diff --git a/Dockerfile.py b/Dockerfile.py index 42d6b41..0aa1e1b 100755 --- a/Dockerfile.py +++ b/Dockerfile.py @@ -17,7 +17,6 @@ Examples: """ -from docopt import docopt from jinja2 import Environment, FileSystemLoader from docopt import docopt import os diff --git a/Dockerfile.template b/Dockerfile.template index c492092..cce6af4 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -44,6 +44,6 @@ LABEL image="{{ pihole.name }}:{{ pihole.version }}_{{ pihole.arch }}" LABEL maintainer="{{ pihole.maintainer }}" LABEL url="https://www.github.com/pi-hole/docker-pi-hole" -HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1 +HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 SHELL ["/bin/bash", "-c"] diff --git a/Dockerfile_amd64 b/Dockerfile_amd64 index e86a9af..e52ec42 100644 --- a/Dockerfile_amd64 +++ b/Dockerfile_amd64 @@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_amd64" LABEL maintainer="adam@diginc.us" LABEL url="https://www.github.com/pi-hole/docker-pi-hole" -HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1 +HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 SHELL ["/bin/bash", "-c"] \ No newline at end of file diff --git a/Dockerfile_arm64 b/Dockerfile_arm64 index 3cd5f9c..ae38406 100644 --- a/Dockerfile_arm64 +++ b/Dockerfile_arm64 @@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_arm64" LABEL maintainer="adam@diginc.us" LABEL url="https://www.github.com/pi-hole/docker-pi-hole" -HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1 +HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 SHELL ["/bin/bash", "-c"] \ No newline at end of file diff --git a/Dockerfile_armel b/Dockerfile_armel index a957376..b66b454 100644 --- a/Dockerfile_armel +++ b/Dockerfile_armel @@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_armel" LABEL maintainer="adam@diginc.us" LABEL url="https://www.github.com/pi-hole/docker-pi-hole" -HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1 +HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 SHELL ["/bin/bash", "-c"] \ No newline at end of file diff --git a/Dockerfile_armhf b/Dockerfile_armhf index 4583618..c1895a8 100644 --- a/Dockerfile_armhf +++ b/Dockerfile_armhf @@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_armhf" LABEL maintainer="adam@diginc.us" LABEL url="https://www.github.com/pi-hole/docker-pi-hole" -HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1 +HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 SHELL ["/bin/bash", "-c"] \ No newline at end of file diff --git a/README.md b/README.md index b4bfdc2..81d9f5a 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**. If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh) -If you're using a Red Hat based distrubution with an SELinux Enforcing policy add `:z` to line with volumes like so: +If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so: ``` -v "$(pwd)/etc-pihole/:/etc/pihole/:z" \ @@ -152,6 +152,7 @@ The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubList This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution. Change the `/etc/resolv.conf` symlink to point to `/run/systemd/resolve/resolv.conf`, which is automatically updated to follow the system's [`netplan`](https://netplan.io/): `sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'` +After making these changes, you should restart systemd-resolved using `systemctl restart systemd-resolved` Once pi-hole is installed, you'll want to configure your clients to use it ([see here](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245)). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at `/etc/netplan`, then run `sudo netplan apply`. Example netplan: @@ -178,7 +179,7 @@ The primary docker tags / versions are explained in the following table. [Click | tag | architecture | description | Dockerfile | | --- | ------------ | ----------- | ---------- | | `latest` | auto detect | x86, arm, or arm64 container, docker auto detects your architecture. | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile_amd64) | -| `v4.0.0-1` | auto detect | Versioned tags, if you want to pin against a specific version, use one of thesse | | +| `v4.0.0-1` | auto detect | Versioned tags, if you want to pin against a specific version, use one of these | | | `v4.0.0-1_` | based on tag | Specific architectures tags | | | `dev` | auto detect | like latest tag, but for the development branch (pushed occasionally) | | diff --git a/bash_functions.sh b/bash_functions.sh index fe0bfeb..f2567dc 100644 --- a/bash_functions.sh +++ b/bash_functions.sh @@ -287,6 +287,14 @@ setup_web_port() { } +load_web_password_secret() { + # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE, + # allowing secrets to be passed via docker secrets + if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then + WEBPASSWORD=$(<"${WEBPASSWORD_FILE}") + fi; +} + generate_password() { if [ -z "${WEBPASSWORD+x}" ] ; then # Not set at all, give the user a random pass diff --git a/circle-deploy.sh b/circle-deploy.sh index c194590..884383a 100755 --- a/circle-deploy.sh +++ b/circle-deploy.sh @@ -37,13 +37,15 @@ if [[ "$CIRCLE_PR_NUMBER" == "" ]]; then images+=($arch_image) done - docker manifest create $MULTIARCH_IMAGE ${images[*]} - for arch in *; do - arch_image=$(cat $arch) - docker pull $arch_image - annotate "$MULTIARCH_IMAGE" "$arch_image" "$arch" - done + for docker_tag in $MULTIARCH_IMAGE $LATEST_IMAGE; do + docker manifest create $docker_tag ${images[*]} + for arch in *; do + arch_image=$(cat $arch) + docker pull $arch_image + annotate "$docker_tag" "$arch_image" "$arch" + done - docker manifest inspect "$MULTIARCH_IMAGE" - docker manifest push "$MULTIARCH_IMAGE" + docker manifest inspect "$docker_tag" + docker manifest push --purge "$docker_tag" + done; fi diff --git a/circle-vars.sh b/circle-vars.sh index 119f334..fbe4db1 100755 --- a/circle-vars.sh +++ b/circle-vars.sh @@ -32,6 +32,17 @@ if [[ -n "$DOCKER_TAG" ]]; then # latest- sometimes has a trailing slash, remove it ARCH_IMAGE="${ARCH_IMAGE/%-/}" fi + +# To get latest released, cut a release on https://github.com/pi-hole/docker-pi-hole/releases (manually gated for quality control) +latest_tag='' +if ! latest_tag=$(curl -sI https://github.com/pi-hole/docker-pi-hole/releases/latest | grep --color=never -i Location | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then + print "Failed to retrieve latest docker-pi-hole release metadata" +else + if [[ "$DOCKER_TAG" == "$latest_tag" ]] ; then + LATEST_IMAGE="$BASE_IMAGE:latest" + fi +fi + MULTIARCH_IMAGE="$BASE_IMAGE:$DOCKER_TAG" set +a diff --git a/docker_run.sh b/docker_run.sh index 071f83d..e14d33d 100755 --- a/docker_run.sh +++ b/docker_run.sh @@ -12,6 +12,10 @@ docker run -d \ -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \ --dns=127.0.0.1 --dns=1.1.1.1 \ --restart=unless-stopped \ + --hostname pi.hole \ + -e VIRTUAL_HOST="pi.hole" \ + -e PROXY_LOCATION="pi.hole" \ + -e ServerIP="127.0.0.1" \ # should be replaced with your external ip pihole/pihole:latest printf 'Starting up pihole container ' diff --git a/install.sh b/install.sh index 03d7492..1b7d30a 100644 --- a/install.sh +++ b/install.sh @@ -4,7 +4,7 @@ mkdir -p /etc/pihole/ mkdir -p /var/run/pihole # Production tags with valid web footers export CORE_VERSION="$(cat /etc/docker-pi-hole-version)" -export WEB_VERSION="$(cat /etc/docker-pi-hole-version)" +export WEB_VERSION="v4.3.3" # Only use for pre-production / testing export CHECKOUT_BRANCHES=false diff --git a/start.sh b/start.sh index 9802985..815da70 100755 --- a/start.sh +++ b/start.sh @@ -42,6 +42,7 @@ docker_checks #fi fix_capabilities +load_web_password_secret generate_password validate_env || exit 1 prepare_configs diff --git a/test/conftest.py b/test/conftest.py index bbe0a3c..546fde6 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -24,7 +24,7 @@ def args_volumes(): @pytest.fixture() def args_env(): - return '-e ServerIP="127.0.0.1" -e ServerIPv6="::1"' + return '-e ServerIP="127.0.0.1"' @pytest.fixture() def args(args_dns, args_volumes, args_env): @@ -120,7 +120,7 @@ def persist_args_volumes(): @pytest.fixture(scope='module') def persist_args_env(): - return '-e ServerIP="127.0.0.1" -e ServerIPv6="::1"' + return '-e ServerIP="127.0.0.1"' @pytest.fixture(scope='module') def persist_args(persist_args_dns, persist_args_volumes, persist_args_env): diff --git a/test/test_bash_functions.py b/test/test_bash_functions.py index 30f7a83..d917a50 100644 --- a/test/test_bash_functions.py +++ b/test/test_bash_functions.py @@ -65,7 +65,7 @@ def test_override_default_servers_with_DNS_EnvVars(Docker, Slow, args_env, expec function = Docker.run('. /bash_functions.sh ; eval `grep "^setup_dnsmasq " /start.sh`') assert expected_stdout in function.stdout expected_servers = 'server={}\n'.format(dns1) if dns2 == None else 'server={}\nserver={}\n'.format(dns1, dns2) - Slow(lambda: expected_servers == Docker.run('grep "^server=" /etc/dnsmasq.d/01-pihole.conf').stdout) + Slow(lambda: expected_servers == Docker.run('grep "^server=[^/]" /etc/dnsmasq.d/01-pihole.conf').stdout) #@pytest.mark.skipif(os.environ.get('CI') == 'true', @@ -106,7 +106,7 @@ def test_DNS_Envs_are_secondary_to_setupvars(Docker, Slow, args_env, expected_st expected_servers = ['server={}'.format(dns1)] if dns2: expected_servers.append('server={}'.format(dns2)) - Slow(lambda: Docker.run('grep "^server=" /etc/dnsmasq.d/01-pihole.conf').stdout.strip().split('\n') == \ + Slow(lambda: Docker.run('grep "^server=[^/]" /etc/dnsmasq.d/01-pihole.conf').stdout.strip().split('\n') == \ expected_servers)