Pihole in Docker on Synology 'works' – also as a DHCP server instead of the one by Vodafone Station.
Actual Behaviour:
It does not work once I started the DHCP server. Error messages start appearing such as...
Pihole diagnosis: 2023-05-06 20:12:50 DNSMASQ_CONFIG FTL failed to start due to process is missing required capability NET_ADMIN
Portainer container log:
Stopping pihole-FTL
pihole-FTL: no process found
In Settings:
Error
There was a problem applying your settings.
Debugging information:
PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:47
I have read in another thread that FTL and dnsmasq might be competing for port 53 and that this might cause problems but I am not sure whether this is the issue and how to solve it. I therefore would appreciate if someone with better technical knowledge can help me here. Thanks!
The error message you posted is already explaining the issue:
You need to add NET_ADMIN capability to the docker command or compose file.
You are trying to use Pi-hole as DHCP server.
The official Pi-hole documentation has a Note on Capabilities explaining the need for this capability:
Note on Capabilities
DNSMasq / FTLDNS expects to have the following capabilities available:
...
CAP_NET_ADMIN: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
...
By default, docker does not include the NET_ADMIN capability for non-privileged containers, and it is recommended to explicitly add it to the container using --cap-add=NET_ADMIN.
However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it.
In the video tutorial that I followed, docker was set up using portainer. Do you happen to know how and where in portainer I can add that capability to the pihole docker?
(I'm sorry for my ignorance but I use docker and portainer for the first time and don't know my way around yet.)
Edit 1: From this website Huge Guide to Portainer for Beginners - Codeopolis it appears that one can only add capabilities while one creates a container. I hope this is not the case as it would mean that I would have to go through the whole setup process again.
You want to alert the creator of that video tutorial you have been trying to follow.
As they suggested using Portainer, chances are they are in a better position to help you.
Also, they need to be made aware of any flaws in their tutorial anyway, and any feedback you provide to them would potentially benefit other users following that same tutorial in the future.
You can only set capabilities before start the container.
Did you set volumes to persist the container configuration?
If you did, you just need to start a new container (using the same volumes) with the new capability and the previous pi-hole configuration will be there.
So, do I just need to 'Duplicate/edit' the current container in portainer and then add --cap-add=NET_ADMIN at 'Advanced container settings' >> 'Command & logging' >> 'Command (Default|Override)'? I'm worried that if I use 'override' that this would kill other capabilities instead of just adding the desired one.
Instead of trying to add the capability via 'Command & logging' there is also the tab 'Capabilities' on the right. In that tab, one can simply switch on the 'NET_ADMIN' capability and afterwards select 'Deploy the container'. To get this working, I had to change the restart policy first. After that, the new Pihole container with had replaced the old one and appears to work smoothly.
(ps. My impression is that currently only WLAN is routed via Pihole. This might be down to my restricted Vodafone Station modem/router. Who knows? )
)