Best Way to Set up Pi-Hole in Container Station

Originally, I set up Pi-Hole in Container Station using the pre-defined app that QNAP lists.

image935×511 39.6 KB

But that doesn’t get the very latest and updating is kind of a pain.

I rebuilt a container using the latest version of Pi-Hole, but it is still not convenient to update and every time I reboot the server or restart the container I have to go in and reset the password. So given my recent experience with SimpleHelp thanks to @Weedy, I decided to try to create my own Pi-Hole application and set the storage for it outside of the .qpkg directory structure. Here is my YAML code based on the app the QNAP creates:

services:
  pihole:
    image: pihole/pihole:latest
    networks:
      qnet-network:
        ipv4_address: 192.168.1.4
    environment:
      WEBPASSWORD: *MyPassword*
      TZ: Chicago
    volumes:
      - /share/Container/pihole:/etc/pihole
      - etc-dnsmasq.d:/etc/dnsmasq.d
    restart: unless-stopped

networks:
  qnet-network:
    driver_opts:
      iface: eth3
    driver: qnet
    ipam:
      driver: qnet
      options:
        iface: eth3
      config:
        - subnet: 192.168.0.0/23
          gateway: 192.168.1.1

volumes:
  etc-dnsmasq.d:

So a couple things:

1.) The WEBPASSWORD that is set in environment seems to do nothing. That is not the password that is needed.

2.) Even though I have now moved all my files into my normally accessible folder, I still have to reset the password every time it starts.

3.) The last few days, I’ve started seeing ads, and this Pi-Hole application is like running REALLY slow. Webpage wouldn’t show like it normally does and this morning, I would reset the password and it wouldn’t see that I had reset it. It’s like it wasn’t able to write stuff to disk.

So what am I doing wrong?

what kind of resources are you giving the container?
it found under advance settings resources when you are creating an app in CS.

image1375×862 83.7 KB

Unlimited. Just like you have.

what do the application logs show, any errors?

Also as a test you can try to set the limits to Pi-hole recommended settings. not sure if that will help or not. but I usually dont keep the limits to unlimited just in case the app has issues and takes all the resources of the nas up causing the nas to crash.

I would have to look at the logs in detail which I have not done.

I’m really wondering if there is anything wrong with my YAML code and how to install the application so I don’t have to keep resetting the password every time it starts.

okay i played with it and a few things.
First i converted the file into compose.yaml and used container station application create to deploy it. I set the resource to 2 cpu, 2gb ram.
Also the password field change it name to FTLCONF_webserver_api_password so that is why it wasnt working in your file.

I changed the ports so it wouldnt mess with other apps i have deployed. You may need to adjust networking part to work.

I dont run pihole so i wouldnt be able to add load to see if it fails after a few days.

services:
  pi-hole:
    container_name: pihole-server
    image: pihole/pihole:latest
    stdin_open: true
    tty: true
    volumes:
      - /share/change to correct path/pihole:/etc/pihole
      - etc-dnsmasq.d:/etc/dnsmasq.d
    environment:
      FTLCONF_webserver_api_password: "test!test1"
      TZ: NewYork
    ports:
    - "753:53/tcp"
    - "753:53/udp"
    - "767:67/udp"
    - "780:80/tcp"
    - "7443:443/tcp"
volumes:
  etc-dnsmasq.d:

Thanks. I will try this out.

I have been summoned…

As marcoi pointed out your compose.yaml isn’t doing the business.
Most likely because QNAP is doing QNAP things and it isn’t compatible with generic upstream release.

You should try to find the upstream compose and then figure out what you need to adjust to work with QNAP’s docker.

SOOOO, something I’ve wondered about when it comes to applications/services like pihole is: The F*** are you supposed to do about NAT.
Like DNS resolution especially. Don’t we like want a LAN IP? And to not have anything else in the way?

So thank you @NA9D for making me install the template because now I learned some things about QNAP.

