Docker Container expose to 127.0.0.1 not working (LXC)

Help
1

Expected Behaviour:

Hey! I need your help.
I've been running Pi-Hole on a server on the internet for ages.
The server is an LXC container based on Proxmox.
I don't have access to Proxmox because it's a rented vServer.

Pi-Hole runs in a Docker container with Docker Compose.
I have opened all ports on 127.0.0.1 – i.e. only locally.
This has worked great so far.
Since yesterday, I can no longer access Pi-Hole locally on the server.
However, if I remove 127.0.0.1 and open the port to the internet in this case, I can access Pi-Hole locally on the system again.
But that's not good, because you're not supposed to publish your DNS on the internet.
I've put nginx in front of it so that I can use DoT and DoH.

What am I doing wrong?

Here is my docker-compose.yml:

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "127.0.0.1:30000:53/tcp"
      - "127.0.0.1:30000:53/udp"
      - "127.0.0.1:30001:67/udp"
      - "127.0.0.1:30002:80/tcp"
      - "127.0.0.1:30003:443/tcp"
      - "127.0.0.1:123:123/udp"
    environment:
      TZ: 'Europe/Berlin'
    volumes:
       - './etc-pihole/:/etc/pihole/'
       - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 9.9.9.9
      - 1.1.1.1
    restart: unless-stopped

docker container ls

CONTAINER ID   IMAGE                             COMMAND                  CREATED          STATUS                    PORTS                                                                                                                                                                       NAMES
c128cd6e9c55   pihole/pihole:latest              "start.sh"               12 minutes ago   Up 12 minutes (healthy)   127.0.0.1:123->123/udp, 127.0.0.1:30000->53/tcp, 127.0.0.1:30000->53/udp, 127.0.0.1:30001->67/udp, 127.0.0.1:30002->80/tcp, 127.0.0.1:30003->443/tcp                        pihole

If I go into the container itself and run curl http://127.0.0.1:80, the web interface is displayed.
There must be some kind of problem between Pi-Hole and Docker. :frowning:

root@lxc-hoerli:~# curl http://127.0.0.1:30002
curl: (56) Recv failure: Connection reset by peer

docker-container:/# curl http://127.0.0.1:80
<!doctype html>
<!--
*  Pi-hole: A black hole for Internet advertisements
*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
*  Network-wide ad blocking via your own hardware.
*
*  This file is copyright under the latest version of the EUPL.
*  Please see LICENSE file for your rights under this license.
-->
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Pi-hole</title>
    <meta name="csrf-token" content="">
..................

System

  • Debian 12 (LXC)
  • Docker version 29.1.4, build 0e6fee6
  • Docker Compose version v5.0.1

Debug Token:

l7cbTVLE

2

You can't just remap port 53 to 30000 or any other port.
All client software will use 53, as that's the standard port for DNS.

EDIT: It may only work if you can control all your clients to use that other port.
I'd initially overlooked that could be the case for you, if your nginx DoH proxy would effectively be your only client.

3

I can change port 53 to 30000.
I have nginx running in front of it, which serves as a DoH and DoT server as described.
There I can set DNS on port 30000 as upstream DNS.
That works wonderfully.
I have two other Pi-Holes running with the same setup and it works great.
The only difference there is that one uses a real virtual machine and the other uses direct hardware.

4

I completely uninstalled Docker and updated the system to Debian 13.
Then I reinstalled Docker and... it's working again.

No idea what has been postponed again, but it's currently running.
I'll keep an eye on it.

5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.