Docker-Compose, Caddy & PiHole

Docker-Compose, Caddy & PiHole

With everyone realizing Google Chrome going to manifest 3 and dropping extensions to block ads, I figure it was time to dust off my PiHole config.

First let's look at the docker-compose.yml file

x-logging: &default-logging
  options:
    max-size: "500m"
  driver: json-file
networks:
  web:
    external: true
  caddy_internal:
    external: false
    driver: bridge
services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    container_name: caddy
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./data/caddy/Caddyfile:/etc/caddy/Caddyfile
      - ./data/caddy/data:/data # Optional
      - ./data/caddy/config:/config # Optional
      - ./data/caddylog:/var/log/caddy
    networks:
      - web
      - caddy_internal

 pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "853:853/tcp"
      - "53:53/tcp"
      - "53:53/udp"
      - "8888:8888/tcp"
    #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
    environment:
      TZ: "America/New_York"
      WEBPASSWORD: "mysecretpassword"
      WEB_PORT: 8888
    # Volumes store your data between container upgrades
    volumes:
      - "./data/pihole/etc:/etc/pihole"
      - "./data/pihole/dnsmasq.d:/etc/dnsmasq.d"
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    networks:
      - caddy_internal
      - web
    restart: unless-stopped

Make the data directories

mkdir -p ./data/pihole
mkdir -p ./data/caddy

Next let's look at the ./data/caddy/Caddyfile

{
  email mypersonal@email.addr
}

pihole.mydomain.club {
  redir / /admin
  reverse_proxy pihole:8888
}

This will allow us to view the stats and admin pages. Certs are generated by your email on Let's Encrypt. On your local router make sure you forward port 80 and 443 to your machine hosting the docker. You may also have to allow on the local firewall those ports if you are using a firewall. Start up the containers with

sudo docker-compose up -d

Now go to https://pihole.mydomain.club and log in with mysecretpassword.

If you navigate to Adlists you can add additional block lists. I recommend going to Free Pi-hole Blocklist Generator and click, copy all the lists then go back to pihole and paste that in the Address: text box then click Add

Next on your network settings point DNS to your pihole machine or if it is the same box, set DNS to 127.0.0.1 (there is no place like home).

And that is it! Go hit your local news website that is usually loaded with adds for absolute crap and watch it magically not be there.