OKAY SO QNAP DEFAULTS

version: "3"

services:
  pihole:
    image: pihole/pihole:2022.12.1
    networks:
      qnet-network:
        ipv4_address: ${QNET_STATIC_IP}
    environment:
      WEBPASSWORD: ${WEB_PASSWORD}
      TZ: ${TZ}
    volumes:
      - etc-pihole:/etc/pihole
      - etc-dnsmasq.d:/etc/dnsmasq.d
    restart: unless-stopped

networks:
  qnet-network:
    driver_opts:
      iface: ${QNET_INTERFACE}
    driver: qnet
    ipam:
      driver: qnet
      options:
        iface: ${QNET_INTERFACE}
      config:
        - subnet: ${QNET_SUBNET}
          gateway: ${QNET_GATEWAY}

volumes:
  etc-pihole:
  etc-dnsmasq.d:

As we can see it specifically calls for a release from 2022.
You and marcoi both went :latest, I have no idea what the recommended tag should be but I also use :latest plenty on my own.

Going to assume this is correct

Why are we using a named mount if we bothered to setup something in /share?

Not surprised config options changed since 2022

Obviously going to have fun later on since this is DNS we are talking about.

So I’m going to docs.pi-hole.net

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "80:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "443:443/tcp"
      # Uncomment the below if using Pi-hole as your DHCP Server
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location from
      # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
      TZ: 'America/Chicago'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'correct horse battery staple'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
###      FTLCONF_dns_listeningMode: 'all'
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - /share/Container/pihole/config:/etc/pihole
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- /share/Container/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: always

Yup, that be different. Also looks like we can skip the second bind mount.

BUUUUUUUUUUT, I think we need to keep that qnet-network bullshit. So maybe something like…

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
networks:
  qnet-network:
    driver_opts:
      iface: eth0
    driver: qnet
    ipam:
      driver: qnet
      options:
        iface: eth0
      config:
        - subnet: '10.0.0.0/24'
          gateway: '10.0.0.1'

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    networks:
        qnet-network:
            ipv4_address: '10.0.0.10'
    hostname: pihole
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "80:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "443:443/tcp"
      # Uncomment the below if using Pi-hole as your DHCP Server
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location from
      # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones, e.g:
      TZ: 'America/Chicago'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: 'correct horse battery staple'
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
###      FTLCONF_dns_listeningMode: 'all'
      #### Because QNAP (I have a separate user for all docker things)
      PIHOLE_UID: 1000
      PIHOLE_GID: 1001
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - /share/Container/pihole/config:/etc/pihole
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- /share/Container/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: always

It lives! Good luck with the rest @NA9D

image1091×250 19.8 KB

image1166×560 52.7 KB

@SteveKo What is so special about driver: qnet? It seems to be another macvlan only you guys ripped all the IPV6 out of it. That’s kinda shit

I really need you guys to get on IPV6, I’m tired of fighting just to make something barely function.

So all the port definitions (753:53/tcp, etc) that @marcoi added were for his own testing and not normal use.

The network stuff is easy. You put the container into Bridge mode and assign it to your NIC and give it an IP address. Then you aren’t doing any special NAT or anything. That’s why I have the Network stuff in there.

My biggest problem may not be with the container. It seems every morning recently that Pi-Hole is really sluggish. It might because I am doing raid scrubbing between midnight and 7 AM. I need to figure that out.

And why do you need IPV6 on a LAN? IPV4 is so much simpler and I can actually memorize the addresses!

that’s correct about the ports, i just added 7 to make sure it didn’t impact my other apps running.

Hi, we’ve reported this issue to our internal team and will schedule an update for the version in Container Station.

Regarding the Docker issue you’re facing, if you feel it’s necessary, please open a support ticket so we can remotely look into it. We might be able to figure out how to help.

Thanks!

I PERSONALLY don’t need a support ticket.
QTS/QuTS in general needs working IPV6.

I’ve worked around a lot of things manually. But it’s still not perfect.
Why do I have to build ip6table_nat.ko manually? Why do you ship with ipv6 blocked in docker? Why hard disable ip6tables rule generation?

Fix IPV6 please. Thanks.