WireHole: WireGuard, Pi-Hole and Unbound in Docker

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys how's it going hope everybody is doing well out there uh recently in my discord something called wirehold was brought to my attention and i wanted to just take a few minutes to kind of walk you through the process of getting it set up actually a couple of different ways uh one for just kind of a quick and dirty setup and then the other will be more kind of a customized setup for more than one user the quick and dirty way is definitely uh more geared towards one user whereas we'll customize that later on in the video and set it up for multiple users so as it says on their github page here wirehold is a combination of wireguard piehole and unbound and a docker-composed project with the intent of enabling users to quickly and easily create and deploy a personally managed full or split tunnel wire guard vpn with ad blocking capabilities and dns caching with additional privacy options so most of the time in fact almost always when we're talking about self-hosting on docker and that sort of thing on this channel we're doing it on hardware that we have in our possession this time though i'm going to switch things up a little bit and actually deploy it on digitalocean and the reason i'm doing that is kind of a couple of different reasons one is because i'll be showing ip addresses that sort of thing and i don't really want to expose my home's ip address if i can help it the other reason is sometimes it's good to have certain things hosted off-site just for convenience or backups or things like that so i thought maybe showing how to install this on a third-party provider like digitalocean uh might be of some benefit to some of the viewers as well so digitalocean has no part of this video they're not sponsoring it they're not providing me anything for free there's no there there's they have no say in this there's no sponsorship there's nothing like that i'm just using them because i've used them in the past i will have an affiliate link in the description if you want to check them out using my link that'd be cool but but there's no sponsorship or anything like that going on in this video okay so first thing i'm going to do click on get started by creating a droplet i'm going to choose ubuntu i'm using a basic plan i'm going to use an intel with ssd i'm going to choose their cheapest package right here because we don't really need much for this as far as horsepower is concerned i'm going to choose a data center near me and then i'm going to come down here and i'm going to use a password now look i understand that an ssh key would be more secure here and feel free to modify this with that if you choose to for the sake of this tutorial though i'm going to use a password then i'm going to scroll down and i'm going to give this a host name this is going to be digitalocean wirehole tutorial and then we can go ahead and scroll down click on create the droplet and then once this is done uh we should see an ip address and we know that we can jump in via ssh and start the install process okay so there we go there is the ip address that we've been assigned by digitalocean so i'm going to go ahead and save that in my little notepad off screen here and then what i'm going to do is scroll up or bring bring my my powershell up here or my uh my windows thing here and i'm going to do ssh root at ip address go yes i want to connect to that that is fine so then what i'm going to do is copy my password from down here like so and uh now we're logged in and good to go so uh first thing we want to do is um take note uh that there is no docker installed here uh this is a fresh fresh fresh install so what i'm going to do is uh first thing is actually create i'm going to do that i'm going to do i'm going to nano and i'll do setup.sh like so we're going to create a bash script that i'm just going to copy and paste from over here on github which will just be right here and we'll go ahead we'll copy this and then we'll jump into it and take a look and see what it does so basically from the start here we can see that we're going to do an apt-get update and then an app to get install and then answer yes do everything quietly uh curl get apt transport ca certificates uh new gp agent and software properties common once that's done then we're going to go ahead and install the repositories and keys for uh docker and then we're going to go ahead and do a pseudo apt-get uh repository and then we're going to install docker and docker ce command line after that we're going to install docker compose after that we're going to go ahead and clone this github repository change into it and then run the docker compose.yml file so that's how we're going to do it quick and dirty so i just wanted to show that that's what that looks like so we'll do control o to save and control x to exit and then the next thing we want to do is actually a chmod uh plus x to execute uh setup.sh uh so i'll go ahead and do that so now i can do dot slash uh setup.sh and press return and then it's gonna go through this process of kind of going through all of those commands that i showed on that previous screen uh with the app get update and all of that sort of thing and then here in just a moment it's going to ask hey are you sure this is what you want to do yep press enter and then it'll go ahead and finish up this process okay so it's gone ahead and deployed all of those containers that we need and even went so far as to generate a qr code that we can then scan with our cell phone or tablet or whatever the case may be here so now that we've got our vpn set up with wireguard and pi hole and unbound let's actually connect to this via our desktop application so in order to do that we'll actually have to kind of ftp into the server i'm going to use winscp we're going to get in there and we're going to grab some files and then we will connect to the server via our desktop here so i'll open this up and i'll type in windows winscp and then we'll go ahead and connect here i'm actually going to put in the password first because i had that already copied i'm going to do that and then root okay so now that we're logged in we can come in here we can see that there is snap and there's wire hole we're going to go into wire hole and then we're going to go into wire guard and then right here you can see that we have uh