Add DoTe instructions to PiHole for DNS-over-TLS. (#252)

2024-08-30 18:32:21 +00:00 · 2021-10-21 06:30:34 +01:00 · 2021-10-21 06:30:34 +01:00 · 2a1631c052
commit 2a1631c052
parent f841ee1ac3
3 changed files with 47 additions and 0 deletions
--- a/run-pihole/Dockerfile_DoTe
+++ b/run-pihole/Dockerfile_DoTe
@ -0,0 +1,4 @@
+FROM pihole/pihole:latest
+ENV DOTE_OPTS="-s 127.0.0.1:5053"
+RUN echo -e  "#!/bin/sh\ncurl -fsSLo /opt/dote https://github.com/chrisstaite/DoTe/releases/latest/download/dote_arm64\nchmod +x /opt/dote\n/opt/dote \\\$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh
+
--- a/run-pihole/README.md
+++ b/run-pihole/README.md
@ -98,3 +98,21 @@
        -e IPv6="False" \
        boostchicken/pihole:latest
    ```
+
+## PiHole with DoTe
+
+The cloudflared command is written in Go and is not very lightweight.  In my
+experience, it's not made for long-term running.  Instead, the project DoTe
+has a tiny memory footprint and operates on an event loop with some major
+optimisations for connection caching.  It allows you to forward traffic to any
+DNS-over-TLS provider.
+
+Simply copy the `upd_pihole_dote.sh` script to `/mnt/data/scripts` and run it
+to forward all DNS traffic over TLS to Cloudflare 1.1.1.1.  You can modify the
+script to forward to different services with ease and full configuration
+options including certificate pinning is available in the DoTe README here:
+https://github.com/chrisstaite/DoTe/
+
+Whenever pihole says an update is available, simply re-run the script to
+update it to the latest.  DoTe will automatically download the latest version
+on every restart of the container.
--- a/run-pihole/upd_pihole_dote.sh
+++ b/run-pihole/upd_pihole_dote.sh
@ -0,0 +1,25 @@
+#!/bin/sh
+
+podman pull pihole/pihole:latest
+podman build -t pihole:latest --format docker -f /dev/fd/0 <<EOF
+FROM pihole/pihole:latest
+ENV DOTE_OPTS="-s 127.0.0.1:5053"
+RUN echo -e  "#!/bin/sh\ncurl -fsSLo /opt/dote https://github.com/chrisstaite/DoTe/releases/latest/download/dote_arm64\nchmod +x /opt/dote\n/opt/dote \\\$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh
+EOF
+podman stop pihole
+podman rm pihole
+podman run -d --network dns --restart always \
+    --name pihole \
+    -e TZ="America/Chicago" \
+    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
+    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
+    --dns=127.0.0.1 \
+    --hostname pi.hole \
+    -e DOTE_OPTS="-s 127.0.0.1:5053 -m 10" \
+    -e VIRTUAL_HOST="pi.hole" \
+    -e PROXY_LOCATION="pi.hole" \
+    -e PIHOLE_DNS_="127.0.0.1#5053" \
+    -e ServerIP="10.0.5.3" \
+    -e IPv6="False" \
+    pihole:latest
+