Comments (27)
1: Yesss, i will reset the vm back to the snapshot before the install. i try it again.
2: no, performed as described with one small change: ansible-galaxy install -r ansible-adguard/requirements/requirements.yml.
You forgot to change into the directory or to enter the full path!
3: ok, perfekt, I will try it now and then I will get back to you. Thanks for your support.
br,
rowie
from ansible-adguard.
Ah I fixed it, gitignore template did not like the folder name.. please retry
from ansible-adguard.
Ah I will look into it asap.
from ansible-adguard.
i think, one of the main problems is that filterlists are not working when you see the proxy ip only.
atm i am restoring the snapshot from my VM and test it again with your changes!
Do you have no public VM for testing?
from ansible-adguard.
1: just made an update to the readme. Can you try following it now?
2: What was the command you used? Sounds like you missed step 2: ansible-galaxy install -r requirements/requirements.yml
3: it is https://github.com/Freekers/ansible-adguard.git
from ansible-adguard.
Please let me know. I just found out that android < 11 doesnt work so I made a fix for it.
from ansible-adguard.
rowie@ns3:~$` git clone https://github.com/Freekers/ansible-adguard.git
Cloning into 'ansible-adguard'...
remote: Enumerating objects: 140, done.
remote: Counting objects: 100% (116/116), done.
remote: Compressing objects: 100% (78/78), done.
remote: Total 140 (delta 39), reused 95 (delta 25), pack-reused 24
Receiving objects: 100% (140/140), 54.72 KiB | 2.49 MiB/s, done.
Resolving deltas: 100% (42/42), done.
rowie@ns3:~$ ansible-galaxy install -r ansible-adguard/requirements/requirements.yml
Starting galaxy role install process
- downloading role 'repo-epel', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-repo-epel/archive/3.1.1.tar.gz
- extracting geerlingguy.repo-epel to /home/rowie/.ansible/roles/geerlingguy.repo-epel
- geerlingguy.repo-epel (3.1.1) was installed successfully
- downloading role 'ntp', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-ntp/archive/2.3.1.tar.gz
- extracting geerlingguy.ntp to /home/rowie/.ansible/roles/geerlingguy.ntp
- geerlingguy.ntp (2.3.1) was installed successfully
- downloading role 'clamav', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-clamav/archive/2.0.0.tar.gz
- extracting geerlingguy.clamav to /home/rowie/.ansible/roles/geerlingguy.clamav
- geerlingguy.clamav (2.0.0) was installed successfully
- downloading role 'firewall', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-firewall/archive/2.5.1.tar.gz
- extracting geerlingguy.firewall to /home/rowie/.ansible/roles/geerlingguy.firewall
- geerlingguy.firewall (2.5.1) was installed successfully
- downloading role 'security', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-security/archive/2.2.0.tar.gz
- extracting geerlingguy.security to /home/rowie/.ansible/roles/geerlingguy.security
- geerlingguy.security (2.2.0) was installed successfully
- downloading role 'docker', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-docker/archive/6.1.0.tar.gz
- extracting geerlingguy.docker to /home/rowie/.ansible/roles/geerlingguy.docker
- geerlingguy.docker (6.1.0) was installed successfully
- downloading role 'selinux', owned by robertdebock
- downloading role from https://github.com/robertdebock/ansible-role-selinux/archive/3.1.6.tar.gz
- extracting robertdebock.selinux to /home/rowie/.ansible/roles/robertdebock.selinux
- robertdebock.selinux (3.1.6) was installed successfully
- downloading role 'pip', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-pip/archive/2.2.0.tar.gz
- extracting geerlingguy.pip to /home/rowie/.ansible/roles/geerlingguy.pip
- geerlingguy.pip (2.2.0) was installed successfully
- downloading role 'zsh_antigen', owned by bruvv
- downloading role from https://github.com/bruvv/ansible-role-zsh/archive/v1.3.9.tar.gz
- extracting bruvv.zsh_antigen to /home/rowie/.ansible/roles/bruvv.zsh_antigen
- bruvv.zsh_antigen (v1.3.9) was installed successfully
rowie@ns3:$ vi ansible-adguard/vars/docker.yml$ vi ansible-adguard/vars/firewall.yml
rowie@ns3:
rowie@ns3:~$ vi ansible-adguard/vars/user-management.yml
rowie@ns3:~/ansible-adguard$ ansible-playbook --connection=local --inventory 127.0.0.1, ansible-playbook.yml -e "hostname=ns3.xxxxx.xx emailaddress=[email protected]"
ERROR! the role 'packages' was not found in /home/rowie/ansible-adguard/roles:/home/rowie/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/rowie/ansible-adguard
The error appears to be in '/home/rowie/ansible-adguard/ansible-playbook.yml': line 24, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- robertdebock.selinux
- { role: packages, tags: adguard }
^ here
rowie@ns3:~/ansible-adguard$
from ansible-adguard.