one pure setup in here in fact we can see that i've got a appear from a video that i did earlier that i didn't like so what i'm going to do is just drag pier 1 over like so and then i can come over here to my start and type in or just go to wire guard right here is come over to here you know what let's actually go over here to edge oops and let's see if i can load social blade i can't so this is one of the problems that you may run into when you uh set up your server is that uh services like cloudflare their job is to protect other websites from from bad actors on the internet and unfortunately ip addresses get recycled a lot and so you may end up with an ip address that has been uh blocked or or identified as spammy uh by one of these services that may end up blocking you from accessing one of these websites now that said you may be able to change some things up and and make some changes to your settings uh depending on which is more important for you whether it's ad blocking or ip anonymity and we'll talk about that in one of the settings here in just a moment so while we're here let's actually do uh something else let's go to add uh add test blocker or add block tester and there we go so this just kind of gives us a rough idea of uh what kind of ads we pass and fail as far as blocking is concerned now banner ads as far as like flash banners that test is going to fail because we're not doing flash anymore um gif images or gif however static images depending on where they are being hosted from whether or not that that hosting url uh or domain name has been identified as an ad based url that sort of thing um so there are some things in here that are working some that aren't working so what you can do in that case is actually just like it says over here on the instructions if we scroll down just a little bit let's grab let's copy that url we'll come back over to here we'll paste that in and here we are this is our personal private pie hole that we're only able to access when we're attached to the vpn uh on our server whether it's hosted locally or remotely so you could then at this point go in and modify your blacklists or your your block lists or any of those types of things to really fine-tune what you want to block and what you don't they would only affect you and those who are on your vpn now a minute ago i i had mentioned trading anonymity as far as your ip is concerned versus ad blocking and sometimes you may may have to make a decision as far as which of those is more important to you again we ran into an issue trying to access social blade um because of uh cloudflare now if i go over here to ipchicken and give this a second to load right there is the ip address that i was given by digitalocean so this is why i was blocked is because this ip has probably been reported as a spam ip so if i'm more concerned about ads than i am my ip anonymity what i can do is come over here to wireguard i'm going to go ahead and deactivate this and then i'm going to click edit and what i want to do and i apologize i don't know if i can i will try to make this bigger in post um basically where it says allowed ips right here we're gonna need to change that uh and we're gonna come back over to the instructions here like it says and we're gonna change allowed ips to 10.2.0.0.24 like so and then what i'm going to do is i'm just going to paste this in here just like that and i'll click save and i'll click activate so now let's come back over let's minimize this and then let's come back over here and refresh and now all of a sudden we can access socialblade and you'll notice though there are still no ads on this page because piehole is doing what it's supposed to do now if we come back over here i'm probably gonna have to blur this in post but if i refresh that that is my home ip address so i i traded anonymity for ad blocking on a site that wouldn't let me do otherwise so that's just one of those trade-offs you may have to make whether you're using a desktop or a mobile version of this just something to keep in mind as far as that split tunnel dns is concerned now even when we've got this we can still uh go to 10.2.0.100 admin and log into pi hold so that doesn't change uh just your ip anonymity does based on whether or not you're using a split tunnel or not okay so now that we've seen how the quick and dirty thing works as far as getting a quick setup done let's actually go in and modify that script a little bit as well as the docker compose file so that we can get a more custom solution for what we're trying to achieve here so here we are on the github page again if we scroll down a little bit we'll find that full setup script that we used before and basically what we're going to do is just come back over here and right here we can see that setup.sh is right there um so basically what we can do is nano setup.sh and then we can kind of come in here and take a look uh what we're going to do is actually come down to right here and we're not going to do docker compose up so we don't need to cd into a wire hole so everything after right there can just go away so i'm going to do ctrl o to save and then ctrl x to come back to here and then i would just do a dot slash setup.sh and hit enter and then it's going to go through this process of making sure everything is still up to date making sure that everything that we need is installed with all of its prerequisites and then it's going to go ahead and clone the repository for us and then we're going to press enter to move on to the next step there but then once that's done then we can go in and actually modify the docker compose.yml file uh to really customize uh this setup for uh how we want it so here we go so next i will do an ls and i'll do a cdn2 wire hole and then i'll do nano docker compose.yml so here we can see we're gonna have a private network uh we're going to have unbound up here at the top uh as our first container then we're gonna have wire guard uh below that we've got a time zone here and you can change this if you want i don't know that it really matters all that much but i'm going to go ahead and change it below that we've got a server port after that we've got a server url now if you've got a my dns or sorry a ddns account you could put that here and uh have a a url versus an ip address here below that we've got this next line that says peers we're going to change that to three instead of