In the name of science and security, this project builds off this popular article for setting up Pi-Hole to use DNS over HTTPS. I have added changes to allow the admin interface to run over HTTPS with a Lets Encrypt cert, utilizing docker volumes for persistent storage, and other minor changes.
The following items must be met:
- Install Git, Docker & Docker-Compose
- A Let's Encrypt Compatibale DNS provider
git clone https://github.com/SoarinFerret/pihole-doh-letsencrypt.git
cd pihole-doh-letsencryptAny file with a .default name will need to be renamed and modified. The files you will create are:
.envexternal.confle-domains.conf
PIHOLE_TAGis the tag to be used for the pihole docker container. See available list here.LE_TAGis the tag to be used by the lets-encrypt container. See availble list here.ADMIN_PASSWORDis the admin password to be used by Pi-Hole.randomwill produce a random output that can be found in the docker-compose logs.IP_ADDRis the IP address of your server. Because ubuntu uses systemd-resolvd, localhost:53 is in use by the OS. By defining the IP, we get around this limitation.EMAILis the email to receive notification from Lets Encrypt.CF_USERis your CloudFlare username. This will need to be changed if not using Cloudflare.CF_TOKENis your Cloudflare API token. This will need to be changed if not using Cloudflare.LE_STAGINGdefines whether or not to use the LE staging. This is useful for testing functionality.
Simply change the first line from pihole.example.com to whatever the URL you will be using to access the server.
Simply change the first line from pihole.example.com to whatever the URL you will be using to access the server.
Special thanks to Jan Collijs for providing the cloudflared image and for my initial docker-compose.yml file.