Documentation improvements about ansible-adguard HOT 27 CLOSED

1: Yesss, i will reset the vm back to the snapshot before the install. i try it again.
2: no, performed as described with one small change: ansible-galaxy install -r ansible-adguard/requirements/requirements.yml.
You forgot to change into the directory or to enter the full path!

3: ok, perfekt, I will try it now and then I will get back to you. Thanks for your support.

br,
rowie

from ansible-adguard.

Ah I fixed it, gitignore template did not like the folder name.. please retry

from ansible-adguard.

Ah I will look into it asap.

from ansible-adguard.

i think, one of the main problems is that filterlists are not working when you see the proxy ip only.
atm i am restoring the snapshot from my VM and test it again with your changes!

Do you have no public VM for testing?

from ansible-adguard.

1: just made an update to the readme. Can you try following it now?
2: What was the command you used? Sounds like you missed step 2: ansible-galaxy install -r requirements/requirements.yml
3: it is https://github.com/Freekers/ansible-adguard.git

from ansible-adguard.

Please let me know. I just found out that android < 11 doesnt work so I made a fix for it.

from ansible-adguard.

rowie@ns3:~$` git clone https://github.com/Freekers/ansible-adguard.git

Cloning into 'ansible-adguard'...
remote: Enumerating objects: 140, done.
remote: Counting objects: 100% (116/116), done.
remote: Compressing objects: 100% (78/78), done.
remote: Total 140 (delta 39), reused 95 (delta 25), pack-reused 24
Receiving objects: 100% (140/140), 54.72 KiB | 2.49 MiB/s, done.
Resolving deltas: 100% (42/42), done.
rowie@ns3:~$ ansible-galaxy install -r ansible-adguard/requirements/requirements.yml
Starting galaxy role install process

• downloading role 'repo-epel', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-repo-epel/archive/3.1.1.tar.gz
• extracting geerlingguy.repo-epel to /home/rowie/.ansible/roles/geerlingguy.repo-epel
• geerlingguy.repo-epel (3.1.1) was installed successfully
• downloading role 'ntp', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-ntp/archive/2.3.1.tar.gz
• extracting geerlingguy.ntp to /home/rowie/.ansible/roles/geerlingguy.ntp
• geerlingguy.ntp (2.3.1) was installed successfully
• downloading role 'clamav', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-clamav/archive/2.0.0.tar.gz
• extracting geerlingguy.clamav to /home/rowie/.ansible/roles/geerlingguy.clamav
• geerlingguy.clamav (2.0.0) was installed successfully
• downloading role 'firewall', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-firewall/archive/2.5.1.tar.gz
• extracting geerlingguy.firewall to /home/rowie/.ansible/roles/geerlingguy.firewall
• geerlingguy.firewall (2.5.1) was installed successfully
• downloading role 'security', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-security/archive/2.2.0.tar.gz
• extracting geerlingguy.security to /home/rowie/.ansible/roles/geerlingguy.security
• geerlingguy.security (2.2.0) was installed successfully
• downloading role 'docker', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-docker/archive/6.1.0.tar.gz
• extracting geerlingguy.docker to /home/rowie/.ansible/roles/geerlingguy.docker
• geerlingguy.docker (6.1.0) was installed successfully
• downloading role 'selinux', owned by robertdebock
• downloading role from https://github.com/robertdebock/ansible-role-selinux/archive/3.1.6.tar.gz
• extracting robertdebock.selinux to /home/rowie/.ansible/roles/robertdebock.selinux
• robertdebock.selinux (3.1.6) was installed successfully
• downloading role 'pip', owned by geerlingguy
• downloading role from https://github.com/geerlingguy/ansible-role-pip/archive/2.2.0.tar.gz
• extracting geerlingguy.pip to /home/rowie/.ansible/roles/geerlingguy.pip
• geerlingguy.pip (2.2.0) was installed successfully
• downloading role 'zsh_antigen', owned by bruvv
• downloading role from https://github.com/bruvv/ansible-role-zsh/archive/v1.3.9.tar.gz
• extracting bruvv.zsh_antigen to /home/rowie/.ansible/roles/bruvv.zsh_antigen
• bruvv.zsh_antigen (v1.3.9) was installed successfully
  rowie@ns3:$ vi ansible-adguard/vars/docker.yml
  rowie@ns3:$ vi ansible-adguard/vars/firewall.yml
  rowie@ns3:~$ vi ansible-adguard/vars/user-management.yml

