SOLUTION: Pi-Hole running in a container on QNAP Container Station

vmsman
Starting out
Posts: 39
Joined: Thu Jan 19, 2017 7:08 am

SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by vmsman »

This blog discusses implementing a Pi-Hole ad-blocker as a virtual container application and the advantages of a container over a virtual machine.

When configuring Pi-Hole v4.x on QNAP Docker, you will want to use the "pihole/pihole:latest" container from the Docker hub. The "diginc/pi-hole" container is based on Pihole v3.x and has been deprecated.

The critical steps to installing the v4.x pihole container are to go into the advanced settings and set the network to the bridged setting and set the Docker instance for Pi-Hole to run at a unique static IP address on your LAN. The other important step is to set the environment variable "ServerIP" in the advanced settings to be the address of your Pi-Hole.

This configuration will initially configure and run perfectly until you either shutdown the container or restart the QNAP NAS. Upon restart of the container, the console will indicate that there is no DNS Resolver available. The community documented solution has been to edit /etc/resolv.conf of the QNAP to point to 1.1.1.1 (Cloudflare DNS) rather than to the router. This seems to work inconsistently and is not a final solution. Other suggestions online involve stopping the DNSMASQ daemon. There is a better way.

Docker containers are preconfigured builds that use a high level API written in the "Go" language that utilize Linux Containers (LXC). A Docker container does not include either hardware virtualization like a virtual machine (VM) or a separate operating system. A Docker instance relies upon the underlying host operating system's own functional infrastructure. Docker's advantage is that it acts as a portable container engine which packages a given application in its installed form with all of its dependencies that can run in a virtual container on any Linux server.

Both Docker and LXC are containers that present Virtual Environments (VE) on a single host. VE's do not have a preloaded emulation or hypervisor level that has to emulate a "hardware" as in a VM. So, in general, all VE's use far less resources than a VM and you can run lots of them.

LXC containers are not just an application instance. LXC containers provide an isolated OS instance on which you can install one or more applications unlike a Docker instance which is for a single packaged installation.

Normally a container system is installed on a Linux computer, but there are Docker and LXC container systems that will run on Windows. Just keep in mind that the actual containers are Linux. Network Attached Storage (NAS) systems like QNAP and Synology normally provide a container management system to create and run Docker and LXC containers and this is natural because they are Linux hosts.

Container Station on the QNAP NAS allows the creation of Docker containers from templates on the Docker hub or you can create your own. One powerful feature of Docker containers is that you can export them and import them easily on another Docker system. The limitation to Docker containers is that once you create one, it really can't be modified. So, in the case of "Pi-Hole", you would have to create a new container when a new version of Pi-Hole is released. That's because the Docker Image is an image.

Since LXC provides a container instance of an OS, it is possible to install one or more applications to an LXC container after creating it.

In order to provide an easier installation for pihole without the issues documented at beginning of this blog, we will use an LXC container.

On the QNAP, go into the "Container Station". Select the create option from the left side of the menu and then scroll to the bottom of the window. There are several types of Docker and LXC containers listed.

Choose the LXC Ubuntu 16.04 container. That's the underlying OS for the QNAP QTS Operating System on the NAS. Let's name the container "Pi-Hole" and set the CPU limit to 20% and the memory limit to 1024MB which is more than enough for Pi-Hole.

Then click on "Advanced Settings". Change the network mode to "Bridge", select "Use Static IP" and change the IP address to a unique address on your LAN. Go back to the "Overview" section in Container Station and after a few minutes you should see your container listed.

Click on the name of the container and you will enter the console.

Type passwd to change the password. Note the original password is ubuntu.

Before we can install Pi-hole, we need to update this very lightweight LXC container to add some features. First run updates:

sudo apt-get update

Next install the ssh server:

sudo apt-get install -y openssh-server

Now add a username other than the default. Just go through the dialogue and answer the prompts for the new user.

sudo adduser piuser

Now grant the new user privilege:

sudo usermod -aG sudo piuser

Open a terminal back on your desktop computer and "ssh" to the new machine with the address you used to create the LXC instance:

ssh piuser@172.16.1.5

Get privilege in the command window:

sudo su

Install "curl":

sudo apt-get install curl

Now you can install pi-hole:

curl -sSL https://install.pi-hole.net | bash

Select the defaults until the DNS screen and then choose Cloudflare as your DNS when you see the screen below.

