How to install Docker Engine on Ubuntu + Setup Pi-Hole DNS Ad Blocker on a container

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to a new video from elasto course in this video we will talk about docker containers and what is the main differences between virtual machines and docker containers we'll also install our first docker engine and deploy buy hole ad blocker on docker container let's get started first let's see what is the main difference between a virtual machine and the container let's start with the version machine in a virtual machine environment you have your infrastructure components like cpu ram network and storage and then you install on top of your operating system hypervisor this is a special software like vmware virtualbox or other hypervisors and with the hypervisor application you can virtualize any operating system that is supported by the software like this ubuntu desktop or my bubble os are both virtual machines hosted using a vmware hypervisor so every different column in here represent a different operating system where it would contain the guest operating system like ubuntu in this case and above the ubuntu there are certain binaries libraries and different that you can install in your virtual machine this virtual machine is separate from your main infrastructure operating system but it does still share a slice of the resources like cpu ram and network now let's move ahead to the container infrastructure you still have your main infrastructure component like cpu ram network and storage doesn't have to be as beefy or as big as the resources in a virtual machine model and then you have your operating system which can be windows mac or linux instead of downloading a hypervisor you use something called container engine the container engine can be docker engine which is the most famous option and there are also other providers for containers but this video we will focus on docker and inside docker instead of downloading the whole operating system as a guest operating system you're just downloading the binaries and libraries and applications that you desire in an isolated environment and because it doesn't have to download the whole operating system just download the app with all the dependencies that it needs to run and that causes the system to be super fast and super easy to manage as we see in a docker website the promoter brand as it helps you build and ship apps literally between operating system because regardless of which operating system you run the docker engine on whether it was windows any version linux or mac with all these variables and all these different hardware combinations the best option is to use something like docker engine where your app is guaranteed to work the same experience across all this platform now docker website also has the hub this is a big marketplace with over 3 million apps you can find any image you can think of in the hub starting from sql databases application for analytics caching software full operating system and many others i can even search for wordpress and find the wordpress web application ready for use or joomla and i can install it in the same way using a docker container now one of the best application you can find in the docker hop it's called buy hole this will be our example for this video and what by hold is it's a free product that is a dns level black hole for internet ads and internet trackers this app is very popular and it helps you block trackers ads and other malicious traffic using a dns block or a dns filter now as you see there are over 100 million downloads for this container already so this app is very popular and it has a huge community support in this video we will download and install docker engine on ubuntu platform and then we will install the buy hole container on this ubuntu docker environment in the next video we will also address how to install docker engine and the buy hole container on the windows environment i included all the commands you see in this video and a best pin where i will put the link in the comments below so make sure you check this out so you can easily copy and paste these commands for your environment now i'm going to put the terminal and the best pin side by side so you can easily see what i'm doing i will start by installing docker on my ubuntu desktop 2004 now all these instructions will work on ubuntu but if you are using a different distribution than ubuntu or any distribution based on ubuntu you can go to the docker hub website and you can still find a tutorial on how you can download docker engine for your specific operating system as seen here there is a version for fedora for syntax azure ubuntu dbn there are a lot of tutorials on how you can download it for different operating system my case i'm also using popos which is ubuntu based in this case this will work also on my bubble s the same instruction i'm going to copy the first line which removes the older versions of docker and since this is a brand new virtual machine i'm getting unable to locate package because i don't have any older version now we're going to go ahead and do an update command let's update the list for old ubuntu repositories the next step is to download a few packages that can help us download the docker files in a secure way over https once this is done we're gonna pull the public key for the docker repository and then we're gonna go ahead and add a new repository we can download the docker files this is specific for ubuntu or any operating system based on ubuntu now the last tip is to do an update one more time to fetch the new list and also install the docker application itself with the other dependency that it needs now once this is done you can verify if the system has been installed correctly by using the command docker dash dash version if you successfully installed the version