Deploy PiHole with a Cloudflare Tunnel to Protect Your Privacy - Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

are you tired of troublesome ads getting in the way of your viewing do you want basic protection against malicious websites do you want to have friendly URLs for all your internal applications and services well we're going to be discussing one solution today I'm going to be taking you through pie hole and all of the features it has to offer to help you in all of those areas I'll also be showing you how you can root all of your DNS queries through a cloudflare tunnel so that you can protect your privacy when you're searching online now I've been using pie hole for a number of years and it's been Rock Solid yes there are other solutions to this but it's a great all-in-one package that's going to cover many of the things that you're going to want to do in your home lap there are a few ways you can install pie hole the clues in the title this was originally designed to be on a Raspberry Pi but as we know any image can work pretty much on any machine in this video I'm going to show you how to install pie hole as a Docker container running through a cloudflare tunnel but I'll also share an installation script from their website that you can use to do a physical installation so let's have a quick look at the features and then we'll jump into the installation so on login to pihull you'll be presented with a nice clean dashboard that will show you all of the things that you're going to be interested in at a glance it's going to show you the total number of queries the queries blocked the percentage blocked things like how many you have on your block list as well as the actual number of client requests over a given time period going further than that we have the ability to query logs we can go in we can specify time ranges we can specify the client and really drill down on what's happening on our Network at the DNS level importantly if we block something we don't want to we have the ability to whitelist certain domains this can often happen when you're watching TV programs for example we have the ability to disable blocking for a period of time or indefinitely which can be really helpful if you're trying to debug a problem another really important area of pie hole is where you can add local domains now this features on our last video where we looked at generating valid SSL certificates that we could use in our proxy now if we combine pie hole with that approach we can have internal services using a valid URL and that connection is encrypted so that's excellent no longer do we have to remember an IP address we can simply put in a subdomain and it's going to get routed to our application you can also use pie hole as a DHCP server now we're letting Sophos XG do that in our home lab setup but if you wanted to you could use pie hole as a fully fledged DHCP server so okay enough of that let's get down to installation I'm going to show you my Docker compose files which is going to deploy pie hole with a pre-configured cloudflare tunnel to make sure that all of your queries are end-to-end encrypted that means no snooping from your ISP and I'll add this config to my GitHub page so that you can download and copy it so let's step back let's take a look at that config I'll talk you through some of the key areas and then we'll deploy it so this video is going to Mark the first time where we're deploying two services within a single Docker compose file so as you can see we specify the cloudflare D container and the pie hole container now let's break that down a little bit further so the cloudflare D container sets up a tunnel between your host and cloudflare this is an end-to-end encrypted tunnel which means that nobody can snoop on that traffic inside of the tunnel this is really good because it means that we can send all of our DNS queries through that tunnel without it being intercepted thus maintaining your privacy so you can see in the environment variable we're specifying four DNS resolvers two of those are cloudflare and two of those belong to quad nine that means all of the requests that we use with pie hole are going to get sent to either one of those through a cloudflare tunnel similar to the last video where we set up a traffic proxy we're going to create a new network the reason we're doing that is because we want to make a network connection between the two containers that means the pie hole will be able to talk to the cloudflare tunnel and send traffic and queries but that network isn't available anywhere else either within Docker to other containers or outside of Docker to other physical or virtual machines this is great for Network segmentation and maintaining privacy and security over those traffic flows so here you can see that I've called that Network pie hole internal moving down we get onto the actual pie hole container itself and this is pretty straightforward we specify the ports that pie hole is going to run on and that's your typical web interface port and your DNS Port which typically runs on Port 53 you will be required to add additional ports should you want to use this as a DHCP server but we're not going to do that in this video on the next section we stipulate that we want the pie hole instance to sit on the same network as our cloudflare tunnel plus we also want to make sure that the pie hole sits on the same network as our proxy because we want to access our pie hole web interface through our proxy with SSL certificates in the environment variables we're going to specify that the DNS resolver I.E where we send our queries where pihole sends those is the IP address of the cloudflare tunnel so it's going to root all of the queries through the cloudflare tunnel which is going to go to those resolvers we specified within the cloudflare environment variables an important parameter here is the depends on what does that mean well this is useful because it means that pie hole will only run and start when cloudflare is available that's good because the way we have this configured none of those requests would get sent if the tunnel wasn't up and running so we want to make sure before we start pie hole we check to make sure that cloudflare is running then in the next block are those labels that you've now seen within your nginx setup this simply configures the pie hole web interface to use our traffic proxy with SSL so let's go ahead create those files within our host folders let's Mount those volumes as specified and let's run the container hopefully we should be up and running within a few seconds and then we can go to our dashboard so with your configs and your folders created let's look at deploying that just as we would any other container so we navigate to the folder and we're going to run sudo Docker compose up Dash D and let's see what happens so there we have it completed let's double check that and verify importana here we can see that the containers have been created and the pie hole is still starting let's just check the logs everything there looks fine let's have a look at pie hole that all looks good so now hopefully we'll be able to go to our IP address and put that in when running pihole on a Docker VM that's on Ubuntu there's a couple of extra tweaks we need to make that's because Port 53 which we'll be using in the container to handle our DNS queries is already taken I'll add the commands you need to run in a file on the GitHub page just paste those into your terminal and that should allow the container to run without any error messages now one tweak I've made to the config file before recording this video is to expose Port 80 of our PI hole on Port 500 on the host the reason I did that is because before we can access pie hole with an address like pihole Dot domain.com we need to access it first by its IP addressed I.E the hosts the docker VMS IP colon 500 in this case because we need to add a domain record into pie hole's local DNS record such that when we type in piehole.ourdomain.com it's actually going to Route us through traffic and then into the pie hole at the moment it doesn't know how to resolve that subdomain so let's go ahead and log into pie hole for the first time using the IP address excellent we've got pie hole running on our Docker host so let's log in using the password we created in the config file and that's it we're in so one of the first things we can do now is go to the local DNS settings in pi hole and add pie hole dot your domain to it that will then let you type in that URL to access pihull securely with SSL certificates through your proxy no longer will you have to remember the IP address no longer will you get certificate warnings Etc and just remember that with your DNS entry you put the IP address as the IP of your proxy that will be your Docker VM in this case and with that added you can now access your pie hole web interface using a DNS entry as opposed to an IP address excellent now as part of your steps in deploying containers each time you deploy a new container with a web interface you can simply add a local DNS entry and force it through the proxy so you will get a subdomain for each of your services that's only available locally and isn't exposed to the internet and that's it within 10 minutes we've been able to deploy a secure pihull configuration that's going to root all of your DNS queries over a cloudflare tunnel to protect your privacy on the next video we're going to be jumping into how we can secure our external facing Services I.E things like our nginx container by using crowdsec foreign [Music]

Info

Channel: Jim's Garage

Views: 11,208

Rating: undefined out of 5

Keywords: pihole, proxmox, linux, docker, cloudflare, adblock, dns, privacy, dhcp

Id: 8EpnaccHajo

Channel Id: undefined

Length: 11min 11sec (671 seconds)

Published: Mon May 29 2023