Accept all the rest of the defaults and be careful not to change them. This will assure that you get the admin web interface and that statistics are logged. The installation will continue for a few minutes after you answer the prompts. After your installation completes, you will receive a message telling you to set up the DHCP settings on your router to make the address of your Pi-Hole the primary DNS for your network. That will insert the Pi-Hole as the "man-in-the-middle" to scrutinize all DNS names before they are either passed to the Internet or "Pi-Holed".

When you return to the prompt in the "ssh" terminal session, enter the following command to set your Pi-hole password:

pihole -a -p

You can now close the "ssh" terminal session.

Go to your web browser and enter the address of your Pi-Hole followed by /admin:

http://172.16.1.5/admin

Select the login and you should be able to log in with the password you just set.

Since this is a "scratch" install in an LXC container, you will be able to start and stop the container and reboot the QNAP NAS without any problems and even upgrade Pi-Hole when new releases are available. This LXC container is very lean and uses a minimal amount of system resources.

Don't forget to set the DNS settings for your DHCP server on your router because Pi-Hole will not be used by any of your network clients until that occurs. A good practice is to make the Pi-Hole DNS 1 and then Cloudflare 1.1.1.1 as DNS 2. That will assure DNS translation when your Pi-Hole is not running.
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by oyvindo »

@wmsman Thank you for this great guide!
I had one problem though;
When entering the command sudo usermod -aG sudo piuser I got an error that the host could not be resolved.
I solved this by adding 127.0.0.1 Pi-Hole to the containers hosts file.
Maybe there's a step missing in your guide?

Anyway, many thanks for the excellent writeup. :D
ImageImageImage
User avatar
parkerc
Easy as a breeze
Posts: 314
Joined: Thu Oct 16, 2014 7:36 am
Location: Near London, England
Contact:

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by parkerc »

Thanks for sharing this, I’ve just set this up on my TS-253be and I’m looking to see what it does
Model Name : QNAP TS-253be (16GB) & TS-453D (16GB)
Firmware Version:: QTS Latest
OS Version : Apple iOS (iPad/Safari Browser)
Number & Type of HDDs : 2 x 3TB WD Reds, Raid 1 & 4 x 4TB WD Reds, Raid 5
Website (When I have time) : http://www.nodecentral.co.uk
mdhwoods
Know my way around
Posts: 188
Joined: Wed Mar 29, 2017 8:30 pm

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by mdhwoods »

Great write up, very easy to follow. I normally map folders outside the container for settings so that they are not lost if i have to rebuild the container. Any idea which folders need to be mapped? or not necessary on this?
ToeBroken
New here
Posts: 2
Joined: Sat Oct 22, 2016 7:26 am

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by ToeBroken »

Likely beginners luck, but I fixed the startup errors by creating a resolv.conf file on the host with the nameservers the Pi-Hole installer was looking for and binding that R/O to the container.

Code: Select all

  
  volumes:
     - ./assets/resolv.conf:/etc/resolv.conf:ro
Is there something I'm missing in doing that as opposed to installing Ubuntu in an LXC followed by a manual install of Pi-hole?

@mdhwoods, there's a list of volumes needed to store the configuration in the docker-compose on github, probably other places too. I created named volumes for /etc/pihole and /etc/dnsmasq.d - additionally, I created one for /var/log/ but that's just to move those writes from the container to a volume
ToeBroken
New here
Posts: 2
Joined: Sat Oct 22, 2016 7:26 am

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by ToeBroken »

Well, to answer my own question, it's been running for a while and has survived all manner of restarts and rebuilding the container etc.

So, to recap. the only thing you need do to run Pi-Hole successfully in a container on QNAP is to create a dummy resolv.conf with the format the Pi-Hole installer is expected, then bind mount that to the container. The key item is to make sure the first line reads:

nameserver 127.0.0.1

And that's all you need do.
thedigitel
New here
Posts: 6
Joined: Sat Feb 11, 2017 3:41 am

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by thedigitel »

This is a great write up, thanks! Worked for me on a TS-453mini, although during the pi-hole install it was freezing at the 'preparing to configure resolvconf' step and would eventually timeout the SSH session.

