Hello everybody
edit: Aug, 25th 2021
I've been using pihole for quite a while within my 38 container Docker/Traefik/Pihole-setup. Over the years I've managed to automate pretty much every maintenaince function an eliminated all but one issue with my setup: Pihole. In my case Pihole is handling DHCP and DNS requests.
Behaviour
At some points (in the meantime daily, it used to be less) pihole does not handle requests properly. Following issues appear:
- Devices receive an IP but can neither access internet nor local IPs of docker services available
- No IP is given out to devices
I am not sure if the issues are connected.
Expected behaviour
No notable problems with IP-leases or connection outages at all times.
Work around
When the problem occurs I turn on the DHCP of my router for about 5 Minutes. When everything works again, I turn it off until the next time the problem occurs.
lease time is set to 24h
Problem narrowed down
By now I figured, that as soon as the "work around" lease times expire the whole problem appears again. I used to have work-around-lease-times up to one week that's the reason I couldn't narrow it down earlier. This strongly points to a configuration issue, where pihole is not handing out IP's but only using the ones that already exist.
System
- OS Ubuntu Server 20.04.3 LTS
- Docker
Client:
Version: 20.10.7
API version: 1.41
Go version: go1.13.8
Git commit: 20.10.7-0ubuntu1~20.04.1
Built: Wed Aug 4 22:52:25 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.8
Git commit: 20.10.7-0ubuntu1~20.04.1
Built: Wed Aug 4 19:07:47 2021
OS/Arch: linux/amd64
Experimental: false - Pihole: Pi-hole v5.3.1 | Web Interface v5.5.1 | FTL v5.8.1
Docker-compose
Following my docker-compose code - not sure if I configured Traefik / Pihole correctly.
traefik:
container_name: traefik
image: traefik:picodon
command:
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --entrypoints.https.forwardedHeaders.trustedIPs=mylistoftrustedips
- --entryPoints.traefik.address=:8080
- --entryPoints.ping.address=:8081
- --api=true
- --api.dashboard=true
- --ping=true
- --pilot.token=$TRAEFIK_PILOT_TOKEN
- --log=true
- --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/traefik2.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=400-499
- --providers.docker=true
- --providers.docker.endpoint=tcp://socket-proxy:2375
- --providers.docker.exposedByDefault=false
- --entrypoints.https.http.tls.certresolver=dns-cloudflare
- --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME
- --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules
- --providers.file.watch=true # Only works on top level files in the rules folder
- --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL
- --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90
networks:
t2_proxy:
ipv4_address: myipadress
socket_proxy:
depends_on:
- socket-proxy
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 5s
retries: 3
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
- target: 8081
published: 8081
protocol: tcp
mode: host
volumes:
- $APPDATADIR/traefik2/rules:/rules # file provider directory
- $APPDATADIR/traefik2/acme/acme.json:/acme.json
- $APPDATADIR/traefik2/traefik2.log:/var/log/docker/traefik2.log
environment:
- CF_API_EMAIL_FILE=mysecretpath
- CF_API_KEY_FILE=mysecretpath
- TZ=${TZ}
secrets:
- cloudflare_email
- cloudflare_api_key
labels:
- "autoheal=true"
- "traefik.enable=true"
# HTTP-to-HTTPS Redirect
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTP Routers
- "traefik.http.routers.traefik-rtr.entrypoints=https"
- "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
## Services - API
- "traefik.http.routers.traefik-rtr.service=api@internal"
## Healthcheck/ping
- "traefik.http.routers.ping.rule=Host(`traefik.$DOMAINNAME`) && Path(`/ping`)"
- "traefik.http.routers.ping.service=ping@internal"
## Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file"
restart: unless-stopped
pihole:
pihole:
image: pihole/pihole:latest
container_name: pihole
domainname: $DOMAINNAME
hostname: pihole
network_mode: "host"
security_opt:
- no-new-privileges:true
environment:
- ServerIP=myserverip
- TZ=${TZ}
- WEBPASSWORD=${PW1}
- PROXY_LOCATION=pihole
- DHCP_ACTIVE=true
- DHCP_START=mydhcpstart
- DHCP_END=mydhcpend
- DHCP_ROUTER=myrouterip
- DHCP_LEASETIME=168
- WEB_PORT=9050
- DHCP_rapid_commit=true
- PIHOLE_DNS_=1.0.0.1;1.1.1.1
dns:
- 127.0.0.1
- 1.1.1.1
ports:
- 53:53 #DNS
- 67:67 #DHCP
- 80:80
- 443:443
volumes:
- $APPDATADIR/pihole/etc-pihole:/etc/pihole
- $APPDATADIR/pihole/etc-dnsmasqd:/etc/dnsmasq.d
- $APPDATADIR/pihole/logs/lighttpd:/var/log/lighttpd
- $APPDATADIR/pihole/logs/pihole.log:/var/log/pihole.log
cap_add:
- NET_ADMIN
restart: unless-stopped
Pihole debug token
https://tricorder.pi-hole.net/yqmgG7X4/
Pihole error log
Today between 1800 and 1840 again, no access to internet but IPs were handed out. The error messages appear when I turn on/off the routers DHCP fuctionality.
2021-08-24 18:53:34: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: Executing sudo pihole status web failed. in /var/www/html/admin/scripts/pi-hole/php/func.php on line 79
2021-08-24 20:04:52: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: Executing sudo pihole status web failed. in /var/www/html/admin/scripts/pi-hole/php/func.php on line 79
2021-08-24 20:32:47: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: Executing sudo pihole status web failed. in /var/www/html/admin/scripts/pi-hole/php/func.php on line 79
If you need any more information, please let me know. Any help is much appreciated. And thank you for your time and effort you invest to help others in need!
akrea
PS: On top of everything I have the exact same problem: [Web-Interface] status unknown but Pi-hole working without any restrictions again, I don't know if it is related ot the above mentioned issues.