Pi-hole - Secure your home network!

January 28, 2021 0 Comments Docker, DNS, Ads

No ads, please!

Hi guys!
I finally installed a pi-hole DNS server in my network. I want to show you how to do it, merely using docker. Total time needed for this setup ~15 minutes.

I used an old Raspberry Pi 3 with docker installed.
Here the official repository: https://github.com/pi-hole/docker-pi-hole

Clone it in a folder of your choice and open the docker-run.sh file:


# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

[[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }

# Note: ServerIP should be replaced with your external ip.
docker run -d \  
    --name pihole \
    -p 53:53/tcp -p 53:53/udp \
    -p 80:80 \
    -p 443:443 \
    -e TZ="America/Chicago" \
    -v "${PIHOLE_BASE}/etc-pihole/:/etc/pihole/" \
    -v "${PIHOLE_BASE}/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns= --dns= \
    --restart=unless-stopped \
    --hostname pi.hole \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e ServerIP="" \

printf 'Starting up pihole container '  
for i in $(seq 1 20); do  
    if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
        printf ' OK'
        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
        exit 0
        sleep 3
        printf '.'

    if [ $i -eq 20 ] ; then
        echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)"
        exit 1

The only things you need to change to make it work are:

  • --dns= --dns= to --dns= --dns=
  • -e TZ="America/Chicago" to -e TZ="Europe/Rome"

And that's it! The change from is needed if we want to change the DNS used by our router, pointing to the raspberry IP address. This way, all our devices in our network will use the pi-hole DNS by default.

Now start everything with: ./docker_run.sh. A docker container will be created and spun up, and in the end, a password will be printed in the terminal stdout.

Customising your pi-hole

Go to your http://pi-hole-address/admin/ and log in using the password from the previous step.

We need to add additional blocklists to our pi-hole because the standard blocklists are not enough to block all sorts of ads on the internet.

The most comprehensive list of lists can be found on this website: https://firebog.net/
In my installation, I used added all green lists being the least likely to interfere with browsing.

To add them, simply navigate to Group Management -> Adlists and add all of them one by one.

Once a day, pi-hole will update all his blocklists using these sources.

The last piece of the puzzle consists in changing the DNS used by your router, pointing to the pi-hole IP address!

See you next time! :)

PS: Coming soon, how to use DNS over HTTPS with pi-hole!

Samuele Chiocca
Padova, italy Website
Kubernetes Engineer @SIGHUP