From 798c0e606ff15427752a8047c8ac409fb562121f Mon Sep 17 00:00:00 2001 From: William Trelawny Date: Mon, 5 Sep 2022 09:57:54 -0400 Subject: [PATCH] init commit of Pi-hole behind Caddy example - Single docker compose file to spin up a Caddy and a Pi-hole container - I put plenty of comments in compose file for user ref. Looks kinda messy but I figured the more info the better and they can cull out what they dont need. - DHCP server is disabled by default in Pi-hole so I disabled the port binding and NET_ADMIN capability by default as well, with brief instructions and refs included. - Caddy docker compose example ref: https://hub.docker.com/_/caddy - Pi-hole Caddy config ref: https://docs.pi-hole.net/guides/webserver/caddy/ Signed-off-by: William Trelawny --- examples/Caddyfile | 5 ++ examples/docker-compose-caddy-proxy.yml | 66 +++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 examples/Caddyfile create mode 100644 examples/docker-compose-caddy-proxy.yml diff --git a/examples/Caddyfile b/examples/Caddyfile new file mode 100644 index 0000000..ee78ebf --- /dev/null +++ b/examples/Caddyfile @@ -0,0 +1,5 @@ +pihole-dev.lab { + tls internal + redir / /admin + reverse_proxy pihole:8081 +} diff --git a/examples/docker-compose-caddy-proxy.yml b/examples/docker-compose-caddy-proxy.yml new file mode 100644 index 0000000..a1c224f --- /dev/null +++ b/examples/docker-compose-caddy-proxy.yml @@ -0,0 +1,66 @@ +version: "3" + +services: + + # Caddy example derived from Caddy's own example at https://hub.docker.com/_/caddy + caddy: + container_name: caddy + image: caddy:latest + networks: + - caddy-net # Network exclusively for Caddy-proxied containers + restart: unless-stopped + ports: + - "80:80" + - "443:443" + - "443:443/udp" # QUIC protocol support: https://www.chromium.org/quic/ + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile # config file on host in same directory as docker-compose.yml for easy editing. + #- $PWD/site:/srv # Only use if you are serving a website behind caddy + - caddy_data:/data # Use docker volumes here bc no need to access these files from host + - caddy_config:/config # Use docker volumes here bc no need to access these files from host + + + # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ + pihole: + depends_on: + - caddy + container_name: pihole + #dns: # Optional. Specify desired upstream DNS servers here. + # - 127.0.0.1 + # - 9.9.9.9 + # - 149.112.112.112 + image: pihole/pihole:latest + networks: + - caddy-net # Need to plug into caddy net to access proxy + ports: + - "8081/tcp" # Pi-hole web admin interface, proxied through Caddy (configure port in Caddyfile) + # Following are NOT proxied through Caddy, bound to host net instead: + - "53:53/udp" + - "53:53/tcp" + - "853:853/tcp" # DNS-over-TLS + #- "67:67/udp" # DHCP, if desired. If not bound to host net you need an mDNS proxy service configured somewhere on host net. + # ref: https://docs.pi-hole.net/docker/DHCP/ + environment: + TZ: 'America/New_York' # Supported TZ database names: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations + WEBPASSWORD: 'password' # Only used on first boot, change with pihole cli then comment out here. + volumes: + - './etc-pihole:/etc/pihole' + - './etc-dnsmasq.d:/etc/dnsmasq.d' + - './etc-lighttpd/external.conf:/etc/lighttpd/external.conf' # Recommend leave as bind mount for easier editing. + # ref for why you may need to change this file: https://docs.pi-hole.net/guides/webserver/caddy/#modifying-lighttpd-configuration + #cap_add: # Uncomment if using Pi-hole as DHCP server + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + #- NET_ADMIN # ONLY required if you are using Pi-hole as your DHCP server, else remove for better security + restart: unless-stopped + +# ref: https://hub.docker.com/_/caddy +networks: + caddy-net: + driver: bridge + name: caddy-net + +# ref: https://hub.docker.com/_/caddy +volumes: + caddy_data: + external: true # May need to create volume with 'docker volume create caddy_data' + caddy_config: