losuler / pihole-dnscrypt-docker Goto Github PK
View Code? Open in Web Editor NEWA docker-compose for Pi-hole and DNSCrypt, daemonized with a systemd service file.
License: GNU General Public License v3.0
A docker-compose for Pi-hole and DNSCrypt, daemonized with a systemd service file.
License: GNU General Public License v3.0
Hi all,
I'm unable to start the container because of the error "services.dnscrypt.environment contains an invalid type, it should be an object, or an array"
Log file:
-- Logs begin at Thu 2020-08-20 13:01:18 CEST, end at Sun 2020-09-27 23:28:21 CEST. --
Sep 27 23:23:57 raspberrypi systemd[1]: Started Pi-hole DNSCrypt Docker.
Sep 27 23:23:58 raspberrypi docker-compose[8845]: The Compose file './docker-compose.yml' is invalid because:
Sep 27 23:23:58 raspberrypi docker-compose[8845]: services.dnscrypt.environment contains an invalid type, it should be an object, or an array
Sep 27 23:23:58 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 23:23:58 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Failed with result 'exit-code'.
Sep 27 23:24:32 raspberrypi systemd[1]: Started Pi-hole DNSCrypt Docker.
Sep 27 23:24:33 raspberrypi docker-compose[8867]: The Compose file './docker-compose.yml' is invalid because:
Sep 27 23:24:33 raspberrypi docker-compose[8867]: services.dnscrypt.environment contains an invalid type, it should be an object, or an array
Sep 27 23:24:33 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 23:24:33 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Failed with result 'exit-code'.
Sep 27 23:26:48 raspberrypi systemd[1]: Started Pi-hole DNSCrypt Docker.
Sep 27 23:26:48 raspberrypi docker-compose[8946]: The Compose file './docker-compose.yml' is invalid because:
Sep 27 23:26:48 raspberrypi docker-compose[8946]: services.dnscrypt.environment contains an invalid type, it should be an object, or an array
Sep 27 23:26:48 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 23:26:48 raspberrypi systemd[1]: pihole-dnscrypt-docker.service: Failed with result 'exit-code'.
Docker-compose.yml file:
version: "3"
services:
dnscrypt:
container_name: dnscrypt-proxy
image: klutchell/dnscrypt-proxy:latest
networks:
pihole_net:
ipv4_address: 10.0.1.2
expose:
- "5300/udp"
- "5300/tcp"
environment:
# TZ: ''
volumes:
- './etc-dnscrypt-proxy:/config'
dns:
- 1.1.1.1
restart: unless-stopped
pihole:
container_name: pihole
image: pihole/pihole:latest
networks:
pihole_net:
ipv4_address: 10.0.1.3
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
- "443:443/tcp"
environment:
# TZ: ''
# WEBPASSWORD: ''
DNS1: "10.0.1.2#5300"
DNS2: "no"
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
dns:
- 1.1.1.1
restart: unless-stopped
depends_on:
- dnscrypt
networks:
pihole_net:
driver: bridge
ipam:
config:
- subnet: 10.0.1.0/24
Hi!
I have a question about the ports of the dnscrypt service in your docker-compose.yml
Is there any reason for using
ports: - "5300:5300/udp" - "5300:5300/tcp"
instead of
expose: - "5300:5300/udp" - "5300:5300/tcp"
as the port only need to be accessible from within the pihole container?
Regards
there is a problem .. and I haven’t really figured out how to solve it yet.
I don't need access to the Pihole from outside.
So I opened the file
docker-compose.yml
And brought the corresponding section to the form
ports:
- "53 / tcp"
- "53 / udp"
- "80 / tcp"
- "443 / tcp"
However, when I start the container
I see what
22f422dd7b1 pihole / pihole: latest "/ s6-init" 3 minutes ago Up 3 minutes (healthy) 67 / udp, 0.0.0.0:32769->53/udp, 0.0.0.0:32773->53/tcp, 0.0.0.0 : 32772-> 80 / tcp, 0.0.0.0:32771->443/tcp pihole2
Problem: port 53 conflict between systemd.resolved and pihole in the pihole-dnscrypt docker
Setup: pi 4, ubuntu 20.04.2 (clean install)
Guides for install:
(1) https://github.com/losuler/pihole-dnscrypt-docker
(2) https://github.com/pi-hole/docker-pi-hole/ (section - Installing Ubuntu)`
Attempted Solutions:
(1) Stop resolution via stub listener:
sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
(from the second guide).
Breaks name resolution on the server.
bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ curl prdel.cz
curl: (6) Could not resolve host: prdel.cz
bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$nslookup prdel.cz
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53
Clients browsers can't connect when I set their DNS servers to the IP of the pihole-dnscrypt server.
ERR_NAME_NOT_RESOLVED
(2) Shut off systemd.resolved:
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
Breaks name resolution on the server.
bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ curl www.prdel.cz
curl: (6) Could not resolve host: www.prdel.cz
bullwhip@bravo:~/dockers/pihole-dnscrypt-docker$ nslookup prdel.cz
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53
Clients browsers can't connect when I set their DNS servers to the IP of the pihole-dnscrypt server.
ERR_NAME_NOT_RESOLVED
(3) Repeat step 2 and remove symlink from /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf by creating a static /etc/resolv.conf.
This seems to work, but it doesn't seem to be a good solution, as I'm loathe to simply do away with systemd-resolved, as Debian/Ubuntu have it there for reasons.
I'm pretty new to linux networking/admin/dockers, so I've looked wherever I can think of on the net to find a solution. No luck so far.
I have posted this at rpi stack exchange. They referred me here as a starting point:
I would appreciate any guidance on this.
Thanks!
While using your docker-compose it seems like the Pihole container is not starting properly (it does however bind to 53). Here the logs is see in the container (repeating over and over again):
pihole | Stopping pihole-FTL
pihole | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
pihole | Starting pihole-FTL (no-daemon) as root
Hi All,
I've deployed pihole-dnscrypt-docker on Debian Bullseye without a hitch - working well.
Although I seem to be having an issue resolving DNS within the pihole instance itself and therefore cannot update my gravity lists?
The docker "host" is able to resolve DNS without issues.
I've checked out other posts but they point more towards Ubuntu.
If I look at resolve under the pihole instance I get the following. I'm guessing it should be looking at itself as a DNS server.
root@pihole:/# cat /etc/resolv.conf
search mydomain.local
nameserver 127.0.0.11
options ndots:0
I also have the firewall allowing 53 out from the pihole host.
Any suggestions as to were to start looking?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.