I had to move my previous Wireguard VPN + Pi-hole ad blocker to another server, but this time I was not able to expose Pi-hole DNS port (53) to the host machine. It was also better to have Wireguard VPN inside a Docker container... so I did!
As a reminder, Wireguard is a stateless and easy to configure VPN: share a pair of public keys between client(s) and server then you are good to go! Moreover, stateless is great when used from a phone as there is no power-hungry keep-alive like OpenVPN, nor reconnection time when switching from Wi-FI to 4G.
DNS address issue
The main issue I had is the way to provide Pi-hole address to Wireguard container:
docker-compose does not yet accept do translate a container name in
dns section. The easiest workaround is to set a fixed IP for the Pi-hole container, not pretty, but hey... it works :-)
Then both services must be in the same
docker-compose.yml file to avoid any issue related to a network race condition when the docker daemon restarts.
Pi-Hole configuration is straightforward and well documented on their Docker Hub page.
Instead of creating my own Dockerfile I used the image from linuxserver.io, which has been beautifully implemented. Then follow the documentation.
Thanks to Wireguard's QR Code feature, phone setup is dumbproof: just scan it from the container's logs.
docker-compose file is:
version: "3.5" services: wireguard: image: linuxserver/wireguard depends_on: - pihole dns: - 172.29.0.2 cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped volumes: - ../../data/wireguard:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp environment: - TZ=Europe/Paris - SERVERURL=host_server.yourdomain.com - SERVERPORT=1194 - PEERS=Android_phone networks: - network-pihole pihole: image: pihole/pihole:latest volumes: - ../../data/pi-hole/etc/:/etc/pihole/ - ../../data/pi-hole/dnsmasq.d:/etc/dnsmasq.d environment: TZ: "Europe/Paris" PROXY_LOCATION: pihole VIRTUAL_HOST: pihole.yourdomain.com VIRTUAL_PORT: 80 LETSENCRYPT_EMAIL: email@example.com LETSENCRYPT_HOST: pihole.yourdomain.com restart: unless-stopped networks: network-pihole: ipv4_address: 172.29.0.2 networks: network-pihole: name: "dns-pihole"