Merge branch 'dev' of https://github.com/AlexandreRatte/docker-pi-hole into Issue_778
Signed-off-by: Alexandre Ratte <alexandre.ratte@gmail.com>
This commit is contained in:
commit
2484c9ced2
|
@ -9,7 +9,8 @@ ENV S6OVERLAY_RELEASE "https://github.com/just-containers/s6-overlay/releases/do
|
|||
|
||||
COPY install.sh /usr/local/bin/install.sh
|
||||
COPY VERSION /etc/docker-pi-hole-version
|
||||
ENV PIHOLE_INSTALL /root/ph_install.sh
|
||||
COPY VERSIONS /etc/pi-hole-versions
|
||||
ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh
|
||||
|
||||
RUN bash -ex install.sh 2>&1 && \
|
||||
rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
|
||||
|
|
|
@ -37,6 +37,7 @@ services:
|
|||
restart: unless-stopped
|
||||
```
|
||||
2. Run `docker-compose up --detach` to build and start pi-hole
|
||||
3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting
|
||||
|
||||
[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh).
|
||||
|
||||
|
@ -108,6 +109,7 @@ There are other environment variables if you want to customize various things in
|
|||
| `INTERFACE: <NIC>`<br/> *Advanced/Optional* | The default works fine with our basic example docker run commands. If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
|
||||
| `DNSMASQ_LISTENING: <local\|all\|single>`<br/> *Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified.
|
||||
| `WEB_PORT: <PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
|
||||
| `CUSTOM_CACHE_SIZE: <size>`<br/> *Advanced/Optional: Default: '10000'* | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored.
|
||||
| `DNSMASQ_USER: <pihole\|root>`<br/> *Experimental Default: root* | Allows running FTLDNS as non-root.
|
||||
| `TEMPERATUREUNIT`: <c\|k\|f><br/>*Optional Default: c* | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
|
||||
| `WEBUIBOXEDLAYOUT: <boxed\|traditional>`<br/>*Optional Default: boxed* | Use boxed layout (helpful when working on large screens)
|
||||
|
@ -161,6 +163,7 @@ Here is a rundown of other arguments for your docker-compose / docker run.
|
|||
* Ubuntu users see below for more detailed information
|
||||
* You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port.
|
||||
* [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port. Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container. Please read jwilder/proxy readme for more info if you have trouble.
|
||||
* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins".
|
||||
|
||||
### Installing on Ubuntu
|
||||
Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
CORE_VERSION=v5.3.1
|
||||
WEB_VERSION=v5.5
|
||||
FTL_VERSION=v5.8.1
|
|
@ -13,7 +13,7 @@ fix_capabilities() {
|
|||
|
||||
prepare_configs() {
|
||||
# Done in /start.sh, don't do twice
|
||||
PH_TEST=true . $PIHOLE_INSTALL
|
||||
PH_TEST=true . "${PIHOLE_INSTALL}"
|
||||
# Set Debian webserver variables for installConfigs
|
||||
LIGHTTPD_USER="www-data"
|
||||
LIGHTTPD_GROUP="www-data"
|
||||
|
@ -103,6 +103,7 @@ setup_dnsmasq() {
|
|||
setup_dnsmasq_interface "$interface"
|
||||
setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
|
||||
setup_dnsmasq_user "${DNSMASQ_USER}"
|
||||
setup_cache_size "${CUSTOM_CACHE_SIZE}"
|
||||
ProcessDNSSettings
|
||||
}
|
||||
|
||||
|
@ -157,6 +158,32 @@ setup_dnsmasq_hostnames() {
|
|||
fi
|
||||
}
|
||||
|
||||
setup_cache_size() {
|
||||
local warning="WARNING: CUSTOM_CACHE_SIZE not used"
|
||||
local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
|
||||
# Quietly exit early for empty or default
|
||||
if [[ -z "${1}" || "${1}" == '10000' ]] ; then return ; fi
|
||||
|
||||
if [[ "${DNSSEC}" == "true" ]] ; then
|
||||
echo "$warning - Cannot change cache size if DNSSEC is enabled"
|
||||
return
|
||||
fi
|
||||
|
||||
if ! echo $1 | grep -q '^[0-9]*$' ; then
|
||||
echo "$warning - $1 is not an integer"
|
||||
return
|
||||
fi
|
||||
|
||||
local -i custom_cache_size="$1"
|
||||
if (( $custom_cache_size < 0 )); then
|
||||
echo "$warning - $custom_cache_size is not a positive integer or zero"
|
||||
return
|
||||
fi
|
||||
echo "Custom CUSTOM_CACHE_SIZE set to $custom_cache_size"
|
