里的网络要去广告,需要pi-hole来处理。

Pi-Hole对外请求通过cloudflare doh来加密,避免isp获取你的访问记录,保护你的隐私。

操作

部署pi-hole

dockerhub上有现成的docker-compose.yml

https://hub.docker.com/r/pihole/pihole

一些问题

ERROR: for pihole  Cannot start service pihole: driver failed programming external connectivity on endpoint pihole (fffc000d3cdb71d6bfa5dabd6ea4df4ff4ac83025282d302cbe709c4c57626e1): Error starting userland proxy: listen tcp4 0.0.0.0:53: bind: address already in use
ERROR: Encountered errors while bringing up the project.

需要停用自带的systemd-resolved服务

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

增加cloudflare doh

最终配置如下。

version: "3"
services:
  cloudflared:
    container_name: cloudflared
    image: visibilityspots/cloudflared
    restart: unless-stopped
    networks:
      pihole_net:
        ipv4_address: 10.0.0.2
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
    environment:
      - DNS1=10.0.0.2#5054
      - DNS2=8.8.8.8#53
      - IPv6=false
      - TZ=Asia/Shanghai
      - WEBPASSWORD=你的密码
      - PIHOLELOG=/dev/null
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    extra_hosts:
      - "gateway.lan:192.168.50.192"
      - "router.lan:192.168.50.1"
    networks:
      pihole_net:
        ipv4_address: 10.0.0.3
    dns:
      - 127.0.0.1
      - 1.1.1.1
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
networks:
  pihole_net:
    driver: bridge
    ipam:
     config:
       - subnet: 10.0.0.0/29

碰到的问题

Temporary failure in name resolution

ERROR: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io: Temporary failure in name resolution

/etc/resolve.conf 中添加dns配置即可

nameserver 8.8.8.8
nameserver 127.0.0.53
options edns0 trust-ad
Published inpve

Be First to Comment

Leave a Reply

Your email address will not be published.