docker-pihole-unbound
docker-pihole-unbound copied to clipboard
chriscrowe
Use network_mode: host
I would like to see the client statistics on the pihole-dashboard and therefore tried to use the container with the host network. However, after adding network_mode: host to the stack, it keeps repeating following error:
lighttpd: no process found
2022-10-19 19:52:07: network.c.369) can't bind to socket: 192.168.178.10:80: Cannot assign requested address
Stopping lighttpd
How do I use this image with the host network?
I could partially reproduce your 'problem'. I didn't get the errormessage but commenting the environment webport out and adding network_mode: host to the docker-compose-file it didn't give me the webpage. I would expect that because it will try to bind on port 80 on your host. In my case port 80 is already being used. So could it be that you have another service (e.g. website) running on port 80 on this server (or other container on it)?
That's what I thought at first, but no other container uses port 80 and sudo ss -ltmp gives me:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 0.0.0.0:42589 0.0.0.0:* users:(("vpnkit-bridge",pid=2086,fd=9),("com.docker.back",pid=2059,fd=27))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:* users:(("sshd",pid=839,fd=3))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 128 127.0.0.1:ipp 0.0.0.0:* users:(("cupsd",pid=814,fd=7))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 10 *:ms-wbt-server *:* users:(("gnome-remote-de",pid=984,fd=14))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 4096 *:8000 *:* users:(("com.docker.back",pid=2059,fd=123))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 4096 *:9443 *:* users:(("com.docker.back",pid=2059,fd=122))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 128 [::]:ssh [::]:* users:(("sshd",pid=839,fd=4))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
LISTEN 0 128 [::1]:ipp [::]:* users:(("cupsd",pid=814,fd=6))
skmem:(r0,rb131072,t0,tb16384,f0,w0,o0,bl0,d0)
By the way, with the error I was referring too, I meant the output to the container logs.
Is this within the container or on the host? But if I duckduckgo ( :-) ) around I guess it could have something to do with the ip-address 192.168.178.10. Does it work without network_mode = host and another webport?
Is this within the container or on the host?
It's on the host (Ubuntu).
.
But if I duckduckgo ( :-) ) around I guess it could have something to do with the ip-address 192.168.178.10.
192.168.178.10 is the hosts ip-adress within my home network, which should be correct, as FTLCONF_LOCAL_IPV4 shall be Set to your server's LAN IP, used by web block modes and lighttpd bind address. However, if I set it to 127.0.0.1 pihole still works with the default network and the container logs no longer show an error with the host network, but it still won't work with the latter and sudo ss -ltmp shows that pihole doesn't even bind port 53 or 80.
.
Does it work without network_mode = host and another webport?
Yeah, with the default network the pihole itsself does its job (and thus binds port 53 and 80), but the dashboard gives no indication from which clients the requests are originating.
hmmm... I don't know then. I run without network_mode = host and my dashboard shows nicely from which clients requests are originating. Wondering what the 10 differences will be.
In which network is your pihole-container running? In the containers own default network all external requests originate from an ip-adress similar to 172.19.0.1.
That's odd (or not, but then I don't know (yet) :-)
I have 2 piholes running on 2 different Raspberry Pi's. 1 is behind my Deco-mesh. The host has a 10.0.0.x-address, whereas the other pi is behind my Fritzbox with a 192.168.178.x-ip-address.
The main one (on the Deco) is in the pihole-network:
Top clients show this:
The names I get there by adding them to the clientslist but also temporarily to /etc/hosts within the container and then run a pihole restartdns. Every now and then I check the ip-addresses showing up to see which devices these are and try to get everyone a fixed ip.
The pi behind the fritzbox shows it differently, derived automatically from the Fritz I guess.
This pi has also its own network.
FYI: I run with a modified image, forked from the one from Chris, but modified so it uses the latest version of Unbound available. But that shouldn't have any effect on it. Nowadays I create a nightly build based upon the nightly build of the pihole-docker-image.
