Ramblings from the bottom of the globe

Pi-hole, Docker, and Oracle Cloud!

October 24, 2022

Official links

Service / App URL
Docker https://www.docker.com/
Oracle Cloud Infrastructure (OCI) https://www.oracle.com/au/cloud/
Pi-hole https://pi-hole.net/

Overview

This document covers the steps required to install Pi-hole on an OCI VM running Oracle Linux Server 8.6 with the help of Docker. It doesn’t cover how to provision an OCI instance.

Steps

SSH to your instance, change to root, and update the packages.

ssh opc@x.x.x.x
[opc@pihole ~]$ sudo su -
[root@pihole ~]# dnf update -y

We stay as root for a while.

After updating, now install Docker.

Note: If you simply run dnf install docker -y you’re actually going to install podman-docker which isn’t quite the same as Docker.

First, add the Docker repository.

[root@pihole ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/8/x86_64/stable

We’re going for ‘stable’.

Tell the repository where the GPG key is.

[root@pihole ~]# vi /etc/yum.repos.d/download.docker.com_linux_centos_8_x86_64_stable.repo

gpgkey=https://download.docker.com/linux/centos/gpg

Install the packages.

[root@pihole ~]# yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y

Create a new user, add it to the docker group, and start docker.

[root@pihole ~]# useradd ph
[root@pihole ~]# usermod -a -G docker ph
[root@pihole ~]# systemctl start docker

Change to the ph user and pull down the hello-world docker image to confirm that it’s installed correctly.

[root@pihole ~]# su - ph
Last login: Sun Oct 23 10:10:46 GMT 2022 on pts/0
[ph@pihole ~]$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:18a657d0cc1c7d0678a3fbea8b7eb4918bba25968d3e1b0adebfa71caddbc346
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

[ph@pihole ~]$

This demostates a successful install.

Create the docker-compose.yml file in user ph’s home directory.

[ph@pihole ~]$ vi docker-compose.yml

Then add the following.

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
    environment:
      TZ: 'Brisbane/Australia'
      WEBPASSWORD: '<password>'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped

Set TZ as appropriate, along with a strong WEBPASSWORD.

Now start docker while in the same directory ( /home/ph/ ) as the newly created docker-compose.yml file.

[ph@pihole ~]$ docker compose up -d

Head over to the OCI console, navigate to instances, and select the one we’ve been configuring ( called pihole above ).

Once there:

  • Click the subnet underneath the Primary VNIC heading.

  • Click the Default Security list.

  • Add the following ingress rules for your home router’s public IP address:

    • Source IP: x.x.x.x/32
    • Destination Port: 53
    • Protocol: TCP

    • Source IP: x.x.x.x/32
    • Destination Port: 53
    • Protocol: UDP

    • Source IP: x.x.x.x/32
    • Destination Port: 80
    • Protocol: TCP

    Port 80 is used for the Web UI.

Now, navigate to the Web UI, using the public IP address of the previously configured instance, authenticating using the WEBPASSWORD set in the docker-compose.yml file.

Once the Web UI is visible, configure your home router to use Pi-hole as its’ DNS server!

After that, your home router’s public IP address should appear in the Web UI under ‘Clients’.

FAQs for Installing Pi-hole on OCI VM with Docker

Q: What operating system version is this guide for?
A: This guide covers the installation of Pi-hole on an OCI VM running Oracle Linux Server 8.6.

Q: Does this guide include provisioning an OCI instance?
A: No, this guide assumes the OCI instance is already provisioned. It focuses solely on installing Pi-hole with Docker.

Q: What is the first step in the installation process?
A: The first step is to SSH into your OCI instance, switch to the root user, and update the packages using the command:

dnf update -y

Q: How do I install Docker?
A: Docker can be installed by adding the Docker repository, configuring the repository’s GPG key, and then installing the Docker packages using:

yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y

Q: What user should I create and add to the Docker group?
A: After installing Docker, create a new user (e.g., ‘ph’), add it to the Docker group, and start Docker using the commands provided in the guide.

Q: How can I confirm that Docker is installed correctly?
A: You can confirm the installation by switching to the new user (‘ph’) and running the command:

docker run hello-world

A successful installation will display a message confirming Docker’s functionality.

Q: What is the next step after confirming Docker installation?
A: The next step is to create a docker-compose.yml file in the user’s home directory and configure it according to the provided template.

Q: How do I start Pi-hole using Docker Compose?
A: Start Pi-hole by navigating to the directory containing the docker-compose.yml file and running:

docker compose up -d

Q: How do I configure the security list in OCI for Pi-hole?
A: In the OCI console, navigate to the instance settings, select the appropriate subnet, and add specific ingress rules for your home router’s public IP address to allow traffic on ports 53 (TCP and UDP) and port 80 (TCP).

Q: How do I access the Pi-hole Web UI?
A: Access the Web UI using the public IP address of the configured OCI instance and authenticate using the password set in the docker-compose.yml file.

Q: What should I do after configuring the Web UI?
A: Configure your home router to use Pi-hole as its DNS server. Once configured, your home router’s public IP address should appear in the Pi-hole Web UI under ‘Clients’.

Profile picture

Written by Damon Claverie , an avid trail runner, nature enthusiast, and currently working remotely from SE Queensland, Australia.