||||
|
||||
sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location}
|
||||
}
|
||||
|
||||
setup_lighttpd_bind() {
|
||||
local serverip="$1"
|
||||
# if using '--net=host' only bind lighttpd on $ServerIP and localhost
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
docker-compose.yml
|
86
install.sh
86
install.sh
|
@ -2,22 +2,35 @@
|
|||
|
||||
mkdir -p /etc/pihole/
|
||||
mkdir -p /var/run/pihole
|
||||
# Production tags with valid web footers
|
||||
export CORE_VERSION="$(cat /etc/docker-pi-hole-version)"
|
||||
export WEB_VERSION="${CORE_VERSION}"
|
||||
export PIHOLE_SKIP_OS_CHECK=true
|
||||
# Overwrite WEB_VERSION if core and web versions are different
|
||||
export WEB_VERSION="v5.5"
|
||||
|
||||
# Only use for pre-production / testing
|
||||
export CHECKOUT_BRANCHES=false
|
||||
# Search for release/* branch naming convention for custom checkouts
|
||||
if [[ "$CORE_VERSION" == *"release/"* ]] ; then
|
||||
CHECKOUT_BRANCHES=true
|
||||
fi
|
||||
# Source versions file
|
||||
source /etc/pi-hole-versions
|
||||
|
||||
CORE_REMOTE_REPO=https://github.com/pi-hole/pi-hole
|
||||
CORE_LOCAL_REPO=/etc/.pihole
|
||||
WEB_REMOTE_REPO=https://github.com/pi-hole/adminLTE
|
||||
WEB_LOCAL_REPO=/var/www/html/admin
|
||||
setupVars=/etc/pihole/setupVars.conf
|
||||
|
||||
fetch_release_metadata() {
|
||||
local directory="$1"
|
||||
local version="$2"
|
||||
pushd "$directory"
|
||||
git fetch -t
|
||||
git remote set-branches origin '*'
|
||||
git fetch --depth 10
|
||||
#if version number begins with a v, it's a version number
|
||||
if [[ $version == v* ]]; then
|
||||
git checkout master
|
||||
git reset --hard "$version"
|
||||
else # else treat it as a branch
|
||||
git checkout "$version"
|
||||
fi
|
||||
popd
|
||||
}
|
||||
|
||||
apt-get update
|
||||
apt-get install --no-install-recommends -y curl procps ca-certificates
|
||||
apt-get install --no-install-recommends -y curl procps ca-certificates git
|
||||
# curl in armhf-buster's image has SSL issues. Running c_rehash fixes it.
|
||||
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923479
|
||||
c_rehash
|
||||
|
@ -29,9 +42,15 @@ mv /init /s6-init
|
|||
which debconf-apt-progress
|
||||
mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress
|
||||
|
||||
# Get the install functions
|
||||
curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_VERSION}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL"
|
||||
PH_TEST=true . "${PIHOLE_INSTALL}"
|
||||
# clone the remote repos to their local destinations
|
||||
git clone "${CORE_REMOTE_REPO}" "${CORE_LOCAL_REPO}"
|
||||
fetch_release_metadata "${CORE_LOCAL_REPO}" "${CORE_VERSION}"
|
||||
|
||||
git clone "${WEB_REMOTE_REPO}" "${WEB_LOCAL_REPO}"
|
||||
fetch_release_metadata "${WEB_LOCAL_REPO}" "${WEB_VERSION}"
|
||||
|
||||
# FTL uses a local version file for the installer to determine which version we want
|
||||
echo "${FTL_VERSION}" > /etc/pihole/ftlbranch
|
||||
|
||||
# Preseed variables to assist with using --unattended install
|
||||
{
|
||||
|
@ -47,53 +66,28 @@ PH_TEST=true . "${PIHOLE_INSTALL}"
|
|||
source $setupVars
|
||||
|
||||
export USER=pihole
|
||||
distro_check
|
||||
|
||||
# fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297
|
||||
apt-get -y install debconf-utils
|
||||
echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections
|
||||
|
||||
export PIHOLE_SKIP_OS_CHECK=true
|
||||
|
||||
ln -s /bin/true /usr/local/bin/service
|
||||
bash -ex "./${PIHOLE_INSTALL}" --unattended
|
||||
# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated
|
||||
bash -ex "./${PIHOLE_INSTALL}" --unattended --reconfigure
|
||||
rm /usr/local/bin/service
|
||||
|
||||
# IPv6 support for nc openbsd better than traditional
|
||||
apt-get install -y --force-yes netcat-openbsd
|
||||
|
||||
fetch_release_metadata() {
|
||||
local directory="$1"
|
||||
local version="$2"
|
||||
pushd "$directory"
|
||||
git fetch -t
|
||||
git remote set-branches origin '*'
|
||||
git fetch --depth 10
|
||||
git checkout master
|
||||
git reset --hard "$version"
|
||||
popd
|
||||
}
|
||||
|
||||