It is odd. One difference I notice, is that your pi-hole_default network has Attachable set to true, although this isn't specified in the compose-file. Mine was set to false by portainer.
My top clients show this:
And I actually ran your modified fork as a test and had the same issue as with Chris's image. As soon as I add network_mode: host to the stack, it stops working.
Then it must be something in the settings or so? How does your docker-compose look like? What does pihole.log say etc?
Could https://github.com/pi-hole/docker-pi-hole/issues/135 give some information? Have you tried running the pihole-docker-image without unbound?
Then it must be something in the settings or so? How does your docker-compose look like?
version: '3.0'
volumes:
etc_pihole-unbound:
etc_pihole_dnsmasq-unbound:
services:
pihole:
container_name: pihole
image: cbcrowe/pihole-unbound:latest
hostname: ${HOSTNAME}
domainname: ${DOMAIN_NAME}
environment:
- FTLCONF_LOCAL_IPV4=${FTLCONF_LOCAL_IPV4}
- TZ=${TZ:-UTC}
- WEBPASSWORD=${WEBPASSWORD}
- WEBTHEME=${WEBTHEME:-default-dark}
- REV_SERVER=${REV_SERVER:-false}
- REV_SERVER_TARGET=${REV_SERVER_TARGET}
- REV_SERVER_DOMAIN=${REV_SERVER_DOMAIN}
- REV_SERVER_CIDR=${REV_SERVER_CIDR}
- PIHOLE_DNS_=127.0.0.1#5335
- DNSSEC="true"
- DNSMASQ_LISTENING=single
volumes:
- etc_pihole-unbound:/etc/pihole:rw
- etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
restart: unless-stopped
network_mode: host
And I've only trivially modified the compose file of your fork while testing it, with the same behavior.
.
What does pihole.log say etc?
I can't tail the pihole.log while using network_mode: host, as I can't access the pihole with this setting enabled. It doesn't even bind any ports with network_mode: host.
.
Could pi-hole/docker-pi-hole#135 give some information?
They are having the same issue and propose to use network_mode: host (which isn't working) or fix some IPv6 issue, which is not enabled in my network.
.
Have you tried running the pihole-docker-image without unbound?
No, my goal is to continue using pihole with unbound.
WIth respect to the latter: could you test it without unbound? I can imagine keeping unbound but was wondering if that would result in the same. I haven't network_mode: host enabled and it's working fine over here. A bit later: noticed that after my test earlier I didn't revert back and I have network_mode set to host and it's working the same and I can start the console. Weird. We might probably oversee something very trivial.
What are the values for REV_SERVER_* ? Although I guess that won't gives us really a clue.
In my pi2-case it shows:
REV_SERVER=true REV_SERVER_TARGET=192.168.178.1 REV_SERVER_DOMAIN=pihole2.local REV_SERVER_CIDR=192.168.178.0/24
which will be the same (except for the domainname) for you (assuming you have a Fritzbox as router/modem based on ip-address).
Guess, I'm otherwise stuck.
I could reproduce the behaviour of only seeing the pihole as client in the logfile. If I comment out port 53 in my docker-compose-file it won't show the clients anymore.