rowie@ns3:~/ansible-adguard$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
from ansible-adguard.
rowie@ns3:~/ansible-adguard$ ls -la roles/
total 24
drwxr-xr-x 6 rowie rowie 4096 Feb 14 14:41 .
drwxr-xr-x 9 rowie rowie 4096 Feb 14 14:41 ..
drwxr-xr-x 5 rowie rowie 4096 Feb 14 14:41 cleanup
drwxr-xr-x 7 rowie rowie 4096 Feb 14 14:41 docker
drwxr-xr-x 5 rowie rowie 4096 Feb 14 14:41 update-upgrade
drwxr-xr-x 6 rowie rowie 4096 Feb 14 14:41 user-management
from ansible-adguard.
TASK [geerlingguy.docker : Reset ssh connection to apply user changes.] ******************************************************
[WARNING]: Reset is not implemented for this connection
TASK [docker : Create directory if they don't exist] *************************************************************************
changed: [127.0.0.1]
TASK [docker : Create directory if they don't exist] *************************************************************************
changed: [127.0.0.1] => (item=blocky)
changed: [127.0.0.1] => (item=unbound)
changed: [127.0.0.1] => (item=adguard)
changed: [127.0.0.1] => (item=adguard/conf)
changed: [127.0.0.1] => (item=adguard/work)
changed: [127.0.0.1] => (item=traefik2)
changed: [127.0.0.1] => (item=traefik2/rules)
changed: [127.0.0.1] => (item=traefik2/acme)
TASK [docker : Restart docker to make sure iptables are correct] *************************************************************
changed: [127.0.0.1]
TASK [docker : Run Docker Compose] *******************************************************************************************
ERROR! couldn't resolve module/action 'ansible.builtin.ansible.builtin.set_fact'. This often indicates a misspelling, missing collection, or incorrect module path.
The error appears to be in '/home/rowie/ansible-adguard/roles/docker/tasks/run-docker-compose.yml': line 72, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Set adguard webuser password
^ here
from ansible-adguard.
I have a new laptop, apple silicon, so was not able to test locally anymore, revamped the testing and should be working now.
from ansible-adguard.
now the installation works. Next problem: Certs! :-(
Unable to obtain ACME certificate for domains "blocky.traefik.hostname.mydomain.com ## replaced real hostname
Unable to obtain ACME certificate for domains "adfree.hostname.mydomain.com
I have set an A record for hostname.mydoain.com and i want to connect via hostname.mydomain.com.
Whats this blocky and adfree shi.. ?
When you install adguard via install. script i can access it via port 80. And when i create a LE Cert i can access it via 443.
Now i gote a Cert warning (NET::ERR_CERT_AUTHORITY_INVALID) and then a 404 ... :-(
Sade ... i was so happy to find such a nice ansible "build" thing for my adguard server running in my own datacenter ...
from ansible-adguard.
So how this script runs is with a reverse proxy: traefik. So everyone that connects to your ip will end at traefik. Traefik will determent where to sent that traffic to.
So here is the docker-compose file where you can find all the things needed. You can even run extra dockers, for example a unifi controller if you want to. I just updated the docker script to include portainer for easier management remotely.
I also updated the readme: https://github.com/Freekers/ansible-adguard#prerequisites
So long story short:
- Have your main url:
example.com
point to the ip of your adguard server - Create cname:
adguard
andtraefik
andportainer
- Run ansible script and you can access your adguard instantace from:
adguard.example.com
from ansible-adguard.
