一 、docker 部署 pi-hole 广告拦截器

pi-hole官网地址:https://docs.pi-hole.net/
pi-hole_Docker Hub地址:https://hub.docker.com/r/pihole/pihole
pi-hole_GitHub地址:https://github.com/pi-hole/docker-pi-hole/
pi-hole后台地址:http://localhost:19000/admin/index.php

1 、终端命令创建docker-compose.yml文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
mkdir -p /mnt/mydisk/home/pihole && \
cd /mnt/mydisk/home/pihole && \
touch docker-compose.yml && \
cat > docker-compose.yml <<'EOF'
services:
   pihole: ## 服务名称(可自定义)
      container_name: pihole ## 容器名称(可自定义)
      image: pihole/pihole:latest ## 镜像版本
      restart: always ## 重启策略
      network_mode: bridge ## 桥接网络
      ports:
         - 53:53/tcp
         - 53:53/udp
         - 67:67/udp
         - 19000:80/tcp
      volumes:
         - ./config/etc-pihole:/etc/pihole
         - ./config/etc-dnsmasq.d:/etc/dnsmasq.d
      environment:
         - TZ=Asia/Shanghai
         - WEBPASSWORD=mobufan ## root账户密码
      cap_add:
         - NET_ADMIN 

      ## 添加新的广告列表
      ## https://sysctl.org/cameleon/hosts
      ## https://anti-ad.net/domains.txt
      ## https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      ## https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
      ## 更多信息请访问 
      ## https://github.com/pi-hole/docker-pi-hole/
      ## https://docs.pi-hole.net/
      ## 后台安全入口地址
      ## http://localhost:19000/admin/index.php
      ## 将客户机DNS修改为10.10.10.245即可
EOF

docker-compose up -d

2 、拉取并运行

1
cd /mnt/mydisk/home/pihole && docker-compose up -d

3 、停止并删除

1
cd /mnt/mydisk/home/pihole && docker-compose down

4 、拉取镜像

1
docker pull pihole/pihole:latest

5 、容器升级

1
2
3
4
5
cd /mnt/mydisk/home/pihole && \
docker-compose down && \
docker-compose pull && \
docker-compose up -d && \
docker image prune -f

二 、容器维护命令

1 、查看所有运行容器的名称

1
docker ps -a --format "{{.Names}}"

2 、停止 pihole 容器

1
docker stop pihole

3 、启动 pihole 容器

1
docker start pihole

4 、重启 pihole 容器

1
docker restart pihole

5 、进入 pihole 容器

1
2
3
## Ctrl+D 退出容器
## docker exec -it pihole sh
docker exec -it pihole bash

6 、查看 pihole 配置文件

1
cat /mnt/mydisk/home/pihole/docker-compose.yml

Nginx 配置

后台地址:https://pi-hole.example.com:666

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
mkdir -pm 755 /etc/nginx/conf.d && \
touch /etc/nginx/conf.d/pi-hole.conf && \
cat <<'EOF' | sed '1!{/^[[:space:]]*#/d;/^[[:space:]]*$/d}' > /etc/nginx/conf.d/pi-hole.conf
## nginx 反向代理: pi-hole 广告拦截器
server {
    ## 监听666端口,并启用SSL
    listen 666 ssl;
    listen [::]:666 ssl;

    ## 替换为你的域名
    server_name pi-hole.example.com;

    ## 指定 SSL 证书文件和私钥文件的路径
    ssl_certificate /etc/nginx/keyfile/cert.pem;  
    ssl_certificate_key /etc/nginx/keyfile/key.pem;  
    ## 设置支持的SSL‮议协‬版本
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    # 启用服‮器务‬端加密套件优先
    ssl_prefer_server_ciphers on;
    ## 设置加密套件,优先用‮强高‬度加密算法,并排‮匿除‬名加‮套密‬件和MD5散列算法
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        ## 指定反向代理的服务地址
        proxy_pass http://10.10.10.251:19000;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_redirect off;
        ## 开启缓存
        proxy_buffering on;
        ## 使用 HTTP/1.1 协议通信
        proxy_http_version 1.1;
    }
        ## 错误处理
        charset utf-8; ## 添加这行来指定编码
        error_page 404 500 502 503 504 /50x.html;
        location = /50x.html {
            root   /var/www/html;
    }
}
EOF

sudo systemctl restart nginx