docker image based on Alpine?

[r10513]

This is a: Feature Request

Details

While having pi-hole based on Debian is quite good, the docker image is over 300MB in size. Would you please create a different pi-hole docker image based on Alpine?

Advantages over Debian:

1. Size
2. Fewer running services --> smaller surface attack for trying to exploit pi-hole
3. (potentially) speed --> as fewer services are running, in theory CPU would waste less time in running not-needed code

[PromoFaux]

Any contributions towards this are welcome. It's something I've thought about doing in the past but there's a lot of work involved and only so much free time.

[r10513]

I'd love to help. But I never built any docker image, so I would be rather of little help.

Anyway, I will try to learn how to modify a base Alpine image first (but it will take months before reaching any concrete result).

[murphy83]

When it comes to doing a rewrite I would be glad to join - from my experience and what I learned about docker containers, the construct of having s6 inside a docker-container as a supervisor works but is not the recommended way. I therefore already took a look into the required services where each one should reside in a separate docker container. The recommended way to start pi-hole is docker-compose anyway so adding more services there should be possible.

[PromoFaux]

Possible, yes, but keep in mind that one of the core goals of the Pi-hole project is based around lowering the barrier to entry.

Really the only services needed are pihole-FTL, a web server (supported is lighttpd by default), and cron to manage weekly blocklist updates. With version 6.0, pihole-FTL itself will also have an embedded webserver - which will remove the need for both lighttpd, and with a little work, will also remove the dependency on php.

One container per service may be "the docker way", but it barely seems worth it for what is actually needed - and only goes on to complicate things for those with less experience.

[dschaper]

I'll take a look at Alpine.

And to echo Promo, a mono-image may not be canonical Docker but it's what we have to deal with for now. Requiring a composure of images and containers would be vastly more complex than most of what our users are comfortable with.

[dschaper]

@lightswitch05 Any thoughts/concerns/objections?

[lightswitch05]

Can the upstream pihole project be compiled against musl vs glibc? Alpine is not binary-compatible with Debian.

My two cents is that it's a massive endeavor to save 200mb. Also, perhaps I'm wrong.

[dschaper]

Yeah, pihole-FTL has a musl binary.

[r10513]

Maybe this could help : https://www.reddit.com/r/linux/comments/ovuzcm/pihole_for_alpine_linux_x86_and_x86_64/

[mjeveritt]

It looks like this is getting close to achieving an alpine-based docker container - https://gitlab.com/yvelon/pi-hole/-/issues/12

[r10513]

I set up my docker image based on alpine (with also unbound).. I know, there might be a lot of things that can be improved.. but it is a baseline. I welcome any help

https://github.com/r10513/pihole_alpine

[PromoFaux]

With version 6.0, pihole-FTL itself will also have an embedded webserver -

Starting to play with this over on:

v6-alpine-play

PR's welcomed on that branch.

[PromoFaux]

Starting to play with this over on:

v6-alpine-play

actually in progress on development-v6

[haydonryan]

I was looking for lighter images for services I run- and found that vaultwarden had two options - debian and alpine.

Might be useful to base build scripts on their work: https://github.com/dani-garcia/vaultwarden/tree/main/docker

[PromoFaux]

I think it's probably wholly unnessacery to offer both an alpine and a debian image. I've not yet found any issues with the v6 image