rowie@ns3:~/ansible-adguard$ ansible-playbook --connection=local --inventory 127.0.0.1, ansible-playbook.yml -e "hostname=ns3.xxxxx.xx emailaddress=[email protected]"
ERROR! the role 'packages' was not found in /home/rowie/ansible-adguard/roles:/home/rowie/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/rowie/ansible-adguard

The error appears to be in '/home/rowie/ansible-adguard/ansible-playbook.yml': line 24, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

- robertdebock.selinux
- { role: packages, tags: adguard }
  ^ here

rowie@ns3:~/ansible-adguard$

from ansible-adguard.

rowie@ns3:~/ansible-adguard$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy

from ansible-adguard.

rowie@ns3:~/ansible-adguard$ ls -la roles/
total 24
drwxr-xr-x 6 rowie rowie 4096 Feb 14 14:41 .
drwxr-xr-x 9 rowie rowie 4096 Feb 14 14:41 ..
drwxr-xr-x 5 rowie rowie 4096 Feb 14 14:41 cleanup
drwxr-xr-x 7 rowie rowie 4096 Feb 14 14:41 docker
drwxr-xr-x 5 rowie rowie 4096 Feb 14 14:41 update-upgrade
drwxr-xr-x 6 rowie rowie 4096 Feb 14 14:41 user-management

from ansible-adguard.

TASK [geerlingguy.docker : Reset ssh connection to apply user changes.] ******************************************************
[WARNING]: Reset is not implemented for this connection

TASK [docker : Create directory if they don't exist] *************************************************************************
changed: [127.0.0.1]

TASK [docker : Create directory if they don't exist] *************************************************************************
changed: [127.0.0.1] => (item=blocky)
changed: [127.0.0.1] => (item=unbound)
changed: [127.0.0.1] => (item=adguard)
changed: [127.0.0.1] => (item=adguard/conf)
changed: [127.0.0.1] => (item=adguard/work)
changed: [127.0.0.1] => (item=traefik2)
changed: [127.0.0.1] => (item=traefik2/rules)
changed: [127.0.0.1] => (item=traefik2/acme)

TASK [docker : Restart docker to make sure iptables are correct] *************************************************************
changed: [127.0.0.1]

TASK [docker : Run Docker Compose] *******************************************************************************************
ERROR! couldn't resolve module/action 'ansible.builtin.ansible.builtin.set_fact'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/home/rowie/ansible-adguard/roles/docker/tasks/run-docker-compose.yml': line 72, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

• name: Set adguard webuser password
  ^ here

from ansible-adguard.

I have a new laptop, apple silicon, so was not able to test locally anymore, revamped the testing and should be working now.

from ansible-adguard.

now the installation works. Next problem: Certs! :-(

Unable to obtain ACME certificate for domains "blocky.traefik.hostname.mydomain.com ## replaced real hostname
Unable to obtain ACME certificate for domains "adfree.hostname.mydomain.com

I have set an A record for hostname.mydoain.com and i want to connect via hostname.mydomain.com.
Whats this blocky and adfree shi.. ?

When you install adguard via install. script i can access it via port 80. And when i create a LE Cert i can access it via 443.

Now i gote a Cert warning (NET::ERR_CERT_AUTHORITY_INVALID) and then a 404 ... :-(

Sade ... i was so happy to find such a nice ansible "build" thing for my adguard server running in my own datacenter ...

from ansible-adguard.

So how this script runs is with a reverse proxy: traefik. So everyone that connects to your ip will end at traefik. Traefik will determent where to sent that traffic to.
So here is the docker-compose file where you can find all the things needed. You can even run extra dockers, for example a unifi controller if you want to. I just updated the docker script to include portainer for easier management remotely.

