This Anible playbook deploys a self updating AdGuard Home stack based on Docker, featuring:
- Unbound as recursive DNS server instead of public upstream DNS servers
- DNS over HTTPS (DoH)
- DNS over TLS (DoT)
- IPv4 & IPv6*
- Admin interface over HTTPS
- Automatic SSL certificate for DoH & DoT, powered by Let's Encrypt
- Self-updating, powered by Docker & Ouroboros
*The playbook will try to detect if IPv6 connectivity is available and if so automatically configure AdGuard Home to serve DNS resolution over both IPv4 and IPv6.
Please do not set up a public DNS resolver, i.e. an AdGuard Home instance facing the internet, if you don't know what you're doing. You risk getting in all sorts of trouble. Most ISPs don't allow public DNS resolvers on their networks and will shut you down without notice, because it's generally a bad idea..
If all you're looking for is an adblocking DNS service, please consider using AdGuard's own public DNS service instead.
- Your Linux server must be reachable over the internet on the following ports:
- 53 (UDP/TCP) for plain DNS resolution
- 80 (TCP) for Let's Encrypt's validation method
- 443 (TCP) for AdGuard Home's webinterface & DoH
- 853 (TCP) for DoT
-
You must own a Fully Qualified Domain Name (FQDN), such as yourdomain.com.
This is required to generate a valid Let's Encrypt SSL Certificate used for DoH & DoT. -
You must setup an A (and AAAA record if IPv6 DNS resolution is desired) for your domain, pointing to the IP address of your Linux server.
This is required to generate a valid Let's Encrypt SSL Certificate and used for DoH & DoT.
-
Install Ansible using
sudo apt install ansible
on the machine that will initiate the playbook. -
Clone repository using
git clone https://github.com/Freekers/ansible-adguard.git
-
Edit the
hosts
file to reflect your setup, i.e. change domain etc.playbook.yml
does NOT need to be changed! -
Start playbook using
ansible-playbook playbook.yml --ask-become-pass
-
After installation, it can take up to 5 minutes before your AdGuard Home instance will be accessible. This is due to Let's Encrypt's certificate creation process. AdGuard Home will not start before a valid SSL certificate has been generated, so please be patient! For more information, please refer to the 'Usage Instructions' section below.
Supported distros:
- Ubuntu 18.04 & 20.04
- Debian 9 & 10
After installation, you can access the AdGuard Home admin interface of your instance by navigating to yourdomain.com. You should automatically be redirected to the login screen of your AdGuard Home instance.
Please remember that it can take up to 5 minutes before your AdGuard Home instance will be accessible after installation due to Let's Encrypt's certificate creation process. AdGuard Home will not start before a valid SSL certificate has been generated, so please be patient!
Refer to the setup page within the AdGuard Home's Admin interface to setup your devices to use your AdGuard Home instance as DNS server.
The docker-compose.yml
file will be located at /opt/adguard
. You can use regular docker and docker-compose commands to stop/start/restart containers.
If needed, for manual configuration of AdGuard Home, please refer to their official documententation.
If needed, for manual configuration of Unbound, please refer to their official documententation.
If needed, for manual configuration of Ouroboros, please refer to their official documententation.
sudo docker-compose -f /opt/adguard/docker-compose.yml down
rm -rf /opt/adguard
- Consult playbook.yml to manually review packages & firewall rules that are no longer needed (Optional)
- ansible-role-docker Ansible role by geerlingguy
- ansible-rc-local Ansible role by Oefenweb
- AdGuard Home Docker image by AdguardTeam
- unbound Docker image by obi12341
- docker-letsencrypt Docker image by LinuxServer.io
- ouroboros Docker image by pyouroboros
- oisd.nl Blocklist by sjhgvr
- Commonly whitelisted domains Whitelist by anudeepND
- Commonly whitelisted domains Whitelist by Freekers
Unless otherwise specified, all code in this repository is released under the GNU Affero General Public License v3.0. See the repository's LICENSE
file for details.