you should be able to see which docker version you are using now move on to step 2 newer versions of ubuntu contain a dns server by default it's called dns stub resolver and it does occupy the dns service on the ubuntu distribution therefore we need to do some tweaks so we can disable the service if we run this command that allows us to see which boards are listening on the ubuntu or which ports are open for connection there are two boards listening 631 and there is a board 53 listening board 53 is related to dns and we can see that the service using this port or occupying this port is called systemd resolve in this case we need to stop the service so that we can use our own dns service and we can free the board 53 so that it can be used by buy hole we're going to use the system control command to stop this service and we got the name of the service using the listening board page and it's called systemd resolve now our service has been stopped we just need to disable it so that it doesn't come up again when we restart our system now to verify if we check the listening boards now we no longer see board 53 being listener so now we fix the issue of the board being occupied by the system resolve the service but now if we try to bring any website for example yahoo.com now we lost all our dns services because of this move but no problem this is an easy fix all we need to do is to modify our dns resolve configuration file which is located at etsy slash resolve dot com and this file is the one that was hard coded to use the ubuntu built-in dns resolver and we don't want that anymore as we remove the service we need to change the name server from this local host ip we use some public id address so we can be able to use the internet again so we're going to change this temporarily to any public dns like quad 8 or quad ones in this case i'm using cloudflare and just once i save my file and if i try to go up with my errors and try to bing again now i'm able to resolve dns one more time now we fix both issues related to dns now we can see how easy it is to deploy a container using a symbol shell script this is available on github website and it contains symbol parameters that help the docker engine know how to build our container like which ports are listening and what is the name you want to use so first we're going to download this file using the wget command now this file is on our desktop we just need to modify a few parameters inside we also see how it looks inside we're gonna use the command sudo nano one more time for our text editor then we're gonna open our docker run shell script inside this file we see the symbol command that we need to run any container using docker engine which is called docker run and below that there is multi-line configuration parameters or argument that is required to let the docker engine know how to build our container inside any container bait you can see these options or parameters under the environment variables and you can see all the different options you can configure with your container and then we get the name pie hole now for the board and bar this is called the board mapping for every board that the container will listen on there will be two boards or two numbers listed now the number on the right will be the listener inside the container itself and the board on the left will always be the listener on the host machine like in this case will be my ubuntu server so take example if you are using apache already on your ubuntu server then your board id is already listening and assigned to apache service in this case you can change the number on the left to maybe eight zero eight zero and this way you are freeing up the board 80 to be used by apache as is but you're opening a new virtual board 8080 on your ubuntu and whenever you hit this board the docker instrument will redirect you internally toward 80 inside the container that's how simple it is to do board mapping you can use the same board or you can change the board if it's already occupied now for the dns i don't believe you can change 53 but for the web portal you can change it from 80 to something else in case the board is occupied now for the dns part our first dns server will be the local host because this will be pointing at the container itself 127.0.0.1 is a localhost ip and the secondary ip or the upstream id we can call it is a quad once which is the cloudflare public dns server now the second important thing to change beside the board mappings if you need it is to change the server api since we need this dns service to be accessible all over our network not just inside the machine we need to give the broader ip address of the machine to the configuration file which in this case i'm using 172.20.0.24 this will be my static ib address in the server so i need to make sure i either change the ib address to manual and boot this ib address statically to make sure it doesn't change or you can also do it using your router or your firewall whoever is distributing ips in your network via dhcp you can create a dhcp reservation to make sure the virtual machine or the operating system always get this ip address so we're going to save this ib address and the server ip field and then we're going to save our file now to be able to execute the shell script we always have to give permission for execute and this can be done using the change modification command and then adding x mean adding the execution permission we're just going to give the vision permission to our shell script and then we can run it under administrative access to make sure we are able to create a container using this shell script which contain the famous command docker run so as you see there is no local image for buy hole so it's gonna download it for the first time from the docker hub which happened very quickly and then it will start creating