I also updated the readme: https://github.com/Freekers/ansible-adguard#prerequisites

So long story short:

• Have your main url: example.com point to the ip of your adguard server
• Create cname: adguard and traefik and portainer
• Run ansible script and you can access your adguard instantace from: adguard.example.com

from ansible-adguard.

For all my other services i use swag as revers proxy with simple A records for example:
git.mydomain.com
nzbget.mydomain.com
cause the mydomain.com and www.mydomain.com is for my website.
That was the reason for me to simply point an A record to the virtual server running in my datacenter with an public ipv4 adresse behind my firewalls.

i will try this but i have to use another mydomain.com cause mydomain.com points to my webserver. ;-)

thank you so much for your patience and dedication!

maybe we could optimize the readme together when my server is running as it should ... ;-)

br,
rowie

from ansible-adguard.

SWAG is not something I would use, traefik is way more robust and safer. I would recommend traefik and use like a swarm if needed. It is just way more versatile.

You can point an A record to: subdomain.mydomain.com and use cname: adguard.subdomain.mydomain.com

And no worries if you need anything let me know

I will leave this issue open so we can improve the documentation, that is not my strong side ;)

from ansible-adguard.

OK!
i think the vars/docker conf was my pitfall. i understand fqdn to be a hostname + domainname for example.

adguard.example.com
domainname is for me:
example.com

so in the docker vars belongs example.com
and the ansible playbook command is executed with adguard.example.com, right?

i will try it without the subdomain ... cause i have some other domains for playing around

from ansible-adguard.

"Unable to obtain ACME certificate for domains "adguard.adguard.mydomain.com": unable to generate a certificate for the domains [adguard.adguard.mydomain.com]: error:

WTF

from ansible-adguard.

IT IS RUNNING .... :-)

What was the final step to get it working now?

1. after cloning the git repo i have to change (cd ansible-adguard) into ansible-adguard to run start the install. of the requirements.
2. in the vars/docker i only have entered the domainname and NOT the FQDN!!!! for example:

• example.com and NOT
• adguard.example.com

3. i only whant adguard so i run this command on the server local:

ansible-playbook --connection=local --inventory 127.0.0.1, ansible-playbook.yml -e "hostname=example.com emailaddress=[email protected]" -t adguard`

So, what is not working:

1. Servername in Adguard WebUI is adfree and couldn´ t be changed
2. traefik.example.com (404 page not found) and portainer.example.com (forbiden) are not working
3. using adguard.example.com as private Nameserver for DoT on my Android doesn´t work.

from ansible-adguard.

Next problem:

You dont see the real Client IP ... only the docker IP (172.18.0.2)

from ansible-adguard.

found a good Howto

from ansible-adguard.

Glad you got it working! Not seeing the current IP of the user is normal, the IP you shared is the internal docker IP of traefik. Nothing we can do about that at the moment tho. Is there anything else you are struggeling with?

from ansible-adguard.

Thats the reason why i use Swag, cause with my reverse proxy.confs i could simple say:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;

and i could see the real ip on the application

from ansible-adguard.

i think the problem is that traefik is a http proxy and not a tcp proxy. Or i am wrong?

from ansible-adguard.

Let me explay what i want to have/build:

i small dns filtering server for my friends and family without tracking, fees or somthing else.

Useable inside my Country via DNS (udp), DoT (Smartphones) and/or DoH.
WebUI access only from my IP

Letsencrypt via DNS plugin would be a big benefit but not a must.

I just wanna filter out all the trash, scam, phishing and other shit ... nothing special.
Normaly i use Pihole but is not DoT and DoH buildin by default.

I is running public, filtert and relative good protected by my firewalls.

Maybe you have an better idea? :-)

from ansible-adguard.

I am still looking into how we can use ip forwarding so that will be an issue for later.

I am running this ansible publicly so it all does what I want, DOH and DOT just fine for me.

from ansible-adguard.

@rowie I keept testing the latest few days and the latest update fixed part of the problem. Only DOT does not work yet but DOH ip forwarding works. I am going to close this for now to keep it a bit clean :)

from ansible-adguard.

I do not have a vm for testing as it is something I personally use.

from ansible-adguard.