For all my other services i use swag as revers proxy with simple A records for example:
git.mydomain.com
nzbget.mydomain.com
cause the mydomain.com and www.mydomain.com is for my website.
That was the reason for me to simply point an A record to the virtual server running in my datacenter with an public ipv4 adresse behind my firewalls.
i will try this but i have to use another mydomain.com cause mydomain.com points to my webserver. ;-)
thank you so much for your patience and dedication!
maybe we could optimize the readme together when my server is running as it should ... ;-)
br,
rowie
from ansible-adguard.
SWAG is not something I would use, traefik is way more robust and safer. I would recommend traefik and use like a swarm if needed. It is just way more versatile.
You can point an A record to: subdomain.mydomain.com
and use cname: adguard.subdomain.mydomain.com
And no worries if you need anything let me know
I will leave this issue open so we can improve the documentation, that is not my strong side ;)
from ansible-adguard.
OK!
i think the vars/docker conf was my pitfall. i understand fqdn to be a hostname + domainname for example.
adguard.example.com
domainname is for me:
example.com
so in the docker vars belongs example.com
and the ansible playbook command is executed with adguard.example.com, right?
i will try it without the subdomain ... cause i have some other domains for playing around
from ansible-adguard.
"Unable to obtain ACME certificate for domains "adguard.adguard.mydomain.com": unable to generate a certificate for the domains [adguard.adguard.mydomain.com]: error:
WTF
from ansible-adguard.
IT IS RUNNING .... :-)
What was the final step to get it working now?
- after cloning the git repo i have to change (cd ansible-adguard) into ansible-adguard to run start the install. of the requirements.
- in the vars/docker i only have entered the domainname and NOT the FQDN!!!! for example:
- example.com and NOT
- adguard.example.com
- i only whant adguard so i run this command on the server local:
ansible-playbook
--connection=local --inventory 127.0.0.1, ansible-playbook.yml -e "hostname=example.com emailaddress=[email protected]" -t adguard`
So, what is not working:
- Servername in Adguard WebUI is adfree and couldn´ t be changed
- traefik.example.com (404 page not found) and portainer.example.com (forbiden) are not working
- using adguard.example.com as private Nameserver for DoT on my Android doesn´t work.
from ansible-adguard.
Next problem:
You dont see the real Client IP ... only the docker IP (172.18.0.2)
from ansible-adguard.
found a good Howto
from ansible-adguard.
Glad you got it working! Not seeing the current IP of the user is normal, the IP you shared is the internal docker IP of traefik. Nothing we can do about that at the moment tho. Is there anything else you are struggeling with?
from ansible-adguard.
Thats the reason why i use Swag, cause with my reverse proxy.confs i could simple say:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
and i could see the real ip on the application
from ansible-adguard.
i think the problem is that traefik is a http proxy and not a tcp proxy. Or i am wrong?
from ansible-adguard.
Let me explay what i want to have/build:
i small dns filtering server for my friends and family without tracking, fees or somthing else.
Useable inside my Country via DNS (udp), DoT (Smartphones) and/or DoH.
WebUI access only from my IP
Letsencrypt via DNS plugin would be a big benefit but not a must.
I just wanna filter out all the trash, scam, phishing and other shit ... nothing special.
Normaly i use Pihole but is not DoT and DoH buildin by default.
I is running public, filtert and relative good protected by my firewalls.
Maybe you have an better idea? :-)
from ansible-adguard.
I am still looking into how we can use ip forwarding so that will be an issue for later.
I am running this ansible publicly so it all does what I want, DOH and DOT just fine for me.
from ansible-adguard.
@rowie I keept testing the latest few days and the latest update fixed part of the problem. Only DOT does not work yet but DOH ip forwarding works. I am going to close this for now to keep it a bit clean :)
from ansible-adguard.
I do not have a vm for testing as it is something I personally use.
from ansible-adguard.
Related Issues (8)
- "The conditional check 'ansible_default_ipv6.address | length > 0' failed. HOT 8
- a short summary HOT 10
- Couple of issues installing on Ubuntu 20.04.6 LTS HOT 2
- block DNS Amplification Attack by iptables HOT 1
- The conditional check 'ansible_default_ipv6.address HOT 4
- Ansible Playbook Error HOT 18
- Ran playbook, no luck HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-adguard.