I had to move my previous Wireguard VPN + Pi-hole ad blocker to another server, but this time I was not able to expose Pi-hole DNS port (53) to the host machine. It was also better to have Wireguard VPN inside a Docker container… so I did!
As a reminder, Wireguard is a stateless and easy to configure VPN: share a pair of public keys between the client(s) and server then you are good to go! Moreover, stateless is great when used from a phone as there is no power-hungry keep-alive like OpenVPN, nor reconnection time when switching from Wi-FI to 4G.
DNS address issue
The main issue I had is the way to provide Pi-hole address to Wireguard
not yet accept do translate a
container name in
dns section. The easiest workaround is to set a fixed IP for
the Pi-hole container, not pretty, but hey… it works :-)Then both services
must be in the same
docker-compose.yml file to avoid any issue related to a
network race condition when the docker daemon restarts.
Pi-Hole configuration is straightforward and well documented on their Docker Hub page.
Instead of creating my own Dockerfile I used the image from linuxserver.io, which has been beautifully implemented. Then follow the documentation. Thanks to Wireguard’s QR Code feature, the phone setup is dumb-proof: just scan it from the container’s logs.
docker-compose file is:
version: "3.5" services: wireguard: image: linuxserver/wireguard depends_on: - pihole dns: - 172.29.0.2 cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped volumes: - ../../data/wireguard:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp environment: - TZ=Europe/Paris - SERVERURL=host_server.yourdomain.com - SERVERPORT=1194 - PEERS=Android_phone networks: - network-pihole pihole: image: pihole/pihole:latest volumes: - ../../data/pi-hole/etc/:/etc/pihole/ - ../../data/pi-hole/dnsmasq.d:/etc/dnsmasq.d environment: TZ: "Europe/Paris" PROXY_LOCATION: pihole VIRTUAL_HOST: pihole.yourdomain.com VIRTUAL_PORT: 80 LETSENCRYPT_EMAIL: firstname.lastname@example.org LETSENCRYPT_HOST: pihole.yourdomain.com restart: unless-stopped networks: network-pihole: ipv4_address: 172.29.0.2 networks: network-pihole: name: "dns-pihole"