our buy hole container and in a few second the container was created and i was given an auto-generated password to log into the gui and this is part of why docker containers are getting so popular lately because they are super fast and easy to create there is no virtual machine could ever be created and finished from a to z with the service running in this short period of time now that our container is running we can try to access the gui using either the local host ipe which is 127001 or we can also use the private ipe 1720 and once we go inside we can go to the admin page and this will be our guest view we can see that there are over 84 000 domains that are blocked on this block list and once we start connecting from our clients to this dns server we're gonna start seeing the queries and the block numbers are increasing but since we have no clients pointing at the system yet everything is showing zero now we can log into the system using the automatically generated password we got over in a terminal and once we go inside we start getting more detailed logs and more details metrics like which type of queries are getting to the dns server what kind of response are they getting what is the most used or frequently used domains and which guys are sending the most venus queries also a detailed logs with every query that got pointed to the system as you see right now everything is saying localhost because all of these are just the internal application queries and nothing from our clients yet now to be able to start pointing our clients to use our buy hole as their dns service we can start by our ubuntu itself we can open our resolve.conf one more time and this time we're gonna change it back from our public ip for cloudflare and we're going to point it at ourself which is 172.20.0.24. this way we are forcing our own system to be using buy hole as the dns service now that the file stayed we can start visiting any websites and we can start already seeing that some banners and some advertisement in different websites are not able to go through due to dns resolve issues but you can still see some ads still go through because not all the domains are blocked and the app is not 100 proof against all kind of ads it does help a lot with trackers and hidden scripts that are running on a lot of website and we're gonna also see how we can expand that a little bit more now after less than one hour i'm getting over 400 queries block and the percent of the block at this point is really high 51.6 percent now we can see that this block list is occupying over 50 percent of the traffic i opened in this one hour and even though we were not able to block all the commercials we still blocking hundreds of ads and trackers from our base configuration now under the query log we can see the latest hundred queries now we can start seeing the status for all these client requests like is it gone through or is it blocked and you can reverse the operation or override it if you need to we also have a top list which is a nice graph which shows us what are the top domains and what are the top block domains for a specific period of time it shows you how many hits and what is the frequency that this kind of event happened and also the top domains is for the permitted domains we can also see what are the most permitted domains that have been visited and what are the top clients sending venus request now mostly right now is coming from the system itself because we haven't pointed the rest of our clients to use this new dns server now i can move to my firewall because this is how i run my dhcp but you can replicate the same settings in your router and change your dhcp server to send ib address of your buy hole to your clients as a dns server so i'm going to start with my internal tool which is running my first dhcp server i can see in here the dns server is pointing at a different ip address so i need to change that whole setting and point it now to my pi hole ib address 172.20.0.24 and now every time somebody behind my internal tool network we'll get a dhcp release with this buy hole ip as the dns service we're going to ok to that now to verify that the internal 2 or the bce network has been updated properly if we do the ib config slash all command we can see in here the dns server is still the all dns servers that were defined before that's because we got a list already that will not expire before july 14. we want to force the computer to release and get a new dhp address we can do so using the ib config slash release following that the ib config slash renew those two commands will always make sure your computer gets a new dhcp list with the latest information so now if we do the ib config slash all one more time now we are officially on the new dhcp list we're getting the updated dns server which is the buy hole so now our windows 10 client is also using the dns service running from pihole we can point it to the main screen so we can see the numbers dynamically updating we're gonna use the famous command nslockup which is a windows feature that allow you to run dns queries right from your command line right now we can see it's already recognizing the buy hole as the dns server now if we run any query we can see the number dynamically go up and we are getting a proper response now we verify that our windows 10 have no issue communicating back and forth with our dns server by hole running inside that container inside our ubuntu and you can notice even with 84 000 domains in the block list the system goes around this list super fast you don't feel any lag or any issue getting fast response now we can do the same with our two other interfaces on the firewall so how many dhcp servers you use you have to redo the dns server sitting on everyone and once you do this if you need to renew your lease or rejoin the network to make sure you