I got around that by using these pi-hole install instructions from another tutorial:

sudo apt-get install git net-tools
git clone --depth 1 https://github.com/pi-hole/pi-hole.git pi-hole
sudo bash pi-hole/automated\ install/basic-install.sh
tommiedepommie
Starting out
Posts: 15
Joined: Fri May 13, 2011 12:52 am

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by tommiedepommie »

Hello,

thank you very much for this guide.Everything is working like a charme. Before, I had a Raspberry PI with Pi-Hole and Stubby together.

But I can't get stubby to start automatically in the LXC container.

Does anyone has a working configuration or similar in a LXC container?

Thank you

grtzzz tom
clabnet
First post
Posts: 1
Joined: Tue May 28, 2019 8:26 pm

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by clabnet »

ToeBroken wrote: Tue May 07, 2019 9:23 pm Well, to answer my own question, it's been running for a while and has survived all manner of restarts and rebuilding the container etc.

So, to recap. the only thing you need do to run Pi-Hole successfully in a container on QNAP is to create a dummy resolv.conf with the format the Pi-Hole installer is expected, then bind mount that to the container. The key item is to make sure the first line reads:

nameserver 127.0.0.1

And that's all you need do.
I have tried to install pihole as docker container inside QNAP with no success.
I woult try your solution.
Can you explain me please how to set a dummy resolv.conf file ?

Thanks in advance
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by oyvindo »

Pi-Hole is now available in version 4.3
How do I safely update my QNAP Docker installation without loosing any settings or credentials?
ImageImageImage
User avatar
Trexx
Ask me anything
Posts: 5393
Joined: Sat Oct 01, 2011 7:50 am
Location: Minnesota

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by Trexx »

oyvindo wrote:Pi-Hole is now available in version 4.3
How do I safely update my QNAP Docker installation without loosing any settings or credentials?
By having created the docker properties the first time where you mapped its config location to a shared folder location on your qnap.


Sent from my iPhone using Tapatalk
Paul

Model: TS-877-1600 FW: 4.5.3.x
QTS (SSD): [RAID-1] 2 x 1TB WD Blue m.2's
Data (HDD): [RAID-5] 6 x 3TB HGST DeskStar
VMs (SSD): [RAID-1] 2 x1TB SK Hynix Gold
Ext. (HDD): TR-004 [Raid-5] 4 x 4TB HGST Ultastor
RAM: Kingston HyperX Fury 64GB DDR4-2666
UPS: CP AVR1350

Model:TVS-673 32GB & TS-228a Offline[/color]
-----------------------------------------------------------------------------------------------------------------------------------------
2018 Plex NAS Compatibility Guide | QNAP Plex FAQ | Moogle's QNAP Faq
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by oyvindo »

Well, I guess that's my issue. I followed @wmsman's guide step-by-step for first-time installation, and it did not advise on how (or why) to map an external config location.
So I guess I'm stuck, eh?
ImageImageImage
jasonin951
Starting out
Posts: 13
Joined: Tue Nov 22, 2016 12:58 pm

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by jasonin951 »

I love this solution however I have run into a problem. I am unable to get local DNS to resolve using the conditional forwarding option. On an actual Raspberry Pi I am able to get this to work using the IP address of my router and the local dns domain. From what I am reading online the issue has to do with the resolv.conf defaulting to use Google's public DNS servers. Also I am unable to modify this file. Have you run into this issue as well and if so how have you resolved it?
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by oyvindo »

The DHCP server in your network is the one handing out the DNS address to all your clients. You have to modify the configuration of your DHCP server to point to Pi-Hole as your primary DNS, and then any other public DNS server of your choice as the secondary DNS, i.e. Google : 8.8.8.8

Sent from my SM-G935F using Tapatalk

ImageImageImage
jasonin951
Starting out
Posts: 13
Joined: Tue Nov 22, 2016 12:58 pm

Re: SOLUTION: Pi-Hole running in a container on QNAP Container Station

Post by jasonin951 »

oyvindo wrote: Mon Aug 12, 2019 2:47 pm The DHCP server in your network is the one handing out the DNS address to all your clients. You have to modify the configuration of your DHCP server to point to Pi-Hole as your primary DNS, and then any other public DNS server of your choice as the secondary DNS, i.e. Google : 8.8.8.8

Sent from my SM-G935F using Tapatalk
I have already done that and that works great however the issue is that in the pihole console I only see IP addresses of the clients that are connecting through it and not their hostnames.
Post Reply

Return to “Container Station”