version: '3.0'
volumes:
etc_pihole:
etc_dnsmasq:
etc_unbound:
log_pihole:
log_unbound:
log_lighttpd:
resolv.conf:
usr_pihole_lists:
ssh:
services:
pihole:
container_name: pihole-unbound
image: pluim003/pihole-unbound:nightly
privileged: true
hostname: ${HOSTNAME}
domainname: ${DOMAIN_NAME}
ports:
- ${WEB_PORT}:${WEB_PORT}/tcp
- 53:53/tcp
- 53:53/udp
# - 80:80/tcp
- 5335:5335/tcp # Uncomment to enable unbound access on local server
# - 22/tcp # Uncomment to enable SSH
environment:
# network_mode: host
FTLCONF_LOCAL_IPV4: ${FTLCONF_LOCAL_IPV4}
TZ: ${TZ}
WEBPASSWORD: ${WEBPASSWORD}
WEB_PORT: ${WEB_PORT}
REV_SERVER: ${REV_SERVER}
REV_SERVER_TARGET: ${REV_SERVER_TARGET}
REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
REV_SERVER_CIDR: ${REV_SERVER_CIDR}
PIHOLE_DNS_: 127.0.0.1#5335 # Hardcoded to our Unbound server
DNSSEC: "true" # Enable DNSSEC
DNSMASQ_LISTENING: single
# DNS1: ${DNS1}
FTLCONF_MAXDBDAYS: ${FTLCONF_MAXDBDAYS}
volumes:
- etc_pihole:/etc/pihole:rw
- etc_dnsmasq:/etc/dnsmasq.d:rw
- etc_unbound:/etc/unbound:rw
- log_pihole:/var/log/pihole:rw
- log_unbound:/var/log/unbound:rw
- log_lighttpd:/var/log/lighttpd:rw
- ./resolv.conf:/etc/resolv.conf
- usr_pihole_lists:/usr/local/bin/my-pihole-lists
- ssh:/root/.ssh
# - /sys/fs/cgroup:/sys/fs/cgroup
restart: unless-stopped
This is mine and weather network_mode is host or not it shows nicely the clients.
WIth respect to the latter: could you test it without unbound?
The issue stays exactly the same using the image pihole/pihole:latest:
- no individual clients are shown on the dashboard using the pihole_default-network
- pihole stops working as soon as
network_mode: hostis added to the stack - no ports are bound on the host by the pihole after adding
network_mode: hostto the stack
.
What are the values for REV_SERVER_* ?
REV_SERVER=true
REV_SERVER_DOMAIN=fritz.box
REV_SERVER_TARGET=192.168.178.2
REV_SERVER_CIDR=192.168.178.0/24
.
If I comment out port 53 in my docker-compose-file it won't show the clients anymore.
Port 53 is used both on tcp and udp with the default-network:
ports:
- 53:53/tcp
- 53:53/udp
- 443:443/tcp
- ${PIHOLE_WEBPORT:-80}:80/tcp
WIth respect to the latter: could you test it without unbound?
The issue stays exactly the same using the image
pihole/pihole:latest:* no individual clients are shown on the dashboard using the pihole_default-network * pihole stops working as soon as `network_mode: host` is added to the stack * no ports are bound on the host by the pihole after adding `network_mode: host` to the stack
Ok, that means it's somewhere in the pihole-sfuff.
What are the values for REV_SERVER_* ?
REV_SERVER=true REV_SERVER_DOMAIN=fritz.box REV_SERVER_TARGET=192.168.178.2 REV_SERVER_CIDR=192.168.178.0/24
Shouldn't REV_SERVER_TARGET not be the ip-address of the fritzbox, which is I assume 192.168.178.1, or did you use .2 or that?
https://docs.pi-hole.net/routers/fritzbox/ Here it also says to set your secondary DNS on Fritzbox to the pihole, but I changed that to 1.1.1.1.
Shouldn't REV_SERVER_TARGET not be the ip-address of the fritzbox, which is I assume 192.168.178.1, or did you use .2 or that?
The fritzbox's ip-adress is set to 192.168.178.2 in order to avoid issues while accessing other home networks via VPN.
.
https://docs.pi-hole.net/routers/fritzbox/ Here it also says to set your secondary DNS on Fritzbox to the pihole, but I changed that to 1.1.1.1.
In the fritzbox, the local DNS-server is set to 192.168.178.10, which is the ip-adress of the pihole's host machine. And the DNSv4-Server are set to 192.168.178.10 and 192.168.178.11 (the latter is not used). IPv6 is not enabled.
That looks OK. Dunno how it will work if your DNS-server an't be reached and it tries to use .11 which also is not available then. That's why I entered 1.1.1.1 (Cloudflare). ipv6 isn't enabled as well in my case.
Another thing: could you turn of network_mode: host and start and logon to the console to see the output of netstat -an | grep 53. I guess it has to do something with port 53.