are getting the updated dns server and then all your clients are connected to your buy hole now you have to make sure to not turn off the machine running the container or the virtual machine because this way you will block all the dns queries and then all your clients will lose access to the internet now to make sure our service run with no interruption we need to make sure that this ib address assigned to our buy hole container 172.20.0.24 has to be statically assigned to this machine we're going to see how we can do it using the 40 gate using the dhcp option we're add a dhcp monitor dashboard this is something new in 6.4 version where you have to add the monitor pages on the dashboard and then we will see our dhcp log we can see our ubuntu got the dhcp release 172.20.0.24 we want to make sure that the ubuntu always get this ib address so we don't break our dns so we can either do it using the settings menu and the ubuntu or we can simply create a reservation using the 40 gate and every time this mac address sends a dhcp discover it will always get this offer for 1720.0024 and also give it a name by hold to just recognize it and then we have our dhcp reservation that takes care of the issue of not having a static ib address now comparing this number with the server i have been running just for two days you can see the number of blocks is going dramatically high and also the percent block is also more reasonable and that's how much blocks you're gonna get just running it a short period of time it will help you block a lot of the junk that you don't see or you can block with other app blockers and with the addition of something like adblock plus which is a firefox and chrome extension you can block most of the ads without doing much work now we can also check our group management and inside group management there is an ad list inside the ad list there is a default four big list of domains that are blocked using pihole this is the 84 000 domains are listed in those four files you can see the symbol structure of the file just contains all these unwanted domains that are related to malaysia's traffic ads trackers it will just redirect them to either four zeros or the localhost 127001 in any domain that is assigned four zeros or localhost ip it will never make it to the final destination it will never work and that's how the app blocks these venus queries by assigning them wrong ip addresses you can also expand beyond these four files for example there is a website called firebug which contains big text file related to tracking malware malicious websites and other very useful lists the open these files they are structured in the same way they are just assigning bad domains to localhost or four zeros to make it not work which is great and the app can also go through all these additional lists in the same way it does with the 84 000 plus that it looks for by default i'm going to try to add this anti-malware list and now i have one additional list to the default ones now we can also go back and try to get something related to advertising or marketing we're gonna copy this list as well and we're going to go back to our buy hole and add it to our group management now we have six different lists to look for now the number in the dashboard did not change yet because we need to go back and update our gravity list once we do this number will reflect on the dashboard we can see in here that we added 125 extra sites to our block list using the two additional list now under the setting we can see simple system information about our server and under dns there is the upstream dns server we choose in this case cloudflare but you can define which public dns server you want to send your queries to because by whole is not a dns server by itself it redirects all the requests to the public dns after it goes through all these atlas filters and other filters you set up an application you can change cloudflare to google if you refer to and you can choose the primary and the secondary server for each provider you can also enable ibv6 if you are configured for ibv6 and once you save the new dns server you choose will be the active one now also an important command is the conditional forwarding which allow you to resolve internal domains that are not publicly accessible because google or cloudflare will not be able to resolve this kind of domain you can simply define your internal domain for example elastocores.local is mine and then i can define which dns server or which internal system that knows how to resolve this kind of domain for example i want to say my dns server lives at 10.200.150.150. this will be my dns server for my internal domain in this way i'm doing conditional forwarding just for this domain to my internal dns server anything else will just be sent to the public dns server whether it's cloudflare or google or anything else now to be able to see which containers are running in your environment you simply do the command sudo docker ps you can see in here what is the name of the container how long has it been running for you can see it says healthy so everything is running good and then you see the board mapping that we configured when we started our container where we see our board 53 for the dns queries port atm 443 for management and also board 67 which is dhcp in case you are using buy hole also for dhcp which we are not that's how easy it is to install docker engine and install buy hole container on ubuntu thank you for watching

Info

Channel: ElastiCourse

Views: 3,959

Rating: undefined out of 5

Keywords: docker, container, vm, virtual machine, pihole, pi-hole, ad blocker, tracking, block, blocker, dns block, dns, network, security, ubuntu, server, dhcp, adlist, adblock, docker engine, docker hub

Id: WkZL5lsmDV0

Channel Id: undefined

Length: 26min 45sec (1605 seconds)

Published: Sun Jul 12 2020