losuler / pihole-dnscrypt-docker Goto Github PK

Hi all,

I'm unable to start the container because of the error "services.dnscrypt.environment contains an invalid type, it should be an object, or an array"

Log file:
-- Logs begin at Thu 2020-08-20 13:01:18 CEST, end at Sun 2020-09-27 23:28:21 CEST. --
Sep 27 23:23:57 raspberrypi systemd[1]: Started Pi-hole DNSCrypt Docker.
Sep 27 23:23:58 raspberrypi docker-compose[8845]: The Compose file './docker-compose.yml' is invalid because:
Sep 27 23:23:58 raspberrypi docker-compose[8845]: services.dnscrypt.environment contains an invalid type, it should be an object, or an array
Sep 27 23:23:58 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 23:23:58 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Failed with result 'exit-code'.
Sep 27 23:24:32 raspberrypi systemd[1]: Started Pi-hole DNSCrypt Docker.
Sep 27 23:24:33 raspberrypi docker-compose[8867]: The Compose file './docker-compose.yml' is invalid because:
Sep 27 23:24:33 raspberrypi docker-compose[8867]: services.dnscrypt.environment contains an invalid type, it should be an object, or an array
Sep 27 23:24:33 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 23:24:33 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Failed with result 'exit-code'.
Sep 27 23:26:48 raspberrypi systemd[1]: Started Pi-hole DNSCrypt Docker.
Sep 27 23:26:48 raspberrypi docker-compose[8946]: The Compose file './docker-compose.yml' is invalid because:
Sep 27 23:26:48 raspberrypi docker-compose[8946]: services.dnscrypt.environment contains an invalid type, it should be an object, or an array
Sep 27 23:26:48 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 23:26:48 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Failed with result 'exit-code'.

Docker-compose.yml file:

version: "3"

services:
dnscrypt:
container_name: dnscrypt-proxy
image: klutchell/dnscrypt-proxy:latest
networks:
pihole_net:
ipv4_address: 10.0.1.2
expose:
- "5300/udp"
- "5300/tcp"
environment:
# TZ: ''
volumes:
- './etc-dnscrypt-proxy:/config'
dns:
- 1.1.1.1
restart: unless-stopped

pihole:
container_name: pihole
image: pihole/pihole:latest
networks:
pihole_net:
ipv4_address: 10.0.1.3
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
# TZ: ''
# WEBPASSWORD: ''
DNS1: "10.0.1.2#5300"
DNS2: "no"
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
dns:
- 1.1.1.1
restart: unless-stopped
depends_on:
- dnscrypt

networks:
pihole_net:
driver: bridge
ipam:
config:
- subnet: 10.0.1.0/24

Hi!

I have a question about the ports of the dnscrypt service in your docker-compose.yml

Is there any reason for using

ports: - "5300:5300/udp" - "5300:5300/tcp"

instead of
expose: - "5300:5300/udp" - "5300:5300/tcp"

as the port only need to be accessible from within the pihole container?

Regards

there is a problem .. and I haven’t really figured out how to solve it yet.
I don't need access to the Pihole from outside.

So I opened the file
docker-compose.yml

And brought the corresponding section to the form

    ports:
      - "53 / tcp"
      - "53 / udp"
      - "80 / tcp"
      - "443 / tcp"

However, when I start the container
I see what

22f422dd7b1 pihole / pihole: latest "/ s6-init" 3 minutes ago Up 3 minutes (healthy) 67 / udp, 0.0.0.0:32769->53/udp, 0.0.0.0:32773->53/tcp, 0.0.0.0 : 32772-> 80 / tcp, 0.0.0.0:32771->443/tcp pihole2

Problem: port 53 conflict between systemd.resolved and pihole in the pihole-dnscrypt docker

Setup: pi 4, ubuntu 20.04.2 (clean install)

Guides for install:

(1) https://github.com/losuler/pihole-dnscrypt-docker

(2) https://github.com/pi-hole/docker-pi-hole/ (section - Installing Ubuntu)`

Attempted Solutions:

(1) Stop resolution via stub listener:

sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf (from the second guide).

Breaks name resolution on the server.

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ curl prdel.cz
curl: (6) Could not resolve host: prdel.cz

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$nslookup prdel.cz   
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53
Clients browsers can't connect when I set their DNS servers to the IP of the pihole-dnscrypt server.

ERR_NAME_NOT_RESOLVED

(2) Shut off systemd.resolved:

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

Breaks name resolution on the server.

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ curl www.prdel.cz
curl: (6) Could not resolve host: www.prdel.cz

bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ nslookup prdel.cz
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53

Clients browsers can't connect when I set their DNS servers to the IP of the pihole-dnscrypt server.

ERR_NAME_NOT_RESOLVED

(3) Repeat step 2 and remove symlink from /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf by creating a static /etc/resolv.conf.

This seems to work, but it doesn't seem to be a good solution, as I'm loathe to simply do away with systemd-resolved, as Debian/Ubuntu have it there for reasons.

I'm pretty new to linux networking/admin/dockers, so I've looked wherever I can think of on the net to find a solution. No luck so far.

I have posted this at rpi stack exchange. They referred me here as a starting point:

https://raspberrypi.stackexchange.com/questions/128288/how-to-resolve-port-53-conflict-between-systemd-resolved-and-pihole-dnscrypt-do

I would appreciate any guidance on this.

Thanks!

While using your docker-compose it seems like the Pihole container is not starting properly (it does however bind to 53). Here the logs is see in the container (repeating over and over again):

pihole      | Stopping pihole-FTL
pihole      | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
pihole      | Starting pihole-FTL (no-daemon) as root

Hi All,

I've deployed pihole-dnscrypt-docker on Debian Bullseye without a hitch - working well.
Although I seem to be having an issue resolving DNS within the pihole instance itself and therefore cannot update my gravity lists?

The docker "host" is able to resolve DNS without issues.

I've checked out other posts but they point more towards Ubuntu.

If I look at resolve under the pihole instance I get the following. I'm guessing it should be looking at itself as a DNS server.

root@pihole:/# cat /etc/resolv.conf
search mydomain.local
nameserver 127.0.0.11
options ndots:0

I also have the firewall allowing 53 out from the pihole host.

Any suggestions as to were to start looking?