just one so maybe you want three of your friends to join your network or whatever so we'll go ahead and scroll down a little further and then right here again i want to change los angeles to denver and then i think that was actually everything that we needed to do in there so we do ctrl o and enter and ctrl x to save and close and then we can do docker oops um compose up and press enter now it's going to go ahead and create these three new containers and here we can see that it's actually generating some stuff here so let's scroll back up right here we've got peer code number three uh so sorry pure qr code number three uh so you could send that to a friend or have your friend scan it or you could scan it however you wanted to do that same thing with number two same thing with number one there now sometimes you may notice like qr code number one here looks fine but if we scroll down uh there's a little bit of wonky notes kind of right in the middle of this one we've got this little uh pixel that's out of place there uh if we scroll down we've got the same thing going on down here this is one of those cases where a qr code might not work because it's glitched out for some reason and in that case what you can do is actually go over to your when scp i'm going to go ahead and open that up again and i'm going to do this i'm going to type in root and then i'll put in my ip address actually let me grab it from here and paste that in there oops cancel just log in and then you can come into here go into wireguard so once you're in here you can then download these and email them to your friends or maybe email's not the best way to do that securely send to them maybe use pwndrop or something like that to send them their configuration files that they can then upload to uh whether it's their laptop or their their mobile phone or whatever the case is uh this would be an easy way to get everybody the files they need and give everybody access to this as well and just to show that again that this is still working i'm gonna go ahead and just drag over pier number two uh like so and then i'll open wireguard and we'll import from uh there and then we'll go to desktop and we'll go to pier 2. pier 2 config activate i lost my connection there that is absolutely fine so i'll go ahead and close or minimize this and i'll open this back up i'm going to refresh again we're broken um our ad block tester still everything here looks the same pie hole again we're able to connect here our number reset because we deployed a new version of this so it didn't maintain any of that data i'd already deleted it and if we come back over to ipchicken here and refresh well it looks like they are blocking my connection here as well possibly let's see let's just look at my ip right there that worked so sometimes you just got to do that and here we can see that again that is the digital ocean ip address that was assigned it to me for this particular project so hopefully this was a good explanation kind of help you understand how you can set up your own private uh vpn like this so that you can um protect yourself online with the anonymity of your ip address via hosting via a third party but whether you host it locally or remotely this gives you the option to have ad blocking on the go so one of the other possible uses that i haven't fully tested yet is actually having a virtual lan uh like i showed in tail scale if you saw that video it's it may be possible to actually connect devices together over shared folders uh command lines things like that on this network if we take a look we can see the ip address of this particular device looks like it's 10.6.0.3 on my phone it's 10.6.0.2 and i was able to ping them back and forth so they were able to communicate so it's entirely possible that you could actually use this as a private network to share files possibly or or just communicate devices between each other uh for for a kind of your own private uh virtual lan so to speak so hey um this is editing version of me and the headphones the headphones give it away uh so while i was waiting for her files to transfer from my camera's sd card over to my computer i actually installed wireguard on my manjaro laptop and i got openssh server setup on there and whatnot it was actually able to communicate from my desktop to my laptop and reboot it via command line while connected only over the uh the wire guard network so i can't actually verify that that works if you're interested in me showing that in more detail in another video definitely let me know in the comment section down below but let's jump back over to old version of me to wrap up this video so uh i know i've covered a lot in this video and hopefully it made sense i'm gonna try to do my best in post to make sure that it does uh if it did if it does or if it doesn't either way let me know in the comment section down below if you've got any questions i'd be happy to try to answer any of those to the best of my ability again i did use digitalocean for this video but uh there are no way associated with it other than being a provider they didn't sponsor this they didn't provide me anything they don't know i'm doing it however i do have an affiliate code in the description if you want to go check them out i may make a little bit of money i'm not even sure what their affiliate thing is but i've got one so go ahead and check that out and let me know how it worked out for you again in the comments uh all of the instructions for this will be available in the description down below and there will be some ways down there you can help support the channel uh whether it's through that link or through uh patreon or channel memberships or whatever the case may be uh the choice is yours if you wanna make that choice but for right now i'm gonna go ahead and wrap this up as always thanks for your time i always appreciate your support and i'll talk to you the next video [Music] so you

Info

Channel: DB Tech

Views: 18,531

Rating: undefined out of 5

Keywords: DB Tech, DBTech, dns, docker, pihole, pi-hole, vpn, adblock, dns-provider, unbound, wireguard, ad-blocking, self-hosted ad blocker, ad blocking on mobile, remote ad blocking, wirehole, wire hole, docker unbound, docker pihole, docker wireguard, docker pihole with unbound, docker pihole with wireguard

Id: DOJ39lyx6Js

Channel Id: undefined

Length: 19min 12sec (1152 seconds)

Published: Tue Jun 01 2021