if [[ $CHECKOUT_BRANCHES == true ]] ; then
|
||||
ln -s /bin/true /usr/local/bin/service
|
||||
ln -s /bin/true /usr/local/bin/update-rc.d
|
||||
echo "${CORE_VERSION}" | sudo tee /etc/pihole/ftlbranch
|
||||
echo y | bash -x pihole checkout core ${CORE_VERSION}
|
||||
echo y | bash -x pihole checkout web ${WEB_VERSION}
|
||||
# echo y | bash -x pihole checkout ftl ${CORE_VERSION}
|
||||
# If the v is forgotten: ${CORE_VERSION/v/}
|
||||
unlink /usr/local/bin/service
|
||||
unlink /usr/local/bin/update-rc.d
|
||||
else
|
||||
# Reset to our tags so version numbers get detected correctly
|
||||
fetch_release_metadata "${PI_HOLE_LOCAL_REPO}" "${CORE_VERSION}"
|
||||
fetch_release_metadata "${webInterfaceDir}" "${WEB_VERSION}"
|
||||
fi
|
||||
|
||||
sed -i 's/readonly //g' /opt/pihole/webpage.sh
|
||||
sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
|
||||
|
||||
# Replace the call to `updatePiholeFunc` in arg parse with new `unsupportedFunc`
|
||||
sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n echo "Function not supported in Docker images"\\\n exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
|
||||
sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
|
||||
sed -i $'s/)\s*piholeCheckoutFunc/) unsupportedFunc/g' /usr/local/bin/pihole
|
||||
|
||||
touch /.piholeFirstBoot
|
||||
|
||||
|
|
3
start.sh
3
start.sh
|
@ -39,6 +39,7 @@ export PIHOLE_DOMAIN
|
|||
export DHCP_IPv6
|
||||
export DHCP_rapid_commit
|
||||
export WEBTHEME
|
||||
export CUSTOM_CACHE_SIZE
|
||||
|
||||
export adlistFile='/etc/pihole/adlists.list'
|
||||
|
||||
|
@ -53,7 +54,7 @@ export adlistFile='/etc/pihole/adlists.list'
|
|||
. /opt/pihole/webpage.sh
|
||||
|
||||
# PH_TEST prevents the install from actually running (someone should rename that)
|
||||
PH_TEST=true . $PIHOLE_INSTALL
|
||||
PH_TEST=true . "${PIHOLE_INSTALL}"
|
||||
|
||||
echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
|
||||
|
||||
|
|
|
@ -48,6 +48,39 @@ def test_bad_input_to_WEB_PORT(Docker, test_args, expected_error):
|
|||
assert expected_error in function.stdout
|
||||
|
||||
|
||||
@pytest.mark.parametrize('test_args,cache_size', [('-e CUSTOM_CACHE_SIZE="0"', '0'), ('-e CUSTOM_CACHE_SIZE="20000"', '20000')])
|
||||
def test_overrides_default_CUSTOM_CACHE_SIZE(Docker, Slow, test_args, cache_size):
|
||||
''' Changes the cache_size setting to increase or decrease the cache size for dnsmasq'''
|
||||
CONFIG_LINE = r'cache-size\s*=\s*{}'.format(cache_size)
|
||||
DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf'
|
||||
|
||||
function = Docker.run('echo ${CUSTOM_CACHE_SIZE};. ./bash_functions.sh; echo ${CUSTOM_CACHE_SIZE}; eval `grep setup_dnsmasq /start.sh`')
|
||||
assert "Custom CUSTOM_CACHE_SIZE set to {}".format(cache_size) in function.stdout
|
||||
Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None)
|
||||
|
||||
|
||||
@pytest.mark.parametrize('test_args', [
|
||||
'-e CUSTOM_CACHE_SIZE="-1"',
|
||||
'-e CUSTOM_CACHE_SIZE="1,000"',
|
||||
])
|
||||
def test_bad_input_to_CUSTOM_CACHE_SIZE(Docker, Slow, test_args):
|
||||
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
||||
DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf'
|
||||
|
||||
Docker.run('. ./bash_functions.sh; eval `grep setup_dnsmasq /start.sh`')
|
||||
Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None)
|
||||
|
||||
@pytest.mark.parametrize('test_args', [
|
||||
'-e DNSSEC="true" -e CUSTOM_CACHE_SIZE="0"',
|
||||
])
|
||||
def test_dnssec_enabled_with_CUSTOM_CACHE_SIZE(Docker, Slow, test_args):
|
||||
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
||||
DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf'
|
||||
|
||||
Docker.run('. ./bash_functions.sh; eval `grep setup_dnsmasq /start.sh`')
|
||||
Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None)
|
||||
|
||||
|
||||
# DNS Environment Variable behavior in combinations of modified pihole LTE settings
|
||||
@pytest.mark.skip('broke, needs investigation in v5.0 beta')
|
||||
@pytest.mark.parametrize('args_env, expected_stdout, dns1, dns2', [
|
||||
|
|
Loading…
Reference in New Issue